From: Wietse Venema Date: Thu, 13 May 1999 05:00:00 +0000 (-0500) Subject: snapshot-19990513 X-Git-Tag: v20010228~105 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=098217f5de85007b8a6786ce17a39813d85cc90e;p=thirdparty%2Fpostfix.git snapshot-19990513 --- diff --git a/postfix/DEBUG_README b/postfix/DEBUG_README index be66f3ad2..c309f4263 100644 --- a/postfix/DEