aliases yes (can enable/disable mail to /file or |command)
bare newlines yes (but will send CRLF)
blacklisting yes (client name/addr; helo hostname; mail from; rcpt to)
-content filter yes
+content filter yes (see FILTER_README)
db tables yes (compile time option)
dbm tables yes (compile time option)
-delivered-to yes
+delivered-to yes (configurable with prepend_delivered_header)
dsn not yet (bounces have DSN form)
errors-to: yes
esmtp yes
home mailbox yes
ident lookup no
ldap tables yes (contributed)
-luser relay yes
lmtp support yes (client)
+luser relay yes
m4 config no
mail to command yes (configurable for .forward, aliases, :include:)
mail to file yes (configurable for .forward, aliases, :include:)
-maildir yes
+maildir yes (in home, system mailspool, /file/name/ alias)
mailertable yes (it's called transport)
mailq yes
majordomo yes (edit approve script to delete /delivered-to/i)
mime conversion not yet; postfix uses just-send-eight
-missing <> yes (most common address forms)
mysql tables yes (contributed)
netinfo tables yes (contributed)
newaliases yes (main alias database only)
nis tables yes
nis+ tables not yet
+no <> in smtp yes (most common address forms)
pipeline option yes (server and client)
pop/imap yes (with third-party daemons that use /var[/spool]/mail)
qmqp server yes (with verp support)
sasl support yes (compile time option)
sendmail -bt no
sendmail -q yes
-sendmail -qRxxx yes
+sendmail -qRxxx yes (for domains specified in fast_flush_domains)
sendmail -qSxxx no
sendmail -qtime ignored
-sendmail -v no
+sendmail -v yes (but does not show delivery)
sendmail.cf no (uses table-driven address rewriting)
size option yes, server and client
-smarthost yes
+smarthost yes (specify relayhost in main.cf)
tcp wrapper no (use built-in blacklist facility)
user+extension yes (also: .forward+extension)
user-extension yes (also: .forward-extension)
user.lock yes (runtime configurable)
uucp support yes (sends user@domain recipients)
verp support yes (delimiters are configurable)
-virtual domains yes
+virtual domains yes (via local delivery agent and via dedicated delivery agent)
year 2000 safe yes
--- /dev/null
+Included for the use of the fix_strcasecmp.c module which works
+around a Solaris problem.
+
+/*
+ * Copyright (c) 1987, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
20011116
Bugfix: consolidated all the command transaction log resets
- and eliminated one missing reset (Victor Duchovny, Morgan
+ and eliminated one missing reset (Victor Duchovni, Morgan
Stanley). File: smtpd/smtpd.c.
20011118
Cleanup: proper detection of big number overflow in EHLO
and MAIL FROM size announcements, with input from Victor
- Duchovny, Morgan Stanley. Files: global/off_cvt.c,
+ Duchovni, Morgan Stanley. Files: global/off_cvt.c,
smtpd/smtpd.c, smtp/smtp_proto.c, util/alldig.c.
Forward compatibility: added queue file record types for
Cleanup: SMTPD access maps now return DUNNO (undetermined)
instead of OK when a recipient address contains multiple
- domains (user@dom1@dom2, etcetera). Victor Duchovny, Morgan
+ domains (user@dom1@dom2, etcetera). Victor Duchovni, Morgan
Stanley. File: smtpd/smtpd_check.c.
20020106
queue directory, still referenced install.cf when setting
maildrop directory group ownership; and the postfix command
did not export the setgid_group parameter to the postfix-script
- shell script. Victor Duchovny.
+ shell script. Victor Duchovni.
Bugfix: postfix-script, when creating a missing public
queue directory, did not set group ownership of the public
20020111
Feedback: feedback, bugfixes, and brain-dead shell workarounds
- for the install scripts by Victor Duchovny and Simon Mudd.
+ for the install scripts by Victor Duchovni and Simon Mudd.
20020113
Bugfix: alternate_config_directories did not take comma
or whitespace as separators. File: global/mail_conf.c.
- Victor Duchovny, Norgan Stanley.
+ Victor Duchovni, Morgan Stanley.
Bugfix: the rewritten postfix-install script did not chattr
+S the Postfix queue.
that the startup shell scripts produce a consistent result.
Files: postconf.c.
+20020117
+
+ Portability: patch from LaMont Jones for compiling dict_ldap.c
+ with the Netscape SDK.
+
+ Feature: added "r" (recursive chown/chgrp) flag to the
+ postfix-files database, for more convenient change of
+ Postfix queue ownership. Files: conf/postfix-files,
+ conf/post-install.
+
+20020122
+
+ Documentation: lots of little fixes.
+
+ Documentation: updates for the VIRTUAL_README file by Victor
+ Duchovni, Morgan Stanley.
+
+ Bugfix: postqueue -s dereferenced a null pointer when given
+ a numerical domain argument. LaMont Jones, HP.
+
+ Cleanup: smtpd now logs a warning when permit_sasl_authenticated
+ is used while SASL authentication is disabled, instead of
+ simply ignoring the restriction. LaMont Jones, HP. File:
+ smtpd/smtpd.c.
+
+ Safety: when postmap creates a non-existent file, the new
+ file inherits group/other read permissions from the source
+ file. Based on code by LaMont Jones, HP. File:
+ postmap/postmap.c.
+
+20020123
+
+ Portability: some Linux systems install libnsl.so without
+ libnsl.a file, causing an yp_match undefined reference
+ problem. File: makedefs.
+
+20020124
+
+ Portability: post-install now requests that command_directory
+ is given on the command line when the postconf command is
+ in an unusual place.
+
+ Safety: extra code to detect and report Berkeley DB version
+ mismatches between compile time and run time. This test
+ is limited to mismatches in the major version number only.
+ File: util/dict_db.c. Based on code by Lawrence Greenfield,
+ Carnegie-Mellon university.
+
+ Safety: the postfix command and the master daemon abort if
+ they are running set-uid.
+
+ Documentation: the postmap manual page described an out of
+ date input file format.
+
+20020129
+
+ Workaround: SCO version 3.2 can't ioctl(FIONREAD) a pipe.
+ Therefore, input mail flow control is disabled by default.
+ Files: makedefs, global/mail_params.h, conf/main.cf.
+ Problem reported by Kurt Andersen, Agilent.
+
+20020201
+
+ Workaround: changed the default smtpd_null_access_lookup_key
+ setting to <>, because some Bezerkeloid DB implementations
+ can't handle null-length lookup keys. File: global/mail_params.h.
+
+ Bugfix: backed out a null-length address panic call by
+ ignoring the problem, like Postfix did in the past. File:
+ global/resolve_local.c.
+
+ Safety: "postfix check" will now warn if /usr/lib/sendmail
+ and /usr/sbin/sendmail differ, and will propose to replace
+ one by a symlink to the other. File: conf/postfix-script.
+
+20020204
+
+ Sanity: additional permission checks for "postfix check"
+ that warn for setgid_group group ownership mismatches. by
+ Matthias Andree, uni-dortmund.de. File: conf/postfix-script.
+
+ Bugfix: "postfix check" used a too simplistic way to
+ recognize file ownership (grepping ls output). It now uses
+ the recently discovered "find -prune". Peter Bieringer,
+ Matthias Andree. File: conf/postfix-script.
+
+20020218
+
+ Workaround: log a warning and disconnect when an SMTP client
+ ignores our negative replies and starts sending message
+ content without permission. File: smtpd/smtpd.c.
+
+20020220
+
+ Bugfix: mismatch in the file being locked by dict_dbm and
+ the file being locked by postmap, so that locks did not
+ work correctly. Victor Duchovni, Morgan Stanley.
+
+20020222
+
+ Workaround: Solaris bug 4380626: strcasecmp() and strncasecmp()
+ produce incorrect results with 8-bit characters. For example,
+ non-ASCII characters could compare equal to ASCII characters,
+ and that could result in any number of security problems.
+ Files: util/strcasecmp.c, COPYRIGHT (the BSD license).
+
+ Bugfix: off-by-one error, causing a null byte to be written
+ outside dynamically allocated memory in the queue manager
+ with addresses of exactly 100 bytes long, resulting in
+ SIGSEGV on systems with an "exact fit" malloc routine.
+ Experienced by Ralf Hildebrandt; diagnosed by Victor
+ Duchovny. Files: *qmgr/qmgr_message.c. This is not a
+ security problem.
+
+ Bugfix: make all recipient comparisons transitive, because
+ Solaris qsort() causes SIGSEGV errors otherwise. Victor
+ Duchovny, Morgan Stanley. File: *qmgr/qmgr_message.c.
+
+20020302
+
+ Bugfix: don't strip source route (@domain...:) when the
+ result would be an empty address. This avoids problems when
+ append_at_myorigin is set to "no" (which is not supported).
+ Problem reported by Charles McColgan, Big Fish Communications.
+ File: trivial-rewrite/rewrite.c.
+
+20020304
+
+ Cleanup: postqueue should not not complain when output
+ fails with "broken pipe".
+
+20020308
+
+ Bugfix? reply with 550 not 552 when content is rejected.
+ 552 is reserved for "too much mail".
+
+ Documentation: add note to sendmail manual page that running
+ "sendmail -bs" as $mail_owner enables SMTP server UCE and
+ access control checks. This is meant for use from inetd etc.
+ Matthias Andree.
+
+20020311
+
+ Bugfix: DBM maps should use different files for locking
+ and for change detection. Problem reported by Victor
+ Duchovny, Morgan Stanley. Files: util/dict.h util/dict.c
+ util/dict_db.c util/dict_dbm.c global/mkmap.c local/alias.c.
+
+20020313
+
+ Bugfix: mailq could show addresses with unusual characters
+ twice. Problem reported by Victor Duchovny, Morgan Stanley.
+ File: showq/showq.c.
+
+ Bugfix: null recipients weren't properly recorded in
+ bounce/defer logfiles. Such recipient addresses are not
+ accepted in SMTP mail, but they could appear within locally
+ submitted mail. File: bounce/bounce_append_service.c.
+
+ Workaround: exempt processes running with the real userid
+ of root from safe_getenv() restrictions. The super-user
+ is supposed to know what she is doing.
+
+20020318
+
+ Workaround: Berkeley DB can't handle null key lookups,
+ which happen with HELO names ending in ".". Victor Duchovni,
+ Morgan Stanley. File: smtpd/smtpd_check.c.
+
+ Logging: log a hint when mail is deferred because the
+ soft_bounce parameter is set. People sometimes forget to
+ turn it off. File: global/bounce.c.
+
+20020319
+
+ Cleanup: add a msg_warn() call when fork() fails in
+ pipe_command(), to make problems easier to investigate.
+ Chris Wedgwood. File: global/pipe_command.c.
+
+20020320
+
+ Feature: smtp_helo_name parameter to specify the hostname
+ or [ip.address] in HELO or EHLO commands. Files: smtp/smtp.c
+ smtp/smtp_proto.c.
+
+20020324
+
+ Cleanup: more graceful handling of long physical message
+ header lines upon input. Physical header lines can now
+ extend up to $header_size_limit characters. When a logical
+ message header is too long, the excess text is discarded
+ and Postfix no longer switches to body mode, to avoid
+ breaking MIME encapsulation. Based on code by Victor
+ Duchovni, Morgan Stanley. Files: cleanup/cleanup_out.c,
+ cleanup/cleanup_message.c.
+
+ Cleanup: more graceful handling of long physical message
+ header or body lines upon output by the SMTP client. The
+ SMTP client output line length is controlled by a new
+ parameter smtp_line_length_limit (default: 990; specify 0
+ to disable the limit). Long lines are folded by inserting
+ <CR> <LF> <SPACE>, to avoid breaking MIME encapsulation.
+ Based on code by Victor Duchovni, Morgan Stanley. File:
+ smtp/smtp_proto.c.
+
+20020325
+
+ Cleanup: allow additional text after a WARN command in a
+ header/body_checks pattern file, so that one can change
+ REJECT+text into WARN+text and vice versa. Based on code
+ by Fredrik Thulin, Stockholm University.
+
+ Cleanup: log a warning when an unknown command is found in
+ a header/body_checks pattern file, or when additional text
+ is found after a command that does not expect additional
+ text. Based on code by Fredrik Thulin, Stockholm University.
+
+ Bugfix: sendmail should not recognize "." as the end of
+ input when the current read operation started in the middle
+ of a line. Victor Duchovni, Morgan Stanley. File:
+ sendmail/sendmail.c.
+
+20020328
+
+ Portability fix for OPENSTEP and NEXTSTEP by Gerben Wierda.
+ File: util/sys_defs.h.
+
+20020329
+
+ Bugfix: defer_transports broke because the flush server
+ triggered mail delivery (as if ETRN was sent) while doing
+ some internal housekeeping of per-destination logfiles.
+ Problem experienced by LaMont Jones, HP. File: flush/flush.c.
+
+ Bugfix: virtual mapping broke for addresses with embedded
+ whitespace. Fix by Victor Duchovni, Morgan Stanley. File:
+ cleanup/cleanup_map1n.c.
+
+ Feature: configurable service name for the cleanup service.
+ Files: global/mail_params.[hc].
+
+ Feature: SASL version 2 support by Jason Hoos.
+
Open problems:
+ Low: sendmail does not store null command-line recipients.
+
+ Low: have a configurable list of errno values for mailbox
+ or maildir delivery that result in deferral rather than
+ bouncing mail.
+
Low: don't do user@domain and @domain lookups in
local_recipient_maps queries.
OpenBSD 2.x
Reliant UNIX 5.x
Rhapsody 5.x
- SunOS 4.1.x
+ SunOS 4.1.x (with Postfix 1.1.0)
SunOS 5.4..5.8 (Solaris 2.4..8)
Ultrix 4.x (well, that was long ago)
NB: this group was optional with older Postfix releases; it is
now required.
+- Optional: If you want to install symbol-stripped (non-debug) versions
+ of the Postfix programs and daemons, do:
+
+ % strip bin/* libexec/*
+
- Run one of the following commands as the super-user:
# make install (interactive version, first time install)
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
-When it is run for the first time, the Postfix startup shell script
-will create a bunch of subdirectories below the Postfix spool
-directory.
-
In order to inspect the mail queue, use
% sendmail -bp
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
-When it is run for the first time, the Postfix startup shell script
-will create a bunch of subdirectories below the Postfix spool
-directory.
-
In order to inspect the mail queue, use
% sendmail -bp
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
-When it is run for the first time, the Postfix startup shell script
-will create a bunch of subdirectories below the Postfix spool
-directory.
-
See also the "Care and feeding" section 13 below.
10 - Mandatory configuration file edits
|| exit 1; \
done
-cleanmakefiles:
- set -e; for i in $(DIRS); do \
- (set -e; echo "[$$i]"; cd $$i; rm -f Makefile; \
- ../cleanup_makefile.pl Makefile.in >Makefile.new; \
- rm Makefile.in ; mv Makefile.new Makefile.in); \
- done;
- rm -f Makefile; (set -e; sh makedefs && cat Makefile.in) >Makefile
-
tidy: clean
rm -f Makefile */Makefile src/*/Makefile
cp Makefile.init Makefile
The exact pathnames depend on the DB version that you installed.
For example, Berkeley DB version 2 installs in /usr/local/BerkeleyDB.
-Beware, the file format produced by Berkeley DB version 1 is not
+Warning: the file format produced by Berkeley DB version 1 is not
compatible with that of versions 2 and 3 (versions 2 and 3 have
the same format). If you switch between DB versions, then you may
have to rebuild all your Postfix DB files.
+Warning: if you use Berkeley DB version 2 or later, do not enable
+DB 1.85 compatibility mode. Doing so would break fcntl file locking.
+
+Warning: if you use PERL to manipulate Postfix .db files, then you
+need to use the same Berkeley DB version in PERL as in Postfix.
+
Building Postfix on BSD systems with a specific Berkeley DB version
===================================================================
% make makefiles CCARGS=-I/usr/include/db2 AUXLIBS=-ldb2
% make
-Beware, the file format produced by Berkeley DB version 1 is not
+Warning: the file format produced by Berkeley DB version 1 is not
compatible with that of versions 2 and 3 (versions 2 and 3 have
the same format). If you switch between DB versions, then you may
have to rebuild all your Postfix DB files.
Warning: if you use Berkeley DB version 2 or later, do not enable
-DB 1.85 compatibility mode. Doing so would break file locking on
-Solaris, HP-UX, UNIXWARE, IRIX and other systems, causing mail to
-be lost when you update a table while Postfix is running.
+DB 1.85 compatibility mode. Doing so would break fcntl file locking.
+
+Warning: if you use PERL to manipulate Postfix .db files, then you
+need to use the same Berkeley DB version in PERL as in Postfix.
Building Postfix on Linux with a specific Berkeley DB version
=============================================================
changes randomly between vendors and between versions, so that
Postfix has to choose the file for you.
-Beware, the file format produced by Berkeley DB version 1 is not
+Warning: the file format produced by Berkeley DB version 1 is not
compatible with that of versions 2 and 3 (versions 2 and 3 have
the same format). If you switch between DB versions, then you may
have to rebuild all your Postfix DB files.
+
+Warning: if you use Berkeley DB version 2 or later, do not enable
+DB 1.85 compatibility mode. Doing so would break fcntl file locking.
+
+Warning: if you use PERL to manipulate Postfix .db files, then you
+need to use the same Berkeley DB version in PERL as in Postfix.
exit $?
The idea is to first capture the message to file and then run the
-content through run a third-party content filter program. If the
+content through a third-party content filter program. If the
mail cannot be captured to file, mail delivery is deferred by
terminating with exit status 75 (EX_TEMPFAIL). If the content
filter program finds a problem, the mail is bounced by terminating
/etc/postfix/master.cf:
localhost:10026 inet n - n - 10 smtpd
- -o content_filter= -o myhostname=localhost.domain.name
+ -o content_filter=
+ -o local_recipient_maps=
+ -o myhostname=localhost.domain.name
This is just another SMTP server. It is configured NOT to request
-content filtering for incoming mail, has the same process limit
-as the filter master.cf entry, and is configured to use a different
-hostname in the greeting message (this is necessary for testing
-when I simply use no filtering program and let the SMTP content
-filtering interfaces talk directly to each other).
+content filtering for incoming mail. The server has the same process
+limit as the filter master.cf entry.
+
+The "-o local_recipient_maps=" is a safety in case you have specified
+local_recipient_maps in the main.cf file. That setting could
+interfere with content filtering.
+
+The SMTP server is configured to use a different hostname in the
+greeting message (this is necessary for testing when I simply use
+no filtering program and let the SMTP content filtering interfaces
+talk directly to each other).
--- /dev/null
+1 - Purpose of this document
+============================
+
+This document describes how to build, install and configure a
+Postfix system so that it can do one of the following:
+
+ - Send mail only, without changing an existing sendmail
+ installation.
+
+ - Send and receive mail via a virtual host interface, still
+ without any change to an existing sendmail installation.
+
+ - Replace sendmail altogether.
+
+2 - Typographical conventions
+=============================
+
+In the instructions below, a command written as
+
+ # command
+
+should be executed as the superuser.
+
+A command written as
+
+ % command
+
+should be executed as an unprivileged user.
+
+3 - Documentation
+=================
+
+Documentation is available as HTML web pages (point your browser
+to html/index.html) and as UNIX-style man pages (point your MANPATH
+environment variable to the `man' subdirectory; be sure to use an
+absolute path).
+
+The sample configuration files in the `conf' directory have extensive
+comments, but they may not describe every nuance of every feature.
+
+Many files have their own built-in manual page. Tools to extract
+those embedded manual pages are available in the mantools directory.
+
+4 - Building on a supported system
+==================================
+
+If your system is supported, it is one of
+
+ AIX 3.2.5
+ AIX 4.1.x
+ AIX 4.2.0
+ BSD/OS 2.x
+ BSD/OS 3.x
+ BSD/OS 4.x
+ Darwin 1.x
+ FreeBSD 2.x
+ FreeBSD 3.x
+ FreeBSD 4.x
+ FreeBSD 5.x
+ HP-UX 9.x
+ HP-UX 10.x
+ HP-UX 11.x
+ IRIX 5.x
+ IRIX 6.x
+ Linux Debian 1.3.1
+ Linux Debian 2.x
+ Linux RedHat 4.x
+ Linux RedHat 5.x
+ Linux RedHat 6.x
+ Linux RedHat 7.x
+ Linux Slackware 3.x
+ Linux Slackware 4.x
+ Linux Slackware 7.x
+ Linux SuSE 5.x
+ Linux SuSE 6.x
+ Linux SuSE 7.x
+ Mac OS X
+ NEXTSTEP 3.x
+ NetBSD 1.x
+ OPENSTEP 4.x
+ OSF1.V3 (Digital UNIX)
+ OSF1.V4 aka Digital UNIX V4
+ OSF1.V5 aka Digital UNIX V5
+ OpenBSD 2.x
+ Reliant UNIX 5.x
+ Rhapsody 5.x
+ SunOS 4.1.x (with Postfix 1.1.0)
+ SunOS 5.4..5.8 (Solaris 2.4..8)
+ Ultrix 4.x (well, that was long ago)
+
+or something closely resemblant.
+
+On Solaris, the "make" command and other utilities for software
+development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in
+your command search path.
+
+If you need to build Postfix for multiple architectures, use the
+lndir command to build a shadow tree with symbolic links to the
+source files. lndir is part of X11R6.
+
+If at any time in the build process you get messages like: "make:
+don't know how to ..." you should be able to recover by running
+the following command from the Postfix top-level directory:
+
+ % make -f Makefile.init makefiles
+
+If you copied the Postfix source code after building it on another
+machine, it is a good idea to cd into the top-level directory and
+
+ % make tidy
+
+first. This will get rid of any system dependencies left over from
+compiling the software elsewhere.
+
+To build with GCC, or with the native compiler if people told me
+that is better for your system, just cd into the top-level Postfix
+directory of the source tree and type:
+
+ % make
+
+To build with a non-default compiler, you need to specify the name
+of the compiler:
+
+ % make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
+ % make
+
+ % make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
+ % make
+
+ % make makefiles CC="purify cc"
+ % make
+
+and so on. In some cases, optimization is turned off automatically.
+
+In order to build with non-default settings, for example, with a
+configuration directory other than /etc/postfix, use:
+
+ % make makefiles CCARGS=-DDEF_CONFIG_DIR=\\\\\\\"/some/where\\\\\\\"
+ % make
+
+That's seven backslashes :-) But at least this works with sh and csh.
+
+In order to build Postfix for very large applications, where you
+expect to run more than 1000 delivery processes, you may need to
+override the definition of the FD_SETSIZE macro to make select()
+work correctly:
+
+ % make makefiles CCARGS=-DFD_SETSIZE=2048
+
+In any case, if the command
+
+ % make
+
+produces compiler error messages, it may be time to examine the
+FAQ document (see htlm/faq.html).
+
+5 - Porting to on an unsupported system
+=======================================
+
+- Each system type is identified by a unique name. Examples:
+SUNOS5, FREEBSD4, and so on. Choose a SYSTEMTYPE name for the new
+system. You must use a name that includes at least the major version
+of the operating system (such as SUNOS4 or LINUX2), so that different
+releases of the same system can be supported without confusion.
+
+- Add a case statement to the "makedefs" shell script in the
+top-level directory that recognizes the new system reliably, and
+that emits the right system-specific information. Be sure to make
+the code robust against user PATH settings; if the system offers
+multiple UNIX flavors (e.g. BSD and SYSV) be sure to build for the
+native flavor, not the emulated one.
+
+- Add an #ifdef SYSTEMTYPE section to the central util/sys_defs.h
+include file. You may have to invent new feature macros. Please
+choose sensible feature macro names such as HAS_DBM or
+FIONREAD_IN_SYS_FILIO_H. I strongly recommend against #ifdef
+SYSTEMTYPE dependencies in individual source files. This may seem
+to be the quickest solution, but it will create a mess that becomes
+increasingly difficult to maintain over time. Moreover, with the
+next port you'd have to place #ifdefs all over the source code
+again.
+
+6 - Installing the software after successful compilation
+========================================================
+
+This text describes how to install Postfix from source code. See
+the PACKAGE_README file if you are building a package for distribution
+to other systems.
+
+IMPORTANT: if you are REPLACING an existing sendmail installation
+with Postfix, you may need to keep the old sendmail program running
+for some time in order to flush the mail queue. As superuser,
+execute the following commands (your sendmail, newaliases and mailq
+programs may be in a different place):
+
+ # mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
+ # mv /usr/bin/newaliases /usr/bin/newaliases.OFF
+ # mv /usr/bin/mailq /usr/bin/mailq.OFF
+ # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
+ /usr/bin/mailq.OFF
+
+In order to install or upgrade Postfix:
+
+- Create a user account "postfix" with a user id and group id that
+ are not used by any other user account. Preferably, this is an
+ account that no-one can log into. The account does not need an
+ executable login shell, and needs no existing home directory.
+ My password file entry looks like this:
+
+ postfix:*:12345:12345:postfix:/no/where:/no/shell
+
+- Make sure there is a corresponding alias in /etc/aliases:
+
+ postfix: root
+
+- Create a group "postdrop" with a group id that is not used by
+ any other user account. Not even by the postfix user account.
+ My group file entry looks like:
+
+ postdrop:*:54321:
+
+ NB: this group was optional with older Postfix releases; it is
+ now required.
+
+- Optional: If you want to install symbol-stripped (non-debug) versions
+ of the Postfix programs and daemons, do:
+
+ % strip bin/* libexec/*
+
+- Run one of the following commands as the super-user:
+
+ # make install (interactive version, first time install)
+ # make upgrade (non-interactive version, for upgrades)
+
+ The non-interactive version needs the /etc/postfix/main.cf file
+ from a previous installation. If the file does not exist, use
+ interactive installation instead.
+
+ The interactive version offers suggestions for pathnames that
+ you can override interactively, and stores your preferences in
+ /etc/postfix/main.cf for convenient future upgrades.
+
+- Proceed to the section on how you wish to run Postfix on your
+ particular machine:
+
+ - Send mail only, without changing an existing sendmail
+ installation (section 7).
+
+ - Send and receive mail via a virtual host interface, still
+ without any change to an existing sendmail installation
+ (section 8).
+
+ - Replace sendmail altogether (section 9).
+
+7 - Configuring Postfix to send mail only
+=========================================
+
+If you are going to use Postfix to send mail only, there is no need
+to change your existing sendmail setup. Instead, set up your mail
+user agent so that it calls the Postfix sendmail program directly.
+
+Follow the instructions in the "Mandatory configuration file edits"
+in section 10, and review the "To chroot or not to chroot" text in
+section 11.
+
+You MUST comment out the `smtp inet' entry in /etc/postfix/master.cf,
+in order to avoid conflicts with the real sendmail.
+
+Start the Postfix system:
+
+ # postfix start
+
+or, if you feel nostalgic, use the Postfix sendmail command:
+
+ # sendmail -bd -qwhatever
+
+and watch your syslog file for any error messages.
+
+ % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+
+Typical logfile names are: /var/log/maillog or /var/log/syslog.
+See /etc/syslog.conf for actual logfile names.
+
+In order to inspect the mail queue, use
+
+ % sendmail -bp
+
+See also the "Care and feeding" section 13 below.
+
+8 - Configuring Postfix to send and receive mail (virtual interface)
+====================================================================
+
+Alternatively, you can use the Postfix system to send AND receive
+mail while leaving your sendmail setup intact, by running Postfix
+on a virtual interface address. Simply configure your mail user
+agent to directly invoke the Postfix sendmail program.
+
+The examples/virtual-setup directory gives instructions for setting
+up virtual interfaces for a variety of UNIX versions.
+
+In the /etc/postfix/main.cf file, I would specify
+
+ myhostname = virtual.host.name
+ inet_interfaces = $myhostname
+ mydestination = $myhostname
+
+Follow the instructions in the "Mandatory configuration file edits"
+in section 10, and review the "To chroot or not to chroot" text in
+section 11.
+
+Start the mail system:
+
+ # postfix start
+
+or, if you feel nostalgic, use the Postfix sendmail program:
+
+ # sendmail -bd -qwhatever
+
+and watch your syslog file for any error messages.
+
+ % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+
+Typical logfile names are: /var/log/maillog or /var/log/syslog.
+See /etc/syslog.conf for actual logfile names.
+
+In order to inspect the mail queue, use
+
+ % sendmail -bp
+
+See also the "Care and feeding" section 13 below.
+
+9 - Turning off sendmail forever
+================================
+
+Prior to installing Postfix you should save the existing sendmail
+program files as described in section 6.
+
+Be sure to keep the old sendmail running for at least a couple
+days to flush any unsent mail. To do so, stop the sendmail daemon
+and restart it as:
+
+ # /usr/sbin/sendmail.OFF -q
+
+After you have visited the "Mandatory configuration file edits"
+section below, you can start the Postfix system with
+
+ # postfix start
+
+But the good old sendmail way works just as well:
+
+ # sendmail -bd -qwhatever
+
+and watch the syslog file for any complaints from the mail system.
+
+ % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+
+Typical logfile names are: /var/log/maillog or /var/log/syslog.
+See /etc/syslog.conf for actual logfile names.
+
+See also the "Care and feeding" section 13 below.
+
+10 - Mandatory configuration file edits
+=======================================
+
+By default, Postfix configuration files are in /etc/postfix, and
+must be owned by root. Giving someone else write permission to
+main.cf or master.cf means giving root privileges to that person.
+
+Whenever you make a change to a config file, execute the following
+command in order to refresh a running mail system:
+
+ # postfix reload
+
+In /etc/postfix/main.cf you will have to set up a minimal number of
+configuration parameters. Postfix configuration parameters
+resemble shell variables. You specify a variable as
+
+ parameter = value
+
+and you use it by putting a $ in front of its name:
+
+ other_parameter = $parameter
+
+You can use $parameter before it is given a value. The Postfix
+configuration language uses lazy evaluation, and does not look at
+a parameter value until it is needed at runtime.
+
+First of all, you must specify what domain will be appended to an
+unqualified address (i.e. an address without @domain.name). The
+"myorigin" parameter defaults to the local hostname, but that is
+probably OK only for very small sites.
+
+Some examples:
+
+ myorigin = $myhostname
+ myorigin = $mydomain
+
+In the first case, local mail goes out as user@$myhostname, in
+the second case the sender address is user@$mydomain.
+
+Next you need to specify what mail addresses Postfix should deliver
+locally.
+
+Some examples:
+
+ mydestination = $myhostname, localhost.$mydomain
+ mydestination = $myhostname, localhost.$mydomain, $mydomain
+ mydestination = $myhostname
+
+The first example is appropriate for a workstation, the second is
+appropriate for the mailserver for an entire domain. The third
+example should be used when running on a virtual host interface.
+
+If your machine is on an open network then you must specify what
+client IP addresses are authorized to relay their mail through your
+machine. The default setting includes all class A, B or C networks
+that the machine is attached to. Often, that gives relay permission
+to too many clients. My own settings are:
+
+ mynetworks = 168.100.189.0/28, 127.0.0.0/8
+
+If you're behind a firewall, you should set up a relayhost. If
+you can, specify the organizational domain name so that Postfix
+can use DNS lookups, and so that it can fall back to a secondary
+MX host when the primary MX host is down. Otherwise just specify
+a hard-coded hostname.
+
+Some examples:
+
+ relayhost = $mydomain
+ relayhost = mail.$mydomain
+ relayhost = [mail.$mydomain]
+
+The form enclosed with [] eliminates DNS MX lookups.
+
+By default, the SMTP client will do DNS lookups for sender and
+recipient addresses even when you specify a relay host. If your
+machine has no access to a DNS server, turn off SMTP client DNS
+lookups like this:
+
+ disable_dns_lookups = yes
+
+The FAQ (html/faq.html) has more hints and tips for firewalled
+and/or dial-up networks.
+
+Finally, if you haven't used Sendmail prior to using Postfix, you
+will have to build the alias database (with: sendmail -bi, or:
+newaliases). Be sure to set up aliases for root and postmaster that
+forward mail to a real person. Postfix has a sample aliases file
+conf/aliases that you can adapt to local conditions.
+
+11 - To chroot or not to chroot
+===============================
+
+Postfix can run most daemon processes in a chroot jail, that is,
+the processes run at a fixed low privilege and with access only to
+the Postfix queue directories (/var/spool/postfix). This provides
+a significant barrier against intrusion. The barrier is not
+impenetrable, but every little bit helps.
+
+With the exception of the Postfix local delivery and `pipe' daemons,
+every Postfix daemon can run chrooted.
+
+Sites with high security requirements should consider to chroot
+all daemons that talk to the network: the smtp and smtpd processes,
+and perhaps also the lmtp client.
+
+The default /etc/postfix/master.cf file specifies that no Postfix
+daemon runs chrooted. In order to enable chroot operation, edit
+the file /etc/postfix/master.cf. Instructions are in the file.
+
+Note that a chrooted daemon resolves all filenames relative to the
+Postfix queue directory (/var/spool/postfix). For successful use
+of a chroot jail, most UNIX systems require you to bring in some
+files or device nodes. The examples/chroot-setup directory has a
+collection of scripts that help you set up chroot environments for
+Postfix systems.
+
+12 - Care and feeding of the Postfix system
+===========================================
+
+The Postfix programs log all problems to the syslog daemon. The
+names of logfiles are specified in /etc/syslog.conf. Note: the
+syslogd will not create files. You must create them ahead of time
+before (re)starting syslogd. At the very least you need something
+like:
+
+ mail.err /dev/console
+ mail.debug /var/log/maillog
+
+Hopefully, the number of problems will be small, but it is a good
+idea to run every night before the syslog files are rotated:
+
+ # postfix check
+ # egrep '(reject|warning|error|fatal|panic):' /some/log/file
+
+Typical logfile names are: /var/log/maillog or /var/log/syslog.
+See /etc/syslog.conf for actual logfile names.
+
+The first line (postfix check) causes Postfix to report file
+permission/ownership discrepancies.
+
+The second line looks for problem reports from the mail software,
+and reports how effective the anti-relay and anti-UCE blocks are.
> or not.
Postfix jumps several hoops in order to deal with NFS-specific
-brain damage, however some operations can fail irrecoverably. This
-is why Wietse makes no promises about Postfix reliability on NFS.
+problems. Thus, Postfix on NFS is slightly less reliable than
+Postfix on a local disk. That is not a problem in Postfix; the
+problem is in NFS and affects other MTAs as well.
For queue locking, NFS is not an issue because you cannot share
-Postfix queues between Postfix instances anyawy.
-
-For mailbox locking, some systems use flock() by default (use:
-``postconf mailbox_delivery_lock'' and ``postconf virtual_mailbox_lock''
-to find out about your system). flock() does not work over NFS.
-This causes loss of mail when multiple hosts access the same
-mailboxes.
+Postfix queues with other Postfix instances.
In order to have mailbox locking over NFS you have to configure
everything to use fcntl() locks for mailbox access (or switch to
maildir style, which needs no application-level lock controls).
-To turn on fcntl locks with Postfix you specify:
+To turn on fcntl mailbox locks with Postfix you specify:
virtual_mailbox_lock = fcntl
mailbox_delivery_lock = fcntl
This is useful only if all mailbox access software uses fcntl()
-locks. I have no information on how well fcntl() locks work on NFS.
+locks.
You can also "play safe" and throw in username.lock files:
sample-xxx files. Without the sample-xxx files, Postfix will be
much more difficult to configure.
-Postfix Installation parameter defaults
-=======================================
+Postfix Installation parameters
+===============================
Postfix installation is controlled by a dozen installation parameters.
-See the postfix-install and post-install files for details. Built-in
-default settings can be changed at compile time with:
-
- % make makefiles CCARGS=whatever
-
-Names of C symbolic constants and their meaning:
-
- DEF_CONFIG_DIR default configuration directory
- DEF_QUEUE_DIR default queue directory
- DEF_DAEMON_DIR default daemon directory
- DEF_COMMAND_DIR default command directory
- DEF_SENDMAIL_PATH default Postfix sendmail command
- DEF_MAILQ_PATH default Postfix mailq command
- DEF_NEWALIAS_PATH default Postfix newaliases command
- DEF_MANPAGE_DIR default manual page directory
- DEF_SAMPLE_DIR default directory for sample configuration files
- DEF_README_DIR default directory for README files
+See the postfix-install and post-install files for details. Most
+parameters have system-dependent default settings that aren't
+configurable at compile time. This will hopefully be rectified in
+a later release.
Preparing a pre-built package for distribution to other systems
===============================================================
Note that this seems to be related to the auto_transition switch in
SASL. Note also that the Cyrus SASL documentation says that it is
pointless to enable that if you use "sasldb" for "pwcheck_method".
+Later versions of the SASL 1.5.x series should also work.
+
+Postfix+SASL 2.1.1 appears to work on Mandrake Linux 8.1 (pwcheck_method
+set to saslauthd or auxprop). Note that the 'auxprop' pwcheck_method
+replaces the 'sasldb' method from SASL 1.5.x. Postfix may need
+write access to /etc/sasldb2 if you use the auto_transition feature,
+or if you use an authentication mechanism such as OTP (one-time
+passwords) that needs to update secrets in the database.
Introduction
============
The Postfix SASL support (RFC 2554) was originally implemented by
Till Franke of SuSE Rhein/Main AG. The present code is a trimmed-down
-version with only the bare necessities.
+version with only the bare necessities. Support for SASL version 2
+was contributed by Jason Hoos.
When receiving mail, Postfix logs the client-provided username,
authentication method, and sender address to the maillog file, and
Building the SASL library
=========================
-Postfix appears to work with cyrus-sasl-1.5.5, which is available
-from:
+Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1,
+which are available from:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
-IMPORTANT: if you install the Cyrus SASL libraries as per the default,
-you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl.
+IMPORTANT: if you install the Cyrus SASL libraries as per the
+default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl
+for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
+version 2.1.1.
Reportedly, Microsoft Internet Explorer version 5 requires the
non-standard SASL LOGIN authentication method. To enable this
authentication method, specify ``./configure --enable-login''.
-If you install the Cyrus SASL libraries as per the default, you
-will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl.
-
Building Postfix with SASL authentication support
=================================================
On some systems this generates the necessary Makefile definitions:
+(for SASL version 1.5.5):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \
AUXLIBS="-L/usr/local/lib -lsasl"
+(for SASL version 2.1.1):
+ % make tidy # if you have left-over files from a previous build
+ % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include/sasl" \
+ AUXLIBS="-L/usr/local/lib -lsasl2"
+
On Solaris 2.x you need to specify run-time link information,
otherwise ld.so will not find the SASL shared library:
+(for SASL version 1.5.5):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \
AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl"
+(for SASL version 2.1.1):
+ % make tidy # if you have left-over files from a previous build
+ % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include/sasl" \
+ AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl2"
+
Enabling SASL authentication in the Postfix SMTP server
=======================================================
smtpd_recipient_restrictions =
permit_mynetworks permit_sasl_authenticated ...
-In /usr/local/lib/sasl/smtpd.conf you need to specify how the server
-should validate client passwords.
+In /usr/local/lib/sasl/smtpd.conf (SASL version 1.5.5) or
+/usr/local/lib/sasl2/smtpd.conf (SASL version 2.1.1) you need to
+specify how the server should validate client passwords.
In order to authenticate against the UNIX password database, try:
+(SASL version 1.5.5)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: pwcheck
+(SASL version 2.1.1)
+ /usr/local/lib/sasl2/smtpd.conf:
+ pwcheck_method: pwcheck
+
The pwcheck daemon is contained in the cyrus-sasl source tarball.
+Alternately, in SASL 1.5.27 and later (including 2.1.1), try:
+
+(SASL version 1.5.5)
+ /usr/local/lib/sasl/smtpd.conf:
+ pwcheck_method: saslauthd
+
+(SASL version 2.1.1)
+ /usr/local/lib/sasl2/smtpd.conf:
+ pwcheck_method: saslauthd
+
+The saslauthd daemon is also contained in the cyrus-sasl source
+tarball. It is more flexible than the pwcheck daemon, in that it
+can authenticate against PAM and various other sources.
+
In order to authenticate against SASL's own password database:
+(SASL version 1.5.5)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: sasldb
-This will use the SASL password file (default: /etc/sasldb), which
-is maintained with the saslpasswd command (part of the Cyrus SASL
+(SASL version 2.1.1)
+ /usr/local/lib/sasl2/smtpd.conf:
+ pwcheck_method: auxprop
+
+This will use the SASL password file (default: /etc/sasldb in
+version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained
+with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL
software). On some poorly-supported systems the saslpasswd command
needs to be run multiple times before it stops complaining. The
Postfix SMTP server needs read access to the sasldb file - you may
virtual_uid_maps = hash:/etc/postfix/vuid
virtual_gid_maps = hash:/etc/postfix/vgid
- # All domains that have final delivery on this machine
+ # All domains that are listed in $mydestination are delivered
+ # with $local_transport, which is the virtual delivery agent.
- mydestination = $myhostname virtual1.domain virtual2.domain
-
- # Reject unknown recipients at the SMTP port
-
- local_recipient_maps = $virtual_mailbox_maps
+ mydestination =
+ $myhostname localhost.$mydomain virtual1.domain virtual2.domain
- # Define a virtual delivery agent if the entry doesn't already exist
+Define a virtual delivery agent if the entry doesn't already exist:
/etc/postfix/master.cf:
virtual unix - n n - - virtual
- # Example recipients, one UNIX-style mailbox, one qmail-style maildir:
+Example recipients, one UNIX-style mailbox, one qmail-style maildir:
/etc/postfix/vmailbox:
- virtual1.domain dummy to prevent relay access denied errors
- virtual2.domain dummy to prevent relay access denied errors
test1@virtual1.domain test1
test2@virtual2.domain test2/
virtual_gid_maps = static:5000
transport_maps = hash:/etc/postfix/transport
- # All domains that have final delivery on this machine
+ # All domains that are delivered by the local delivery agent.
- mydestination =
- $myhostname $localhost.$mydomain virtual1.domain virtual2.domain
+ mydestination = $myhostname $localhost.$mydomain
- # Reject unknown local and virtual recipients at the SMTP port
+ # Reject unknown local recipients at the SMTP port.
- local_recipient_maps =
- unix:passwd.byname $alias_maps $virtual_mailbox_maps
+ local_recipient_maps = unix:passwd.byname $alias_maps
- # Define a virtual delivery agent if the entry doesn't already exist
+Define a virtual delivery agent if the entry doesn't already exist:
/etc/postfix/master.cf:
virtual unix - n n - - virtual
- # Route specific domains to the virtual delivery agent; by default,
- # mail for domains in $mydestination goes to the local delivery agent
+Route virtual domains to the virtual delivery agent:
/etc/postfix/transport:
virtual1.domain virtual
virtual2.domain virtual
- # Example recipients, one UNIX-style mailbox, one qmail-style maildir:
+Example recipients, one UNIX-style mailbox, one qmail-style maildir:
/etc/postfix/vmailbox:
- virtual1.domain dummy to prevent relay access denied errors
- virtual2.domain dummy to prevent relay access denied errors
+ virtual1.domain required to prevent relay access denied errors
+ virtual2.domain required to prevent relay access denied errors
test1@virtual1.domain test1
test2@virtual2.domain test2/
-Incompatible changes with snapshot-20020115
-===========================================
-
-Another revision of installation procedures. The location of the
-sample-xxx and XXX_README files is now specified with the
-sample_directory and readme_directory parameters.
-
-Incompatible changes with snapshot-20020113
-===========================================
-
-Another revision of installation procedures. The command interface
-of the postfix-install and $config_directory/post-install scripts
-has changed; see embedded documentation. postfix-install no longer has
-hard-coded commands to install files: $config_directory/postfix-files
-now controls what files are installed. The post-install script now
-automatically saves installation parameters to the main.cf file.
-
-Incompatible changes with snapshot-20020111
-===========================================
-
-Another revision of installation procedures. The command line
-interface of the post-install script has changed; see embedded
-documentation. The postfix-files file with information about
-Postfix files and directories now contains $name variables rather
-than directory names, user names and group names. You can now change
-parameters such as mail_owner and setgid_group after installing
-Postfix, and apply the correct file/directory ownerships and
-permissions by executing the post-install script as:
-
- post-install set-permissions setgid_group=groupname
-
-Incompatible changes with snapshot-20020110
-===========================================
-
-The INSTALL.sh installation procedure is replaced by a postfix-install
-script that either installs Postfix on the local system (as root)
-or that builds a package (as non-root) for distribution to other
-systems. This script creates a file $config_directory/postfix-files
-with ownership and permissions of Postfix files/directories. A
-new $config_directory/post-install script applies the finishing
-touch: it sets file/directory ownership and permissions, edits
-existing configuration files, and creates missing queue directories.
-
-Incompatible changes with snapshot-20020106
-===========================================
-
-Postfix will not run if it detects that the postfix user or group
-ID are shared with other accounts on the system. The checks aren't
-exhaustive (that would be too resource consuming) but should be
-sufficient to encourage packagers and developers to do the right
-thing.
-
-This release modifies the existing master.cf file. The local pickup
-service is now unprivileged, and the cleanup and flush service are
-now "public".
-
-Should you have to back out to a previous release, then you must
-1) edit the master.cf file, make the pickup service "privileged",
-and make the cleanup and flush services "private"; 2) "chmod 755
-/var/spool/postfix/public". To revert to a world-writable mail
-submission directory, "chmod 1733 /var/spool/postfix/maildrop".
-
-If you run multiple Postfix instances on the same machine then you
-now have to specify their configuration directories in the default
-main.cf file as "alternate_config_directories = /dir1 /dir2 ...".
-Otherwise, some Postfix commands will no longer work (namely, the
-ones that are now implemented by set-group ID client programs).
-
-Postfix SMTP access maps no longer return OK for non-local recipient
-mail addresses that contain multiple domains (user@dom1@dom2,
-user%dom1@dom2, etcetera); the lookup now returns DUNNO (undetermined).
-Non-local multi-domain addresses were already prohibited from
-matching the permit_mx_backup and the relay_domains-based restrictions.
-
-Major changes with snapshot-20020106
-====================================
-
-Simplification of the local Postfix security model.
+In the text below, incompatible changes are labeled with the Postfix
+snapshot that introduced the change. If you upgrade from a later
+Postfix version, then you do not have to worry about that particular
+incompatibility.
+
+Official Postfix releases are called a.b.c where a=major release
+number, b=minor release number, c=patchlevel. Snapshot releases
+are now called a.b.c-yyyymmdd where yyyymmdd is the release date
+(yyyy=year, mm=month, dd=day). The mail_release_date configuration
+parameter contains the release date (both for official release and
+snapshot release). Patches change the patchlevel and the release
+date. Snapshots change only the release date, unless they include
+the same bugfix as a patch release.
+
+Incompatible changes with Postfix version 1.1.X (released XXXXXXXX)
+===================================================================
+
+The Postfix SMTP client now breaks message header or body lines
+that are longer than $smtp_line_length_limit characters (default:
+990). Earlier Postfix versions broke lines at $line_length_limit
+characters (default: 2048). Postfix versions before 20010611 did
+not break long lines at all. Reportedly, some mail servers refuse
+to receive mail with lines that exceed the 1000 character limit
+that is specified by the SMTP standard.
+
+The Postfix SMTP client now breaks long message header or body
+lines by inserting <CR> <LF> <SPACE>. Earlier Postfix versions
+broke long lines by inserting <CR> <LF> only. This broke MIME
+encapsulation, causing MIME attachments to "disappear" with Postfix
+versions after 20010611.
+
+Postfix now discards text when a logical message header exceeds
+$header_size_limit characters (default: 102400). Earlier Postfix
+versions would place excess text, and all following text, in the
+message body. The same thing was done when a physical header line
+exceeded $line_length_limit characters (default: 2048). Both
+behaviors broke MIME encapsulation, causing MIME attachments to
+"disappear" with all previous Postfix versions.
+
+Incompatible changes with Postfix version 1.1.3 (released 20020201)
+===================================================================
+
+In Postfix SMTPD access tables, Postfix now uses <> as the default
+lookup key for the null address, in order to work around bugs in
+some Berkeley DB implementations. This behavior is controlled with
+the smtpd_null_access_lookup_key configuration parameter.
+
+On SCO 3.2 UNIX, the input rate flow control is now turned off by
+default, because of limitations in the SCO UNIX kernel.
+
+Incompatible changes with Postfix version 1.1.2 (released 20020125)
+===================================================================
+
+Postfix now detects if the run-time Berkeley DB library routines
+do not match the major version number of the compile-time include
+file that was used for compiling Postfix. The software issues a
+warning and aborts in case of a discrepancy. If it didn't, the
+software was certain to crash with a segmentation violation.
+
+Incompatible changes with Postfix version 1.1.1 (released 20020122)
+===================================================================
+
+When the postmap command creates a non-existent result file, the
+new file inherits the group/other read permissions of the source
+file.
+
+Incompatible changes with Postfix version 1.1.0 (released 20020117)
+===================================================================
+
+Changes are listed in order of decreasing importance, not release
+date.
+
+[snapshot-20010709] This release introduces a new queue file record
+type that is used only for messages that actually use VERP (variable
+envelope return path) support. With this sole exception, the queue
+file format is entirely backwards compatible with the previous
+official Postfix release (20010228, a.k.a. Postfix 1.0.0).
+
+[snapshot-20020106] This release modifies the existing master.cf
+file. The local pickup service is now unprivileged, and the cleanup
+and flush service are now "public". Should you have to back out to
+a previous release, then you must 1) edit the master.cf file, make
+the pickup service "privileged", and make the cleanup and flush
+services "private"; 2) "chmod 755 /var/spool/postfix/public". To
+revert to a world-writable mail submission directory, "chmod 1733
+/var/spool/postfix/maildrop".
+
+[snapshot-20020106, snapshot-20010808, snapshot-20011103,
+snapshot-20011121] You must stop and restart Postfix because of
+incompatible changes in the local Postfix security model and in
+the Postfix internal protocols. Old and new components will not
+work together.
+
+[snapshot-20020106] Simpler local Postfix security model.
- No world-writable maildrop directory. Postfix now always uses
the set-gid postdrop command for local mail submissions. The
local mail pickup daemon is now an unprivileged process.
-- No world-accessible pickup and queue manager server FIFOs.
+- No world-accessible pickup and queue manager server FIFOs.
-- A new set-gid postqueue command for the queue operations that
- used to implemented by the Postfix sendmail command.
+- New set-gid postqueue command for the queue list/flush operations
+ that used to implemented by the Postfix sendmail command.
-Simplification of Postfix installation.
+[snapshot-20020106..15] Simpler Postfix installation and upgrading.
- All installation settings are now kept in the main.cf file, and
- better default settings are now generated for sendmail_path etc.
+ better default settings are now generated for system dependent
+ pathnames such as sendmail_path etc. The install.cf file is no
+ longer used, except when upgrading from an older Postfix version.
-- Non-default settings can be specified on the INSTALL.sh command
+- Non-default installation parameter settings can (but do not have
+ to) be specified on the "make install" or "make upgrade" command
line as name=value arguments.
-Incompatible changes with snapshot-20011226
-===========================================
-
-Postfix configuration file comments no longer continue on the next
-line when that next line starts with whitespace. This change avoids
-surprises, but it may cause unexpected behavior with existing,
-improperly formatted, configuration files. Caveat user.
-
-Major changes with snapshot-20011226
-====================================
-
-In Postfix configuration files, comment lines are allowed to begin
-with whitespace, and multi-line input is no longer terminated by
-a comment line, by an all whitespace line, or by an empty line.
-
-Postfix will now do null address lookups in SMTPD access maps. If
-your access maps cannot store or look up null string key values,
-specify "smtpd_null_access_lookup_key = <>" and the null sender
-address will be looked up as <> instead.
-
-Incompatible changes with snapshot-20011210
-===========================================
-
-Stricter checking of Postfix chroot configurations. The Postfix
-startup procedure now warns if "system" directories (etc, bin, lib,
-usr) under the Postfix top-level queue directory are not owned by
-the super-user (usually the result of well-intended, but misguided,
-applications of "chown -R postfix /var/spool/postfix).
-
-The Postfix sendmail command no longer exits with status 1 when
-mail submission fails, but instead returns a sendmail-compatible
-status code as defined in /usr/include/sysexits.h.
-
-Major changes with snapshot-20011210
-====================================
-
-Updated LDAP client module by LaMont Jones, with control over
-verbose logging of LDAP library routines.
-
-More usable virtual delivery agent, thanks to a new "static" map
-type by Jeff Miller that always returns its map name as the lookup
-result. This eliminates the need for per-recipient user ID and
-group ID tables. See the VIRTUAL_README file for more details.
-
-Much-needed documentation on how to configure header/body filters:
-sample regexp and pcre lookup tables for header/body filtering,
-and updated examples in the regexp_table(5) and pcre_table(5) manual
-pages.
-
-Configurable PIX firewall <CR><LF>.<CR><LF> bug workaround behavior:
-the workaround is turned off when mail is queued for less than
-$smtp_pix_workaround_threshold_time seconds (default: 500 seconds)
-so that the workaround is normally enabled only for deferred mail.
-The delay before sending .<CR><LF> is now controlled by the
-$smtp_pix_workaround_delay_time setting (default: 10 seconds).
-
-Major changes with snapshot-20011127
-====================================
-
-New parameter smtpd_noop_commands to specify a list of commands
-that the Postfix SMTP server treats as NOOP commands (no syntax
-check, no state change). This is a workaround for misbehaving
-clients that send unsupported commands such as ONEX.
-
-New header/body_check result "WARN" to make Postfix log a warning
-about a header/body line without rejecting the content.
-
-Major changes with snapshot-20011125
-====================================
-
-New parameter smtpd_sender_login_maps that specifies the (SASL)
-login name that owns a MAIL FROM sender address. Specify a regexp
-table in order to require a simple one-to-one mapping.
-
-New sender anti-spoofing restriction reject_sender_login_mismatch
-that refuses a MAIL FROM address when $smtpd_sender_login_maps
-specifies an owner but the client is not (SASL) logged in as the
-MAIL FROM address owner, or when a client is (SASL) logged in but
-does not own the address according to $smtpd_sender_login_maps.
-
-Incompatible changes with snapshot-20011121
-===========================================
-
-The internal protocols have changed again, so you must "postfix
-reload" if upgrading from a previous release. The change is from
-base64 encoded strings to null-terminated strings (Postfix now
-supports multiple encodings).
-
-Major changes with snapshot-20011121
-====================================
-
-Configurable host/domain name wildcard matching behavior: choice
-between "pattern `domain.name' matches string `host.domain.name'"
-(to be deprecated in the future) and "pattern `.domain.name' matches
-string `host.domain.name'" (to be preferred in the future). The
-configuration parameter "parent_domain_matches_subdomains" specifies
-which Postfix features use the behavior that will become deprecated.
-
-New "warn_if_reject" smtpd pseudo restriction that only warns if
-the restriction that follows would reject mail. Look for file
-records that contain the string "reject_warning".
-
-Disgusting workaround for a well-known CISCO PIX firewall bug that
-causes the .<CR>LF> at the end of mail to be lost. The workaround
-has no effect for other mail deliveries.
-
-mailbox_command_maps allows you to configure the external delivery
-command per user (local delivery agent only). This feature has
-precedence over mailbox_command and home_mailbox settings.
-
-Major changes with snapshot-20011103
-====================================
-
-The protocol between Postfix daemons was replaced by something that
-can be extended without breaking everything after each change, and
-that can also be used to talk to non-Postfix programs. The format
-of the protocols is described in src/util/attr_scan.c.
-
-In header/body_check files, REJECT can now be followed by text that
-is sent to the originator. That feature was stuck waiting for years,
-pending the internal protocol revision.
-
-Incompatible changes with snapshot-20011008
-===========================================
-
-The Postfix SMTP server now rejects requests with a generic "try
-again later" status (451 Server configuration error) when it detects
-an error in smtp_{client,helo,sender,recipient,etrn}_restrictions
-settings. More details about the problem are logged to the syslogd;
-sending such information to random clients would be inappropriate.
-
-Postfix no longer flushes the entire mail queue after receiving an
-ETRN request for a random domain name. Requests for random domain
-names (i.e. names that do not match $fast_flush_domains) are now
-rejected instead.
-
-The permit_mx_backup behavior is back to the behavior before snapshot
-20010808. It accepts mail whenever the local MTA is listed in the
-DNS as an MX relay host for a destination, even when you never gave
-permission to do so. To restrict use of this feature, specify
-network address blocks via the permit_mx_backup_networks parameter.
-This requires that the primary MX hosts for the given destination
-match the specified network blocks.
-
-Incompatible changes with snapshot-20010808
-===========================================
-
-The default setting for the maps_rbl_domains parameter is now
-"empty", because mail-abuse.org has become a subscription-based
-service. The names of the RBL parameters haven't changed yet.
-
-The permit_mx_backup feature has changed. It now accepts mail only
-when the primary MX hosts for the recipient match the networks that
-are specified with the new auth_mx_backup_networks configuration
-parameter. Postfix refuses to accept mail when permit_mx_backup
-is used while auth_mx_backup_networks is not configured. [This
-change was undone with a later release].
-
-You must stop and start Postfix in order to switch between Snapshot
-20010808 and earlier releases. The protocol between Postfix master
-and child processes has changed.
-
-Major changes with snapshot-20010808
-====================================
-
-Specify "disable_verp_bounces = yes" to have Postfix send one
-RFC-standard, non-VERP, bounce report for multi-recipient mail,
-even when VERP style delivery was requested. This reduces the
-explosive behavior of bounces when sending mail to a list.
-
-Finer control over address masquerading. The masquerade_classes
-parameter now controls header and envelope sender and recipient
-addresses. With earlier Postfix versions, address masquerading
-rewrote all addresses except for the envelope recipient.
-
-More rational behavior when a regexp or pcre map entry ends in
-whitespace (i.e. ignore it, instead of not recognizing REJECT).
-
-More rational behavior when multiple hosts in $inet_interfaces
-happen to have a common IP address (i.e. ignore the duplicate
-address, instead of having the Postfix master abort at startup).
-
-Variable coupling between message receiving rates and message
-delivery rates. When the message receiving rate exceeds the message
-delivery rate, an SMTP server will pause for $in_flow_delay seconds
-before accepting a message. This delay gives Postfix a chance
-catch up and access the disk, while still allowing new mail to
-arrive.
-
-This feature is on by default, but currently it has effect only
-when mail arrives via a relatively small number of SMTP clients.
-The code needs further development. It will change but I have not
-enough time now.
-
-The in_flow_delay feature has effect mainly when your system is
-being flooded through a limited number of SMTP connections. This
-is useful for mass-mailing applications, because it can avoid the
-need to hand-tune the optimal rate for sending mail into Postfix.
-
-The in_flow_delay feature has negligible effect when mail arrives
-via many different SMTP connections. With the default limit of 50
-SMTP server processes and with the default $in_flow_delay of 1
-second, the mail inflow is limited to 50 messages per second more
-than the number of messages that are delivered per second. Many
-systems saturate at values much smaller than 50 messages per second.
-
-Incompatible changes with snapshot-20010714
-===========================================
-
-Postfix delivery agents now refuse to create a missing maildir or
-mail spool subdirectory when its parent directory is world writable.
-This is necessary to prevent security problems with maildirs or
-with hashed mailboxes under a world writable mail spool directory.
-
-Major changes with snapshot-20010714
-====================================
-
-No major changes. What changes were made result in more polished
-VERP (variable envelope return path) support and documentation,
-and in updated documentation on how to use Postfix QMQP with the
-ezmlm-idx mailing list manager.
-
-Incompatible changes with snapshot-20010709
-===========================================
-
-This release introduces a new queue file record type that is used
-only for messages that actually use VERP (variable envelope return
-path) support. With this sole exception, the queue file format is
-entirely backwards compatible with previous Postfix releases.
-
-The SMTP client now by default breaks lines > 2048 characters, to
-avoid mail delivery problems with fragile SMTP server software.
-To get the old behavior back, specify "smtp_break_lines = no" in
-the Postfix main.cf file.
-
-With recipient_delimiter=+ (or any character other than -) Postfix
-will now recognize address extensions even with owner-foo+extension
-addresses. This change was necessary to make VERP useful for mailing
-list bounce processing.
-
-Major changes with snapshot-20010709
-====================================
-
-QMQP server support, so that Postfix can be used as a backend mailer
-for the ezmlm-idx mailing list manager. You still need qmail to
-drive ezmlm and to process mailing list bounces. The QMQP service
-is disabled by default. To enable, follow the instructions in the
-QMQP_README file.
-
-VERP (variable envelope return path) support. This is enabled by
-default. See the VERP_README file for instructions. These instructions
-need more examples for how to process bounces automatically.
-
-You can now reject unknown virtual(8) recipients at the SMTP port
-by specifying a "domain.name whatever" entry in the tables specified
-with virtual_mailbox_maps, similar to Postfix virtual(5) domains.
-[virtual(8) is the Postfix virtual delivery agent, virtual(5) is
-the Postfix virtual map. The two implement virtual domains in a
-very different manner.]
-
-Specify "mail_spool_directory = /var/mail/" (note the trailing "/"
-character) to enable maildir format for /var/mail/username.
-
-Incompatible changes with snapshot-20010610
-===========================================
-
-The Postfix pipe delivery agent no longer automatically case-folds
-the expansion of $user, $extension or $mailbox command-line macros.
-Specify the 'u' flag to get the old behavior.
-
-Major changes with snapshot-20010610
-====================================
-
-This release includes a workaround for a bug in old versions of
-the CISCO PIX firewall software that caused mail to be resent
-repeatedly to systems behind such a product.
-
-The pipe mail delivery agent now supports proper quoting of white
-space and other special characters in the expansions of the $sender
-and $recipient command-line macros. This was necessary for correct
-operation of the "simple" content filter, and is also recommended
-for delivery via UUCP or BSMTP.
-
-The pipe mail delivery agent now supports case folding the localpart
-and/or domain part of expansions of the $nexthop, $recipient, $user,
-$extension or $mailbox command-line macros. This is recommended
-for mail delivery via UUCP. Bug: $nexthop is always case folded
-because of problems in the queue manager code.
-
-Incompatible changes with snapshot-20010525
-===========================================
-
-As per RFC 2821, the Postfix SMTP client now always sends EHLO at
-the beginning of an SMTP session. Specify "smtp_always_send_ehlo
-= no" for the old behavior, which is to send EHLO only when the
-server greeting banner contains the word ESMTP.
-
-As per RFC 2821, an EHLO command in the middle of an SMTP session
-resets the Postfix SMTP server state just like RSET. This behavior
-cannot be disabled.
-
-The postfix-script file has changed: "postfix start" no longer does
-a "find" on all Postfix directories for core files; instead, the
-postsuper command now finds and renames all queue files whose names
-do not match their message file inode number.
-
-Major changes with snapshot-20010525
-====================================
-
-This release contains many little revisions of little details in
-the light of the new RFC 2821 and RFC 2822 standards. Changes that
-may affect interoperability are listed above under "incompatible
-changes". Other little details are discussed in comments in the
-source code.
-
-The postsuper queue maintenance tool now renames files whose name
-(queue ID) does not match the message file inode number. This is
-necessary after a Postfix mail queue is restored from another
-machine or from backups. The feature is selected with the -s
-option, which is the default.
-
-The postsuper queue maintenance tool has a new -r (requeue) option
-for subjecting some or all queue files to another iteration of
-address rewriting. This is useful after the virtual or canonical
-maps have changed.
-
-The postsuper queue maintenance tool was extended with options to
-read queue IDs from standard input. This makes the tool easier to
-drive from scripts.
-
-Major changes with snapshot-20010502
-====================================
-
-This snapshot release incorporates all the bugfixes of patch 02
-for the official Postfix release 20010228, and adds a few minor
-features.
-
-The Postfix SMTP client now by default randomly shuffles destination
-IP addresses of equal preference (whether obtained via MX lookup
-or otherwise). Reportedly, this is needed for sites that use
-Bernstein's dnscache program. Specify "smtp_randomize_addresses =
-no" to disable this behavior. Based on shuffling code by Aleph1.
-
-"postmap -q -" and "postmap -d -" read key values from standard
-input, which makes it easier to drive them from another program.
-The same feature was added to the postalias command.
-
-The postsuper command now has an option to delete queue files. In
-principle this command can be used while Postfix is running, but
-there is a possibility of deleting the wrong queue file when Postfix
-deletes a queue file and reuses the queue ID for a new message.
-In that case, postsuper will delete the new message.
-
-Incompatible changes with snapshot-20010329
-===========================================
+- New postfix-files database (in /etc/postfix) with (pathname,
+ owner, permission) information about all Postfix-related files.
+
+- New postfix-install script replaces the awkward INSTALL.sh script.
+ This is driven by the postfix-files database. It has better
+ support for building packages for distribution to other systems.
+ See PACKAGE_README for details.
+
+- New post-install script (in /etc/postfix) for post-installation
+ maintenance of directory/file permissions and ownership (this is
+ used by "postfix check"). Example:
+
+ # postfix stop
+ # post-install set-permissions mail_owner=username setgid_group=groupname
+ # postfix start
+
+[snapshot-20020106] Postfix will not run if it detects that the
+postfix user or group ID are shared with other accounts on the
+system. The checks aren't exhaustive (that would be too resource
+consuming) but should be sufficient to encourage packagers and
+developers to do the right thing. To fix the problem, use the above
+post-install command, after you have created the appropriate new
+mail_owner or setgid_group user or group IDs.
+
+[snapshot-20020106] If you run multiple Postfix instances on the
+same machine you now have to specify their configuration directories
+in the default main.cf file as "alternate_config_directories =
+/dir1 /dir2 ...". Otherwise, some Postfix commands will no longer
+work: the set-group ID postdrop command for mail submission and
+the set-group ID postqueue command for queue listing/flushing.
+
+[snapshot-20010808] The default setting for the maps_rbl_domains
+parameter is now "empty", because mail-abuse.org has become a
+subscription-based service. The names of the RBL parameters haven't
+changed.
+
+[snapshot-20020106] Postfix SMTP access maps will no longer return
+OK for non-local multi-domain recipient mail addresses (user@dom1@dom2,
+user%dom1@dom2, etcetera); the lookup now returns DUNNO (undetermined).
+Non-local multi-domain recipient addresses were already prohibited
+from matching the permit_mx_backup and the relay_domains-based
+restrictions.
+
+[snapshot-20011210] Stricter checking of Postfix chroot configurations.
+The Postfix startup procedure now warns if "system" directories
+(etc, bin, lib, usr) under the Postfix top-level queue directory
+are not owned by the super-user (usually the result of well-intended,
+but misguided, applications of "chown -R postfix /var/spool/postfix).
+
+[snapshot-20011008] The Postfix SMTP server now rejects requests
+with a generic "try again later" status (451 Server configuration
+error) when it detects an error in smtp_{client, helo, sender,
+recipient, etrn}_restrictions settings. More details about the
+problem are logged to the syslogd; sending such information to
+random clients would be inappropriate.
+
+[snapshot-20011008] Postfix no longer flushes the entire mail queue
+after receiving an ETRN request for a random domain name. Requests
+for domains that do not match $fast_flush_domains are now rejected
+instead.
+
+[snapshot-20011226] Postfix configuration file comments no longer
+continue on the next line when that next line starts with whitespace.
+This change avoids surprises, but it may cause unexpected behavior
+with existing, improperly formatted, configuration files. Caveat
+user. Comment lines are allowed to begin with whitespace. Multi-line
+input is no longer terminated by a comment line, by an all whitespace
+line, or by an empty line.
+
+[snapshot-20010714] Postfix delivery agents now refuse to create
+a missing maildir or mail spool subdirectory when its parent
+directory is world writable. This is necessary to prevent security
+problems with maildirs or with hashed mailboxes under a world
+writable mail spool directory.
+
+[snapshot-20010525] As per RFC 2821, the Postfix SMTP client now
+always sends EHLO at the beginning of an SMTP session. Specify
+"smtp_always_send_ehlo = no" for the old behavior, which is to send
+EHLO only when the server greeting banner contains the word ESMTP.
+
+[snapshot-20010525] As per RFC 2821, an EHLO command in the middle
+of an SMTP session resets the Postfix SMTP server state just like
+RSET. This behavior cannot be disabled.
+
+[snapshot-20010709] The SMTP client now by default breaks lines >
+2048 characters, to avoid mail delivery problems with fragile SMTP
+server software. To get the old behavior back, specify "smtp_break_lines
+= no" in the Postfix main.cf file.
+
+[snapshot-20010709] With recipient_delimiter=+ (or any character
+other than -) Postfix will now recognize address extensions even
+with owner-foo+extension addresses. This change was necessary to
+make VERP useful for mailing list bounce processing.
+
+[snapshot-20010610] The Postfix pipe delivery agent no longer
+automatically case-folds the expansion of $user, $extension or
+$mailbox command-line macros. Specify the 'u' flag to get the old
+behavior.
+
+[snapshot-20011210] The Postfix sendmail command no longer exits
+with status 1 when mail submission fails, but instead returns a
+sendmail-compatible status code as defined in /usr/include/sysexits.h.
+
+Major changes with Postfix version 1.1.0 (Released 20020117)
+============================================================
+
+Changes are listed in order of decreasing importance, not release
+date.
+
+The nqmgr queue manager is now bundled with Postfix. It implements
+a smarter scheduling strategy that allows ordinary mail to slip
+past mailing list mail, resulting in better response. This queue
+manager is expected to become the default queue manager shortly.
+
+[snapshot-20010709, snapshot-20010808] VERP (variable envelope
+return path) support. This is enabled by default, including in
+the SMTP server. See the VERP_README file for instructions. Specify
+"disable_verp_bounces = yes" to have Postfix send one RFC-standard,
+non-VERP, bounce report for multi-recipient mail, even when VERP
+style delivery was requested. This reduces the explosive behavior
+of bounces when sending mail to a list.
+
+[snapshot-20010709] QMQP server support, so that Postfix can be
+used as a backend mailer for the ezmlm-idx mailing list manager.
+You still need qmail to drive ezmlm and to process mailing list
+bounces. The QMQP service is disabled by default. To enable, follow
+the instructions in the QMQP_README file.
+
+[snapshot-20010709] You can now reject unknown virtual(8) recipients
+at the SMTP port by specifying a "domain.name whatever" entry in
+the tables specified with virtual_mailbox_maps, similar to Postfix
+virtual(5) domains. [virtual(8) is the Postfix virtual delivery
+agent, virtual(5) is the Postfix virtual map. The two implement
+virtual domains in a very different manner.]
+
+[snapshot-20011121] Configurable host/domain name wildcard matching
+behavior: choice between "pattern `domain.name' matches string
+`host.domain.name'" (this is to be deprecated in the future) and
+"pattern `.domain.name' matches string `host.domain.name'" (this
+is to be preferred in the future). The configuration parameter
+"parent_domain_matches_subdomains" specifies which Postfix features
+use the behavior that will become deprecated.
+
+[snapshot-20010808] Variable coupling between message receiving
+rates and message delivery rates. When the message receiving rate
+exceeds the message delivery rate, an SMTP server will pause for
+$in_flow_delay seconds before accepting a message. This delay
+gives Postfix a chance catch up and access the disk, while still
+allowing new mail to arrive. This feature currently has effect
+only when mail arrives via a small number of SMTP clients.
+
+[snapshot-20010610, snapshot-20011121, snapshot-20011210] Workarounds
+for a bug in old versions of the CISCO PIX firewall software that
+caused mail to be resent repeatedly. The workaround has no effect
+for other mail deliveries. The workaround is turned off when mail
+is queued for less than $smtp_pix_workaround_threshold_time seconds
+(default: 500 seconds) so that the workaround is normally enabled
+only for deferred mail. The delay before sending .<CR><LF> is now
+controlled by the $smtp_pix_workaround_delay_time setting (default:
+10 seconds).
+
+[snapshot-20011226] Postfix will now do null address lookups in
+SMTPD access maps. If your access maps cannot store or look up
+null string key values, specify "smtpd_null_access_lookup_key =
+<>" and the null sender address will be looked up as <> instead.
+
+[snapshot-20011210] More usable virtual delivery agent, thanks to
+a new "static" map type by Jeff Miller that always returns its map
+name as the lookup result. This eliminates the need for per-recipient
+user ID and group ID tables. See the VIRTUAL_README file for more
+details.
+
+[snapshot-20011125] Anti-sender spoofing. New main.cf parameter
+smtpd_sender_login_maps that specifies the (SASL) login name that
+owns a MAIL FROM sender address. Specify a regexp table in order
+to require a simple one-to-one mapping. New SMTPD restriction
+reject_sender_login_mismatch that refuses a MAIL FROM address when
+$smtpd_sender_login_maps specifies an owner but the client is not
+(SASL) logged in as the MAIL FROM address owner, or when a client
+is (SASL) logged in but does not own the address according to
+$smtpd_sender_login_maps.
+
+[snapshot-20011121] The mailbox_command_maps parameter allows you
+to configure the external delivery command per user (local delivery
+agent only). This feature has precedence over the mailbox_command
+and home_mailbox settings.
+
+[snapshot-20011121] New "warn_if_reject" smtpd UCE restriction that
+only warns if the restriction that follows would reject mail. Look
+for file records that contain the string "reject_warning".
+
+[snapshot-20011127] New header/body_check result "WARN" to make
+Postfix log a warning about a header/body line without rejecting
+the content.
+
+[snapshot-20011103] In header/body_check files, REJECT can now be
+followed by text that is sent to the originator. That feature was
+stuck waiting for years, pending the internal protocol revision.
+
+[snapshot-20011008] The permit_mx_backup feature allows you to
+specify network address blocks via the permit_mx_backup_networks
+parameter. This requires that the primary MX hosts for the given
+destination match the specified network blocks. When no value is
+given for permit_mx_backup_networks, Postfix will accept mail
+whenever the local MTA is listed in the DNS as an MX relay host
+for a destination, even when you never gave permission to do so.
+
+[snapshot-20010709] Specify "mail_spool_directory = /var/mail/"
+(note the trailing "/" character) to enable maildir format for
+/var/mail/username.
+
+[snapshot-20010808] Finer control over address masquerading. The
+masquerade_classes parameter now controls header and envelope sender
+and recipient addresses. With earlier Postfix versions, address
+masquerading rewrote all addresses except for the envelope recipient.
+
+[snapshot-20010610] The pipe mail delivery agent now supports proper
+quoting of white space and other special characters in the expansions
+of the $sender and $recipient command-line macros. This was necessary
+for correct operation of the "simple" content filter, and is also
+recommended for delivery via UUCP or BSMTP.
+
+[snapshot-20010610] The pipe mail delivery agent now supports case
+folding the localpart and/or domain part of expansions of the
+$nexthop, $recipient, $user, $extension or $mailbox command-line
+macros. This is recommended for mail delivery via UUCP. Bug: $nexthop
+is always case folded because of problems in the queue manager
+code.
+
+[snapshot-20010525] This release contains many little revisions of
+little details in the light of the new RFC 2821 and RFC 2822
+standards. Changes that may affect interoperability are listed
+above under "incompatible changes". Other little details are
+discussed in comments in the source code.
+
+[snapshot-20010502] The Postfix SMTP client now by default randomly
+shuffles destination IP addresses of equal preference (whether
+obtained via MX lookup or otherwise). Reportedly, this is needed
+for sites that use Bernstein's dnscache program. Specify
+"smtp_randomize_addresses = no" to disable this behavior. Based on
+shuffling code by Aleph1.
+
+[snapshot-20011127] New parameter smtpd_noop_commands to specify
+a list of commands that the Postfix SMTP server treats as NOOP
+commands (no syntax check, no state change). This is a workaround
+for misbehaving clients that send unsupported commands such as
+ONEX.
+
+[snapshot-20010502] "postmap -q -" and "postmap -d -" read key
+values from standard input, which makes it easier to drive them
+from another program. The same feature was added to the postalias
+command.
+
+[snapshot-20010502] The postsuper command now has a command-line
+option to delete queue files. In principle this command can be
+used while Postfix is running, but there is a possibility of deleting
+the wrong queue file when Postfix deletes a queue file and reuses
+the queue ID for a new message. In that case, postsuper will delete
+the new message.
+
+[snapshot-20010525] The postsuper queue maintenance tool now renames
+files whose name (queue ID) does not match the message file inode
+number. This is necessary after a Postfix mail queue is restored
+from another machine or from backups. The feature is selected with
+the -s option, which is the default, and runs whenever Postfix is
+started.
+
+[snapshot-20010525] The postsuper queue maintenance tool has a new
+-r (requeue) option for subjecting some or all queue files to
+another iteration of address rewriting. This is useful after the
+virtual or canonical maps have changed.
+
+[snapshot-20010525] The postsuper queue maintenance tool was extended
+with options to read queue IDs from standard input. This makes the
+tool easier to drive from scripts.
+
+[snapshot-20010329] Better support for running multiple Postfix
+instances on one machine. Each instance can be recognized by its
+logging (defaults: "syslog_name = postfix", "syslog_facility =
+mail").
+
+Major incompatible changes with release-20010228 Patch 01 (a.k.a. Postfix 1.0.1)
+================================================================================
This release changes the names of the "fast ETRN" logfiles with
delayed mail per destination. These files are maintained by the
-q". The old "fast ETRN" logfiles go away by themselves (default:
after 7 days).
-Major changes with snapshot-20010329
-====================================
+Major incompatible changes with release-20010228 (a.k.a. Postfix 1.0.0)
+=======================================================================
-Better support for sites that run multiple Postfix instances on
-one machine. Each instance can now be recognized by its logging
-(default: "syslog_name = postfix"). File: global/mail_task.c.
+[snapshot-20010225] POSTFIX NO LONGER RELAYS MAIL FOR CLIENTS IN
+THE ENTIRE CLASS A/B/C NETWORK. To get the old behavior, specify
+"mynetworks_style = class" in the main.cf file. The default
+(mynetworks_style = subnet) is to relay for clients in the local
+IP subnet. See conf/main.cf.
-Workaround for nqmgr panic due to a race condition that was introduced
-with the asynchronous bounce client.
+[snapshot-20001005, snapshot-20010225] You must execute "postfix
+stop" before installing this release. Some recommended parameter
+settings have changed, and a new entry must be added to the master.cf
+file before you can start Postfix again.
-Workaround for hostile socket implementations that discard data
-when a client closes a socket before the server reads the client
-data. Postfix now closes the client socket in a background thread
-that waits until the server closes the socket first.
+1 - The recommended Postfix configuration no longer uses flat
+ directories for the "incoming" "active", "bounce", and "defer"
+ queue directories. The "flush" directory for the new "flush"
+ service directory should not be flat either.
-Incompatible changes with snapshot-20010225
-===========================================
+ Upon start-up, Postfix checks if the hash_queue_names configuration
+ parameter is properly set up, and will add any queue directory
+ names that are missing.
+
+2 - In order to improve performance of one-to-one mail deliveries
+ the queue manager will now look at up to 10000 queue files
+ (was: 1000). The default qmgr_message_active_limit setting
+ was changed accordingly.
-POSTFIX NO LONGER RELAYS MAIL FOR CLIENTS IN THE ENTIRE CLASS A/B/C
-NETWORK. To get the old behavior, specify "mynetworks_style = class"
-in the main.cf file. The default (mynetworks_style = subnet) is to
-relay for clients in the local IP subnet. See conf/main.cf.
+ If you have a non-default qmgr_message_active_limit in main.cf,
+ you may want adjust it.
-Incompatible changes with snapshot-20010222
-===========================================
+3 - The new "flush" service needs to be configured in master.cf.
-The incoming and deferred queue directories are now hashed by
-default. This improves the performance considerably under heavy
-load, at the cost of a small but noticeable slowdown when one runs
-"mailq" on an unloaded system.
+ Upon start-up, Postfix checks if the new "flush" service is
+ configured in the master.cf file, and will add an entry if it
+ is missing.
-Postfix no longer automatically delivers recipients one at a time
-when their domain is listed in $mydestination. This change solves
-delivery performance problems with delivery via LMTP, with virus
-scanning, and with firewall relays that forward all mail for
-$mydestination to an inside host.
+Should you wish to back out to a previous Postfix release there is
+no need to undo the above queue configuration changes.
+
+[snapshot-20000921] The protocol between queue manager and delivery
+agents has changed. This means that you cannot mix the Postfix
+queue manager or delivery agents with those of Postfix versions
+prior to 20000921. This change does not affect Postfix queue file
+formats.
+
+[snapshot-20000529] This release introduces an incompatible queue
+file format change ONLY when content filtering is enabled (see text
+in FILTER_README). Old Postfix queue files will work fine, but
+queue files with the new content filtering info will not work with
+Postfix versions before 20000529. Postfix logs a warning and moves
+incompatible queue files to the "corrupt" mail queue subdirectory.
+
+Minor incompatible changes with release-20010228
+================================================
+
+[snapshot-20010225] The incoming and deferred queue directories
+are now hashed by default. This improves the performance considerably
+under heavy load, at the cost of a small but noticeable slowdown
+when one runs "mailq" on an unloaded system.
+
+[snapshot-20010222] Postfix no longer automatically delivers
+recipients one at a time when their domain is listed in $mydestination.
+This change solves delivery performance problems with delivery via
+LMTP, with virus scanning, and with firewall relays that forward
+all mail for $mydestination to an inside host.
The "one recipient at a time" delivery behavior is now controlled
by the per-transport recipient limit (xxx_destination_recipient_limit,
to the same domain. This is the default behavior for all other
Postfix delivery agents.
-The default settings are: local_destination_recipient_limit = 1,
-local_destination_concurrency_limit = 2. Other delivery transports
-have default recipient limits (50) and have default per-destination
-concurrency limits (10).
-
-Major changes with snapshot-20010202
-====================================
-
-The mailbox file size limits for the local and virtual delivery
-agents can be disabled by setting mailbox_size_limit and/or
-virtual_mailbox_limit to zero.
-
-Incompatible changes with snapshot-20010128
-===========================================
-
-If this release does not work for you, you can go back to a previous
-Postfix version without losing your mail, subject to the "incompatible
-changes" listed for previous Postfix releases below.
-
-REJECT in header/body_checks is now flagged as policy violation
-rather than bounce, for consistency in postmaster notifications.
-
-New mailbox size limit for local delivery (default: 50MBytes). This
-limit affects all file write access by the local delivery agent or
-by a process run by the local delivery agent. The purpose of this
-parameter is to act as a safety for run-away software. It cannot
-be a substitute for a file quota management system.
-
-The default RBL (real-time blackhole lists) domain examples have
-been updated from *.vix.com to *.mail-abuse.org.
-
-Major changes with snapshot-20010128
-====================================
-
-Updated nqmgr (experimental queue manager with clever queuing
-strategy) by Patrik Rak. This code is still new. Once it stops
-changing (for a long time!) it will become part of the non-beta
-release.
-
-Virtual mailbox delivery agent by Andrew McNamara. This delivery
-agent can deliver mail for any number of domains. See the file
-VIRTUAL_README for detailed examples. This code is still new. Once
-it stops changing it will become part of the non-beta release.
-
-Many "valid_hostname" warnings were eliminated. The warnings that
-were not eliminated were replaced by something more informative.
-
-SASL support (RFC 2554) for the LMTP delivery agent. This is required
-by recent Cyrus implementations when delivering mail over TCP
-sockets. The LMTP_README file has been updated but still contains
-some obsolete information.
-
-Workarounds for non-standard RFC 2554 (AUTH command) implementations.
-Specify "broken_sasl_auth_clients = yes" to enable SMTP server
-support for old Microsoft client applications. The Postfix SMTP
-client supports non-standard RFC 2554 servers by default.
-
-Major changes with snapshot-20001217
-====================================
-
-This release involves little change in functionality and a lot of
-small changes to lots of files. The code is put out as a separate
-snapshot release so that I have a tested baseline for further work.
-
-All time-related configuration parameters now accept a one-letter
-suffix to indicate the time unit (s: second, m: minute, h: hour,
-d: day, w: week). The exceptions are the LDAP and MYSQL modules
-which are maintained separately.
+[snapshot-20010128] The Postfix local delivery agent now enforces
+mailbox file size limits (default: mailbox_size_limit = 51200000).
+This limit affects all file write access by the local delivery
+agent or by a process run by the local delivery agent. The purpose
+of this parameter is to act as a safety for run-away software. It
+cannot be a substitute for a file quota management system. Specify
+a limit of 0 to disable.
+
+[snapshot-20010128] REJECT in header/body_checks is now flagged as
+policy violation rather than bounce, for consistency in postmaster
+notifications.
+
+[snapshot-20010128] The default RBL (real-time blackhole lists)
+domain examples have been changed from *.vix.com to *.mail-abuse.org.
+
+[snapshot-20001210] Several interfaces of libutil and libglobal
+routines have changed. This may break third-party code written
+for Postfix. In particular, the safe_open() routine has changed,
+the way the preferred locking method is specified in the sys_defs.h
+file, as well as all routines that perform file locking. When
+compiling third-party code written for Postfix, the incompatibilities
+will be detected by the compiler provided that #include file
+dependencies are properly maintained.
+
+[snapshot-20001210] When delivering to /file/name (as directed in
+an alias or .forward file), the local delivery agent now logs a
+warning when it is unable to create a /file/name.lock file. Mail
+is still delivered as before.
+
+[snapshot-20001210] The "sun_mailtool_compatibility" feature is
+going away (a compatibility mode that turns off kernel locks on
+mailbox files). It still works, but a warning is logged. Instead
+of using "sun_mailtool_compatibility", specify the mailbox locking
+strategy as "mailbox_delivery_lock = dotlock".
+
+[snapshot-20001210] The Postfix SMTP client now skips SMTP server
+replies that do not start with "CODE SPACE" or with "CODE HYPHEN"
+and flags them as protocol errors. Older Postfix SMTP clients
+silently treated "CODE TEXT" as "CODE SPACE TEXT", i.e. as a valid
+SMTP reply.
+
+[snapshot-20001121] On RedHat Linux 7.0, you must install the
+db3-devel RPM before you can compile the Postfix source code.
+
+[snapshot-20000924] The postmaster address in the "sorry" text at
+the top of bounced mail is now just postmaster, not postmaster@machine.
+The idea is to refer users to their own postmaster.
+
+[snapshot-20000921] The notation of [host:port] in transport tables
+etc. is going away but it is still supported. The preferred form
+is now [host]:port. This change is necessary to support IPV6
+address forms which use ":" as part of a numeric IP address. In a
+future release, Postfix will log a warning when it encounters the
+[host:port] form.
+
+[snapshot-20000921] In mail headers, Errors-To:, Reply-To: and
+Return-Receipt: addresses are now rewritten as a sender address
+(was: recipient).
+
+[snapshot-20000921] Postfix no longer inserts Sender: message
+headers.
+
+[snapshot-20000921] The queue manager now logs the original number
+of recipients when opening a queue file (example: from=<>, size=3502,
+nrcpt=1).
+
+[snapshot-20000921] The local delivery agent no longer appends a
+blank line to mail that is delivered to external command.
+
+[snapshot-20000921] The pipe delivery agent no longer appends a
+blank line when the F flag is specified (in the master.cf file).
+Specify the B flag if you need that blank line.
+
+[snapshot-20000507] As required by RFC 822, Postfix now inserts a
+generic destination message header when no destination header is
+present. The text is specified via the undisclosed_recipients_header
+configuration parameter (default: "To: undisclosed-recipients:;").
+
+[snapshot-20000507] The Postfix sendmail command treats a line with
+only `.' as the end of input, for the sake of sendmail compatibility.
+To disable this feature, specify the sendmail-compatible `-i' or
+`-oi' flags on the sendmail command line.
+
+[snapshot-20000507] For the sake of Sendmail compatibility, the
+Postfix SMTP client skips over SMTP servers that greet with a 4XX
+or 5XX reply code, treating them as unreachable servers. To obtain
+prior behavior (4XX=retry, 5XX=bounce), specify "smtp_skip_4xx_greeting
+= no" and "smtp_skip_5xx_greeting = no".
+
+Major changes with release-20010228
+===================================
-The mysql client was partially rewritten in order to elimimate some
-memory allocation/deallocation problems. The code needs more work,
-and needs to be tested in a real production environment.
+Postfix produces DSN formatted bounced/delayed mail notifications.
+The human-readable text still exists, so that users will not have
+to be unnecessarily confused by all the ugliness of RFC 1894. Full
+DSN support will be later.
-The local_transport and default_transport configuration parameters
-can now be specified in transport:destination notation, just like
-the mailbox_transport and fallback_transport parameters. The
-:destination part is optional. However, these parameters take only
-one destination, unlike relayhost and fallback-relay which take
-any number of destinations.
+This release introduces full content filtering through an external
+process. This involves an incompatible change in queue file format.
+Mail is delivered to content filtering software via an existing
+mail delivery agent, and is re-injected into Postfix via an existing
+mail submission agent. See examples in the FILTER_README file.
+Depending on how the filter is implemented, you can expect to lose
+a factor of 2 to 4 in delivery performance of SMTP transit mail,
+more if the content filtering software needs lots of CPU or memory.
-Incompatible changes with snapshot-20001210
-===========================================
+Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick
+and dirty emergency content filter that looks at non-header lines
+one line at a time (including MIME headers inside the message body).
+Details in conf/sample-filter.cf.
-If this release does not work for you, you can go back to a previous
-Postfix version without losing your mail, subject to the "incompatible
-changes" listed for previous Postfix releases below.
-
-When delivering to /file/name (as directed in an alias or .forward
-file), the local delivery agent now logs a warning when it is unable
-to create a /file/name.lock file. Mail is still delivered as before.
-
-The "sun_mailtool_compatibility" feature is going away (a compatibility
-mode that turns off kernel locks on mailbox files). It still works,
-but a warning is logged. Instead of using "sun_mailtool_compatibility",
-specify the mailbox locking strategy as "mailbox_delivery_lock =
-dotlock".
-
-The Postfix SMTP client now skips SMTP server replies that do not
-start with "CODE SPACE" or with "CODE HYPHEN" and flags them as
-protocol errors. Older Postfix SMTP clients silently treated "CODE
-TEXT" as "CODE SPACE TEXT", i.e. as a valid SMTP reply.
-
-This snapshot does not yet change default relay settings. That
-change alone affects a dozen files, most of which documentation.
-This may be an incompatibility with some people's expectations,
-but such are my rules - between code freeze and release no major
-functionality changes are allowed.
-
-Several interfaces of libutil and libglobal routines have changed.
-This may break third-party code written for Postfix. In particular,
-the safe_open() routine has changed, the way the preferred locking
-method is specified in the sys_defs.h file, as well as all routines
-that perform file locking. When compiling third-party code written
-for Postfix, the incompatibilities will be detected by the compiler
-provided that #include file dependencies are properly maintained.
-
-Major changes with snapshot-20001210
-====================================
+The header_checks and body_checks features can be used to strip
+out unwanted data. Specify IGNORE on the right-hand side and the
+data will disappear from the mail.
-This snapshot includes bugfixes that were already released as
-patches 12 and 13 for the 19991231 "stable" release:
+Support for SASL (RFC 2554) authentication in the SMTP server and
+in the SMTP and LMTP clients. See the SASL_README file for more
+details. This file still needs better examples.
- - The queue manager could deadlock for 10 seconds when bouncing
- mail under extreme load from one-to-one mass mailings.
+Postfix now ships with an LMTP delivery agent that can deliver over
+local/remote TCP sockets and over local UNIX-domain sockets. The
+LMTP_README file gives example, but still needs to be revised.
- - Local delivery performance was substandard, because the per-user
- concurrency limit accidentally applied to the entire local
- domain.
+Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination
+logfiles with information about what mail is queued for selected
+destinations. See the file ETRN_README for details.
The mailbox locking style is now fully configurable at runtime.
The new configuration parameter is called "mailbox_delivery_lock".
all mailbox and all "/file/name" deliveries by the Postfix local
delivery agent.
-The new "import_environment" and "export_environment" configuration
-parameters now provide explicit control over what environment
-variables Postfix will import, and what environment variables
-Postfix will pass on to a non-Postfix process. This is better than
-hard-coding my debugging environment into public releases.
+Minor changes with release-20010228
+===================================
+
+You can now specify multiple SMTP destinations in the relayhost
+and fallback_relay configuration parameters. The destinations are
+tried in the specified order. Specify host or host:port (perform
+MX record lookups), [host] or [host]:port (no MX record lookups),
+[address] or [address]:port (numerical IP address).
The "mailbox_transport" and "fallback_transport" parameters now
understand the form "transport:nexthop", with suitable defaults
Postfix transport map. This allows you to specify for example,
"mailbox_transport = lmtp:unix:/file/name".
-The MYSQL client now supports server connections over UNIX-domain
-sockets. Code provided by Piotr Klaban. See the file MYSQL_README
-for examples of "host" syntax.
-
-Incompatible changes with snapshot-20001121
-===========================================
-
-If this release does not work for you, you can go back to a previous
-Postfix version without losing your mail, subject to the "incompatible
-changes" listed for previous Postfix releases below.
-
-Major changes with snapshot-20001121
-====================================
-
-Support for RedHat Linux 7.0. On RedHat Linux 7.0, you must install
-the db3-devel RPM before you can compile the Postfix source code.
-
-The mailbox_transport feature works again. It was broken when the
-"require_home_directory" feature was added.
+The local_transport and default_transport configuration parameters
+can now be specified in transport:destination notation, just like
+the mailbox_transport and fallback_transport parameters. The
+:destination part is optional. However, these parameters take only
+one destination, unlike relayhost and fallback-relay which take
+any number of destinations.
More general virtual domain support. Postfix now supports both
Sendmail-style virtual domains and Postfix-style virtual domains.
are testing configurations. Until this release the SMTP server was
not aware of soft bounces.
-Incompatible changes with snapshot-20001029
-===========================================
-
-If this release does not work for you, you can go back to a previous
-Postfix version without losing your mail, subject to the "incompatible
-changes" listed for previous Postfix releases below.
-
-Berkeley DB support has changed for Solaris, HP-UX, UNIXWARE, IRIX.
-On these systems, Postfix must no longer use DB 1.85 compatibility
-mode, because that mode loses the file lock while building a table,
-so that table lookups fail and mail is lost. See the DB_README file
-for instructions on how to build Postfix with third-party Berkeley
-DB support.
-
-The "fast ETRN" policy configuration has changed. You now specify
-the list of eligible "fast ETRN" domains with the fast_flush_domains
-parameter (default: $relay_domains). In order to disable the feature,
-specify an empty value (fast_flush_domains =).
-
-Major changes with snapshot-20001029
-====================================
-
-This release ships with an updated LDAP client module that has better
-group support by Lamont Jones, and that has several other enhancements.
-Review the LDAP_README file for more information.
-
-The LMTP client can now make connections over UNIX-domain sockets
-in addition to IPV4. For connections over UNIX-domain sockets,
-specify a transport table entry like:
-
- domain.name lmtp:unix:/path/name
-
-IPV4-based servers are still the default. The LMTP_README file
-still needs to be revised to account for this change. This is
-best done by someone who actually uses the Postfix LMTP client.
-
-You can now specify multiple SMTP destinations in the relayhost
-and fallback_relay configuration parameters. The destinations are
-tried in the specified order. Specify host or host:port (perform
-MX record lookups), [host] or [host]:port (no MX record lookups),
-[address] or [address]:port (numerical IP address).
-
-Incompatible changes with snapshot-20001005
-===========================================
-
-If this release does not work for you, you can go back to a previous
-Postfix version without losing your mail, subject to the "incompatible
-changes" listed for previous Postfix releases below.
-
-You must execute "postfix stop" before installing this release.
-Some recommended parameter settings have changed, and a new entry
-must be added to the master.cf file before you can start Postfix
-again.
-
-1 - The recommended Postfix configuration no longer uses flat
- directories for the "active", "bounce", and "defer" queue
- directories. The "flush" directory for the new "flush" service
- directory should not be flat either.
-
- Upon start-up, Postfix checks if the hash_queue_names configuration
- parameter is properly set up, and will add any queue directory
- names that are missing.
-
-2 - In order to improve performance of one-to-one mail deliveries
- the queue manager will now look at up to 10000 queue files
- (was: 1000). The default qmgr_message_active_limit setting
- was changed accordingly.
-
- If you have a non-default qmgr_message_active_limit in main.cf,
- you may want adjust it.
-
-3 - The new "flush" service needs to be configured in master.cf.
-
- Upon start-up, Postfix checks if the new "flush" service is
- configured in the master.cf file, and will add an entry if it
- is missing.
+Workarounds for non-standard RFC 2554 (AUTH command) implementations.
+Specify "broken_sasl_auth_clients = yes" to enable SMTP server
+support for old Microsoft client applications. The Postfix SMTP
+client supports non-standard RFC 2554 servers by default.
-Should you wish to back out to a previous Postfix release there is
-no need to undo the above changes.
+All time-related configuration parameters now accept a one-letter
+suffix to indicate the time unit (s: second, m: minute, h: hour,
+d: day, w: week). The exceptions are the LDAP and MYSQL modules
+which are maintained separately.
-Major changes with snapshot-20001005
-====================================
+New "import_environment" and "export_environment" configuration
+parameters provide explicit control over what environment variables
+Postfix will import, and what environment variables Postfix will
+pass on to a non-Postfix process.
In order to improve performance of one-to-one deliveries, Postfix
by default now looks at up to 10000 messages at a time (was: 1000).
-Until now, Postfix did a rather lame effort at implementing the
-SMTP ETRN command - it attempted to deliver all mail in the queue,
-regardless of its destination. This is slow if your mail server
-queues mail for lots of different destinations.
-
-This release introduces fast "ETRN" and "sendmail -qR". These
-deliver only mail that is queued for the specified destination,
-without requiring Postfix to open every file in the mail queue.
-
-Postfix now maintains per-destination logfiles with information
-about what mail is queued for specific destinations. By default,
-these logfiles are maintained only for destinations that Postfix
-is willing to relay to (as controlled by the relay_domains parameter).
-
-The maintenance policy for deferred mail logfiles is selected with
-the "fast_flush_policy" configuration parameter. Possible values
-are: "all" (maintain logs for all destinations), "relay" (maintain
-logs for relay destinations) or "none" (maintain no logs).
-
-Postfix falls back to the old slow ETRN for destinations that are
-not eligible for the fast "ETRN" and "sendmail -qR" service.
-
-See the file ETRN_README for details.
-
-Incompatible changes with snapshot-20000924
-===========================================
-
-The postmaster address in the "sorry" text at the top of bounced
-mail is now just postmaster, not postmaster@sending.machine. The
-idea is to refer users to their own postmaster.
-
-Major changes with snapshot-20000924
-====================================
-
-DSN formatted bounced/delayed mail notifications, finally. The
-human-readable text still exists, so that users will not have to
-be unnecessarily confused by all the ugliness of RFC 1894.
-
-Major changes with snapshot-20000923
-====================================
-
-The nqmgr (experimental smarter queue manager) has been updated.
-It no longer worked after the change in queue manager to delivery
-agent protocol.
-
Specify "syslog_facility = log_local1" etc. to separate the logging
from multiple Postfix instances. However, a non-default logging
facility takes effect only after process initialization. Errors
during command-line parsing are still logged with the default syslog
facility, as are errors while processing the main.cf file.
-Incompatible changes with snapshot-20000921
-===========================================
-
-After "make install" you need to execute "postfix reload". The
-protocol between queue manager and delivery agents has changed.
-This does not affect the format of existing queue files. You just
-cannot mix this Postfix version's queue managers or delivery agents
-with older Postfix versions.
-
-The notation of [host:port] in transport tables etc. is going away
-but it is still supported. The preferred form is now [host]:port.
-This change is necessary to support IPV6 address forms which use
-":" as part of a numeric IP address. In a future release, Postfix
-will log a warning when it encounters the [host:port] form.
-
-In mail headers, Errors-To:, Reply-To: and Return-Receipt: addresses
-are now rewritten as a sender address (was: recipient).
-
-Postfix no longer inserts Sender: message headers.
-
-The queue manager now logs the original number of recipients when
-opening a queue file (example: from=<>, size=3502, nrcpt=1).
-
-The local delivery agent no longer appends a blank line to mail
-that is delivered to external command.
-
-The pipe delivery agent no longer appends a blank line when the F
-flag is specified (in the master.cf file). Specify the B flag if
-you need that blank line.
-
-Major changes with snapshot-20000921
-====================================
-
Postfix now strips out Content-Length: headers in incoming mail to
avoid confusion in mail user agents.
-The header_checks and body_checks features can now be used to strip
-out unwanted data. Specify IGNORE and the data will disappear.
-
Specify "require_home_directory = yes" to prevent mail from being
-delivered to a user whose home directory is not mounted.
+delivered to a user whose home directory is not mounted. This
+feature is implemented by the Postfix local delivery agent.
The pipe mailer has a size limit (size=nnn) command-line argument.
-Incompatible changes with snapshot-20000531
-===========================================
-
-All references to "content inspection" have been replaced by "content
-filtering", in anticipation of hooks for true content inspection
-that does not re-inject mail back into Postfix.
-
-Incompatible changes with snapshot-20000529
-===========================================
-
-This version introduces an incompatible queue file format change
-when content filtering is enabled. Old Postfix queue files will
-work fine, but new queue files with content filtering info will
-not work with old Postfix versions. They log a warning and move
-incompatible queue files to the "corrupt" mail queue subdirectory.
-
-Major changes with snapshot-20000529
-====================================
-
-This version introduces full content filtering through an external
-process. This involves an incompatible change in queue file format.
-Mail is delivered to content filtering software via an existing
-mail delivery agent, and is re-injected into Postfix via an existing
-mail submission agent. See examples in the FILTER_README file.
-Depending on how the filter is implemented, you can expect to lose
-a factor of 2 to 4 in delivery performance of SMTP transit mail,
-more if the content filtering software needs lots of CPU or memory.
-
-Major changes with snapshot-20000528
-====================================
-
-Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick
-and dirty emergency content filter that looks at non-header lines
-one line at a time (including MIME headers inside the message body).
-Details in conf/sample-filter.cf.
-
-This version introduces a new queue manager with a clever scheduler
-by Patrik Rak that allow mailing list deliveries be pre-empted by
-non-list mail, while preserving correct average delivery delays.
-The queue manager is build as nqmgr. It needs further testing.
-
-Major changes with snapshot-20000514
-====================================
-
-LaMont Jones and Patrik Rak reported two different scenarios in
-which pipelined SMTP sessions could time out forever. Postfix now
-automatically flushes delayed SMTP commands/replies to prevent
-sender delays from accumulating too much. For example, client-side
-delays happen when a client does DNS lookups to replace hostname
-aliases in a MAIL FROM or RCPT TO commands; server-side delays
-happen when an UCE restriction involves DNS lookup, or when a server
-generates a tarpit delay.
-
-Incompatible changes with snapshot-20000507
-===========================================
-
-As required by RFC 822, Postfix now inserts a generic destination
-message header when no destination header is present. The text is
-specified via the undisclosed_recipients_header configuration
-parameter (default: "To: undisclosed-recipients:;").
-
-The Postfix sendmail command treats a line with only `.' as
-the end of input, for the sake of sendmail compatibility. To disable
-this feature, specify the sendmail-compatible `-i' or `-oi' flags
-on the sendmail command line.
-
-For the sake of Sendmail compatibility, the Postfix SMTP client
-skips over SMTP servers that greet with a 4XX or 5XX reply code,
-treating them as unreachable servers. To obtain prior behavior
-(4XX=retry, 5XX=bounce), specify "smtp_skip_4xx_greeting = no" and
-"smtp_skip_5xx_greeting = no".
-
-The read/write interface underneath VSTREAMs has been extended with
-parameters that specify a read/write timeout and application context.
-This should make it easier to plug in encryption modules such as TLS.
-
-Major changes with snapshot-20000507
-====================================
-
-Better documentation of Postfix lookup tables, including descriptions
-of how to use regular expressions in Postfix lookup tables.
-
-Updated mysql and LDAP client code with fixes and improvements.
+The pipe delivery agent has a configurable end-of-line attribute.
+Specify "pipe ... eol=\r\n" for delivery mechanisms that require
+CRLF record delimiters. The eol attribute understands the following
+C-style escape sequences: \a \b \f \n \r \t \v \nnn \\.
In master.cf you can selectively override main.cf configuration
parameters, for example: "smtpd -o myhostname=foo.com".
setting in master.cf with "smtp -o smtp_bind_address=x.x.x.x".
For now, you must specify a numeric IP address.
-Preliminary LMTP client support over TCP with connection caching.
-Support for LMTP over UNIX-domain sockets will be added later as
-an enhancement to the transport table syntax. See the LMTP_README
-file for more details.
-
-By the way, LMTP client-side connection caching is a good example
-for how to do the same in the SMTP client.
-
-Preliminary support for SASL authentication, both in the SMTP server
-and in the SMTP client. See the SASL_README file for more details.
-
-The pipe delivery agent has a configurable end-of-line attribute.
-Specify "pipe ... eol=\r\n" for delivery mechanisms that require
-CRLF record delimiters. The eol attribute understands the following
-C-style escape sequences: \a \b \f \n \r \t \v \nnn \\.
-
-Incompatible changes with snapshot-20000309
-===========================================
-
-This release is mainly to have a reference point after reorganizing
-the cleanup daemon, and before adding some major contributions from
-other people.
-
-Major changes with snapshot-20000309
-====================================
-
-Questionable feature: with "smtp_skip_5xx_greeting = yes", Postfix
-emulates behavior found in some other MTAs.
-
Questionable feature: with "smtp_always_send_ehlo = yes", the SMTP
client sends EHLO regardless of the content of the SMTP server's
greeting.
key. This still needs to be generalized to multi-key removal (e.g.,
read keys from stdin).
-The manual pages in Postfix configuration files no longer contain
-troff formatting codes. The text is now generated from prototype
-files in a new "proto" subdirectory.
-
-Incompatible changes with postfix-19991231:
-===========================================
-
-- The SMTP server no longer forwards mail from untrusted clients
-with sender-specified routing (stuff[@%!]stuff[@%!]stuff) through
-destinations that are authorized by the relay_domains parameter.
-This closes a loophole that exploits trust relationships between
-hosts. Example: a trusted backup MX host forwards junk mail to
-a primary MX host which forwards the junk to the Internet. Specify
-"allow_untrusted_routing = yes" to restore the old behavior.
-
-- The SMTP server no longer forwards mail with sender-specified
-routing (stuff[@%!]stuff[@%!]stuff) through destinations that are
-authorized by the permit_mx_backup feature. This change is under
-control by the allow_untrusted_routing parameter discussed above.
-
-- In order to support the above, the data structure and protocol
-of the trivial-rewrite service was changed. This means you must
-re-compile and re-link existing software that uses the Postfix
-resolve_clnt interface.
-
-- As a side effect of the above, an address from an untrusted client
-with @ in the localpart (user@remote@here) no longer bounces with
-"user unknown" but instead is rejected with "relay access denied".
-
-- Incompatible SMTPD access map changes:
-
- An all-numeric right-hand side now means OK. This is for better
- cooperation with out-of-band authentication mechanisms such as
- POP before SMTP etc.
-
- An empty right-hand sides still mean OK, but Postfix will log a
- warning in order to discourage such usage.
-
- You can no longer use virtual, canonical or aliases tables as
- SMTPD access maps. Use the local_recipient_maps feature instead.
-
-- Recipient addresses may no longer begin with `-'. In order to
-get the old behavior, specify "allow_min_user = yes" in main.cf.
-
-- Incompatible transport map changes:
-
- Transport map entries override mydestination. If you use transport
- maps, it is better to always have explicit entries for all domain
- names you have in $mydestination. See the html/faq.html sections
- for firewalls and intranets.
-
- The nexthop information given to a local delivery agent may have
- changed. This information was never intended to be used as a
- next-hop destination.
+Comments in Postfix configuration files no longer contain troff
+formatting codes. The text is now generated from prototype files
+in a new "proto" subdirectory.
Major changes with postfix-19991231:
====================================
+++ /dev/null
-
-one queue per rcpt hurts when delivering to agents that don't
-get stuck on shell commands or mailbox locks
-
-xxx: bounced as yyy (bounced mail); xxx forwarded as zzz (mail
-expanded via :include:).
-
-postconf -f filename
-
-get rid of the relocated feature - perhaps better to bounce recipients
-at the SMTP port.
-
-make sendmail/smtpd/cleanup output directory/fifo configurable
-
-if postdrop scrutinizes input, skip the overhead in the pickup
-daemon.
-
-add a threshold to sendmail etc. stderr logging, so that class
-"info" messages don't go to stderr.
-
-implement an UCE control to accept mail if the sender domain sender
-lists us as MX host (rafal wiosna). By the same token, implement
-a control to accept mail when the client hostname/parent domain
-lists us as their MX host.
-
-received: headers should be generated by the cleanup daemon, and
-client attributes ("with", "from", etc.) should be passed along
-with the message. This guarantees that forwarded/aliased mail gets
-stamped with the queue ID.
-
-toss double-bounce mail even when mail for the local machine is
-redirected to another box. See mail_addr_double_bounce().
-
-remote showq access (cookie in maildrop or print some text to inform
-the user)
-
-defer: explain mail was bounced after N days
-
-multiple rewrite processes?
-
-gethostbyaddr() uses native name services, which can be slow.
-
-can we detect a client that ignores error responses?
-
-way to block inbound mail based on recipient suffix?
-
-can Postfix implement one switchboard instead of having all these
-little lookup tables?
-
-make canonical/virtual/etc. table lookup order configurable
-
-pass on client etc/ attributes along with message to delivery agent
-
-scrutinize file opens in delivery agents just like in qmgr (better:
-open the file and see if someone compromised the vmailer account
-and is racing against us).
-
-suspend/resume signals + master status (suspended/running) in PID
-file. Maybe use FIFO instead. But, that means requests do not
-arrive when the master is stuck.
-
-postedit queue-id command...
-
-more flexible mail queue list command
-
-multiple queues may make ETRN processing less painful because there
-is less delayed mail to plow through.
-
-qmgr: configurable incoming/deferred mixing ratio so we can prioritize
-new mail over old mail
-
-Replace [my.own.ip.addr] by domain name so that delivered-to has
-the desired effect.
-
-Received: header and bounce text will be configurable with ${name}
-macros. This requires that everything must cope with newlines in
-config parameters (including the SMTP greeting bannner, yuck).
-
-Pass along the client hostname/posting user with queue files, to
-be logged by the queue manager.
-
-showq: don't use mail_open_ok() - it assumes coordinated queue
-access.
-
-trivial-rewrite: optionally, use DNS to fully qualify hostnames.
-
-pickup/cleanup/qmgr/local: add options record to control internal
-features such as canonical/virtual mapping, VERPs etcetera.
-
-Add hook for (domain, user database) support. This is needed if
-you have lots of real domains and can't afford a separate master.cf
-delivery agent entry for each domain.
-
-Add support for DBZ databases, using the code from INN. Reportedly,
-GDB handles large numbers of keys poorly.
-
-Change the front-end to cleanup protocol so that the front-end
-sends the expected message size, and so that the cleanup service
-can report if there is enough space. This is useful only for the
-SMTP server, because pickup can't produce bounce requests: the
-bounce service can't read the maildrop file.
-
-On systems with functional UNIX-domain sockets, use that instead
-of FIFOs to trigger the pickup and qmgr services. This allows for
-some coupling between front-end programs and queue manager, so that
-a burst of inbound mail does not lock out the queue manager from
-accessing the queue, causing outbound delivery to stop.
-
-There is a need to run `master' services outside the "master"
-environment, either for testing (new config files) or for production.
-For consistency reasons, programs file names should be taken from
-the master.cf file.
-
- - The showq service. Used by the super user when the mail system
- is down.
-
- - The smtpd service for "sendmail -bs" emulation. Used by some
- mail posting agents. Output to the maildrop, so that messages
- can be posted even when the mail system is down.
-
- - The rewrite engine for "sendmail -bt" emulation, for off-line
- testing of configuration files. Requires a method to override
- the location of the rewriting rules file. Or, perhaps there
- should be an official place (/etc/vmailer/testbed?) for playing
- with config files.
-
-postfix-script: detect and/or build missing alias database. In
-order to do this we must extract the alias_maps parameter from the
-main.cf file, and create any missing files with the right ownerships.
-
-implement the return-receipt-to notification service.
-
-bounce/defer: provide attribute-value interface, for better logging
-(expanded-from etc.) and non-delivery reports.
-
-Maintain per-client short-term host status, so we can slow down
-unreasonable clients
-
-Make archiving delivered mail a REAL option (queue manager). What
-about one archive per day. The magic could be put into the mail
-queue name routines. Just make it aware of the date.
-
-Will the mail system be faster when we avoid moving new messages
-incoming->active? How would one detect the arrival of new files?
-
-pickup: pass file descriptor to cleanup instead of copying data.
-This violates the principle that all front-end programs protect
-the mail system against unreasonably-long inputs.
-
-True ETRN means kick the host out of the queue manager's "dead
-hosts" table & move mail from the "hold" queue for that site to
-the incoming queue.
-
-postfix-script: make sure that each queue file matches its file id
-or we might lose mail.
-
-postfix-script: do database fixups as the unprivileged user
-
-Maintain a pool of pre-allocated queue files, to eliminate file
-creation and deletion overhead.
-#
# ACCESS(5) ACCESS(5)
#
# NAME
# user@ Matches all mail addresses with the specified user
# part.
#
-# Note: lookup of the null sender address may not be possi-
-# ble with all supported types of lookup table. A workaround
-# is to specify smtpd_null_access_lookup_key = <> in the
-# Postfix main.cf file, and to specify <> as the left-hand
-# field in the access table.
+# Note: lookup of the null sender address is not possible
+# with some types of lookup table. By default, Postfix uses
+# <> as the lookup key for such addresses. The value is
+# specified with the workaround is to specify
+# smtpd_null_access_lookup_key parameter in the Postfix
+# main.cf file.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
-# becomes: user+foo@domain, user@domain, domain, user+foo@,
+# ient delimiter (e.g., user+foo@domain), the lookup order
+# becomes: user+foo@domain, user@domain, domain, user+foo@,
# and user@.
#
# HOST NAME/ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, the following
+# networked tables such as NIS, LDAP or SQL, the following
# lookup patterns are examined in the order as listed:
#
# domain.name
# Matches domain.name.
#
-# The pattern domain.name also matches subdomains,
+# The pattern domain.name also matches subdomains,
# but only when the string smtpd_access_maps is
-# listed in the Postfix parent_domain_matches_subdo-
-# mains configuration setting. Otherwise, specify
-# .domain.name (note the initial dot) in order to
+# listed in the Postfix parent_domain_matches_subdo-
+# mains configuration setting. Otherwise, specify
+# .domain.name (note the initial dot) in order to
# match subdomains.
#
# net.work.addr.ess
#
# net.work
#
-# net Matches any host address in the specified network.
-# A network address is a sequence of one or more
+# net Matches any host address in the specified network.
+# A network address is a sequence of one or more
# octets separated by ".".
#
# ACTIONS
# [45]NN text
-# Reject the address etc. that matches the pattern,
+# Reject the address etc. that matches the pattern,
# and respond with the numerical code and text.
#
# REJECT Reject the address etc. that matches the pattern. A
#
# OK Accept the address etc. that matches the pattern.
#
+# all-numerical
+# An all-numerical result is treated as OK. This for-
+# mat is generated by address-based relay authoriza-
+# tion schemes.
+#
# restriction...
# Apply the named UCE restriction(s) (permit, reject,
# reject_unauth_destination, and so on).
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
-# cation, that string is an entire client hostname, an
+# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Actions are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Actions are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1) create mapping table
# regexp_table(5) format of POSIX regular expression tables
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
-# 1
-#
+# ACCESS(5)
#
+# Sample aliases file. Install in the location as specified by the
+# output from the command "postconf alias_maps". Typical path names
+# are /etc/aliases or /etc/mail/aliases.
+#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to Postfix.
# REJECTING UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
-# with all users that are local with respect to $mydestination and
-# $inet_interfaces. If this parameter is defined, then the SMTP server
-# will reject mail for unknown local users.
+# with all names (not addresses) of users that are local with respect
+# to $mydestination and $inet_interfaces. If this parameter is
+# defined, then the SMTP server will reject mail for unknown local
+# users.
#
# If you use the default Postfix local delivery agent for local
# delivery, uncomment the definition below.
#
#local_recipient_maps = $alias_maps unix:passwd.byname
-# If you use both the Postfix local and virtual delivery agents, specify:
-#
-#local_recipient_maps = $alias_maps unix:passwd.byname $virtual_mailbox_maps
-
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
-# flow control. This feature is turned off by default because it
-# needs further development.
+# flow control. This feature is turned on by default, although it
+# still needs further development (it's disabled on SCO UNIX due
+# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
-#in_flow_delay = 1
+#in_flow_delay = 1s
# ADDRESS REWRITING
#
# REJECT text.... The text is sent to the originator.
# IGNORE the header line is silently discarded.
# WARN the header is logged (not rejected) with a warning message.
+# WARN text... as above, and the text is logged, too.
#
# These patterns do not apply to MIME headers in the message body.
#
# Chroot: whether or not the service runs chrooted to the mail queue
# directory (pathname is controlled by the queue_directory configuration
# variable in the main.cf file). Presently, all Postfix daemons can run
-# chrooted, except for the pipe and local daemons. The files in the
-# examples/chroot-setup subdirectory describe how to set up a Postfix
-# chroot environment for your type of machine.
+# chrooted, except for the pipe, virtual and local delivery daemons.
+# The files in the examples/chroot-setup subdirectory describe how
+# to set up a Postfix chroot environment for your type of machine.
#
# Wakeup time: automatically wake up the named service after the
# specified number of seconds. A ? at the end of the wakeup time
POSTCONF="postconf"
fi
+$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
+ echo $0: Error: no $POSTCONF command found. 1>&2
+ echo Re-run this command as $0 command_directory=/some/where. 1>&2
+ exit 1
+}
+
test -n "$config_directory" ||
config_directory=`$POSTCONF -d -h config_directory` || exit 1
case $manpage_directory in
no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
- echo Try again with \"$0 manpage_directory=/pathname $*\". 1>&2; exit 1;;
+ echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
esac
case $setgid_group in
no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
- echo Try again with \"$0 setgid_group=groupname $*\" 1>&2; exit 1;;
+ echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
esac
for path in "$daemon_directory" "$command_directory" "$queue_directory" \
# Pick up the flags.
case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
case $flags in *c*) create_flag=1;; *) create_flag=;; esac
+ case $flags in *r*) recursive="-R";; *) recursive=;; esac
# Create missing directories with proper owner/group/mode settings.
if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
then
set_permission=1
fi
test -n "$set_permission" && {
- chown $owner $path || exit 1
- test -z "$group" || chgrp $group $path || exit 1
+ chown $recursive $owner $path || exit 1
+ test -z "$group" || chgrp $recursive $group $path || exit 1
chmod $mode $path || exit 1
}
done
# p=preserve existing file, do not replace (postfix-install).
# u=update owner/group/mode (post-install upgrade-permissions).
# c=create missing directory (post-install create-missing).
+# r=apply owner/group recursively (post-install set/upgrade-permissions).
#
# Note: the "u" flag is for upgrading the permissions of existing files
-# or directories after changes in Postfix architecture.
+# or directories after changes in Postfix architecture. For robustness
+# it is a good idea to "u" all the files that have special ownership or
+# permissions, so that running "make install" fixes any glitches.
#
$config_directory:d:root:-:755:u
$daemon_directory:d:root:-:755:u
$queue_directory:d:root:-:755:uc
$sample_directory:d:root:-:755
$readme_directory:d:root:-:755
-$queue_directory/active:d:$mail_owner:-:700:uc
-$queue_directory/bounce:d:$mail_owner:-:700:uc
-$queue_directory/corrupt:d:$mail_owner:-:700:uc
-$queue_directory/defer:d:$mail_owner:-:700:uc
-$queue_directory/deferred:d:$mail_owner:-:700:uc
-$queue_directory/flush:d:$mail_owner:-:700:uc
-$queue_directory/incoming:d:$mail_owner:-:700:uc
+$queue_directory/active:d:$mail_owner:-:700:ucr
+$queue_directory/bounce:d:$mail_owner:-:700:ucr
+$queue_directory/corrupt:d:$mail_owner:-:700:ucr
+$queue_directory/defer:d:$mail_owner:-:700:ucr
+$queue_directory/deferred:d:$mail_owner:-:700:ucr
+$queue_directory/flush:d:$mail_owner:-:700:ucr
+$queue_directory/incoming:d:$mail_owner:-:700:ucr
$queue_directory/private:d:$mail_owner:-:700:uc
-$queue_directory/saved:d:$mail_owner:-:700:uc
+$queue_directory/saved:d:$mail_owner:-:700:ucr
$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
$queue_directory/pid:d:root:-:755:uc
$command_directory/postlog:f:root:-:755
$command_directory/postmap:f:root:-:755
$command_directory/postsuper:f:root:-:755
-$command_directory/postdrop:f:root:$setgid_group:2755
-$command_directory/postqueue:f:root:$setgid_group:2755
+$command_directory/postdrop:f:root:$setgid_group:2755:u
+$command_directory/postqueue:f:root:$setgid_group:2755:u
$sendmail_path:f:root:-:755
$newaliases_path:l:root:-:755
$mailq_path:l:root:-:755
$readme_directory/DEBUG_README:f:root:-:644
$readme_directory/ETRN_README:f:root:-:644
$readme_directory/FILTER_README:f:root:-:644
+$readme_directory/INSTALL:f:root:-:644
$readme_directory/LDAP_README:f:root:-:644
$readme_directory/LINUX_README:f:root:-:644
$readme_directory/LMTP_README:f:root:-:644
! \( -type p -o -type s \) ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
+ find $queue_directory/public $queue_directory/maildrop \
+ $command_directory/postqueue $command_directory/postdrop \
+ -prune ! -group $setgid_group \
+ -exec $WARN not owned by group $setgid_group: {} \;
+
+ find $command_directory/postqueue $command_directory/postdrop \
+ -prune ! -perm -02111 \
+ -exec $WARN not set-gid: {} \;
+
for name in `ls -d $queue_directory/* | \
egrep '/(bin|etc|lib|usr)$'` ; \
do \
-exec $WARN not owned by root: {} \; ; \
done
- for dir in $queue_directory/maildrop
- do
- ls -lLd $dir | (grep " $mail_owner " >/dev/null ||
- $WARN not owned by $mail_owner: $dir)
- done
+ # WARNING: this should not descend into the maildrop directory.
+ # maildrop is the least trusted Postfix directory.
+
+ find $queue_directory/maildrop/. -prune ! -user $mail_owner \
+ -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;
for dir in bin etc lib sbin usr
do
find corrupt -type f -exec $WARN damaged message: {} \;
# XXX also: look for weird stuff, weird permissions, etc.
+
+ test -f /usr/sbin/sendmail -a -f /usr/lib/sendmail && {
+ cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
+ $WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
+ $WARN Replace one by a symbolic link to the other
+ }
+ }
+ exit 0
;;
*)
#
# In order to enable server-side authentication, build Postfix with
# SASL support, and install a configuration file /usr/lib/sasl/smtpd.conf
-# with as contents, for example,
+# (SASL version 1) or /usr/lib/sasl2/smtpd.conf (SASL version 2) with
+# as contents, for example,
#
# pwcheck_method: sasldb
#
# nodictionary: disallow methods subject to passive (dictionary) attack
# noanonymous: disallow methods that allow anonymous authentication
#
+# An additional option is available in SASL version 2:
+#
+# mutual_auth: only allow methods that provide mutual authentication
+#
# By default, the Postfix SMTP server accepts plaintext passwords but
# not anonymous logins.
#
# nodictionary: disallow methods subject to passive (dictionary) attack
# noanonymous: disallow methods that allow anonymous authentication
#
+# An additional option is available in SASL version 2:
+#
+# mutual_auth: only allow methods that provide mutual authentication
+#
# By default, the Postfix SMTP client will not use plaintext passwords.
#
#smtp_sasl_security_options =
# REJECT text.... The text is sent to the originator.
# IGNORE the header line is silently discarded.
# WARN the header is logged (not rejected) with a warning message.
+# WARN text... as above, and the text is logged, too.
#
# These patterns do not apply to MIME headers in the message body.
#
# REJECT text.... The text is sent to the originator.
# IGNORE the body line is silently discarded.
# WARN the body line is logged (not rejected) with a warning message.
+# WARN text... as above, and the text is logged, too.
#
body_checks = regexp:/etc/postfix/body_checks
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
-# system type.
+# system type. Specify a name ending in / for maildir-style delivery.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# REJECT text.... The text is sent to the originator.
# IGNORE The line is silently discarded.
# WARN The line is logged (not rejected) with a warning.
+# WARN text.... As above, and the text is logged, too.
#
# Substitution of sub-strings from the matched expression is
# possible using the conventional perl syntax. The macros in the
# REJECT text.... The text is sent to the originator.
# IGNORE The header line is silently discarded.
# WARN The header is logged (not rejected) with a warning.
+# WARN text.... As above, and the text is logged, too.
#
# Substitution of sub-strings from the matched expression is
# possible using the conventional perl syntax. The macros in the
# REJECT text.... The text is sent to the originator.
# IGNORE The header line is silently discarded.
# WARN The header is logged (not rejected) with a warning.
+# WARN text.... As above, and the text is logged, too.
# REJECT text.... The text is sent to the originator.
# IGNORE the header line is silently discarded.
# WARN the header is logged (not rejected) with a warning.
+# WARN text... As above, and the text is logged, too.
/^Subject: Make Money Fast/ REJECT
/^To: friend@public.com/ REJECT
#
#smtp_bind_address=111.222.333.444
-# The smtp_break_lines parameter controls whether the SMTP client
-# will break lines longer than $line_length_limit characters.
+# The smtp_line_length_limit parameter controls the length of
+# message header and body lines that Postfix will send via SMTP.
+# Lines that are longer are broken by inserting <CR> <LF> <SPACE>.
#
-# By default, line breaking is turned on, because some fragile SMTP
-# server implementations cannot receive mail with long lines.
+# By default, the line length is limited to 990 characters, because
+# some server implementations cannot receive mail with long lines.
#
-#smtp_break_lines = yes
+#smtp_line_length_limit = 990
+
+# The smtp_helo_name parameter specifies the hostname to send along
+# in the EHLO or HELO command.
+#
+# The default value is the machine hostname. Specify a hostname or
+# [ip.address]. This can be used in the main.cf file, or in the
+# master.cf file, for example:
+#
+# smtp ... smtp -o smtp_helo_name=foo.bar.com
+#
+#smtp_helo_name = $myhostname
# The smtp_skip_4xx_greeting parameter controls what happens when
# an SMTP server greets us with a 4XX status code (go away, try
# The access_map_reject_code parameter specifies the SMTP server
# response code when a client violates an access map restriction.
#
-# Do not change this unless you have a complete understanding of RFC 822.
+# Do not change this unless you have a complete understanding of RFC 821.
#
access_map_reject_code = 550
# response when a client violates the reject_invalid_hostname anti-UCE
# restriction.
#
-# Do not change this unless you have a complete understanding of RFC 822.
+# Do not change this unless you have a complete understanding of RFC 821.
#
invalid_hostname_reject_code = 501
# The maps_rbl_reject_code parameter specifies the SMTP server response
# when a client violates the maps_rbl_domains restriction.
#
-# Do not change this unless you have a complete understanding of RFC 822.
+# Do not change this unless you have a complete understanding of RFC 821.
#
maps_rbl_reject_code = 550
# The reject_code parameter specifies the SMTP server response code
# when an SMTP client matches a reject restriction.
#
-# Do not change this unless you have a complete understanding of RFC 822.
+# Do not change this unless you have a complete understanding of RFC 821.
#
reject_code = 550
# The relay_domains_reject_code parameter specifies the SMTP server
# response when a client attempts to violate the mail relay policy.
#
-# Do not change this unless you have a complete understanding of RFC 822.
+# Do not change this unless you have a complete understanding of RFC 821.
#
relay_domains_reject_code = 550
# response when a client violates the reject_unknown_sender_domain
# or reject_unknown_recipient_domain restrictions.
#
-# Do not change this unless you have a complete understanding of RFC 822.
+# Do not change this unless you have a complete understanding of RFC 821.
#
unknown_address_reject_code = 450
# response when a client without address to name mapping violates
# the reject_unknown_clients restriction.
#
-# Do not change this unless you have a complete understanding of RFC 822.
+# Do not change this unless you have a complete understanding of RFC 821.
#
unknown_client_reject_code = 450
# response when a client violates the reject_unknown_hostname
# restriction.
#
-# Do not change this unless you have a complete understanding of RFC 822.
+# Do not change this unless you have a complete understanding of RFC 821.
#
unknown_hostname_reject_code = 450
# details and for default values. Use the postfix reload
# command after a configuration change.
#
-# parent_domain_matches_subdomains (versions >= 20011119)
+# parent_domain_matches_subdomains
# List of Postfix features that use domain.name pat-
# terns to match sub.domain.name (as opposed to
# requiring .domain.name patterns).
# remove /etc/localtime in case it's a broken symlink
# restrict find to maxdepth 1 (faster)
-# $Log: LINUX2,v $
# Revision 1.4 2001/01/15 09:36:35 emma
# add note it was successfully tested on Debian sid
#
<html> <head> </head> <body> <pre>
-
ACCESS(5) ACCESS(5)
<b>NAME</b>
<i>user</i>@ Matches all mail addresses with the specified user
part.
- Note: lookup of the null sender address may not be possi-
- ble with all supported types of lookup table. A workaround
- is to specify <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> <b>=</b> <> in the
- Postfix <b>main.cf</b> file, and to specify <> as the left-hand
- field in the access table.
+ Note: lookup of the null sender address is not possible
+ with some types of lookup table. By default, Postfix uses
+ <> as the lookup key for such addresses. The value is
+ specified with the workaround is to specify
+ <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> parameter in the Postfix
+ <b>main.cf</b> file.
<b>ADDRESS</b> <b>EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
- becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
and <i>user</i>@.
<b>HOST</b> <b>NAME/ADDRESS</b> <b>PATTERNS</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, the following
+ networked tables such as NIS, LDAP or SQL, the following
lookup patterns are examined in the order as listed:
<i>domain.name</i>
Matches <i>domain.name</i>.
- The pattern <i>domain.name</i> also matches subdomains,
+ The pattern <i>domain.name</i> also matches subdomains,
but only when the string <b>smtpd</b><i>_</i><b>access</b><i>_</i><b>maps</b> is
- listed in the Postfix <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdo-</b>
- <b>mains</b> configuration setting. Otherwise, specify
- <i>.domain.name</i> (note the initial dot) in order to
+ listed in the Postfix <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdo-</b>
+ <b>mains</b> configuration setting. Otherwise, specify
+ <i>.domain.name</i> (note the initial dot) in order to
match subdomains.
<i>net.work.addr.ess</i>
<i>net.work</i>
- <i>net</i> Matches any host address in the specified network.
- A network address is a sequence of one or more
+ <i>net</i> Matches any host address in the specified network.
+ A network address is a sequence of one or more
octets separated by ".".
<b>ACTIONS</b>
[<b>45</b>]<i>NN</i> <i>text</i>
- Reject the address etc. that matches the pattern,
+ Reject the address etc. that matches the pattern,
and respond with the numerical code and text.
<b>REJECT</b> Reject the address etc. that matches the pattern. A
<b>OK</b> Accept the address etc. that matches the pattern.
+ <i>all-numerical</i>
+ An all-numerical result is treated as OK. This for-
+ mat is generated by address-based relay authoriza-
+ tion schemes.
+
<i>restriction...</i>
Apply the named UCE restriction(s) (<b>permit</b>, reject,
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>destination</b>, and so on).
<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
- cation, that string is an entire client hostname, an
+ cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Actions are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Actions are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>SEE</b> <b>ALSO</b>
<a href="postmap.1.html">postmap(1)</a> create mapping table
<a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ ACCESS(5)
</pre> </body> </html>
<li>The <a href="flush.8.html">flush</a> daemon improves the
performance of the SMTP <b>ETRN</b> request, and of its command-line
equivalent, <b>sendmail -qR</b><i>destination</i>, for selected
-destinations. For other destinations, Postfix silently falls
-back to the equivalent of <b>sendmail -q</b>.
+destinations.
<p>
updated in this amount of time (default time unit:
days).
- <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions >= 20011119)
+ <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).
The default per-user mailbox is a file in the UNIX mail
spool directory (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>);
the location can be specified with the <b>mail</b><i>_</i><b>spool</b><i>_</i><b>direc-</b>
- <b>tory</b> configuration parameter.
+ <b>tory</b> configuration parameter. Specify a name ending in <b>/</b>
+ for <b>qmail</b>-compatible <b>maildir</b> delivery.
- Alternatively, the per-user mailbox can be a file in the
- user's home directory with a name specified via the
- <b>home</b><i>_</i><b>mailbox</b> configuration parameter. Specify a relative
+ Alternatively, the per-user mailbox can be a file in the
+ user's home directory with a name specified via the
+ <b>home</b><i>_</i><b>mailbox</b> configuration parameter. Specify a relative
path name. Specify a name ending in <b>/</b> for <b>qmail</b>-compatible
<b>maildir</b> delivery.
- Mailbox delivery can be delegated to an external command
- specified with the <b>mailbox</b><i>_</i><b>command</b> configuration parame-
- ter. The command executes with the privileges of the
- recipient user (exception: in case of delivery as root,
- the command executes with the privileges of
+ Mailbox delivery can be delegated to an external command
+ specified with the <b>mailbox</b><i>_</i><b>command</b> configuration parame-
+ ter. The command executes with the privileges of the
+ recipient user (exception: in case of delivery as root,
+ the command executes with the privileges of
<b>default</b><i>_</i><b>privs</b>).
- Mailbox delivery can be delegated to alternative message
- transports specified in the <b>master.cf</b> file. The <b>mail-</b>
- <b>box</b><i>_</i><b>transport</b> configuration parameter specifies a message
- transport that is to be used for all local recipients,
- regardless of whether they are found in the UNIX passwd
- database. The <b>fallback</b><i>_</i><b>transport</b> parameter specifies a
+ Mailbox delivery can be delegated to alternative message
+ transports specified in the <b>master.cf</b> file. The <b>mail-</b>
+ <b>box</b><i>_</i><b>transport</b> configuration parameter specifies a message
+ transport that is to be used for all local recipients,
+ regardless of whether they are found in the UNIX passwd
+ database. The <b>fallback</b><i>_</i><b>transport</b> parameter specifies a
message transport for recipients that are not found in the
UNIX passwd database.
In the case of UNIX-style mailbox delivery, the <b>local</b> dae-
mon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" envelope header to
- each message, prepends an optional <b>Delivered-To:</b> header
- with the envelope recipient address, prepends a <b>Return-</b>
- <b>Path:</b> header with the envelope sender address, prepends a
- > character to lines beginning with "<b>From</b> ", and appends
+ each message, prepends an optional <b>Delivered-To:</b> header
+ with the envelope recipient address, prepends a <b>Return-</b>
+ <b>Path:</b> header with the envelope sender address, prepends a
+ > character to lines beginning with "<b>From</b> ", and appends
an empty line. The mailbox is locked for exclusive access
- while delivery is in progress. In case of problems, an
- attempt is made to truncate the mailbox to its original
+ while delivery is in progress. In case of problems, an
+ attempt is made to truncate the mailbox to its original
length.
In the case of <b>maildir</b> delivery, the local daemon prepends
an optional <b>Delivered-To:</b> header with the envelope recipi-
- ent address and prepends a <b>Return-Path:</b> header with the
+ ent address and prepends a <b>Return-Path:</b> header with the
envelope sender address.
<b>EXTERNAL</b> <b>COMMAND</b> <b>DELIVERY</b>
- The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b> configuration parameter
- restricts delivery to external commands. The default set-
- ting (<b>alias,</b> <b>forward</b>) forbids command destinations in
+ The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b> configuration parameter
+ restricts delivery to external commands. The default set-
+ ting (<b>alias,</b> <b>forward</b>) forbids command destinations in
<b>:include:</b> files.
- The command is executed directly where possible. Assis-
- tance by the shell (<b>/bin/sh</b> on UNIX systems) is used only
- when the command contains shell magic characters, or when
+ The command is executed directly where possible. Assis-
+ tance by the shell (<b>/bin/sh</b> on UNIX systems) is used only
+ when the command contains shell magic characters, or when
the command invokes a shell built-in command.
- A limited amount of command output (standard output and
- standard error) is captured for inclusion with non-deliv-
- ery status reports. A command is forcibly terminated if
- it does not complete within <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b> seconds.
- Command exit status codes are expected to follow the con-
+ A limited amount of command output (standard output and
+ standard error) is captured for inclusion with non-deliv-
+ ery status reports. A command is forcibly terminated if
+ it does not complete within <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b> seconds.
+ Command exit status codes are expected to follow the con-
ventions defined in <<b>sysexits.h</b>>.
- A limited amount of message context is exported via envi-
- ronment variables. Characters that may have special mean-
+ A limited amount of message context is exported via envi-
+ ronment variables. Characters that may have special mean-
ing to the shell are replaced by underscores. The list of
acceptable characters is specified with the <b>command</b><i>_</i><b>expan-</b>
<b>sion</b><i>_</i><b>filter</b> configuration parameter.
The current working directory is the mail queue directory.
The <b>local</b> daemon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" enve-
- lope header to each message, prepends an optional <b>Deliv-</b>
+ lope header to each message, prepends an optional <b>Deliv-</b>
<b>ered-To:</b> header with the recipient envelope address,
- prepends a <b>Return-Path:</b> header with the sender envelope
+ prepends a <b>Return-Path:</b> header with the sender envelope
address, and appends no empty line.
<b>EXTERNAL</b> <b>FILE</b> <b>DELIVERY</b>
- The delivery format depends on the destination filename
- syntax. The default is to use UNIX-style mailbox format.
- Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b>
+ The delivery format depends on the destination filename
+ syntax. The default is to use UNIX-style mailbox format.
+ Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b>
delivery.
- The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b> configuration parameter restricts
- delivery to external files. The default setting (<b>alias,</b>
+ The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b> configuration parameter restricts
+ delivery to external files. The default setting (<b>alias,</b>
<b>forward</b>) forbids file destinations in <b>:include:</b> files.
In the case of UNIX-style mailbox delivery, the <b>local</b> dae-
mon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" envelope header to
- each message, prepends an optional <b>Delivered-To:</b> header
- with the recipient envelope address, prepends a > charac-
- ter to lines beginning with "<b>From</b> ", and appends an empty
- line. The envelope sender address is available in the
- <b>Return-Path:</b> header. When the destination is a regular
- file, it is locked for exclusive access while delivery is
- in progress. In case of problems, an attempt is made to
+ each message, prepends an optional <b>Delivered-To:</b> header
+ with the recipient envelope address, prepends a > charac-
+ ter to lines beginning with "<b>From</b> ", and appends an empty
+ line. The envelope sender address is available in the
+ <b>Return-Path:</b> header. When the destination is a regular
+ file, it is locked for exclusive access while delivery is
+ in progress. In case of problems, an attempt is made to
truncate a regular file to its original length.
In the case of <b>maildir</b> delivery, the local daemon prepends
an optional <b>Delivered-To:</b> header with the envelope recipi-
- ent address. The envelope sender address is available in
+ ent address. The envelope sender address is available in
the <b>Return-Path:</b> header.
<b>ADDRESS</b> <b>EXTENSION</b>
- The optional <b>recipient</b><i>_</i><b>delimiter</b> configuration parameter
- specifies how to separate address extensions from local
+ The optional <b>recipient</b><i>_</i><b>delimiter</b> configuration parameter
+ specifies how to separate address extensions from local
recipient names.
- For example, with "<b>recipient</b><i>_</i><b>delimiter</b> <b>=</b> <b>+</b>", mail for
- <i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the
- alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b>
+ For example, with "<b>recipient</b><i>_</i><b>delimiter</b> <b>=</b> <b>+</b>", mail for
+ <i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the
+ alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b>
<b>ward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox owned by the
user <i>name</i>, or it is sent back as undeliverable.
<b>ered-To:</b> <i>name</i>+<i>foo</i>' header line.
<b>DELIVERY</b> <b>RIGHTS</b>
- Deliveries to external files and external commands are
+ Deliveries to external files and external commands are
made with the rights of the receiving user on whose behalf
- the delivery is made. In the absence of a user context,
- the <b>local</b> daemon uses the owner rights of the <b>:include:</b>
+ the delivery is made. In the absence of a user context,
+ the <b>local</b> daemon uses the owner rights of the <b>:include:</b>
file or alias database. When those files are owned by the
superuser, delivery is made with the rights specified with
the <b>default</b><i>_</i><b>privs</b> configuration parameter.
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
+ Problems and transactions are logged to <b>syslogd</b>(8). Cor-
+ rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue afterwards.
- Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
- the postmaster is notified of bounces and of other trou-
+ Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+ the postmaster is notified of bounces and of other trou-
ble.
<b>BUGS</b>
- For security reasons, the message delivery status of
- external commands or of external files is never check-
+ For security reasons, the message delivery status of
+ external commands or of external files is never check-
pointed to file. As a result, the program may occasionally
deliver more than once to a command or external file. Bet-
ter safe than sorry.
- Mutually-recursive aliases or ~/.<b>forward</b> files are not
- detected early. The resulting mail forwarding loop is
+ Mutually-recursive aliases or ~/.<b>forward</b> files are not
+ detected early. The resulting mail forwarding loop is
broken by the use of the <b>Delivered-To:</b> message header.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Miscellaneous</b>
<b>alias</b><i>_</i><b>maps</b>
List of alias databases.
- <b>biff</b> Enable or disable notification of new mail via the
+ <b>biff</b> Enable or disable notification of new mail via the
<b>comsat</b> network service.
<b>expand</b><i>_</i><b>owner</b><i>_</i><b>alias</b>
When delivering to an alias that has an owner- com-
- panion alias, set the envelope sender address to
- the right-hand side of the owner alias, instead
+ panion alias, set the envelope sender address to
+ the right-hand side of the owner alias, instead
using of the left-hand side address.
<b>export</b><i>_</i><b>environment</b>
ject to <i>$name</i> expansion.
<b>local</b><i>_</i><b>command</b><i>_</i><b>shell</b>
- Shell to use for external command execution (for
- example, /some/where/smrsh -c). When a shell is
+ Shell to use for external command execution (for
+ example, /some/where/smrsh -c). When a shell is
specified, it is invoked even when the command con-
- tains no shell built-in commands or meta charac-
+ tains no shell built-in commands or meta charac-
ters.
<b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
addresses.
<b>prepend</b><i>_</i><b>delivered</b><i>_</i><b>header</b>
- Prepend an optional <b>Delivered-To:</b> header upon
- external forwarding, delivery to command or file.
- Specify zero or more of: <b>command,</b> <b>file,</b> <b>forward</b>.
- Turning off <b>Delivered-To:</b> when forwarding mail is
+ Prepend an optional <b>Delivered-To:</b> header upon
+ external forwarding, delivery to command or file.
+ Specify zero or more of: <b>command,</b> <b>file,</b> <b>forward</b>.
+ Turning off <b>Delivered-To:</b> when forwarding mail is
not recommended.
<b>recipient</b><i>_</i><b>delimiter</b>
<b>require</b><i>_</i><b>home</b><i>_</i><b>directory</b>
Require that a recipient's home directory is acces-
- sible by the recipient before attempting delivery.
+ sible by the recipient before attempting delivery.
Defer delivery otherwise.
<b>Mailbox</b> <b>delivery</b>
<b>fallback</b><i>_</i><b>transport</b>
Message transport for recipients that are not found
- in the UNIX passwd database. This parameter over-
+ in the UNIX passwd database. This parameter over-
rides <b>luser</b><i>_</i><b>relay</b>.
<b>home</b><i>_</i><b>mailbox</b>
- Pathname of a mailbox relative to a user's home
+ Pathname of a mailbox relative to a user's home
directory. Specify a path ending in <b>/</b> for maildir-
style delivery.
<b>luser</b><i>_</i><b>relay</b>
- Destination (<i>@domain</i> or <i>address</i>) for non-existent
- users. The <i>address</i> is subjected to <i>$name</i> expan-
+ Destination (<i>@domain</i> or <i>address</i>) for non-existent
+ users. The <i>address</i> is subjected to <i>$name</i> expan-
sion.
<b>mail</b><i>_</i><b>spool</b><i>_</i><b>directory</b>
- Directory with UNIX-style mailboxes. The default
- pathname is system dependent.
+ Directory with UNIX-style mailboxes. The default
+ pathname is system dependent. Specify a path end-
+ ing in <b>/</b> for maildir-style delivery.
<b>mailbox</b><i>_</i><b>command</b>
External command to use for mailbox delivery. The
<html> <head> </head> <body> <pre>
-
MASTER(8) MASTER(8)
<b>NAME</b>
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ MASTER(8)
</pre> </body> </html>
<html> <head> </head> <body> <pre>
-
NQMGR(8) NQMGR(8)
<b>NAME</b>
<i>transport</i> can have.
<b>Timing</b> <b>controls</b>
- <b>min</b><i>_</i><b>backoff</b>
+ <b>minimal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
Minimal time in seconds between delivery attempts
of a deferred message.
destination is kept in the short-term, in-memory
destination status cache.
- <b>max</b><i>_</i><b>backoff</b>
+ <b>maximal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
Maximal time in seconds between delivery attempts
of a deferred message.
Modra 6
155 00, Prague, Czech Republic
- 1
-
+ NQMGR(8)
</pre> </body> </html>
<html> <head> </head> <body> <pre>
-
POSTFIX(1) POSTFIX(1)
<b>NAME</b>
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ POSTFIX(1)
</pre> </body> </html>
<b>makemap</b> <i>file_type</i> <i>file_name</i> < <i>file_name</i>
+ If the result files do not exist they will be created with
+ the same group and other read permissions as the source
+ file.
+
While the table update is in progress, signal delivery is
postponed, and an exclusive, advisory, lock is placed on
the entire table, in order to avoid surprises in spectator
<i>key</i> whitespace <i>value</i>
- <b>o</b> A line that starts with whitespace (space or tab)
- is a continuation of the previous line. An empty
- line terminates the previous line, as does a line
- that starts with non-whitespace (text or comment).
- A comment line that starts with whitespace does not
- terminate multi-line text.
-
- <b>o</b> The <b>#</b> is recognized as the start of a comment, but
- only when it is the first non-whitespace character
- on a line. A comment terminates at the end of the
- line, even when the next line starts with whites-
- pace.
-
- The <i>key</i> and <i>value</i> are processed as is, except that sur-
- rounding white space is stripped off. Unlike with Postfix
- alias databases, quotes cannot be used to protect lookup
- keys that contain special characters such as `#' or
+ <b>o</b> Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
+ is a `#'.
+
+ <b>o</b> A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
+ cal line.
+
+ The <i>key</i> and <i>value</i> are processed as is, except that sur-
+ rounding white space is stripped off. Unlike with Postfix
+ alias databases, quotes cannot be used to protect lookup
+ keys that contain special characters such as `#' or
whitespace. The <i>key</i> is mapped to lowercase to make mapping
lookups case insensitive.
Options:
- <b>-N</b> Include the terminating null character that termi-
- nates lookup keys and values. By default, Postfix
+ <b>-N</b> Include the terminating null character that termi-
+ nates lookup keys and values. By default, Postfix
does whatever is the default for the host operating
system.
<b>-c</b> <i>config_dir</i>
- Read the <b>main.cf</b> configuration file in the named
+ Read the <b>main.cf</b> configuration file in the named
directory instead of the default configuration
directory.
- <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
- entry per map. The exit status is zero when the
+ <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
+ entry per map. The exit status is zero when the
requested information was found.
If a key value of <b>-</b> is specified, the program reads
key values from the standard input stream. The exit
- status is zero when at least one of the requested
+ status is zero when at least one of the requested
keys was found.
<b>-f</b> Do not fold the lookup key to lower case while cre-
ating or querying a map.
- <b>-i</b> Incremental mode. Read entries from standard input
+ <b>-i</b> Incremental mode. Read entries from standard input
and do not truncate an existing database. By
- default, <b>postmap</b> creates a new database from the
+ default, <b>postmap</b> creates a new database from the
entries in <b>file</b><i>_</i><b>name</b>.
- <b>-n</b> Don't include the terminating null character that
- terminates lookup keys and values. By default,
- Postfix does whatever is the default for the host
+ <b>-n</b> Don't include the terminating null character that
+ terminates lookup keys and values. By default,
+ Postfix does whatever is the default for the host
operating system.
- <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and print the
- first value found on the standard output stream.
+ <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and print the
+ first value found on the standard output stream.
The exit status is zero when the requested informa-
tion was found.
If a key value of <b>-</b> is specified, the program reads
- key values from the standard input stream and
- prints one line of <i>key</i> <i>value</i> output for each key
- that was found. The exit status is zero when at
+ key values from the standard input stream and
+ prints one line of <i>key</i> <i>value</i> output for each key
+ that was found. The exit status is zero when at
least one of the requested keys was found.
- <b>-r</b> When updating a table, do not warn about duplicate
+ <b>-r</b> When updating a table, do not warn about duplicate
entries; silently replace them.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
- <b>-w</b> When updating a table, do not warn about duplicate
+ <b>-w</b> When updating a table, do not warn about duplicate
entries; silently ignore them.
Arguments:
<i>file_type</i>
The type of database to be produced.
- <b>btree</b> The output file is a btree file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <b>btree</b> The output file is a btree file, named
+ <i>file_name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
- <b>dbm</b> The output consists of two files, named
- <i>file_name</i><b>.pag</b> and <i>file_name</i><b>.dir</b>. This is
- available only on systems with support for
+ <b>dbm</b> The output consists of two files, named
+ <i>file_name</i><b>.pag</b> and <i>file_name</i><b>.dir</b>. This is
+ available only on systems with support for
<b>dbm</b> databases.
- <b>hash</b> The output file is a hashed file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <b>hash</b> The output file is a hashed file, named
+ <i>file_name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
- When no <i>file_type</i> is specified, the software uses
- the database type specified via the <b>database</b><i>_</i><b>type</b>
+ When no <i>file_type</i> is specified, the software uses
+ the database type specified via the <b>database</b><i>_</i><b>type</b>
configuration parameter.
<i>file_name</i>
- The name of the lookup table source file when
+ The name of the lookup table source file when
rebuilding a database.
<b>DIAGNOSTICS</b>
stream. No output means no problems. Duplicate entries are
skipped and are flagged with a warning.
- <b>postmap</b> terminates with zero exit status in case of suc-
- cess (including successful <b>postmap</b> <b>-q</b> lookup) and termi-
+ <b>postmap</b> terminates with zero exit status in case of suc-
+ cess (including successful <b>postmap</b> <b>-q</b> lookup) and termi-
nates with non-zero exit status in case of failure.
<b>ENVIRONMENT</b>
<b>CONFIGURATION</b> <b>PARAMETERS</b>
<b>database</b><i>_</i><b>type</b>
- Default output database type. On many UNIX sys-
- tems, the default database type is either <b>hash</b> or
+ Default output database type. On many UNIX sys-
+ tems, the default database type is either <b>hash</b> or
<b>dbm</b>.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<html> <head> </head> <body> <pre>
-
POSTQUEUE(1) POSTQUEUE(1)
<b>NAME</b>
The following options are recognized:
- <b>-c</b> The <b>main.cf</b> configuration file is in the named
+ <b>-c</b> <i>config_dir</i>
+ The <b>main.cf</b> configuration file is in the named
directory instead of the default configuration
directory. See also the MAIL_CONFIG environment
setting below.
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ POSTQUEUE(1)
</pre> </body> </html>
Options:
- <b>-d</b> <i>queue_id</i> (Postfix versions >= 20010525)
+ <b>-d</b> <i>queue_id</i>
Delete one message with the named queue ID from the
named mail queue(s) (default: <b>incoming</b>, <b>active</b> and
<b>deferred</b>). If a <i>queue_id</i> of <b>-</b> is specified, the
<b>-p</b> Purge old temporary files that are left over after
system or software crashes.
- <b>-r</b> <i>queue_id</i> (Postfix versions >= 20010525)
+ <b>-r</b> <i>queue_id</i>
Requeue the message with the named queue ID from
the named mail queue(s) (default: <b>incoming</b>, <b>active</b>
and <b>deferred</b>). To requeue multiple messages, spec-
recommended to perform this operation once before
Postfix startup.
- <b>o</b> (Postfix versions >= 20010525) Rename files
- whose name does not match the message file
- inode number. This operation is necessary
- after restoring a mail queue from a differ-
- ent machine, or from backup media.
+ <b>o</b> Rename files whose name does not match the
+ message file inode number. This operation is
+ necessary after restoring a mail queue from
+ a different machine, or from backup media.
<b>o</b> Move queue files that are in the wrong place
in the file system hierarchy and remove sub-
directories that are no longer needed. File
- position rearrangements are necessary after
+ position rearrangements are necessary after
a change in the <b>hash</b><i>_</i><b>queue</b><i>_</i><b>names</b> and/or
<b>hash</b><i>_</i><b>queue</b><i>_</i><b>depth</b> configuration parameters.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>DIAGNOSTICS</b>
- Problems are reported to the standard error stream and to
+ Problems are reported to the standard error stream and to
<b>syslogd</b>.
- <b>postsuper</b> reports the number of messages deleted with <b>-d</b>,
+ <b>postsuper</b> reports the number of messages deleted with <b>-d</b>,
the number of messages requeued with <b>-r</b>, and the number of
- messages whose queue file name was fixed with <b>-s</b>. The
+ messages whose queue file name was fixed with <b>-s</b>. The
report is written to the standard error stream and to <b>sys-</b>
<b>logd</b>.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- See the Postfix <b>main.cf</b> file for syntax details and for
+ See the Postfix <b>main.cf</b> file for syntax details and for
default values.
<b>hash</b><i>_</i><b>queue</b><i>_</i><b>depth</b>
Number of subdirectory levels for hashed queues.
<b>hash</b><i>_</i><b>queue</b><i>_</i><b>names</b>
- The names of queues that are organized into multi-
+ The names of queues that are organized into multi-
ple levels of subdirectories.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<html> <head> </head> <body> <pre>
-
QMGR(8) QMGR(8)
<b>NAME</b>
term, in-memory destination cache.
<b>Timing</b> <b>controls</b>
- <b>min</b><i>_</i><b>backoff</b>
+ <b>minimal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
Minimal time in seconds between delivery attempts
of a deferred message.
destination is kept in the short-term, in-memory
destination status cache.
- <b>max</b><i>_</i><b>backoff</b>
+ <b>maximal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
Maximal time in seconds between delivery attempts
of a deferred message.
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ QMGR(8)
</pre> </body> </html>
<html> <head> </head> <body> <pre>
-
QMQPD(8) QMQPD(8)
<b>NAME</b>
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ QMQPD(8)
</pre> </body> </html>
Initially, the <b>maildrop</b> queue directory was world-writable,
so that local processes could submit mail without assistance from
a set-uid or set-gid command or from a mail daemon process. The
-maildrop directory was never used for mail coming in via the network,
-and its queue files were never not readable for other users.
+maildrop directory was not used for mail coming in via the network,
+and its queue files were not readable for unprivileged users.
<p>
<html> <head> </head> <body> <pre>
-
SENDMAIL(1) SENDMAIL(1)
<b>NAME</b>
<b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
- dard output. This mode of operation is implemented
- by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
+ dard output. In stand-alone SMTP server mode, UCE
+ restrictions and access controls are disabled by
+ default. To enable them, run the process as the
+ <b>mail</b><i>_</i><b>owner</b> user.
+
+ This mode of operation is implemented by running
+ the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
<b>-f</b> <i>sender</i>
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
- the message contains an <b>Errors-To:</b> message header.
+ the message contains an <b>Errors-To:</b> message header.
<b>-h</b> <i>hop_count</i> (ignored)
- Hop count limit. Use the <b>hopcount</b><i>_</i><b>limit</b> configura-
+ Hop count limit. Use the <b>hopcount</b><i>_</i><b>limit</b> configura-
tion parameter instead.
- <b>-i</b> When reading a message from standard input, don't
- treat a line with only a <b>.</b> character as the end of
+ <b>-i</b> When reading a message from standard input, don't
+ treat a line with only a <b>.</b> character as the end of
input.
<b>-m</b> (ignored)
Backwards compatibility.
<b>-oA</b><i>alias_database</i>
- Non-default alias database. Specify <i>pathname</i> or
+ Non-default alias database. Specify <i>pathname</i> or
<i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
- The message body type. Currently, Postfix imple-
+ The message body type. Currently, Postfix imple-
ments <b>just-send-eight</b>.
- <b>-oi</b> When reading a message from standard input, don't
- treat a line with only a <b>.</b> character as the end of
+ <b>-oi</b> When reading a message from standard input, don't
+ treat a line with only a <b>.</b> character as the end of
input.
<b>-om</b> (ignored)
- The sender is never eliminated from alias etc.
+ The sender is never eliminated from alias etc.
expansions.
<b>-o</b> <i>x</i> <i>value</i> (ignored)
- Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
ration parameter in <b>main.cf</b> instead.
<b>-r</b> <i>sender</i>
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
- the message contains an <b>Errors-To:</b> message header.
+ the message contains an <b>Errors-To:</b> message header.
- <b>-q</b> Attempt to deliver all queued mail. This is imple-
+ <b>-q</b> Attempt to deliver all queued mail. This is imple-
mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
<b>-q</b><i>interval</i> (ignored)
- The interval between queue runs. Use the
+ The interval between queue runs. Use the
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b> configuration parameter instead.
<b>-qR</b><i>site</i>
- Schedule immediate delivery of all mail that is
+ Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. This option accepts only
- <i>site</i> names that are eligible for the "fast flush"
- service, and is implemented by executing the
+ <i>site</i> names that are eligible for the "fast flush"
+ service, and is implemented by executing the
<a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flushd.8.html"><b>flush</b>(8)</a> for more infor-
mation about the "fast flush" service.
<b>-qS</b><i>site</i>
- This command is not implemented. Use the slower
+ This command is not implemented. Use the slower
<b>sendmail</b> <b>-q</b> command instead.
- <b>-t</b> Extract recipients from message headers. This
- requires that no recipients be specified on the
+ <b>-t</b> Extract recipients from message headers. This
+ requires that no recipients be specified on the
command line.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>SECURITY</b>
- By design, this program is not set-user (or group) id.
- However, it must handle data from untrusted users or
- untrusted machines. Thus, the usual precautions need to
+ By design, this program is not set-user (or group) id.
+ However, it must handle data from untrusted users or
+ untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard
+ Problems are logged to <b>syslogd</b>(8) and to the standard
error stream.
<b>ENVIRONMENT</b>
<b>MAIL</b><i>_</i><b>DEBUG</b>
Enable debugging with an external command, as spec-
- ified with the <b>debugger</b><i>_</i><b>command</b> configuration
+ ified with the <b>debugger</b><i>_</i><b>command</b> configuration
parameter.
<b>FILES</b>
/etc/postfix, configuration files
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- See the Postfix <b>main.cf</b> file for syntax details and for
- default values. Use the <b>postfix</b> <b>reload</b> command after a
+ See the Postfix <b>main.cf</b> file for syntax details and for
+ default values. Use the <b>postfix</b> <b>reload</b> command after a
configuration change.
<b>alias</b><i>_</i><b>database</b>
- Default alias database(s) for <b>newaliases</b>. The
- default value for this parameter is system-spe-
+ Default alias database(s) for <b>newaliases</b>. The
+ default value for this parameter is system-spe-
cific.
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b>
initialized.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
- The VERP delimiter characters that are used when
- the <b>-V</b> command line option is specified without
+ The VERP delimiter characters that are used when
+ the <b>-V</b> command line option is specified without
delimiter characters.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b>
List of domains that will receive "fast flush" ser-
- vice (default: all domains that this system is
- willing to relay mail to). This list specifies the
- domains that Postfix accepts in the SMTP <b>ETRN</b>
+ vice (default: all domains that this system is
+ willing to relay mail to). This list specifies the
+ domains that Postfix accepts in the SMTP <b>ETRN</b>
request and in the <b>sendmail</b> <b>-qR</b> command.
<b>fork</b><i>_</i><b>attempts</b>
- Number of attempts to <b>fork</b>() a process before giv-
+ Number of attempts to <b>fork</b>() a process before giv-
ing up.
<b>fork</b><i>_</i><b>delay</b>
- Delay in seconds between successive <b>fork</b>()
+ Delay in seconds between successive <b>fork</b>()
attempts.
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
<b>mail</b><i>_</i><b>owner</b>
- The owner of the mail queue and of most Postfix
+ The owner of the mail queue and of most Postfix
processes.
<b>command</b><i>_</i><b>directory</b>
- Directory with Postfix support commands (default:
+ Directory with Postfix support commands (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>daemon</b><i>_</i><b>directory</b>
- Directory with Postfix daemon programs (default:
+ Directory with Postfix daemon programs (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>queue</b><i>_</i><b>directory</b>
- Top-level directory of the Postfix queue. This is
+ Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
- The time between successive scans of the deferred
+ The time between successive scans of the deferred
queue.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
- The characters that Postfix accepts as VERP delim-
+ The characters that Postfix accepts as VERP delim-
iter characters.
<b>SEE</b> <b>ALSO</b>
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ SENDMAIL(1)
</pre> </body> </html>
<html> <head> </head> <body> <pre>
-
SHOWQ(8) SHOWQ(8)
<b>NAME</b>
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ SHOWQ(8)
</pre> </body> </html>
<html> <head> </head> <body> <pre>
-
SMTP(8) SMTP(8)
<b>NAME</b>
Numerical source network address to bind to when
making a connection.
- <b>smtp</b><i>_</i><b>break</b><i>_</i><b>lines</b>
- Break lines > <b>$line</b><i>_</i><b>length</b><i>_</i><b>limit</b> into multiple
- shorter lines. Some SMTP servers misbehave on long
- lines.
+ <b>smtp</b><i>_</i><b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
+ Length limit for SMTP message content lines. Zero
+ means no limit. Some SMTP servers misbehave on
+ long lines.
+
+ <b>smtp</b><i>_</i><b>helo</b><i>_</i><b>name</b>
+ The hostname to be used in HELO and EHLO commands.
<b>smtp</b><i>_</i><b>skip</b><i>_</i><b>4xx</b><i>_</i><b>greeting</b>
- Skip servers that greet us with a 4xx status code.
+ Skip servers that greet us with a 4xx status code.
<b>smtp</b><i>_</i><b>skip</b><i>_</i><b>5xx</b><i>_</i><b>greeting</b>
- Skip servers that greet us with a 5xx status code.
+ Skip servers that greet us with a 5xx status code.
<b>smtp</b><i>_</i><b>skip</b><i>_</i><b>quit</b><i>_</i><b>response</b>
- Do not wait for the server response after sending
+ Do not wait for the server response after sending
QUIT.
<b>smtp</b><i>_</i><b>pix</b><i>_</i><b>workaround</b><i>_</i><b>delay</b><i>_</i><b>time</b>
- The time to pause before sending .<CR><LF>, while
- working around the CISCO PIX firewall
+ The time to pause before sending .<CR><LF>, while
+ working around the CISCO PIX firewall
<CR><LF>.<CR><LF> bug.
<b>smtp</b><i>_</i><b>pix</b><i>_</i><b>workaround</b><i>_</i><b>threshold</b><i>_</i><b>time</b>
- The time a message must be queued before the CISCO
- PIX firewall <CR><LF>.<CR><LF> bug workaround is
+ The time a message must be queued before the CISCO
+ PIX firewall <CR><LF>.<CR><LF> bug workaround is
turned on.
<b>Authentication</b> <b>controls</b>
- <b>smtp</b><i>_</i><b>enable</b><i>_</i><b>sasl</b><i>_</i><b>auth</b>
- Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
- (SASL). By default, Postfix is built without SASL
+ <b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>auth</b><i>_</i><b>enable</b>
+ Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
+ (SASL). By default, Postfix is built without SASL
support.
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>password</b><i>_</i><b>maps</b>
Lookup tables with per-host or domain <i>name</i>:<i>password</i>
- entries. No entry for a host means no attempt to
+ entries. No entry for a host means no attempt to
authenticate.
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
<b>Resource</b> <b>controls</b>
<b>smtp</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
Limit the number of parallel deliveries to the same
- destination. The default limit is taken from the
+ destination. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b> parameter.
<b>smtp</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Limit the number of recipients per message deliv-
- ery. The default limit is taken from the
+ Limit the number of recipients per message deliv-
+ ery. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> parameter.
<b>Timeout</b> <b>controls</b>
- The default time unit is seconds; an explicit time unit
- can be specified by appending a one-letter suffix to the
- value: s (seconds), m (minutes), h (hours), d (days) or w
+ The default time unit is seconds; an explicit time unit
+ can be specified by appending a one-letter suffix to the
+ value: s (seconds), m (minutes), h (hours), d (days) or w
(weeks).
<b>smtp</b><i>_</i><b>connect</b><i>_</i><b>timeout</b>
- Timeout for completing a TCP connection. When no
- connection can be made within the deadline, the
- SMTP client tries the next address on the mail
+ Timeout for completing a TCP connection. When no
+ connection can be made within the deadline, the
+ SMTP client tries the next address on the mail
exchanger list.
<b>smtp</b><i>_</i><b>helo</b><i>_</i><b>timeout</b>
- Timeout for receiving the SMTP greeting banner.
- When the server drops the connection without send-
+ Timeout for receiving the SMTP greeting banner.
+ When the server drops the connection without send-
ing a greeting banner, or when it sends no greeting
- banner within the deadline, the SMTP client tries
+ banner within the deadline, the SMTP client tries
the next address on the mail exchanger list.
<b>smtp</b><i>_</i><b>helo</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>HELO</b> command, and for
+ Timeout for sending the <b>HELO</b> command, and for
receiving the server response.
<b>smtp</b><i>_</i><b>mail</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>MAIL</b> <b>FROM</b> command, and for
+ Timeout for sending the <b>MAIL</b> <b>FROM</b> command, and for
receiving the server response.
<b>smtp</b><i>_</i><b>rcpt</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>RCPT</b> <b>TO</b> command, and for
+ Timeout for sending the <b>RCPT</b> <b>TO</b> command, and for
receiving the server response.
<b>smtp</b><i>_</i><b>data</b><i>_</i><b>init</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>DATA</b> command, and for
+ Timeout for sending the <b>DATA</b> command, and for
receiving the server response.
<b>smtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
<b>smtp</b><i>_</i><b>data</b><i>_</i><b>done</b><i>_</i><b>timeout</b>
Timeout for sending the "<b>.</b>" command, and for
- receiving the server response. When no response is
- received, a warning is logged that the mail may be
+ receiving the server response. When no response is
+ received, a warning is logged that the mail may be
delivered multiple times.
<b>smtp</b><i>_</i><b>quit</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>QUIT</b> command, and for
+ Timeout for sending the <b>QUIT</b> command, and for
receiving the server response.
<b>SEE</b> <b>ALSO</b>
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ SMTP(8)
</pre> </body> </html>
<html> <head> </head> <body> <pre>
-
SMTPD(8) SMTPD(8)
<b>NAME</b>
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
- <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions >= 20011119)
+ <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ SMTPD(8)
</pre> </body> </html>
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
- <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions >= 20011119)
+ <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).
Syntax is <i>transport</i>:<i>nexthop</i>; see <a href="transport.5.html"><b>transport</b>(5)</a> for
details. The :<i>nexthop</i> part is optional.
- <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions >= 20011119)
+ <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).
<p>
+<li> <a href="#body_checks">Body filtering</a>
+
+<p>
+
<li> <a href="#smtpd_client_restrictions">Client hostname/address
restrictions</a>
<h2> Header filtering</h2>
-The <b>header_checks</b> parameter restricts what
-is allowed in message headers.
+The <b>header_checks</b> parameter restricts what is allowed in
+message headers. Patterns are applied to entire logical message
+headers, even when a header spans multiple lines of text.
<p>
<dt>WARN <dd> Log (but do not reject) the header with a warning.
+<dt>WARN text... <dd> As above, and also log the text.
+
</dl>
<p>
<p>
+<a name="body_checks">
+
+<h2> Body filtering</h2>
+
+The <b>body_checks</b> parameter restricts what text is
+is allowed in message body lines (including MIME headers
+within the message body).
+
+<p>
+
+Note: the message body is matched one line at a time.
+There is no multi-line concept as with message headers.
+
+<p>
+
+<dl>
+
+<dt>Default:
+
+<dd>Allow anything in message body lines.
+
+<p>
+
+<dt>Syntax:
+
+<dd>Specify a list of zero or more lookup tables. Whenever a body
+line matches a table, the action depends on the lookup result:
+
+<p>
+
+<dl>
+
+<dt>REJECT <dd> Reject the message, and log the matched line.
+
+<dt>REJECT text... <dd> As above, and also send the text to
+the originator.
+
+<dt>IGNORE <dd> Delete the matched line from the message.
+
+<dt>WARN <dd> Log (but do not reject) the matched line with a warning.
+
+<dt>WARN text... <dd> As above, and also log the text.
+
+</dl>
+
+<p>
+
+<i>At present, specifying a pattern with OK serves no useful
+purpose. A rule ending in OK affects only the line being matched.
+The next line may still result in a REJECT match, causing the
+mail still to be rejected.</i>
+
+</dl>
+
+<p>
+
+<dt>Examples (main.cf):
+
+<dd> <b>body_checks = regexp:/etc/postfix/body_checks</b>
+
+<dd> <b>body_checks = pcre:/etc/postfix/body_checks</b>
+
+<p>
+
<a name="smtpd_client_restrictions">
<h2> Client hostname/address restrictions</h2>
By default, this restriction is applied when the client sends the
RCPT TO command. In order to have the restriction take effect
-as soon as possible, specify <b>smtpd_delay_reject = yes</b> in
+as soon as possible, specify <b>smtpd_delay_reject = no</b> in
the Postfix <b>main.cf</b> configuration file. Doing so may cause
unexpected results with poorly implemented client software.
<a name="reject_sender_login_mismatch">
-<dt> <b>reject_sender_login_mismatch</b> (Postfix versions >= 20011125)
+<dt> <b>reject_sender_login_mismatch</b>
<dd> Reject the request when <a href="#smtpd_sender_login_maps">
$smtpd_sender_owner_maps</a> specifies an owner for the MAIL FROM
<a name="warn_if_reject">
-<dt> <b>warn_if_reject</b> (Postfix versions 20011119 and later)
+<dt> <b>warn_if_reject</b>
<dd> Change the meaning of the next restriction, so that it logs
a warning instead of rejecting a request (look for logfile records
that contain "reject_warning"). This is useful for testing new
SCO_SV.3.2) SYSTYPE=SCO5
# Use the native compiler by default
: ${CC="/usr/bin/cc -b elf"}
- : ${DEBUG=}
+ CCARGS="-DPIPES_CANT_FIONREAD $CCARGS"
SYSLIBS="-lsocket -ldbm"
RANLIB=echo
;;
UnixWare.5*) SYSTYPE=UW7
# Use the native compiler by default
: ${CC=/usr/bin/cc}
- : ${DEBUG=}
RANLIB=echo
SYSLIBS="-lresolv -lsocket -lnsl"
;;
5.[0-4]) CCARGS="$CCARGS -DMISSING_USLEEP";;
*) CCARGS="$CCARGS -DHAS_POSIX_REGEXP";;
esac
+ # Work around broken str*casecmp(). Do it all here instead
+ # of having half the solution in the sys_defs.h file.
+ CCARGS="$CCARGS -Dstrcasecmp=fix_strcasecmp \
+ -Dstrncasecmp=fix_strncasecmp"
+ STRCASE="strcasecmp.o"
# Avoid common types of braindamage
case "$LD_LIBRARY_PATH" in
?*) echo "Don't set LD_LIBRARY_PATH" 1>&2; exit 1;;
SYSLIBS="-ldb"
for name in nsl resolv $GDBM_LIBS
do
- test -f /usr/lib/lib$name.a && SYSLIBS="$SYSLIBS -l$name"
+ test -e /usr/lib/lib$name.a -o -e /usr/lib/lib$name.so \
+ -o -e /lib/lib$name.a -o -e /lib/lib$name.so \
+ && SYSLIBS="$SYSLIBS -l$name"
done
;;
IRIX*.5.*) SYSTYPE=IRIX5
OPT = $OPT
DEBUG = $DEBUG
AWK = $AWK
+STRCASE = $STRCASE
EXPORT = AUXLIBS="$AUXLIBS" CCARGS="$CCARGS" OPT="$OPT" DEBUG="$DEBUG"
EOF
.ti +4
\fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR
+If the result files do not exist they will be created with the
+same group and other read permissions as the source file.
+
While the table update is in progress, signal delivery is
postponed, and an exclusive, advisory, lock is placed on the
entire table, in order to avoid surprises in spectator
.ti +5
\fIkey\fR whitespace \fIvalue\fR
.IP \(bu
-A line that starts with whitespace (space or tab) is a continuation
-of the previous line. An empty line terminates the previous line,
-as does a line that starts with non-whitespace (text or comment). A
-comment line that starts with whitespace does not terminate multi-line
-text.
+Empty lines and whitespace-only lines are ignored, as
+are lines whose first non-whitespace character is a `#'.
.IP \(bu
-The \fB#\fR is recognized as the start of a comment, but only when it is
-the first non-whitespace character on a line. A comment terminates
-at the end of the line, even when the next line starts with whitespace.
+A logical line starts with non-whitespace text. A line that
+starts with whitespace continues a logical line.
.PP
The \fIkey\fR and \fIvalue\fR are processed as is, except that
surrounding white space is stripped off. Unlike with Postfix alias
traditionally available via the \fBsendmail\fR(1) command.
The following options are recognized:
-.IP \fB-c \fIconfig_dir\fR
+.IP "\fB-c \fIconfig_dir\fR"
The \fBmain.cf\fR configuration file is in the named directory
instead of the default configuration directory. See also the
MAIL_CONFIG environment setting below.
\fBdefer\fR and \fBflush\fR directories with log files.
Options:
-.IP "\fB-d \fIqueue_id\fR (Postfix versions >= 20010525)"
+.IP "\fB-d \fIqueue_id\fR"
Delete one message with the named queue ID from the named
mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
\fBdeferred\fR).
.IP \fB-p\fR
Purge old temporary files that are left over after system or
software crashes.
-.IP "\fB-r \fIqueue_id\fR (Postfix versions >= 20010525)"
+.IP "\fB-r \fIqueue_id\fR"
Requeue the message with the named queue ID from the named
mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
\fBdeferred\fR).
to perform this operation once before Postfix startup.
.RS
.IP \(bu
-(Postfix versions >= 20010525)
Rename files whose name does not match the message file inode
number. This operation is necessary after restoring a mail queue
from a different machine, or from backup media.
.IP \fB-bs\fR
Stand-alone SMTP server mode. Read SMTP commands from
standard input, and write responses to standard output.
+In stand-alone SMTP server mode, UCE restrictions and
+access controls are disabled by default. To enable them,
+run the process as the \fBmail_owner\fR user.
+.sp
This mode of operation is implemented by running the
\fBsmtpd\fR(8) daemon.
.IP "\fB-f \fIsender\fR"
.IP \fIuser\fR@
Matches all mail addresses with the specified user part.
.PP
-Note: lookup of the null sender address may not be possible with
-all supported types of lookup table. A workaround is to specify
-\fBsmtpd_null_access_lookup_key = <>\fR in the Postfix \fBmain.cf\fR
-file, and to specify \fB<>\fR as the left-hand field in the access
-table.
+Note: lookup of the null sender address is not possible with
+some types of lookup table. By default, Postfix uses \fB<>\fR
+as the lookup key for such addresses. The value is specified with
+the workaround is to specify \fBsmtpd_null_access_lookup_key\fR
+parameter in the Postfix \fBmain.cf\fR file.
.SH ADDRESS EXTENSION
.na
.nf
error response message is generated.
.IP \fBOK\fR
Accept the address etc. that matches the pattern.
+.IP \fIall-numerical\fR
+An all-numerical result is treated as OK. This format is
+generated by address-based relay authorization schemes.
.IP \fIrestriction...\fR
Apply the named UCE restriction(s) (\fBpermit\fR, \fRreject\fR,
\fBreject_unauth_destination\fR, and so on).
this topic. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
-.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
+.IP \fBparent_domain_matches_subdomains\fR
List of Postfix features that use \fIdomain.name\fR patterns
to match \fIsub.domain.name\fR (as opposed to
requiring \fI.domain.name\fR patterns).
.IP \fBfast_flush_purge_time\fR
Remove an empty "fast flush" logfile that was not updated in
this amount of time (default time unit: days).
-.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
+.IP \fBparent_domain_matches_subdomains\fR
List of Postfix features that use \fIdomain.name\fR patterns
to match \fIsub.domain.name\fR (as opposed to
requiring \fI.domain.name\fR patterns).
The default per-user mailbox is a file in the UNIX mail spool
directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR);
the location can be specified with the \fBmail_spool_directory\fR
-configuration parameter.
+configuration parameter. Specify a name ending in \fB/\fR for
+\fBqmail\fR-compatible \fBmaildir\fR delivery.
Alternatively, the per-user mailbox can be a file in the user's home
directory with a name specified via the \fBhome_mailbox\fR
.IP \fBmail_spool_directory\fR
Directory with UNIX-style mailboxes. The default pathname is system
dependent.
+Specify a path ending in \fB/\fR for maildir-style delivery.
.IP \fBmailbox_command\fR
External command to use for mailbox delivery. The command executes
with the recipient privileges (exception: root). The string is subject
.SH "Timing controls"
.ad
.fi
-.IP \fBmin_backoff\fR
+.IP \fBminimal_backoff_time\fR
Minimal time in seconds between delivery attempts
of a deferred message.
.sp
This parameter also limits the time an unreachable destination
is kept in the short-term, in-memory destination status cache.
-.IP \fBmax_backoff\fR
+.IP \fBmaximal_backoff_time\fR
Maximal time in seconds between delivery attempts
of a deferred message.
.IP \fBmaximal_queue_lifetime\fR
.SH "Timing controls"
.ad
.fi
-.IP \fBmin_backoff\fR
+.IP \fBminimal_backoff_time\fR
Minimal time in seconds between delivery attempts
of a deferred message.
.sp
This parameter also limits the time an unreachable destination
is kept in the short-term, in-memory destination status cache.
-.IP \fBmax_backoff\fR
+.IP \fBmaximal_backoff_time\fR
Maximal time in seconds between delivery attempts
of a deferred message.
.IP \fBmaximal_queue_lifetime\fR
Never send EHLO at the start of a connection.
.IP \fBsmtp_bind_address\fR
Numerical source network address to bind to when making a connection.
-.IP \fBsmtp_break_lines\fR
-Break lines > \fB$line_length_limit\fR into multiple shorter lines.
+.IP \fBsmtp_line_length_limit\fR
+Length limit for SMTP message content lines. Zero means no limit.
Some SMTP servers misbehave on long lines.
+.IP \fBsmtp_helo_name\fR
+The hostname to be used in HELO and EHLO commands.
.IP \fBsmtp_skip_4xx_greeting\fR
Skip servers that greet us with a 4xx status code.
.IP \fBsmtp_skip_5xx_greeting\fR
The time a message must be queued before the CISCO PIX firewall
<CR><LF>.<CR><LF> bug workaround is turned on.
.SH "Authentication controls"
-.IP \fBsmtp_enable_sasl_auth\fR
+.IP \fBsmtp_sasl_auth_enable\fR
Enable per-session authentication as per RFC 2554 (SASL).
By default, Postfix is built without SASL support.
.IP \fBsmtp_sasl_password_maps\fR
.SH "UCE control restrictions"
.ad
.fi
-.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
+.IP \fBparent_domain_matches_subdomains\fR
List of Postfix features that use \fIdomain.name\fR patterns
to match \fIsub.domain.name\fR (as opposed to
requiring \fI.domain.name\fR patterns).
.sp
Syntax is \fItransport\fR:\fInexthop\fR; see \fBtransport\fR(5)
for details. The :\fInexthop\fR part is optional.
-.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
+.IP \fBparent_domain_matches_subdomains\fR
List of Postfix features that use \fIdomain.name\fR patterns
to match \fIsub.domain.name\fR (as opposed to
requiring \fI.domain.name\fR patterns).
# The destination directory for Postfix daemon programs. This directory
# should not be in the command search path of any users.
# The built-in default directory name is /usr/libexec/postfix.
+# This parameter setting is recorded in the installed main.cf file.
# .IP command_directory
# The destination directory for Postfix administrative commands. This
# directory should be in the command search path of adminstrative users.
case $arg in
*=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
-non-int*) non_interactive=1;;
- *) echo $0: Error: $USAGE 1>&2; exit 1;;
+ *) echo "$0: Error: $USAGE" 1>&2; exit 1;;
esac
shift
done
SAMPLE_DIRECTORY=$install_root$sample_directory
README_DIRECTORY=$install_root$readme_directory
-# Avoid repeated tests for existence of these.
+# Avoid repeated tests for existence of these; default permissions suffice.
test -d $DAEMON_DIRECTORY || mkdir -p $DAEMON_DIRECTORY || exit 1
test -d $COMMAND_DIRECTORY || mkdir -p $COMMAND_DIRECTORY || exit 1
# .IP \fIuser\fR@
# Matches all mail addresses with the specified user part.
# .PP
-# Note: lookup of the null sender address may not be possible with
-# all supported types of lookup table. A workaround is to specify
-# \fBsmtpd_null_access_lookup_key = <>\fR in the Postfix \fBmain.cf\fR
-# file, and to specify \fB<>\fR as the left-hand field in the access
-# table.
+# Note: lookup of the null sender address is not possible with
+# some types of lookup table. By default, Postfix uses \fB<>\fR
+# as the lookup key for such addresses. The value is specified with
+# the workaround is to specify \fBsmtpd_null_access_lookup_key\fR
+# parameter in the Postfix \fBmain.cf\fR file.
# ADDRESS EXTENSION
# .fi
# .ad
# error response message is generated.
# .IP \fBOK\fR
# Accept the address etc. that matches the pattern.
+# .IP \fIall-numerical\fR
+# An all-numerical result is treated as OK. This format is
+# generated by address-based relay authorization schemes.
# .IP \fIrestriction...\fR
# Apply the named UCE restriction(s) (\fBpermit\fR, \fRreject\fR,
# \fBreject_unauth_destination\fR, and so on).
#
+# Sample aliases file. Install in the location as specified by the
+# output from the command "postconf alias_maps". Typical path names
+# are /etc/aliases or /etc/mail/aliases.
+#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to Postfix.
# this topic. See the Postfix \fBmain.cf\fR file for syntax details
# and for default values. Use the \fBpostfix reload\fR command after
# a configuration change.
-# .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
+# .IP \fBparent_domain_matches_subdomains\fR
# List of Postfix features that use \fIdomain.name\fR patterns
# to match \fIsub.domain.name\fR (as opposed to
# requiring \fI.domain.name\fR patterns).
* file format because we do not need anything more complicated. As a
* benefit, we can still recover some data when the file is a little
* garbled.
+ *
+ * XXX addresses in defer logfiles are in printable quoted form, while
+ * addresses in message envelope records are in raw unquoted form. This
+ * may change once we replace the present ad-hoc bounce/defer logfile
+ * format by one that is transparent for control etc. characters. See
+ * also: showq/showq.c.
*/
if ((orig_length = vstream_fseek(log, 0L, SEEK_END)) < 0)
msg_fatal("seek file %s %s: %m", service, queue_id);
if (*recipient)
vstream_fprintf(log, "<%s>: ",
printable(vstring_str(quote_822_local(in_buf, recipient)), '?'));
+ else
+ vstream_fprintf(log, "<>: ");
vstream_fputs(printable(why, '?'), log);
vstream_fputs("\n\n", log);
cleanup_out.o: ../../include/record.h
cleanup_out.o: ../../include/rec_type.h
cleanup_out.o: ../../include/cleanup_user.h
+cleanup_out.o: ../../include/mail_params.h
cleanup_out.o: cleanup.h
cleanup_out.o: ../../include/argv.h
cleanup_out.o: ../../include/maps.h
int err_mask; /* allowed badness */
VSTRING *header_buf; /* multi-record header */
int headers_seen; /* which headers were seen */
+ int prev_header_type; /* multi-record physical header line */
int hop_count; /* count of received: headers */
ARGV *recipients; /* recipients from regular headers */
ARGV *resent_recip; /* recipients from resent headers */
* that the runtime error handler can clean up in case of problems.
*/
state->handle = mail_stream_file(MAIL_QUEUE_INCOMING,
- MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE, 0);
+ MAIL_CLASS_PUBLIC, var_queue_service, 0);
state->dst = state->handle->stream;
cleanup_path = mystrdup(VSTREAM_PATH(state->dst));
state->queue_id = mystrdup(state->handle->id);
state->queue_id, maps->title, addr);
break;
}
- if ((lookup = mail_addr_map(maps, argv->argv[arg], propagate)) != 0) {
+ quote_822_local(state->temp1, argv->argv[arg]);
+ if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) {
saved_lhs = mystrdup(argv->argv[arg]);
for (i = 0; i < lookup->argc; i++) {
unquote_822_local(state->temp1, lookup->argv[i]);
cleanup_fold_header(state);
}
-/* cleanup_check_reject - parse and match header/body REJECT line */
+/* cleanup_act - act upon a header/body match */
-static int cleanup_check_reject(CLEANUP_STATE *state, const char *value)
+static int cleanup_act(CLEANUP_STATE *state, char *context, char *buf,
+ const char *value, const char *map_class)
{
- const char *reason = value + strcspn(value, " \t");
+ const char *optional_text = value + strcspn(value, " \t");
+ int command_len = optional_text - value;
- /*
- * See if they spelled REJECT right.
- *
- * XXX The reason should be set only if we have a more severe error than
- * anything that was found before. This calls for a cleanup_set_error()
- * routine that takes an error code and an optional text.
- */
- if (strncasecmp(value, "REJECT", reason - value) == 0) {
- if (state->reason == 0) {
- while (*reason && ISSPACE(*reason))
- reason++;
- state->reason = mystrdup(*reason ? reason :
+ while (*optional_text && ISSPACE(*optional_text))
+ optional_text++;
+
+#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0)
+#define CLEANUP_ACT_KEEP 1
+#define CLEANUP_ACT_DROP 0
+
+ if (STREQUAL(value, "REJECT", command_len)) {
+ if (state->reason == 0)
+ state->reason = mystrdup(*optional_text ? optional_text :
cleanup_strerror(CLEANUP_STAT_CONT));
- }
state->errs |= CLEANUP_STAT_CONT;
- return (1);
- } else {
- return (0);
+ msg_info("%s: reject: %s %.200s; from=<%s> to=<%s>: %s",
+ state->queue_id, context, buf, state->sender,
+ state->recip ? state->recip : "unknown",
+ state->reason);
+ return (CLEANUP_ACT_KEEP);
+ }
+ if (STREQUAL(value, "WARN", command_len)) {
+ msg_info("%s: warning: %s %.200s; from=<%s> to=<%s>: %s",
+ state->queue_id, context, buf, state->sender,
+ state->recip ? state->recip : "unknown",
+ *optional_text ? optional_text :
+ cleanup_strerror(CLEANUP_STAT_CONT));
+ return (CLEANUP_ACT_KEEP);
}
+ if (*optional_text)
+ msg_warn("unexpected text after command in %s map: %s",
+ map_class, value);
+
+ if (STREQUAL(value, "IGNORE", command_len))
+ return (CLEANUP_ACT_DROP);
+
+ if (STREQUAL(value, "OK", command_len))
+ return (CLEANUP_ACT_KEEP);
+
+ msg_warn("unknown command in %s map: %s", map_class, value);
+ return (CLEANUP_ACT_KEEP);
}
/* cleanup_header - process one complete header line */
const char *value;
if ((value = maps_find(cleanup_header_checks, header, 0)) != 0) {
- if (cleanup_check_reject(state, value) != 0) {
- msg_info("%s: reject: header %.200s; from=<%s> to=<%s>: %s",
- state->queue_id, header, state->sender,
- state->recip ? state->recip : "unknown",
- state->reason);
- } else if (strcasecmp(value, "IGNORE") == 0) {
+ if (cleanup_act(state, "header", header, value, VAR_HEADER_CHECKS)
+ == CLEANUP_ACT_DROP)
return;
- } else if (strcasecmp(value, "WARN") == 0) {
- msg_info("%s: warning: header %.200s; from=<%s> to=<%s>",
- state->queue_id, header, state->sender,
- state->recip ? state->recip : "unknown");
- }
}
}
/*
* If this is an "unknown" header, just copy it to the output without
- * even bothering to fold long lines. XXX Should split header lines that
- * do not fit a REC_TYPE_NORM record.
+ * even bothering to fold long lines. cleanup_out() will split long
+ * headers that do not fit in a REC_TYPE_NORM record.
*/
if ((hdr_opts = header_opts_find(vstring_str(state->header_buf))) == 0) {
cleanup_out_header(state);
/*
* First, deal with header information that we have accumulated from
- * previous input records. A whole record that starts with whitespace is
- * a continuation of previous data.
+ * previous input records.
*
- * XXX Silently switch to body processing when some message header requires
- * an unreasonable amount of storage, or when a message header record
- * does not fit in a REC_TYPE_NORM type record.
+ * If a physical header line exceeds the capacity of a Postfix queue file
+ * record, reconstruct the long line from multiple records (up to the
+ * header size limit), and break the long line up into multiple Postfix
+ * records upon output to the queue file. Discard text that does not fit
+ * in a header buffer, so as to avoid breaking MIME formatting.
+ *
+ * It is left up to delivery agents to glue long lines back together and to
+ * enforce an appropriate output line length limit.
*/
if (VSTRING_LEN(state->header_buf) > 0) {
- if ((VSTRING_LEN(state->header_buf) >= var_header_limit
- || type == REC_TYPE_CONT)) {
- state->errs |= CLEANUP_STAT_HOVFL;
- } else if (type == REC_TYPE_NORM && ISSPACE(*buf)) {
- VSTRING_ADDCH(state->header_buf, '\n');
- vstring_strcat(state->header_buf, buf);
- return;
- } else {
- /* Body record or end of message segment. */ ;
+ if (type != REC_TYPE_XTRA) {
+ if (state->prev_header_type == REC_TYPE_CONT) {
+ if (VSTRING_LEN(state->header_buf) < var_header_limit)
+ vstring_strcat(state->header_buf, buf);
+ else
+ state->errs |= CLEANUP_STAT_HOVFL;
+ state->prev_header_type = type;
+ return;
+ }
+ if (ISSPACE(*buf)) {
+ if (VSTRING_LEN(state->header_buf) < var_header_limit) {
+ VSTRING_ADDCH(state->header_buf, '\n');
+ vstring_strcat(state->header_buf, buf);
+ } else
+ state->errs |= CLEANUP_STAT_HOVFL;
+ state->prev_header_type = type;
+ return;
+ }
}
/*
}
/*
- * Switch to body processing if this is not a header or if the saved
- * header would require an unreasonable amount of storage. Generate
- * missing headers. Add one blank line when the message headers are
- * immediately followed by a non-empty message body.
+ * Switch to body processing if this is not a header. Generate missing
+ * headers. Add one blank line when the message headers are immediately
+ * followed by a non-empty message body.
*/
- if (((state->errs & CLEANUP_STAT_HOVFL)
- || type != REC_TYPE_NORM
- || !is_header(buf))) {
+ if (type == REC_TYPE_XTRA || !is_header(buf)) {
cleanup_missing_headers(state);
if (type != REC_TYPE_XTRA && *buf) /* output blank line */
cleanup_out_string(state, REC_TYPE_NORM, "");
*/
else {
vstring_strcpy(state->header_buf, buf);
+ state->prev_header_type = type;
}
}
const char *value;
if ((value = maps_find(cleanup_body_checks, buf, 0)) != 0) {
- if (cleanup_check_reject(state, value) != 0) {
- msg_info("%s: reject: body %.200s; from=<%s> to=<%s>: %s",
- state->queue_id, buf, state->sender,
- state->recip ? state->recip : "unknown",
- state->reason);
- } else if (strcasecmp(value, "IGNORE") == 0) {
+ if (cleanup_act(state, "body", buf, value, VAR_BODY_CHECKS)
+ == CLEANUP_ACT_DROP)
return;
- } else if (strcasecmp(value, "WARN") == 0) {
- msg_info("%s: warning: body %.200s; from=<%s> to=<%s>",
- state->queue_id, buf, state->sender,
- state->recip ? state->recip : "unknown");
- }
}
}
cleanup_out(state, type, buf, len);
#include <record.h>
#include <rec_type.h>
#include <cleanup_user.h>
+#include <mail_params.h>
/* Application-specific. */
void cleanup_out(CLEANUP_STATE *state, int type, char *string, int len)
{
- if (CLEANUP_OUT_OK(state)) {
- if (rec_put(state->dst, type, string, len) < 0) {
- if (errno == EFBIG) {
- msg_warn("%s: queue file size limit exceeded",
- state->queue_id);
- state->errs |= CLEANUP_STAT_SIZE;
- } else {
- msg_warn("%s: write queue file: %m", state->queue_id);
- state->errs |= CLEANUP_STAT_WRITE;
- }
+ int err = 0;
+
+ /*
+ * Long message header lines have to be read and written as multiple
+ * records. Other header/body content, and envelope data, is copied one
+ * record at a time. Be sure to not skip a zero-length request.
+ *
+ * XXX We don't know if we're writing a message header or not, but that is
+ * not a problem. A REC_TYPE_NORM or REC_TYPE_CONT record can always be
+ * chopped up into an equivalent set of REC_TYPE_CONT plus REC_TYPE_NORM
+ * records.
+ */
+ if (CLEANUP_OUT_OK(state) == 0)
+ return;
+
+#define TEXT_RECORD(t) ((t) == REC_TYPE_NORM || (t) == REC_TYPE_CONT)
+
+ do {
+ if (len > var_line_limit && TEXT_RECORD(type)) {
+ err = rec_put(state->dst, REC_TYPE_CONT, string, var_line_limit);
+ string += var_line_limit;
+ len -= var_line_limit;
+ } else {
+ err = rec_put(state->dst, type, string, len);
+ break;
+ }
+ } while (len > 0 && err >= 0);
+
+ if (err < 0) {
+ if (errno == EFBIG) {
+ msg_warn("%s: queue file size limit exceeded",
+ state->queue_id);
+ state->errs |= CLEANUP_STAT_SIZE;
+ } else {
+ msg_warn("%s: write queue file: %m", state->queue_id);
+ state->errs |= CLEANUP_STAT_WRITE;
}
}
}
state->err_mask = 0;
state->header_buf = vstring_alloc(100);
state->headers_seen = 0;
+ state->prev_header_type = 0;
state->hop_count = 0;
state->recipients = argv_alloc(2);
state->resent_recip = argv_alloc(2);
/* .IP \fBfast_flush_purge_time\fR
/* Remove an empty "fast flush" logfile that was not updated in
/* this amount of time (default time unit: days).
-/* .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
+/* .IP \fBparent_domain_matches_subdomains\fR
/* List of Postfix features that use \fIdomain.name\fR patterns
/* to match \fIsub.domain.name\fR (as opposed to
/* requiring \fI.domain.name\fR patterns).
* name space: domain names versus safe-to-use pathnames.
*/
static int flush_add_path(const char *, const char *);
-static int flush_send_path(const char *);
+static int flush_send_path(const char *, int);
+
+ /*
+ * Do we only refresh the per-destination logfile, or do we really request
+ * mail delivery as if someone sent ETRN? If the latter, we must override
+ * information about unavailable hosts or unavailable transports.
+ */
+#define REFRESH_ONLY 0
+#define REFRESH_AND_DELIVER 1
/* flush_site_to_path - convert domain or [addr] to harmless string */
/* flush_send_service - flush mail queued for site */
-static int flush_send_service(const char *site)
+static int flush_send_service(const char *site, int how)
{
char *myname = "flush_send_service";
VSTRING *site_path;
* Map site name to path name and flush the log.
*/
site_path = flush_site_to_path((VSTRING *) 0, site);
- status = flush_send_path(STR(site_path));
+ status = flush_send_path(STR(site_path), how);
vstring_free(site_path);
return (status);
/* flush_send_path - flush logfile file */
-static int flush_send_path(const char *path)
+static int flush_send_path(const char *path, int how)
{
const char *myname = "flush_send_path";
VSTRING *queue_id;
VSTRING *queue_file;
VSTREAM *log;
struct utimbuf tbuf;
- static char qmgr_trigger[] = {
+ static char qmgr_deliver_trigger[] = {
QMGR_REQ_SCAN_INCOMING, /* scan incoming queue */
QMGR_REQ_FLUSH_DEAD, /* flush dead site/transport cache */
};
+ static char qmgr_refresh_trigger[] = {
+ QMGR_REQ_SCAN_INCOMING, /* scan incoming queue */
+ };
HTABLE *dup_filter;
int count;
if (count > 0) {
if (msg_verbose)
msg_info("%s: requesting delivery for logfile %s", myname, path);
- mail_trigger(MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE,
- qmgr_trigger, sizeof(qmgr_trigger));
+ if (how == REFRESH_ONLY)
+ mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service,
+ qmgr_refresh_trigger, sizeof(qmgr_refresh_trigger));
+ else
+ mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service,
+ qmgr_deliver_trigger, sizeof(qmgr_deliver_trigger));
}
return (FLUSH_STAT_OK);
}
} else if (st.st_atime + max_age < event_time()) {
if (msg_verbose)
msg_info("%s: flush logfile %s", myname, site_path);
- flush_send_path(site_path);
+ flush_send_path(site_path, REFRESH_ONLY);
} else {
if (msg_verbose)
msg_info("%s: skip logfile %s, unread for <%d hours(s) ",
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, MAIL_ATTR_SITE, site,
ATTR_TYPE_END) == 1)
- status = flush_send_service(lowercase(STR(site)));
+ status = flush_send_service(lowercase(STR(site)),
+ REFRESH_AND_DELIVER);
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_STATUS, status,
ATTR_TYPE_END);
/* Global library. */
+#include <mail_params.h>
#include <mail_proto.h>
#include <abounce.h>
const char *sender, const char *verp,
ABOUNCE_FN callback, char *context)
{
- abounce_request_verp(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE,
+ abounce_request_verp(MAIL_CLASS_PRIVATE, var_bounce_service,
BOUNCE_CMD_VERP, flags, queue, id, sender, verp,
callback, context);
}
const char *sender, const char *verp,
ABOUNCE_FN callback, char *context)
{
- abounce_request_verp(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER,
+ abounce_request_verp(MAIL_CLASS_PRIVATE, var_defer_service,
BOUNCE_CMD_VERP, flags, queue, id, sender, verp,
callback, context);
}
void abounce_flush(int flags, const char *queue, const char *id,
const char *sender, ABOUNCE_FN callback, char *context)
{
- abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE, BOUNCE_CMD_FLUSH,
+ abounce_request(MAIL_CLASS_PRIVATE, var_bounce_service, BOUNCE_CMD_FLUSH,
flags, queue, id, sender, callback, context);
}
void adefer_flush(int flags, const char *queue, const char *id,
const char *sender, ABOUNCE_FN callback, char *context)
{
- abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, BOUNCE_CMD_FLUSH,
+ abounce_request(MAIL_CLASS_PRIVATE, var_defer_service, BOUNCE_CMD_FLUSH,
flags, queue, id, sender, callback, context);
}
void adefer_warn(int flags, const char *queue, const char *id,
const char *sender, ABOUNCE_FN callback, char *context)
{
- abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, BOUNCE_CMD_WARN,
+ abounce_request(MAIL_CLASS_PRIVATE, var_defer_service, BOUNCE_CMD_WARN,
flags, queue, id, sender, callback, context);
}
delay = time((time_t *) 0) - entry;
vstring_vsprintf(why, fmt, ap);
if (mail_command_client(MAIL_CLASS_PRIVATE, var_soft_bounce ?
- MAIL_SERVICE_DEFER : MAIL_SERVICE_BOUNCE,
+ var_defer_service : var_bounce_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id,
ATTR_TYPE_STR, MAIL_ATTR_RECIP, recipient,
ATTR_TYPE_STR, MAIL_ATTR_WHY, vstring_str(why),
ATTR_TYPE_END) == 0) {
- msg_info("%s: to=<%s>, relay=%s, delay=%d, status=%s (%s)",
+ msg_info("%s: to=<%s>, relay=%s, delay=%d, status=%s (%s%s)",
id, recipient, relay, delay, var_soft_bounce ? "deferred" :
- "bounced", vstring_str(why));
+ "bounced", var_soft_bounce ? "SOFT BOUNCE - " : "",
+ vstring_str(why));
status = (var_soft_bounce ? -1 : 0);
} else if ((flags & BOUNCE_FLAG_CLEAN) == 0) {
status = defer_append(flags, id, recipient, "bounce", delay,
*/
if (var_soft_bounce)
return (-1);
- if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE,
+ if (mail_command_client(MAIL_CLASS_PRIVATE, var_bounce_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_FLUSH,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,
/* Global library. */
+#include "mail_params.h"
#include "mail_queue.h"
#include "mail_proto.h"
#include "flush_clnt.h"
const char *rcpt_domain;
vstring_vsprintf(why, fmt, ap);
- if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER,
+ if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id,
int defer_flush(int flags, const char *queue, const char *id,
const char *sender)
{
- if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER,
+ if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_FLUSH,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,
int defer_warn(int flags, const char *queue, const char *id,
const char *sender)
{
- if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER,
+ if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_WARN,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,
if (*var_fflush_domains == 0)
status = FLUSH_STAT_DENY;
else
- status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH,
+ status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service,
ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_PURGE,
ATTR_TYPE_END);
if (*var_fflush_domains == 0)
status = FLUSH_STAT_DENY;
else
- status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH,
+ status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service,
ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_REFRESH,
ATTR_TYPE_END);
if (*var_fflush_domains == 0)
status = FLUSH_STAT_DENY;
else
- status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH,
+ status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service,
ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_SEND,
ATTR_TYPE_STR, MAIL_ATTR_SITE, site,
ATTR_TYPE_END);
if (*var_fflush_domains == 0)
status = FLUSH_STAT_DENY;
else
- status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH,
+ status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service,
ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_ADD,
ATTR_TYPE_STR, MAIL_ATTR_SITE, site,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, queue_id,
/* Global library. */
+#include <mail_params.h>
#include <mail_proto.h>
#include <mail_flush.h>
/*
* Trigger the flush queue service.
*/
- return (mail_trigger(MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE,
+ return (mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service,
qmgr_trigger, sizeof(qmgr_trigger)));
}
/* int var_line_limit;
/* char *var_alias_db_map;
/* int var_message_limit;
+/* char *var_mail_release;
/* char *var_mail_version;
/* int var_ipc_idle_limit;
/* char *var_db_type;
/* int var_debug_peer_level;
/* int var_in_flow_delay;
/* int var_fault_inj_code;
+/* char *var_bounce_service;
+/* char *var_cleanup_service;
+/* char *var_defer_service;
+/* char *var_pickup_service;
+/* char *var_queue_service;
+/* char *var_rewrite_service;
+/* char *var_showq_service;
+/* char *var_error_service;
+/* char *var_flush_service;
/*
/* void mail_params_init()
/* DESCRIPTION
int var_line_limit;
char *var_alias_db_map;
int var_message_limit;
+char *var_mail_release;
char *var_mail_version;
int var_ipc_idle_limit;
char *var_db_type;
char *var_debug_peer_list;
int var_debug_peer_level;
int var_fault_inj_code;
+char *var_bounce_service;
+char *var_cleanup_service;
+char *var_defer_service;
+char *var_pickup_service;
+char *var_queue_service;
+char *var_rewrite_service;
+char *var_showq_service;
+char *var_error_service;
+char *var_flush_service;
#define MAIN_CONF_FILE "main.cf"
VAR_DOUBLE_BOUNCE, DEF_DOUBLE_BOUNCE, &var_double_bounce_sender, 1, 0,
VAR_DEFAULT_PRIVS, DEF_DEFAULT_PRIVS, &var_default_privs, 1, 0,
VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 0, 0,
+ VAR_MAIL_RELEASE, DEF_MAIL_RELEASE, &var_mail_release, 1, 0,
VAR_MAIL_VERSION, DEF_MAIL_VERSION, &var_mail_version, 1, 0,
VAR_DB_TYPE, DEF_DB_TYPE, &var_db_type, 1, 0,
VAR_HASH_QUEUE_NAMES, DEF_HASH_QUEUE_NAMES, &var_hash_queue_names, 1, 0,
VAR_VERP_FILTER, DEF_VERP_FILTER, &var_verp_filter, 1, 0,
VAR_PAR_DOM_MATCH, DEF_PAR_DOM_MATCH, &var_par_dom_match, 0, 0,
VAR_CONFIG_DIRS, DEF_CONFIG_DIRS, &var_config_dirs, 0, 0,
+ VAR_BOUNCE_SERVICE, DEF_BOUNCE_SERVICE, &var_bounce_service, 1, 0,
+ VAR_CLEANUP_SERVICE, DEF_CLEANUP_SERVICE, &var_cleanup_service, 1, 0,
+ VAR_DEFER_SERVICE, DEF_DEFER_SERVICE, &var_defer_service, 1, 0,
+ VAR_PICKUP_SERVICE, DEF_PICKUP_SERVICE, &var_pickup_service, 1, 0,
+ VAR_QUEUE_SERVICE, DEF_QUEUE_SERVICE, &var_queue_service, 1, 0,
+ VAR_REWRITE_SERVICE, DEF_REWRITE_SERVICE, &var_rewrite_service, 1, 0,
+ VAR_SHOWQ_SERVICE, DEF_SHOWQ_SERVICE, &var_showq_service, 1, 0,
+ VAR_ERROR_SERVICE, DEF_ERROR_SERVICE, &var_error_service, 1, 0,
+ VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0,
0,
};
static CONFIG_STR_FN_TABLE function_str_defaults_2[] = {
#define DEF_SMTP_BIND_ADDR ""
extern char *var_smtp_bind_addr;
+#define VAR_SMTP_HELO_NAME "smtp_helo_name"
+#define DEF_SMTP_HELO_NAME "$myhostname"
+extern char *var_smtp_helo_name;
+
#define VAR_SMTP_RAND_ADDR "smtp_randomize_addresses"
#define DEF_SMTP_RAND_ADDR 1
extern bool var_smtp_rand_addr;
-
-#define VAR_SMTP_BREAK_LINES "smtp_break_lines"
-#define DEF_SMTP_BREAK_LINES 1
-extern bool var_smtp_break_lines;
+
+#define VAR_SMTP_LINE_LIMIT "smtp_line_length_limit"
+#define DEF_SMTP_LINE_LIMIT 990
+extern int var_smtp_line_limit;
#define VAR_SMTP_PIX_THRESH "smtp_pix_workaround_threshold_time"
#define DEF_SMTP_PIX_THRESH "500s"
#define REJECT_UNAUTH_PIPE "reject_unauth_pipelining"
#define VAR_SMTPD_NULL_KEY "smtpd_null_access_lookup_key"
-#define DEF_SMTPD_NULL_KEY ""
+#define DEF_SMTPD_NULL_KEY "<>"
extern char *var_smtpd_null_key;
/*
* the sending processes get a chance to access the disk.
*/
#define VAR_IN_FLOW_DELAY "in_flow_delay"
+#ifdef PIPES_CANT_FIONREAD
+#define DEF_IN_FLOW_DELAY "0s"
+#else
#define DEF_IN_FLOW_DELAY "1s"
+#endif
extern int var_in_flow_delay;
/*
#define DEF_README_DIR "no"
#endif
+ /*
+ * Service names. The transport (TCP, FIFO or UNIX-domain) type is frozen
+ * because you cannot simply mix them, and accessibility (private/public) is
+ * frozen for security reasons. We list only the internal services, not the
+ * externally visible SMTP server, or the delivery agents that can already
+ * be chosen via transport mappings etc.
+ */
+#define VAR_BOUNCE_SERVICE "bounce_service_name"
+#define DEF_BOUNCE_SERVICE MAIL_SERVICE_BOUNCE
+extern char *var_bounce_service;
+
+#define VAR_CLEANUP_SERVICE "cleanup_service_name"
+#define DEF_CLEANUP_SERVICE MAIL_SERVICE_CLEANUP
+extern char *var_cleanup_service;
+
+#define VAR_DEFER_SERVICE "defer_service_name"
+#define DEF_DEFER_SERVICE MAIL_SERVICE_DEFER
+extern char *var_defer_service;
+
+#define VAR_PICKUP_SERVICE "pickup_service_name"
+#define DEF_PICKUP_SERVICE MAIL_SERVICE_PICKUP
+extern char *var_pickup_service;
+
+#define VAR_QUEUE_SERVICE "queue_service_name"
+#define DEF_QUEUE_SERVICE MAIL_SERVICE_QUEUE
+extern char *var_queue_service;
+
+ /* XXX resolve does not exist as a separate service */
+
+#define VAR_REWRITE_SERVICE "rewrite_service_name"
+#define DEF_REWRITE_SERVICE MAIL_SERVICE_REWRITE
+extern char *var_rewrite_service;
+
+#define VAR_SHOWQ_SERVICE "showq_service_name"
+#define DEF_SHOWQ_SERVICE MAIL_SERVICE_SHOWQ
+extern char *var_showq_service;
+
+#define VAR_ERROR_SERVICE "error_service_name"
+#define DEF_ERROR_SERVICE MAIL_SERVICE_ERROR
+extern char *var_error_service;
+
+#define VAR_FLUSH_SERVICE "flush_service_name"
+#define DEF_FLUSH_SERVICE MAIL_SERVICE_FLUSH
+extern char *var_flush_service;
+
+ /*
+ * Mailbox/maildir delivery errors that cause delivery to be tried again.
+ */
+#define VAR_MBX_DEFER_ERRS "mailbox_defer_errors"
+#define DEF_MBX_DEFER_ERRS "eagain, enospc, estale"
+extern char *var_mbx_defer_errs;
+
+#define VAR_MDR_DEFER_ERRS "maildir_defer_errors"
+#define DEF_MDR_DEFER_ERRS "enospc, estale"
+extern char *var_mdr_defer_errs;
+
/* LICENSE
/* .ad
/* .fi
/* .nf
/*
- * Version of this program.
+ * Version of this program. Official versions are called a.b.c, and
+ * snapshots are called a.b.c-yyyymmdd, where a=major release number,
+ * b=minor release number, c=patchlevel, and yyyymmdd is the release date:
+ * yyyy=year, mm=month, dd=day.
+ *
+ * Patches change the patchlevel and the release date. Snapshots change the
+ * release date only, unless they include the same bugfix as a patch release.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20020115"
+#ifdef SNAPSHOT
+#define DEF_MAIL_VERSION "1.1.5-$mail_release_date"
+#else
+#define DEF_MAIL_VERSION "1.1.5"
+#endif
extern char *var_mail_version;
+ /*
+ * Release date.
+ */
+#define VAR_MAIL_RELEASE "mail_release_date"
+#define DEF_MAIL_RELEASE "20020311"
+extern char *var_mail_release;
+
/* LICENSE
/* .ad
/* .fi
/* mkmap_open - create or truncate database */
MKMAP *mkmap_open(const char *type, const char *path,
- int open_flags, int dict_flags)
+ int open_flags, int dict_flags)
{
MKMAP *mkmap;
MKMAP_OPEN_INFO *mp;
* needed because the underlying routines read as well as write.
*/
mkmap->dict = mkmap->open(path, open_flags, dict_flags);
- mkmap->dict->fd = -1; /* XXX just in case */
+ mkmap->dict->lock_fd = -1; /* XXX just in case */
+ mkmap->dict->stat_fd = -1; /* XXX just in case */
mkmap->dict->flags |= DICT_FLAG_DUP_WARN;
return (mkmap);
}
/*
* Multiplication by numbers > 2 can overflow without producing a smaller
* result mod 2^N (where N is the number of bits in the result type).
- * (Victor Duchovny, Morgan Stanley).
+ * (Victor Duchovni, Morgan Stanley).
*/
for (result = 0; (ch = *(unsigned char *) str) != 0; str++) {
if (!ISDIGIT(ch))
* system a chance to recover, and try again later.
*/
case -1:
+ msg_warn("fork: %m");
vstring_sprintf(why, "Delivery failed: %m");
return (PIPE_STAT_DEFER);
|| attr_print(stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_END) != 0)
- msg_fatal("unable to contact the %s service", MAIL_SERVICE_CLEANUP);
+ msg_fatal("unable to contact the %s service", var_cleanup_service);
/*
* Generate a minimal envelope section. The cleanup service will add a
{
VSTREAM *stream;
- stream = mail_connect_wait(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP);
+ stream = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service);
post_mail_init(stream, sender, recipient, flags);
return (stream);
}
{
VSTREAM *stream;
- if ((stream = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP,
+ if ((stream = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service,
BLOCKING)) != 0)
post_mail_init(stream, sender, recipient, flags);
return (stream);
int rec_put_type(VSTREAM *stream, int type, long offset)
{
+ if (type < 0 || type > 255)
+ msg_panic("rec_put_type: bad record type %d", type);
+
if (msg_verbose > 2)
msg_info("rec_put_type: %d at %ld", type, offset);
int len_rest;
int len_byte;
+ if (type < 0 || type > 255)
+ msg_panic("rec_put: bad record type %d", type);
+
if (msg_verbose > 2)
msg_info("rec_put: type %c len %d data %.10s", type, len, data);
*/
if (rewrite_clnt_stream == 0)
rewrite_clnt_stream = clnt_stream_create(MAIL_CLASS_PRIVATE,
- MAIL_SERVICE_REWRITE, var_ipc_idle_limit);
+ var_rewrite_service, var_ipc_idle_limit);
for (;;) {
stream = clnt_stream_access(rewrite_clnt_stream);
/* NAME
/* resolve_local 3
/* SUMMARY
-/* determine if address resolves to local mail system
+/* determine if domain resolves to local mail system
/* SYNOPSIS
/* #include <resolve_local.h>
/*
/* void resolve_local_init()
/*
-/* int resolve_local(host)
-/* const char *host;
+/* int resolve_local(domain)
+/* const char *domain;
/* DESCRIPTION
/* resolve_local() determines if the named domain resolves to the
/* local mail system, either by case-insensitive exact match
resolve_local_list = string_list_init(MATCH_FLAG_NONE, var_mydest);
}
-/* resolve_local - match address against list of local destinations */
+/* resolve_local - match domain against list of local destinations */
int resolve_local(const char *addr)
{
* Strip one trailing dot.
*/
len = strlen(saved_addr);
+ if (len == 0)
+ RETURN(0);
if (saved_addr[len - 1] == '.')
saved_addr[--len] = 0;
*/
if (rewrite_clnt_stream == 0)
rewrite_clnt_stream = clnt_stream_create(MAIL_CLASS_PRIVATE,
- MAIL_SERVICE_REWRITE, var_ipc_idle_limit);
+ var_rewrite_service, var_ipc_idle_limit);
for (;;) {
stream = clnt_stream_access(rewrite_clnt_stream);
"noactive", SASL_SEC_NOACTIVE,
"nodictionary", SASL_SEC_NODICTIONARY,
"noanonymous", SASL_SEC_NOANONYMOUS,
+#if SASL_VERSION_MAJOR >= 2
+ "mutual_auth", SASL_SEC_MUTUAL_AUTH,
+#endif
0,
};
*/
#define STR(x) vstring_str(x)
+ /*
+ * Macros to handle API differences between SASLv1 and SASLv2. Specifics:
+ *
+ * The SASL_LOG_* constants were renamed in SASLv2.
+ *
+ * SASLv2's sasl_client_new takes two new parameters to specify local and
+ * remote IP addresses for auth mechs that use them.
+ *
+ * SASLv2's sasl_client_start function no longer takes the secret parameter.
+ *
+ * SASLv2's sasl_decode64 function takes an extra parameter for the length of
+ * the output buffer.
+ *
+ * The other major change is that SASLv2 now takes more responsibility for
+ * deallocating memory that it allocates internally. Thus, some of the
+ * function parameters are now 'const', to make sure we don't try to free
+ * them too. This is dealt with in the code later on.
+ */
+
+#if SASL_VERSION_MAJOR < 2
+/* SASL version 1.x */
+#define SASL_LOG_WARN SASL_LOG_WARNING
+#define SASL_LOG_NOTE SASL_LOG_INFO
+#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \
+ sasl_client_new(srv, fqdn, prompt, secflags, pconn)
+#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \
+ sasl_client_start(conn, mechlst, secret, prompt, clout, cllen, mech)
+#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \
+ sasl_decode64(in, inlen, out, outlen)
+#endif
+
+#if SASL_VERSION_MAJOR >= 2
+/* SASL version > 2.x */
+#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \
+ sasl_client_new(srv, fqdn, lport, rport, prompt, secflags, pconn)
+#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \
+ sasl_client_start(conn, mechlst, prompt, clout, cllen, mech)
+#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \
+ sasl_decode64(in, inlen, out, outmaxlen, outlen)
+#endif
+
/*
* Per-host login/password information.
*/
const char *message)
{
switch (priority) {
- case SASL_LOG_ERR:
- case SASL_LOG_WARNING:
- msg_warn("%s", message);
+ case SASL_LOG_ERR: /* unusual errors */
+ case SASL_LOG_WARN: /* non-fatal warnings */
+ msg_warn("SASL authentication problem: %s", message);
break;
- case SASL_LOG_INFO:
+ case SASL_LOG_NOTE: /* other info */
if (msg_verbose)
- msg_info("%s", message);
+ msg_info("SASL authentication info: %s", message);
break;
+#if SASL_VERSION_MAJOR >= 2
+ case SASL_LOG_FAIL: /* authentication failures */
+ msg_warn("SASL authentication failure: %s", message);
+#endif
}
return (SASL_OK);
}
memcpy((char *) state->sasl_callbacks, callbacks, sizeof(callbacks));
for (cp = state->sasl_callbacks; cp->id != SASL_CB_LIST_END; cp++)
cp->context = (void *) state;
- if (sasl_client_new("smtp", state->session->host,
+
+#define NULL_SERVER_ADDR ((char *) 0)
+#define NULL_CLIENT_ADDR ((char *) 0)
+
+ if (SASL_CLIENT_NEW("smtp", state->session->host,
+ NULL_CLIENT_ADDR, NULL_SERVER_ADDR,
state->sasl_callbacks, NULL_SECFLAGS,
(sasl_conn_t **) &state->sasl_conn) != SASL_OK)
msg_fatal("per-session SASL client initialization");
char *myname = "lmtp_sasl_authenticate";
unsigned enc_length;
unsigned enc_length_out;
+
+#if SASL_VERSION_MAJOR >= 2
+ const char *clientout;
+
+#else
char *clientout;
+
+#endif
unsigned clientoutlen;
unsigned serverinlen;
LMTP_RESP *resp;
/*
* Start the client side authentication protocol.
*/
- result = sasl_client_start((sasl_conn_t *) state->sasl_conn,
+ result = SASL_CLIENT_START((sasl_conn_t *) state->sasl_conn,
state->sasl_mechanism_list,
NO_SASL_SECRET, NO_SASL_INTERACTION,
&clientout, &clientoutlen, &mechanism);
STR(state->sasl_encoded), enc_length,
&enc_length_out) != SASL_OK)
msg_panic("%s: sasl_encode64 botch", myname);
+#if SASL_VERSION_MAJOR < 2
+ /* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
+#endif
lmtp_chat_cmd(state, "AUTH %s %s", mechanism, STR(state->sasl_encoded));
} else {
lmtp_chat_cmd(state, "AUTH %s", mechanism);
(void) mystrtok(&line, "- \t\n"); /* skip over result code */
serverinlen = strlen(line);
VSTRING_SPACE(state->sasl_decoded, serverinlen);
- if (sasl_decode64(line, serverinlen,
- STR(state->sasl_decoded), &enc_length) != SASL_OK) {
+ if (SASL_DECODE64(line, serverinlen, STR(state->sasl_decoded),
+ serverinlen, &enc_length) != SASL_OK) {
vstring_sprintf(why, "malformed SASL challenge from server %s",
state->session->namaddr);
return (-1);
STR(state->sasl_encoded), enc_length,
&enc_length_out) != SASL_OK)
msg_panic("%s: sasl_encode64 botch", myname);
+#if SASL_VERSION_MAJOR < 2
+ /* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
+#endif
} else {
vstring_strcat(state->sasl_encoded, "");
}
state->sasl_passwd = 0;
}
if (state->sasl_mechanism_list) {
- myfree(state->sasl_mechanism_list); /* allocated in lmtp_helo */
+ /* allocated in lmtp_sasl_helo_auth */
+ myfree(state->sasl_mechanism_list);
state->sasl_mechanism_list = 0;
}
if (state->sasl_conn) {
*/
if ((dict = dict_handle(table)) == 0)
msg_panic("%s: can't find dictionary: %s", myname, table);
- if (dict->fd < 0)
+ if (dict->stat_fd < 0)
return (0);
- if (fstat(dict->fd, &st) < 0)
+ if (fstat(dict->stat_fd, &st) < 0)
msg_fatal("%s: fstat dictionary %s: %m", myname, table);
return (st.st_uid);
}
* "message too large", perhaps some others. The reason not to bounce
* ourselves is that we don't really know who the recipients are.
*/
- cleanup = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP, BLOCKING);
+ cleanup = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service, BLOCKING);
if (cleanup == 0)
return (0);
close_on_exec(vstream_fileno(cleanup), CLOSE_ON_EXEC);
/* The default per-user mailbox is a file in the UNIX mail spool
/* directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR);
/* the location can be specified with the \fBmail_spool_directory\fR
-/* configuration parameter.
+/* configuration parameter. Specify a name ending in \fB/\fR for
+/* \fBqmail\fR-compatible \fBmaildir\fR delivery.
/*
/* Alternatively, the per-user mailbox can be a file in the user's home
/* directory with a name specified via the \fBhome_mailbox\fR
/* .IP \fBmail_spool_directory\fR
/* Directory with UNIX-style mailboxes. The default pathname is system
/* dependent.
+/* Specify a path ending in \fB/\fR for maildir-style delivery.
/* .IP \fBmailbox_command\fR
/* External command to use for mailbox delivery. The command executes
/* with the recipient privileges (exception: root). The string is subject
master.o: ../../include/watchdog.h
master.o: ../../include/clean_env.h
master.o: ../../include/argv.h
+master.o: ../../include/safe.h
master.o: ../../include/mail_params.h
master.o: ../../include/debug_process.h
master.o: ../../include/mail_task.h
#include <watchdog.h>
#include <clean_env.h>
#include <argv.h>
+#include <safe.h>
/* Global library. */
*/
msg_syslog_init(mail_task(var_procname), LOG_PID, LOG_FACILITY);
+ /*
+ * The mail system must be run by the superuser so it can revoke
+ * privileges for selected operations. That's right - it takes privileges
+ * to toss privileges.
+ */
+ if (getuid() != 0)
+ msg_fatal("the master command is reserved for the superuser");
+ if (unsafe() != 0)
+ msg_fatal("the master command must not run as a set-uid process");
+
/*
* If started from a terminal, get rid of any tty association. This also
* means that all errors and warnings must go to the syslog daemon.
/*
* master_flow.c
*/
-void master_flow_init(void);
-int master_flow_pipe[2];
+extern void master_flow_init(void);
+extern int master_flow_pipe[2];
/* DIAGNOSTICS
/* BUGS
/* .SH "Timing controls"
/* .ad
/* .fi
-/* .IP \fBmin_backoff\fR
+/* .IP \fBminimal_backoff_time\fR
/* Minimal time in seconds between delivery attempts
/* of a deferred message.
/* .sp
/* This parameter also limits the time an unreachable destination
/* is kept in the short-term, in-memory destination status cache.
-/* .IP \fBmax_backoff\fR
+/* .IP \fBmaximal_backoff_time\fR
/* Maximal time in seconds between delivery attempts
/* of a deferred message.
/* .IP \fBmaximal_queue_lifetime\fR
/*
* Compare most significant to least significant recipient attributes.
+ * The comparison function must be transitive, so NULL values need to be
+ * assigned an ordinal (we set NULL last).
*/
- if ((queue1 = rcpt1->queue) != 0 && (queue2 = rcpt2->queue) != 0) {
+
+ queue1 = rcpt1->queue;
+ queue2 = rcpt2->queue;
+ if (queue1 != 0 && queue2 == 0)
+ return (-1);
+ if (queue1 == 0 && queue2 != 0)
+ return (1);
+ if (queue1 != 0 && queue2 != 0) {
/*
* Compare message transport.
/*
* Compare recipient domain.
*/
- if ((at1 = strrchr(rcpt1->address, '@')) != 0
- && (at2 = strrchr(rcpt2->address, '@')) != 0
+ at1 = strrchr(rcpt1->address, '@');
+ at2 = strrchr(rcpt2->address, '@');
+ if (at1 == 0 && at2 != 0)
+ return (1);
+ if (at1 != 0 && at2 == 0)
+ return (-1);
+ if (at1 != 0 && at2 != 0
&& (result = strcasecmp(at1, at2)) != 0)
return (result);
queue = 0;
}
if (transport->recipient_limit == 1) {
- VSTRING_SPACE(reply.nexthop, len + 1);
+ VSTRING_SPACE(reply.nexthop, len + 2);
memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
LEN(reply.nexthop) + 1);
memcpy(STR(reply.nexthop), STR(reply.recipient), len);
*/
#define PICKUP_CLEANUP_FLAGS (CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_FILTER)
- cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP);
+ cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service);
if (attr_scan(cleanup, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, buf,
ATTR_TYPE_END) != 1
../../bin/$(PROG): $(PROG)
cp $(PROG) ../../bin
-$(MAKES): $(INC_DIR)/mail_params.h
+$(MAKES): $(INC_DIR)/mail_params.h ../global/mail_params.c
$(AWK) -f extract.awk ../*/*.c
printfck: $(OBJS) $(PROG)
* clean up in case of a fatal error or an interrupt.
*/
dst = mail_stream_file(MAIL_QUEUE_MAILDROP, MAIL_CLASS_PUBLIC,
- MAIL_SERVICE_PICKUP, 0444);
+ var_pickup_service, 0444);
attr_print(VSTREAM_OUT, ATTR_FLAG_NONE,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, dst->id,
ATTR_TYPE_END);
postfix.o: ../../include/vstring.h
postfix.o: ../../include/clean_env.h
postfix.o: ../../include/argv.h
+postfix.o: ../../include/safe.h
postfix.o: ../../include/mail_conf.h
postfix.o: ../../include/mail_params.h
#include <stringops.h>
#include <clean_env.h>
#include <argv.h>
+#include <safe.h>
/* Global library. */
char *script;
struct stat st;
char *slash;
- int uid;
int fd;
int ch;
ARGV *import_env;
* privileges for selected operations. That's right - it takes privileges
* to toss privileges.
*/
- if ((uid = getuid()) != 0) {
+ if (getuid() != 0) {
msg_error("to submit mail, use the Postfix sendmail command");
msg_fatal("the postfix command is reserved for the superuser");
}
+ if (unsafe() != 0)
+ msg_fatal("the postfix command must not run as a set-uid process");
/*
* Parse switches.
/* .ti +4
/* \fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR
/*
+/* If the result files do not exist they will be created with the
+/* same group and other read permissions as the source file.
+/*
/* While the table update is in progress, signal delivery is
/* postponed, and an exclusive, advisory, lock is placed on the
/* entire table, in order to avoid surprises in spectator
/* .ti +5
/* \fIkey\fR whitespace \fIvalue\fR
/* .IP \(bu
-/* A line that starts with whitespace (space or tab) is a continuation
-/* of the previous line. An empty line terminates the previous line,
-/* as does a line that starts with non-whitespace (text or comment). A
-/* comment line that starts with whitespace does not terminate multi-line
-/* text.
+/* Empty lines and whitespace-only lines are ignored, as
+/* are lines whose first non-whitespace character is a `#'.
/* .IP \(bu
-/* The \fB#\fR is recognized as the start of a comment, but only when it is
-/* the first non-whitespace character on a line. A comment terminates
-/* at the end of the line, even when the next line starts with whitespace.
+/* A logical line starts with non-whitespace text. A line that
+/* starts with whitespace continues a logical line.
/* .PP
/* The \fIkey\fR and \fIvalue\fR are processed as is, except that
/* surrounding white space is stripped off. Unlike with Postfix alias
int lineno;
char *key;
char *value;
+ struct stat st;
+ mode_t saved_mask;
/*
* Initialize.
} else if ((source_fp = vstream_fopen(path_name, O_RDONLY, 0)) == 0) {
msg_fatal("open %s: %m", path_name);
}
+ if (fstat(vstream_fileno(source_fp), &st) < 0)
+ msg_fatal("fstat %s: %m", path_name);
+
+ /*
+ * Turn off group/other read permissions as indicated in the source file.
+ */
+ if (S_ISREG(st.st_mode))
+ saved_mask = umask(022 | (~st.st_mode & 077));
/*
* Open the database, optionally create it when it does not exist,
*/
mkmap = mkmap_open(map_type, path_name, open_flags, dict_flags);
+ /*
+ * And restore the umask, in case it matters.
+ */
+ if (S_ISREG(st.st_mode))
+ umask(saved_mask);
+
/*
* Add records to the database.
*/
/* traditionally available via the \fBsendmail\fR(1) command.
/*
/* The following options are recognized:
-/* .IP \fB-c \fIconfig_dir\fR
+/* .IP "\fB-c \fIconfig_dir\fR"
/* The \fBmain.cf\fR configuration file is in the named directory
/* instead of the default configuration directory. See also the
/* MAIL_CONFIG environment setting below.
#include <stdlib.h>
#include <signal.h>
#include <sysexits.h>
+#include <errno.h>
/* Utility library. */
* Connect to the show queue service. Terminate silently when piping into
* a program that terminates early.
*/
- if ((showq = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_SHOWQ, BLOCKING)) != 0) {
- while ((n = vstream_fread(showq, buf, sizeof(buf))) > 0)
+ if ((showq = mail_connect(MAIL_CLASS_PUBLIC, var_showq_service, BLOCKING)) != 0) {
+ while ((n = vstream_fread(showq, buf, sizeof(buf))) > 0) {
if (vstream_fwrite(VSTREAM_OUT, buf, n) != n
- || vstream_fflush(VSTREAM_OUT) != 0)
+ || vstream_fflush(VSTREAM_OUT) != 0) {
+ if (errno == EPIPE)
+ break;
msg_fatal("write error: %m");
-
- if (vstream_fclose(showq))
+ }
+ }
+ if (vstream_fclose(showq) && errno != EPIPE)
msg_warn("close: %m");
}
msg_warn("Mail system is down -- accessing queue directly");
argv = argv_alloc(6);
- argv_add(argv, MAIL_SERVICE_SHOWQ, "-u", "-S", (char *) 0);
+ argv_add(argv, var_showq_service, "-u", "-S", (char *) 0);
for (n = 0; n < msg_verbose; n++)
argv_add(argv, "-v", (char *) 0);
argv_terminate(argv);
*/
if (site_to_flush != 0) {
if (*site_to_flush == '['
- && *(last = optarg + strlen(site_to_flush) - 1) == ']') {
+ && *(last = site_to_flush + strlen(site_to_flush) - 1) == ']') {
*last = 0;
- if (!valid_hostaddr(optarg + 1, DONT_GRIPE))
+ if (!valid_hostaddr(site_to_flush + 1, DONT_GRIPE))
site_to_flush = 0;
*last = ']';
} else {
- if (!valid_hostname(optarg, DONT_GRIPE)
- && !valid_hostaddr(optarg, DONT_GRIPE))
+ if (!valid_hostname(site_to_flush, DONT_GRIPE)
+ && !valid_hostaddr(site_to_flush, DONT_GRIPE))
site_to_flush = 0;
}
if (site_to_flush == 0)
/* \fBdefer\fR and \fBflush\fR directories with log files.
/*
/* Options:
-/* .IP "\fB-d \fIqueue_id\fR (Postfix versions >= 20010525)"
+/* .IP "\fB-d \fIqueue_id\fR"
/* Delete one message with the named queue ID from the named
/* mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
/* \fBdeferred\fR).
/* .IP \fB-p\fR
/* Purge old temporary files that are left over after system or
/* software crashes.
-/* .IP "\fB-r \fIqueue_id\fR (Postfix versions >= 20010525)"
+/* .IP "\fB-r \fIqueue_id\fR"
/* Requeue the message with the named queue ID from the named
/* mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
/* \fBdeferred\fR).
/* to perform this operation once before Postfix startup.
/* .RS
/* .IP \(bu
-/* (Postfix versions >= 20010525)
/* Rename files whose name does not match the message file inode
/* number. This operation is necessary after restoring a mail queue
/* from a different machine, or from backup media.
/* .SH "Timing controls"
/* .ad
/* .fi
-/* .IP \fBmin_backoff\fR
+/* .IP \fBminimal_backoff_time\fR
/* Minimal time in seconds between delivery attempts
/* of a deferred message.
/* .sp
/* This parameter also limits the time an unreachable destination
/* is kept in the short-term, in-memory destination status cache.
-/* .IP \fBmax_backoff\fR
+/* .IP \fBmaximal_backoff_time\fR
/* Maximal time in seconds between delivery attempts
/* of a deferred message.
/* .IP \fBmaximal_queue_lifetime\fR
/*
* Compare most significant to least significant recipient attributes.
+ * The comparison function must be transitive, so NULL values need to be
+ * assigned an ordinal (we set NULL last).
*/
- if ((queue1 = rcpt1->queue) != 0 && (queue2 = rcpt2->queue) != 0) {
+
+ queue1 = rcpt1->queue;
+ queue2 = rcpt2->queue;
+ if (queue1 != 0 && queue2 == 0)
+ return (-1);
+ if (queue1 == 0 && queue2 != 0)
+ return (1);
+ if (queue1 != 0 && queue2 != 0) {
/*
* Compare message transport.
/*
* Compare recipient domain.
*/
- if ((at1 = strrchr(rcpt1->address, '@')) != 0
- && (at2 = strrchr(rcpt2->address, '@')) != 0
+ at1 = strrchr(rcpt1->address, '@');
+ at2 = strrchr(rcpt2->address, '@');
+ if (at1 == 0 && at2 != 0)
+ return (1);
+ if (at1 != 0 && at2 == 0)
+ return (-1);
+ if (at1 != 0 && at2 != 0
&& (result = strcasecmp(at1, at2)) != 0)
return (result);
queue = 0;
}
if (transport->recipient_limit == 1) {
- VSTRING_SPACE(reply.nexthop, len + 1);
+ VSTRING_SPACE(reply.nexthop, len + 2);
memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
LEN(reply.nexthop) + 1);
memcpy(STR(reply.nexthop), STR(reply.recipient), len);
/*
* Connect to the cleanup server. Log client name/address with queue ID.
*/
- state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP);
+ state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, var_cleanup_service);
if (state->dest == 0
|| attr_print(state->dest->stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, CLEANUP_FLAG_FILTER,
ATTR_TYPE_END) != 0)
msg_fatal("unable to connect to the %s %s service",
- MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP);
+ MAIL_CLASS_PUBLIC, var_cleanup_service);
state->cleanup = state->dest->stream;
state->queue_id = mystrdup(state->dest->id);
msg_info("%s: client=%s", state->queue_id, state->namaddr);
* bloody likely, but present for the sake of consistency with all other
* Postfix points of entrance).
*/
- rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld", state->time);
+ rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld", (long) state->time);
if (*var_filter_xport)
rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
}
/* qmqpd_send_status - send mail transaction completion status */
-static int qmqpd_send_status(QMQPD_STATE *state)
+static void qmqpd_send_status(QMQPD_STATE *state)
{
/*
/* qmqpd_receive - receive QMQP message+sender+recipients */
-static int qmqpd_receive(QMQPD_STATE *state)
+static void qmqpd_receive(QMQPD_STATE *state)
{
/*
/* .IP \fB-bs\fR
/* Stand-alone SMTP server mode. Read SMTP commands from
/* standard input, and write responses to standard output.
+/* In stand-alone SMTP server mode, UCE restrictions and
+/* access controls are disabled by default. To enable them,
+/* run the process as the \fBmail_owner\fR user.
+/* .sp
/* This mode of operation is implemented by running the
/* \fBsmtpd\fR(8) daemon.
/* .IP "\fB-f \fIsender\fR"
uid_t uid = getuid();
int status;
int naddr;
+ int prev_type;
/*
* Initialize.
msg_warn("-f option specified malformed sender: %s", sender);
} else {
if ((sender = username()) == 0)
- msg_fatal_status(EX_OSERR, "unable to find out your login name");
+ msg_fatal_status(EX_OSERR, "no login name found for user ID %lu",
+ (unsigned long) uid);
saved_sender = mystrdup(sender);
}
rec_fprintf(dst, REC_TYPE_MESG, REC_TYPE_MESG_FORMAT, 0L);
skip_from_ = 1;
strip_cr = STRIP_CR_DUNNO;
- while ((type = rec_streamlf_get(VSTREAM_IN, buf, var_line_limit))
- != REC_TYPE_EOF) {
+ for (prev_type = 0; (type = rec_streamlf_get(VSTREAM_IN, buf, var_line_limit))
+ != REC_TYPE_EOF; prev_type = type) {
if (strip_cr == STRIP_CR_DUNNO && type == REC_TYPE_NORM) {
if (VSTRING_LEN(buf) > 0 && vstring_end(buf)[-1] == '\r')
strip_cr = STRIP_CR_DO;
if (strip_cr == STRIP_CR_DO && type == REC_TYPE_NORM)
if (VSTRING_LEN(buf) > 0 && vstring_end(buf)[-1] == '\r')
vstring_truncate(buf, VSTRING_LEN(buf) - 1);
- if ((flags & SM_FLAG_AEOF) && VSTRING_LEN(buf) == 1 && *STR(buf) == '.')
+ if ((flags & SM_FLAG_AEOF) && prev_type != REC_TYPE_CONT
+ && VSTRING_LEN(buf) == 1 && *STR(buf) == '.')
break;
if (REC_PUT_BUF(dst, type, buf) < 0)
msg_fatal_status(EX_TEMPFAIL,
showq.o: ../../include/mail_conf.h
showq.o: ../../include/record.h
showq.o: ../../include/rec_type.h
+showq.o: ../../include/quote_822_local.h
+showq.o: ../../include/mail_addr.h
showq.o: ../../include/bounce_log.h
showq.o: ../../include/mail_server.h
#include <mail_conf.h>
#include <record.h>
#include <rec_type.h>
+#include <quote_822_local.h>
+#include <mail_addr.h>
#include <bounce_log.h>
/* Single-threaded server skeleton. */
/* Application-specific. */
int var_dup_filter_limit;
+char *var_empty_addr;
#define STRING_FORMAT "%-10s %8s %-20s %s\n"
#define DATA_FORMAT "%-10s%c%8ld %20.20s %s\n"
static void showq_reasons(VSTREAM *, BOUNCE_LOG *, HTABLE *);
+#define STR(x) vstring_str(x)
+
+/* showq_report - report status of sender and recipients */
+
static void showq_report(VSTREAM *client, char *queue, char *id,
VSTREAM *qfile, long size)
{
VSTRING *buf = vstring_alloc(100);
+ VSTRING *printable_quoted_addr = vstring_alloc(100);
int rec_type;
time_t arrival_time = 0;
char *start;
char status = (strcmp(queue, MAIL_QUEUE_ACTIVE) == 0 ? '*' : ' ');
long offset;
+ /*
+ * XXX addresses in defer logfiles are in printable quoted form, while
+ * addresses in message envelope records are in raw unquoted form. This
+ * may change once we replace the present ad-hoc bounce/defer logfile
+ * format by one that is transparent for control etc. characters. See
+ * also: bounce/bounce_append_service.c.
+ */
while (!vstream_ferror(client) && (rec_type = rec_get(qfile, buf, 0)) > 0) {
start = vstring_str(buf);
switch (rec_type) {
break;
case REC_TYPE_FROM:
if (*start == 0)
- start = "(MAILER-DAEMON)";
+ start = var_empty_addr;
+ quote_822_local(printable_quoted_addr, start);
+ printable(STR(printable_quoted_addr), '?');
vstream_fprintf(client, DATA_FORMAT, id, status,
msg_size > 0 ? msg_size : size, arrival_time > 0 ?
asctime(localtime(&arrival_time)) : "??",
- printable(start, '?'));
+ STR(printable_quoted_addr));
break;
case REC_TYPE_RCPT:
if (*start == 0) /* can't happen? */
- start = "(MAILER-DAEMON)";
- if (dup_filter == 0 || htable_locate(dup_filter, start) == 0)
+ start = var_empty_addr;
+ quote_822_local(printable_quoted_addr, start);
+ printable(STR(printable_quoted_addr), '?');
+ if (dup_filter == 0
+ || htable_locate(dup_filter, STR(printable_quoted_addr)) == 0)
vstream_fprintf(client, STRING_FORMAT,
- "", "", "", printable(start, '?'));
+ "", "", "", STR(printable_quoted_addr));
break;
case REC_TYPE_MESG:
if ((offset = atol(start)) > 0
}
}
vstring_free(buf);
+ vstring_free(printable_quoted_addr);
if (dup_filter)
htable_free(dup_filter, (void (*) (char *)) 0);
}
VAR_DUP_FILTER_LIMIT, DEF_DUP_FILTER_LIMIT, &var_dup_filter_limit, 0, 0,
0,
};
+ CONFIG_STR_TABLE str_table[] = {
+ VAR_EMPTY_ADDR, DEF_EMPTY_ADDR, &var_empty_addr, 1, 0,
+ 0,
+ };
single_server_main(argc, argv, showq_service,
MAIL_SERVER_INT_TABLE, int_table,
+ MAIL_SERVER_STR_TABLE, str_table,
0);
}
/* Never send EHLO at the start of a connection.
/* .IP \fBsmtp_bind_address\fR
/* Numerical source network address to bind to when making a connection.
-/* .IP \fBsmtp_break_lines\fR
-/* Break lines > \fB$line_length_limit\fR into multiple shorter lines.
+/* .IP \fBsmtp_line_length_limit\fR
+/* Length limit for SMTP message content lines. Zero means no limit.
/* Some SMTP servers misbehave on long lines.
+/* .IP \fBsmtp_helo_name\fR
+/* The hostname to be used in HELO and EHLO commands.
/* .IP \fBsmtp_skip_4xx_greeting\fR
/* Skip servers that greet us with a 4xx status code.
/* .IP \fBsmtp_skip_5xx_greeting\fR
/* The time a message must be queued before the CISCO PIX firewall
/* <CR><LF>.<CR><LF> bug workaround is turned on.
/* .SH "Authentication controls"
-/* .IP \fBsmtp_enable_sasl_auth\fR
+/* .IP \fBsmtp_sasl_auth_enable\fR
/* Enable per-session authentication as per RFC 2554 (SASL).
/* By default, Postfix is built without SASL support.
/* .IP \fBsmtp_sasl_password_maps\fR
bool var_smtp_sasl_enable;
char *var_smtp_bind_addr;
bool var_smtp_rand_addr;
-bool var_smtp_break_lines;
int var_smtp_pix_thresh;
int var_smtp_pix_delay;
+int var_smtp_line_limit;
+char *var_smtp_helo_name;
/*
* Global variables. smtp_errno is set by the address lookup routines and by
VAR_SMTP_SASL_PASSWD, DEF_SMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0,
VAR_SMTP_SASL_OPTS, DEF_SMTP_SASL_OPTS, &var_smtp_sasl_opts, 0, 0,
VAR_SMTP_BIND_ADDR, DEF_SMTP_BIND_ADDR, &var_smtp_bind_addr, 0, 0,
+ VAR_SMTP_HELO_NAME, DEF_SMTP_HELO_NAME, &var_smtp_helo_name, 1, 0,
0,
};
static CONFIG_TIME_TABLE time_table[] = {
0,
};
static CONFIG_INT_TABLE int_table[] = {
+ VAR_SMTP_LINE_LIMIT, DEF_SMTP_LINE_LIMIT, &var_smtp_line_limit, 0, 0,
0,
};
static CONFIG_BOOL_TABLE bool_table[] = {
VAR_SMTP_NEVER_EHLO, DEF_SMTP_NEVER_EHLO, &var_smtp_never_ehlo,
VAR_SMTP_SASL_ENABLE, DEF_SMTP_SASL_ENABLE, &var_smtp_sasl_enable,
VAR_SMTP_RAND_ADDR, DEF_SMTP_RAND_ADDR, &var_smtp_rand_addr,
- VAR_SMTP_BREAK_LINES, DEF_SMTP_BREAK_LINES, &var_smtp_break_lines,
0,
};
* heuristic failed.
*/
if (state->features & SMTP_FEATURE_ESMTP) {
- smtp_chat_cmd(state, "EHLO %s", var_myhostname);
+ smtp_chat_cmd(state, "EHLO %s", var_smtp_helo_name);
if ((resp = smtp_chat_resp(state))->code / 100 != 2)
state->features &= ~SMTP_FEATURE_ESMTP;
}
if ((state->features & SMTP_FEATURE_ESMTP) == 0) {
- smtp_chat_cmd(state, "HELO %s", var_myhostname);
+ smtp_chat_cmd(state, "HELO %s", var_smtp_helo_name);
if ((resp = smtp_chat_resp(state))->code / 100 != 2)
return (smtp_site_fail(state, resp->code,
"host %s refused to talk to me: %s",
int sndbuffree;
SOCKOPT_SIZE optlen = sizeof(sndbufsize);
int mail_from_rejected;
+ int space_left = var_smtp_line_limit;
+ int data_left;
+ char *data_start;
/*
* Macros for readability.
if (prev_type != REC_TYPE_CONT)
if (vstring_str(state->scratch)[0] == '.')
smtp_fputc('.', session->stream);
- if (var_smtp_break_lines)
- rec_type = REC_TYPE_NORM;
- if (rec_type == REC_TYPE_CONT)
- smtp_fwrite(vstring_str(state->scratch),
- VSTRING_LEN(state->scratch),
- session->stream);
- else
- smtp_fputs(vstring_str(state->scratch),
- VSTRING_LEN(state->scratch),
- session->stream);
+
+ /*
+ * Deal with an impedance mismatch between Postfix queue
+ * files (record length <= $message_line_length_limit) and
+ * SMTP (DATA record length <= $smtp_line_length_limit). The
+ * code below does a little too much work when the SMTP line
+ * length limit is disabled, but it avoids code duplication,
+ * and thus, it avoids testing and maintenance problems.
+ */
+ data_left = VSTRING_LEN(state->scratch);
+ data_start = vstring_str(state->scratch);
+ do {
+ if (var_smtp_line_limit > 0 && data_left >= space_left) {
+ smtp_fputs(data_start, space_left, session->stream);
+ data_start += space_left;
+ data_left -= space_left;
+ space_left = var_smtp_line_limit;
+ if (data_left > 0 || rec_type == REC_TYPE_CONT) {
+ smtp_fputc(' ', session->stream);
+ space_left -= 1;
+ }
+ } else {
+ if (rec_type == REC_TYPE_CONT) {
+ smtp_fwrite(data_start, data_left, session->stream);
+ space_left -= data_left;
+ } else {
+ smtp_fputs(data_start, data_left, session->stream);
+ space_left = var_smtp_line_limit;
+ }
+ break;
+ }
+ } while (data_left > 0);
prev_type = rec_type;
}
"noactive", SASL_SEC_NOACTIVE,
"nodictionary", SASL_SEC_NODICTIONARY,
"noanonymous", SASL_SEC_NOANONYMOUS,
+#if SASL_VERSION_MAJOR >= 2
+ "mutual_auth", SASL_SEC_MUTUAL_AUTH,
+#endif
0,
};
*/
#define STR(x) vstring_str(x)
+ /*
+ * Macros to handle API differences between SASLv1 and SASLv2. Specifics:
+ *
+ * The SASL_LOG_* constants were renamed in SASLv2.
+ *
+ * SASLv2's sasl_client_new takes two new parameters to specify local and
+ * remote IP addresses for auth mechs that use them.
+ *
+ * SASLv2's sasl_client_start function no longer takes the secret parameter.
+ *
+ * SASLv2's sasl_decode64 function takes an extra parameter for the length of
+ * the output buffer.
+ *
+ * The other major change is that SASLv2 now takes more responsibility for
+ * deallocating memory that it allocates internally. Thus, some of the
+ * function parameters are now 'const', to make sure we don't try to free
+ * them too. This is dealt with in the code later on.
+ */
+
+#if SASL_VERSION_MAJOR < 2
+/* SASL version 1.x */
+#define SASL_LOG_WARN SASL_LOG_WARNING
+#define SASL_LOG_NOTE SASL_LOG_INFO
+#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \
+ sasl_client_new(srv, fqdn, prompt, secflags, pconn)
+#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \
+ sasl_client_start(conn, mechlst, secret, prompt, clout, cllen, mech)
+#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \
+ sasl_decode64(in, inlen, out, outlen)
+#endif
+
+#if SASL_VERSION_MAJOR >= 2
+/* SASL version > 2.x */
+#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \
+ sasl_client_new(srv, fqdn, lport, rport, prompt, secflags, pconn)
+#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \
+ sasl_client_start(conn, mechlst, prompt, clout, cllen, mech)
+#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \
+ sasl_decode64(in, inlen, out, outmaxlen, outlen)
+#endif
+
/*
* Per-host login/password information.
*/
const char *message)
{
switch (priority) {
- case SASL_LOG_ERR:
- case SASL_LOG_WARNING:
+ case SASL_LOG_ERR: /* unusual errors */
+ case SASL_LOG_WARN: /* non-fatal warnings */
msg_warn("SASL authentication problem: %s", message);
break;
- case SASL_LOG_INFO:
+ case SASL_LOG_NOTE: /* other info */
if (msg_verbose)
msg_info("SASL authentication info: %s", message);
break;
+#if SASL_VERSION_MAJOR >= 2
+ case SASL_LOG_FAIL: /* authentication failures */
+ msg_warn("SASL authentication failure: %s", message);
+#endif
}
return (SASL_OK);
}
memcpy((char *) state->sasl_callbacks, callbacks, sizeof(callbacks));
for (cp = state->sasl_callbacks; cp->id != SASL_CB_LIST_END; cp++)
cp->context = (void *) state;
- if (sasl_client_new("smtp", state->session->host,
+
+#define NULL_SERVER_ADDR ((char *) 0)
+#define NULL_CLIENT_ADDR ((char *) 0)
+
+ if (SASL_CLIENT_NEW("smtp", state->session->host,
+ NULL_CLIENT_ADDR, NULL_SERVER_ADDR,
state->sasl_callbacks, NULL_SECFLAGS,
(sasl_conn_t **) &state->sasl_conn) != SASL_OK)
msg_fatal("per-session SASL client initialization");
char *myname = "smtp_sasl_authenticate";
unsigned enc_length;
unsigned enc_length_out;
+
+#if SASL_VERSION_MAJOR >= 2
+ const char *clientout;
+
+#else
char *clientout;
+
+#endif
unsigned clientoutlen;
unsigned serverinlen;
SMTP_RESP *resp;
/*
* Start the client side authentication protocol.
*/
- result = sasl_client_start((sasl_conn_t *) state->sasl_conn,
+ result = SASL_CLIENT_START((sasl_conn_t *) state->sasl_conn,
state->sasl_mechanism_list,
NO_SASL_SECRET, NO_SASL_INTERACTION,
&clientout, &clientoutlen, &mechanism);
STR(state->sasl_encoded), enc_length,
&enc_length_out) != SASL_OK)
msg_panic("%s: sasl_encode64 botch", myname);
+#if SASL_VERSION_MAJOR < 2
+ /* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
+#endif
smtp_chat_cmd(state, "AUTH %s %s", mechanism, STR(state->sasl_encoded));
} else {
smtp_chat_cmd(state, "AUTH %s", mechanism);
(void) mystrtok(&line, "- \t\n"); /* skip over result code */
serverinlen = strlen(line);
VSTRING_SPACE(state->sasl_decoded, serverinlen);
- if (sasl_decode64(line, serverinlen,
- STR(state->sasl_decoded), &enc_length) != SASL_OK) {
+ if (SASL_DECODE64(line, serverinlen, STR(state->sasl_decoded),
+ serverinlen, &enc_length) != SASL_OK) {
vstring_sprintf(why, "malformed SASL challenge from server %s",
state->session->namaddr);
return (-1);
STR(state->sasl_encoded), enc_length,
&enc_length_out) != SASL_OK)
msg_panic("%s: sasl_encode64 botch", myname);
+#if SASL_VERSION_MAJOR < 2
+ /* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
+#endif
} else {
vstring_strcat(state->sasl_encoded, "");
}
state->sasl_passwd = 0;
}
if (state->sasl_mechanism_list) {
- myfree(state->sasl_mechanism_list); /* allocated in smtp_helo */
+ /* allocated in smtp_sasl_helo_auth */
+ myfree(state->sasl_mechanism_list);
state->sasl_mechanism_list = 0;
}
if (state->sasl_conn) {
/* .SH "UCE control restrictions"
/* .ad
/* .fi
-/* .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
+/* .IP \fBparent_domain_matches_subdomains\fR
/* List of Postfix features that use \fIdomain.name\fR patterns
/* to match \fIsub.domain.name\fR (as opposed to
/* requiring \fI.domain.name\fR patterns).
*/
if (SMTPD_STAND_ALONE(state) == 0) {
state->dest = mail_stream_service(MAIL_CLASS_PUBLIC,
- MAIL_SERVICE_CLEANUP);
+ var_cleanup_service);
if (state->dest == 0
|| attr_print(state->dest->stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, CLEANUP_FLAG_FILTER,
ATTR_TYPE_END) != 0)
msg_fatal("unable to connect to the %s %s service",
- MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP);
+ MAIL_CLASS_PUBLIC, var_cleanup_service);
}
/*
smtpd_chat_reply(state, "554 Error: too many hops");
} else if ((state->err & CLEANUP_STAT_CONT) != 0) {
state->error_mask |= MAIL_ERROR_POLICY;
- smtpd_chat_reply(state, "552 Error: %s", LEN(why) ?
+ smtpd_chat_reply(state, "550 Error: %s", LEN(why) ?
STR(why) : "content rejected");
} else if ((state->err & CLEANUP_STAT_WRITE) != 0) {
state->error_mask |= MAIL_ERROR_RESOURCE;
} SMTPD_CMD;
#define SMTPD_CMD_FLAG_LIMIT (1<<0) /* limit usage */
+#define SMTPD_CMD_FLAG_HEADER (1<<1) /* RFC 2822 mail header */
static SMTPD_CMD smtpd_cmd_table[] = {
"HELO", helo_cmd, SMTPD_CMD_FLAG_LIMIT,
"VRFY", vrfy_cmd, SMTPD_CMD_FLAG_LIMIT,
"ETRN", etrn_cmd, SMTPD_CMD_FLAG_LIMIT,
"QUIT", quit_cmd, 0,
+ "Received:", 0, SMTPD_CMD_FLAG_HEADER,
+ "Subject:", 0, SMTPD_CMD_FLAG_HEADER,
+ "From:", 0, SMTPD_CMD_FLAG_HEADER,
0,
};
state->error_count++;
continue;
}
+ if (cmdp->flags & SMTPD_CMD_FLAG_HEADER) {
+ msg_warn("%s sent %s header instead of SMTP command: %.100s",
+ cmdp->name, state->namaddr, vstring_str(state->buffer));
+ smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye.");
+ break;
+ }
if (state->access_denied && cmdp->action != quit_cmd) {
smtpd_chat_reply(state, "503 Error: access denied for %s",
state->namaddr); /* RFC 2821 Sec 3.1 */
if ((cmdp->flags & SMTPD_CMD_FLAG_LIMIT)
&& state->junk_cmds++ > var_smtpd_junk_cmd_limit)
state->error_count++;
-
if (cmdp->action == quit_cmd)
break;
}
off_t msg_size;
int junk_cmds;
#ifdef USE_SASL_AUTH
+#if SASL_VERSION_MAJOR >= 2
+ const char *sasl_mechanism_list;
+#else
char *sasl_mechanism_list;
+#endif
char *sasl_method;
char *sasl_username;
char *sasl_sender;
/*
* Try the name and its parent domains. Including top-level domains.
+ *
+ * Helo names can end in ".". The test below avoids lookups of the empty
+ * key, because Berkeley DB cannot deal with it. [Victor Duchovni, Morgan
+ * Stanley].
*/
#define CHK_DOMAIN_RETURN(x,y) { *found = y; myfree(low_domain); return(x); }
if ((dict = dict_handle(table)) == 0)
msg_panic("%s: dictionary not found: %s", myname, table);
- for (name = low_domain; /* void */ ; name = next) {
+ for (name = low_domain; *name != 0; name = next) {
if (flags == 0 || (flags & dict->flags) != 0) {
if ((value = dict_get(dict, name)) != 0)
CHK_DOMAIN_RETURN(check_table_result(state, table, value,
/*
* Source-routed, non-local, recipient addresses are too suspicious for
* returning an "OK" result. The complicated expression below was brought
- * to you by the keyboard of Victor Duchovny, Morgan Stanley and hacked
+ * to you by the keyboard of Victor Duchovni, Morgan Stanley and hacked
* up a bit by Wietse.
*/
#define SUSPICIOUS(domain, reply, state, reply_name, reply_class) \
if (cpp[1] != 0 && state->warn_if_reject == 0)
msg_warn("restriction `%s' after `%s' is ignored",
cpp[1], CHECK_RELAY_DOMAINS);
-#ifdef USE_SASL_AUTH
} else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) {
if (var_smtpd_sasl_enable)
+#ifdef USE_SASL_AUTH
status = permit_sasl_auth(state,
SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO);
+#else
+ msg_warn("restriction `%s' ignored: no SASL support", name);
#endif
} else if (strcasecmp(name, REJECT_UNKNOWN_RCPTDOM) == 0) {
if (state->recipient)
*/
#define STR(s) vstring_str(s)
+ /*
+ * Macros to handle API differences between SASLv1 and SASLv2. Specifics:
+ *
+ * The SASL_LOG_* constants were renamed in SASLv2.
+ *
+ * SASLv2's sasl_server_new takes two new parameters to specify local and
+ * remote IP addresses for auth mechs that use them.
+ *
+ * SASLv2's sasl_server_start and sasl_server_step no longer have the errstr
+ * parameter.
+ *
+ * SASLv2's sasl_decode64 function takes an extra parameter for the length of
+ * the output buffer.
+ *
+ * The other major change is that SASLv2 now takes more responsibility for
+ * deallocating memory that it allocates internally. Thus, some of the
+ * function parameters are now 'const', to make sure we don't try to free
+ * them too. This is dealt with in the code later on.
+ */
+
+#if SASL_VERSION_MAJOR < 2
+/* SASL version 1.x */
+#define SASL_LOG_WARN SASL_LOG_WARNING
+#define SASL_LOG_NOTE SASL_LOG_INFO
+#define SASL_SERVER_NEW(srv, fqdn, rlm, lport, rport, cb, secflags, pconn) \
+ sasl_server_new(srv, fqdn, rlm, cb, secflags, pconn)
+#define SASL_SERVER_START(conn, mech, clin, clinlen, srvout, srvoutlen, err) \
+ sasl_server_start(conn, mech, clin, clinlen, srvout, srvoutlen, err)
+#define SASL_SERVER_STEP(conn, clin, clinlen, srvout, srvoutlen, err) \
+ sasl_server_step(conn, clin, clinlen, srvout, srvoutlen, err)
+#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \
+ sasl_decode64(in, inlen, out, outlen)
+#endif
+
+#if SASL_VERSION_MAJOR >= 2
+/* SASL version > 2.x */
+#define SASL_SERVER_NEW(srv, fqdn, rlm, lport, rport, cb, secflags, pconn) \
+ sasl_server_new(srv, fqdn, rlm, lport, rport, cb, secflags, pconn)
+#define SASL_SERVER_START(conn, mech, clin, clinlen, srvout, srvoutlen, err) \
+ sasl_server_start(conn, mech, clin, clinlen, srvout, srvoutlen)
+#define SASL_SERVER_STEP(conn, clin, clinlen, srvout, srvoutlen, err) \
+ sasl_server_step(conn, clin, clinlen, srvout, srvoutlen)
+#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \
+ sasl_decode64(in, inlen, out, outmaxlen, outlen)
+#endif
+
/* smtpd_sasl_log - SASL logging callback */
static int smtpd_sasl_log(void *unused_context, int priority,
{
switch (priority) {
case SASL_LOG_ERR:
- case SASL_LOG_WARNING:
+ case SASL_LOG_WARN:
msg_warn("SASL authentication problem: %s", message);
break;
- case SASL_LOG_INFO:
+ case SASL_LOG_NOTE:
if (msg_verbose)
msg_info("SASL authentication info: %s", message);
break;
+#if SASL_VERSION_MAJOR >= 2
+ case SASL_LOG_FAIL:
+ msg_warn("SASL authentication failure: %s", message);
+ break;
+#endif
}
return SASL_OK;
}
"noactive", SASL_SEC_NOACTIVE,
"nodictionary", SASL_SEC_NODICTIONARY,
"noanonymous", SASL_SEC_NOANONYMOUS,
+#if SASL_VERSION_MAJOR >= 2
+ "mutual_auth", SASL_SEC_MUTUAL_AUTH,
+#endif
0,
};
static int smtpd_sasl_opts;
-
/* smtpd_sasl_initialize - per-process initialization */
void smtpd_sasl_initialize(void)
{
unsigned sasl_mechanism_count;
sasl_security_properties_t sec_props;
+ char *server_address;
+ char *client_address;
/*
* Initialize SASL-specific state variables. Use long-lived storage for
#define NO_SECURITY_LAYERS (0)
#define NO_SESSION_CALLBACKS ((sasl_callback_t *) 0)
- if (sasl_server_new("smtp", var_myhostname, var_smtpd_sasl_realm,
+#if SASL_VERSION_MAJOR >= 2 && defined(USE_SASL_IP_AUTH)
+
+ /*
+ * Get IP addresses of local and remote endpoints for SASL.
+ */
+#error "USE_SASL_IP_AUTH is not implemented"
+
+#else
+
+ /*
+ * Don't give any IP address information to SASL. SASLv1 doesn't use it,
+ * and in SASLv2 this will disable any mechaniams that do.
+ */
+ server_address = 0;
+ client_address = 0;
+#endif
+
+ if (SASL_SERVER_NEW("smtp", var_myhostname, var_smtpd_sasl_realm,
+ server_address, client_address,
NO_SESSION_CALLBACKS, NO_SECURITY_LAYERS,
&state->sasl_conn) != SASL_OK)
msg_fatal("SASL per-connection server initialization");
void smtpd_sasl_disconnect(SMTPD_STATE *state)
{
if (state->sasl_mechanism_list) {
+#if SASL_VERSION_MAJOR < 2
+ /* SASL version 1 doesn't free memory that it allocates. */
free(state->sasl_mechanism_list);
+#endif
state->sasl_mechanism_list = 0;
}
if (state->sasl_conn) {
unsigned enc_length;
unsigned enc_length_out;
unsigned reply_len;
- char *serverout = 0;
unsigned serveroutlen;
int result;
+
+#if SASL_VERSION_MAJOR < 2
+ char *serverout = 0;
+
+#else
+ const char *serverout = 0;
+
+#endif
+
+#if SASL_VERSION_MAJOR < 2
const char *errstr = 0;
+#endif
+
#define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3))
if (msg_verbose)
reply_len = strlen(init_response);
VSTRING_SPACE(state->sasl_decoded, reply_len);
dec_buffer = STR(state->sasl_decoded);
- if (sasl_decode64(init_response, reply_len,
- dec_buffer, &dec_length) != SASL_OK)
+ if (SASL_DECODE64(init_response, reply_len,
+ dec_buffer, reply_len, &dec_length) != SASL_OK)
return ("501 Authentication failed: malformed initial response");
if (msg_verbose)
msg_info("%s: decoded initial response %s", myname, dec_buffer);
dec_buffer = 0;
dec_length = 0;
}
- result = sasl_server_start(state->sasl_conn, sasl_method, dec_buffer,
+ result = SASL_SERVER_START(state->sasl_conn, sasl_method, dec_buffer,
dec_length, &serverout, &serveroutlen, &errstr);
/*
if (sasl_encode64(serverout, serveroutlen, STR(state->sasl_encoded),
enc_length, &enc_length_out) != SASL_OK)
msg_panic("%s: sasl_encode64 botch", myname);
+#if SASL_VERSION_MAJOR < 2
+ /* SASL version 1 doesn't free memory that it allocates. */
free(serverout);
+#endif
serverout = 0;
smtpd_chat_reply(state, "334 %s", STR(state->sasl_encoded));
return ("501 Authentication aborted"); /* XXX */
reply_len = VSTRING_LEN(state->buffer);
VSTRING_SPACE(state->sasl_decoded, reply_len);
- if (sasl_decode64(vstring_str(state->buffer), reply_len,
- STR(state->sasl_decoded), &dec_length) != SASL_OK)
+ if (SASL_DECODE64(vstring_str(state->buffer), reply_len,
+ STR(state->sasl_decoded), reply_len,
+ &dec_length) != SASL_OK)
return ("501 Error: malformed authentication response");
if (msg_verbose)
msg_info("%s: decoded response: %.*s",
myname, (int) dec_length, STR(state->sasl_decoded));
- result = sasl_server_step(state->sasl_conn, STR(state->sasl_decoded),
+ result = SASL_SERVER_STEP(state->sasl_conn, STR(state->sasl_decoded),
dec_length, &serverout, &serveroutlen, &errstr);
}
/*
* Cleanup. What an awful interface.
*/
+#if SASL_VERSION_MAJOR < 2
if (serverout)
free(serverout);
+#endif
/*
* The authentication protocol was completed.
* accounting purposes. For the sake of completeness we also record the
* authentication method that was used. XXX Do not free(serverout).
*/
+#if SASL_VERSION_MAJOR >= 2
+ result = sasl_getprop(state->sasl_conn, SASL_USERNAME,
+ (const void **) &serverout);
+#else
result = sasl_getprop(state->sasl_conn, SASL_USERNAME,
(void **) &serverout);
+#endif
if (result != SASL_OK || serverout == 0)
msg_panic("%s: sasl_getprop SASL_USERNAME botch", myname);
state->sasl_username = mystrdup(serverout);
* Strip source route.
*/
if (tree->head->type == '@'
- && (colon = tok822_find_type(tree->head, ':')) != 0)
+ && (colon = tok822_find_type(tree->head, ':')) != 0
+ && colon != tree->tail)
tok822_free_tree(tok822_sub_keep_after(tree, colon));
/*
/* .sp
/* Syntax is \fItransport\fR:\fInexthop\fR; see \fBtransport\fR(5)
/* for details. The :\fInexthop\fR part is optional.
-/* .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
+/* .IP \fBparent_domain_matches_subdomains\fR
/* List of Postfix features that use \fIdomain.name\fR patterns
/* to match \fIsub.domain.name\fR (as opposed to
/* requiring \fI.domain.name\fR patterns).
unix_connect.c unix_listen.c unix_trigger.c unsafe.c username.c \
valid_hostname.c vbuf.c vbuf_print.c vstream.c vstream_popen.c \
vstring.c vstring_vstream.c watchdog.c writable.c write_buf.c \
- write_wait.c
+ write_wait.c strcasecmp.c
OBJS = alldig.o argv.o argv_split.o attr_print0.o attr_print64.o \
attr_scan0.o attr_scan64.o base64_code.o basename.o binhash.o \
chroot_uid.o clean_env.o close_on_exec.o concatenate.o ctable.o \
unix_connect.o unix_listen.o unix_trigger.o unsafe.o username.o \
valid_hostname.o vbuf.o vbuf_print.o vstream.o vstream_popen.o \
vstring.o vstring_vstream.o watchdog.o writable.o write_buf.o \
- write_wait.o
+ write_wait.o $(STRCASE)
HDRS = argv.h attr.h base64_code.h binhash.h chroot_uid.h clean_env.h \
connect.h ctable.h dict.h dict_db.h dict_dbm.h dict_env.h \
dict_ht.h dict_ldap.h dict_mysql.h dict_ni.h dict_nis.h \
ht_info_list = htable_list(dict_table);
for (status = 0, ht = ht_info_list; status == 0 && (h = *ht) != 0; ht++) {
dict = ((DICT_NODE *) h->value)->dict;
- if (dict->fd < 0) /* not file-based */
+ if (dict->stat_fd < 0) /* not file-based */
continue;
if (dict->mtime == 0) /* not bloody likely */
msg_warn("%s: table %s: null time stamp", myname, h->key);
- if (fstat(dict->fd, &st) < 0)
+ if (fstat(dict->stat_fd, &st) < 0)
msg_fatal("%s: fstat: %m", myname);
status = (st.st_mtime != dict->mtime || st.st_nlink == 0);
}
int (*delete) (struct DICT *, const char *);
int (*sequence) (struct DICT *, int, const char **, const char **);
void (*close) (struct DICT *);
- int fd; /* for dict_update() lock */
+ int lock_fd; /* for dict_update() lock */
+ int stat_fd; /* change detection */
time_t mtime; /* mod time at open */
} DICT;
dict->delete = dict_default_delete;
dict->sequence = dict_default_sequence;
dict->close = dict_default_close;
- dict->fd = -1;
+ dict->lock_fd = -1;
+ dict->stat_fd = -1;
dict->mtime = 0;
return dict;
}
* Acquire a shared lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0)
msg_fatal("%s: lock dictionary: %m", dict_db->dict.name);
/*
* Release the shared lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
msg_fatal("%s: unlock dictionary: %m", dict_db->dict.name);
return (result);
* Acquire an exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
msg_fatal("%s: lock dictionary: %m", dict_db->dict.name);
/*
* Release the exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
msg_fatal("%s: unlock dictionary: %m", dict_db->dict.name);
}
* Acquire an exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
msg_fatal("%s: lock dictionary: %m", dict_db->dict.name);
/*
* Release the exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
msg_fatal("%s: unlock dictionary: %m", dict_db->dict.name);
return status;
* Acquire an exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
msg_fatal("%s: lock dictionary: %m", dict_db->dict.name);
if ((status = db->seq(db, &db_key, &db_value, db_function)) < 0)
* Release the exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
msg_fatal("%s: unlock dictionary: %m", dict_db->dict.name);
if (status == 0) {
#if DB_VERSION_MAJOR > 1
int db_flags;
+#endif
+
+ /*
+ * Mismatches between #include file and library are a common cause for
+ * trouble.
+ */
+#if DB_VERSION_MAJOR > 1
+ int major_version;
+ int minor_version;
+ int patch_version;
+
+ (void) db_version(&major_version, &minor_version, &patch_version);
+ if (major_version != DB_VERSION_MAJOR)
+ msg_fatal("incorrect version of Berkeley DB: "
+ "compiled against %d.%d.%d, linked against %d.%d.%d",
+ DB_VERSION_MAJOR, DB_VERSION_MINOR, DB_VERSION_PATCH,
+ major_version, minor_version, patch_version);
#endif
db_path = concatenate(path, ".db", (char *) 0);
dict_db->dict.delete = dict_db_delete;
dict_db->dict.sequence = dict_db_sequence;
dict_db->dict.close = dict_db_close;
- dict_db->dict.fd = dbfd;
- if (fstat(dict_db->dict.fd, &st) < 0)
+ dict_db->dict.lock_fd = dbfd;
+ dict_db->dict.stat_fd = dbfd;
+ if (fstat(dict_db->dict.stat_fd, &st) < 0)
msg_fatal("dict_db_open: fstat: %m");
dict_db->dict.mtime = st.st_mtime;
&& st.st_mtime < time((time_t *) 0) - 100)
msg_warn("database %s is older than source file %s", db_path, path);
- close_on_exec(dict_db->dict.fd, CLOSE_ON_EXEC);
+ close_on_exec(dict_db->dict.lock_fd, CLOSE_ON_EXEC);
+ close_on_exec(dict_db->dict.stat_fd, CLOSE_ON_EXEC);
dict_db->dict.flags = dict_flags | DICT_FLAG_FIXED;
if ((dict_flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
dict_db->dict.flags |= (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL);
* Acquire an exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0)
msg_fatal("%s: lock dictionary: %m", dict_dbm->dict.name);
/*
* Release the exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
msg_fatal("%s: unlock dictionary: %m", dict_dbm->dict.name);
return (result);
* Acquire an exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
msg_fatal("%s: lock dictionary: %m", dict_dbm->dict.name);
/*
* Release the exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
msg_fatal("%s: unlock dictionary: %m", dict_dbm->dict.name);
}
* Acquire an exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
msg_fatal("%s: lock dictionary: %m", dict_dbm->dict.name);
/*
* Release the exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
msg_fatal("%s: unlock dictionary: %m", dict_dbm->dict.name);
return (status);
* Acquire an exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0)
msg_fatal("%s: lock dictionary: %m", dict_dbm->dict.name);
/*
* Release the exclusive lock.
*/
if ((dict->flags & DICT_FLAG_LOCK)
- && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
+ && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0)
msg_fatal("%s: unlock dictionary: %m", dict_dbm->dict.name);
if (dbm_key.dptr != 0 && dbm_key.dsize > 0) {
* time domain) locks while rewriting the entire file.
*/
if (dict_flags & DICT_FLAG_LOCK) {
- dbm_path = concatenate(path, ".pag", (char *) 0);
+ dbm_path = concatenate(path, ".dir", (char *) 0);
if ((lock_fd = open(dbm_path, open_flags, 0644)) < 0)
msg_fatal("open database %s: %m", dbm_path);
if (myflock(lock_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0)
dict_dbm->dict.delete = dict_dbm_delete;
dict_dbm->dict.sequence = dict_dbm_sequence;
dict_dbm->dict.close = dict_dbm_close;
- dict_dbm->dict.fd = dbm_pagfno(dbm);
- if (fstat(dict_dbm->dict.fd, &st) < 0)
+ dict_dbm->dict.lock_fd = dbm_dirfno(dbm);
+ dict_dbm->dict.stat_fd = dbm_pagfno(dbm);
+ if (fstat(dict_dbm->dict.stat_fd, &st) < 0)
msg_fatal("dict_dbm_open: fstat: %m");
dict_dbm->dict.mtime = st.st_mtime;
#include <ldap.h>
#include <string.h>
+/* Handle differences between LDAP SDK's constant definitions */
+#ifndef LDAP_CONST
+#define LDAP_CONST const
+#endif
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS 0
+#endif
+
/* Utility library. */
#include "match_list.h"
*/
static jmp_buf env;
-static void dict_ldap_logprint(LDAP_CONST char *data) {
+static void dict_ldap_logprint(LDAP_CONST char *data)
+{
char *myname = "dict_ldap_debug";
+
msg_info("%s: %s", myname, data);
}
#ifdef LDAP_API_FEATURE_X_MEMCACHE
LDAPMemCache *dircache;
+
#endif
#ifdef LDAP_OPT_NETWORK_TIMEOUT
mytimeval.tv_sec = dict_ldap->timeout;
mytimeval.tv_usec = 0;
if (ldap_set_option(dict_ldap->ld, LDAP_OPT_NETWORK_TIMEOUT, &mytimeval) !=
- LDAP_OPT_SUCCESS)
- msg_warn("%s: Unable to set network timeout.", myname);
+ LDAP_OPT_SUCCESS)
+ msg_warn("%s: Unable to set network timeout.", myname);
#else
if ((saved_alarm = signal(SIGALRM, dict_ldap_timeout)) == SIG_ERR) {
msg_warn("%s: Error setting signal handler for open timeout: %m",
*/
#if (LDAP_API_VERSION >= 2000)
if (ldap_set_option(dict_ldap->ld, LDAP_OPT_DEREF,
- &(dict_ldap->dereference)) != LDAP_OPT_SUCCESS)
+ &(dict_ldap->dereference)) != LDAP_OPT_SUCCESS)
msg_warn("%s: Unable to set dereference option.", myname);
#else
dict_ldap->ld->ld_deref = dict_ldap->dereference;
#endif
#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(LBER_OPT_LOG_PRINT_FN)
- if(ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN,
- (LDAP_CONST *)dict_ldap_logprint) != LBER_OPT_SUCCESS)
- msg_warn("%s: Unable to set ber logprint function.", myname);
- if(ldap_set_option(dict_ldap->ld, LDAP_OPT_DEBUG_LEVEL,
- &(dict_ldap->debuglevel)) != LDAP_OPT_SUCCESS)
- msg_warn("%s: Unable to set LDAP debug level.", myname);
+ if (dict_ldap->debuglevel > 0 &&
+ ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN,
+ (LDAP_CONST *) dict_ldap_logprint) != LBER_OPT_SUCCESS)
+ msg_warn("%s: Unable to set ber logprint function.", myname);
+ if (ldap_set_option(dict_ldap->ld, LDAP_OPT_DEBUG_LEVEL,
+ &(dict_ldap->debuglevel)) != LDAP_OPT_SUCCESS)
+ msg_warn("%s: Unable to set LDAP debug level.", myname);
#endif
} else {
if (msg_verbose)
msg_info("%s: Caching enabled for %s",
- myname, dict_ldap->ldapsource);
+ myname, dict_ldap->ldapsource);
}
}
#else
0, &tv, &resloop);
}
switch (rc) {
- case LDAP_SUCCESS:
- dict_ldap_get_values(dict_ldap, resloop, result);
- break;
- case LDAP_NO_SUCH_OBJECT:
- /* Go ahead and treat this as though the DN existed
- * and just didn't have any result attributes.
- */
- msg_warn("%s: DN %s not found, skipping ", myname,
- vals[i]);
- break;
- default:
- msg_warn("%s: search error %d: %s ", myname, rc,
+ case LDAP_SUCCESS:
+ dict_ldap_get_values(dict_ldap, resloop, result);
+ break;
+ case LDAP_NO_SUCH_OBJECT:
+
+ /*
+ * Go ahead and treat this as though the DN existed
+ * and just didn't have any result attributes.
+ */
+ msg_warn("%s: DN %s not found, skipping ", myname,
+ vals[i]);
+ break;
+ default:
+ msg_warn("%s: search error %d: %s ", myname, rc,
ldap_err2string(rc));
- dict_errno = DICT_ERR_RETRY;
- break;
+ dict_errno = DICT_ERR_RETRY;
+ break;
}
if (resloop != 0)
* load on the LDAP server.
*/
if (dict_ldap->domain) {
- const char *p=strrchr(name,'@');
+ const char *p = strrchr(name, '@');
+
if (p != 0)
- p=p+1;
+ p = p + 1;
else
- p=name;
+ p = name;
if (match_list_match(dict_ldap->domain, p) == 0) {
if (msg_verbose)
msg_info("%s: domain of %s not found in domain list", myname,
/*
* Make sure it's %[sud] and not something else. For backward
- * compatibilty, treat anything other than %u or %d as %s, with
- * a warning.
+ * compatibilty, treat anything other than %u or %d as %s, with a
+ * warning.
*/
if (*(sub) == '%') {
- char *u=vstring_str(escaped_name);
- char *p=strchr(u,'@');
- switch (*(sub+1)) {
- case 'd':
- if (p)
- vstring_strcat(filter_buf, p+1);
- break;
- case 'u':
- if (p)
- vstring_strncat(filter_buf, u, p-u);
- else
- vstring_strcat(filter_buf, u);
- break;
- default:
- msg_warn
- ("%s: Invalid lookup substitution format '%%%c'!",
- myname, *(sub + 1));
- /* fall through */
- case 's':
+ char *u = vstring_str(escaped_name);
+ char *p = strchr(u, '@');
+
+ switch (*(sub + 1)) {
+ case 'd':
+ if (p)
+ vstring_strcat(filter_buf, p + 1);
+ break;
+ case 'u':
+ if (p)
+ vstring_strncat(filter_buf, u, p - u);
+ else
vstring_strcat(filter_buf, u);
- break;
+ break;
+ default:
+ msg_warn
+ ("%s: Invalid lookup substitution format '%%%c'!",
+ myname, *(sub + 1));
+ /* fall through */
+ case 's':
+ vstring_strcat(filter_buf, u);
+ break;
}
sub++;
} else
if (rc == LDAP_SERVER_DOWN) {
if (msg_verbose)
- msg_info("%s: Lost connection for LDAP source %s, reopening",
- myname, dict_ldap->ldapsource);
+ msg_info("%s: Lost connection for LDAP source %s, reopening",
+ myname, dict_ldap->ldapsource);
ldap_unbind(dict_ldap->ld);
dict_ldap->ld = NULL;
* if dict_ldap_connect() set dict_errno, abort.
*/
if (dict_errno)
- return (0);
+ return (0);
rc = ldap_search_st(dict_ldap->ld, dict_ldap->search_base,
dict_ldap->scope,
0, &tv, &res);
}
-
if (rc == LDAP_SUCCESS) {
/*
#if (LDAP_API_VERSION >= 2000)
if (ldap_get_option(dict_ldap->ld, LDAP_OPT_ERROR_NUMBER, &rc) !=
- LDAP_OPT_SUCCESS)
+ LDAP_OPT_SUCCESS)
msg_warn("%s: Unable to get last error number.", myname);
if (rc != LDAP_SUCCESS && rc != LDAP_DECODING_ERROR)
msg_warn("%s: Had some trouble with entries returned by search: %s", myname, ldap_err2string(rc));
ldap_msgfree(res);
if (filter_buf != 0)
vstring_free(filter_buf);
- if (escaped_name != 0)
+ if (escaped_name != 0)
vstring_free(escaped_name);
/*
#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(LBER_OPT_LOG_PRINT_FN)
vstring_sprintf(config_param, "%s_debuglevel", ldapsource);
dict_ldap->debuglevel = get_mail_conf_int(vstring_str(config_param), 0, 0,
- 0);
+ 0);
if (msg_verbose)
msg_info("%s: %s is %d", myname, vstring_str(config_param),
dict_ldap->debuglevel);
/*
* Otherwise, we're all set. Return the new dict_ldap structure.
*/
- return (DICT_DEBUG(&dict_ldap->dict));
+ return (DICT_DEBUG (&dict_ldap->dict));
}
#endif
if (limit && len > limit)
netstring_except(stream, NETSTRING_ERR_SIZE);
netstring_get_data(stream, buf, len);
+ return (buf);
}
/* netstring_put - send string as netstring */
/* char *name;
/* DESCRIPTION
/* The \fBsafe_getenv\fR() routine reads the named variable from the
-/* environment, provided that the unsafe() routine agrees.
+/* environment, provided that either the process runs with the real
+/* and effective user ID of root, or that the unsafe() routine agrees.
/* SEE ALSO
/* unsafe(3), detect non-user privileges
/* LICENSE
char *safe_getenv(const char *name)
{
- return (unsafe() == 0 ? getenv(name) : 0);
+ return ((getuid() == 0 && geteuid() == 0) || unsafe() == 0 ?
+ getenv(name) : 0);
}
--- /dev/null
+/*
+ * Copyright (c) 1987, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys_defs.h>
+#include <ctype.h>
+
+int strcasecmp(const char *s1, const char *s2)
+{
+ const unsigned char *us1 = (const unsigned char *) s1;
+ const unsigned char *us2 = (const unsigned char *) s2;
+
+ while (TOLOWER(*us1) == TOLOWER(*us2++))
+ if (*us1++ == '\0')
+ return (0);
+ return (TOLOWER(*us1) - TOLOWER(*--us2));
+}
+
+int strncasecmp(const char *s1, const char *s2, size_t n)
+{
+ if (n != 0) {
+ const unsigned char *us1 = (const unsigned char *) s1;
+ const unsigned char *us2 = (const unsigned char *) s2;
+
+ do {
+ if (TOLOWER(*us1) != TOLOWER(*us2++))
+ return (TOLOWER(*us1) - TOLOWER(*--us2));
+ if (*us1++ == '\0')
+ break;
+ } while (--n != 0);
+ }
+ return (0);
+}
/* It's amazing what is all missing... */
#define isascii(c) ((unsigned)(c)<=0177)
extern int opterr;
+typedef unsigned short mode_t;
#define MISSING_PID_T
#define MISSING_STRFTIME_E
/* It's amazing what is all missing... */
#define isascii(c) ((unsigned)(c)<=0177)
extern int opterr;
+typedef unsigned short mode_t;
#define MISSING_PID_T
#define MISSING_STRFTIME_E
/* int vstream_fileno(stream)
/* VSTREAM *stream;
/*
+/* void *vstream_context(stream)
+/* VSTREAM *stream;
+/*
/* int vstream_ferror(stream)
/* VSTREAM *stream;
/*
/* a buffered stream. With streams that have separate read/write
/* file descriptors, the result is the current descriptor.
/*
+/* vstream_context() returns the application context that is passed on to
+/* the application-specified read/write routines.
+/*
/* VSTREAM_PATH() is an unsafe macro that returns the name stored
/* with vstream_fopen() or with vstream_control(). The macro is
/* unsafe because it evaluates some arguments more than once.
#define VSTREAM_GETCHAR() VSTREAM_GETC(VSTREAM_IN)
#define vstream_fileno(vp) ((vp)->fd)
+#define vstream_context(vp) ((vp)->context)
#define vstream_ferror(vp) vbuf_error(&(vp)->buf)
#define vstream_feof(vp) vbuf_eof(&(vp)->buf)
#define vstream_ftimeout(vp) vbuf_timeout(&(vp)->buf)
projects / thirdparty / postfix.git / commitdiff
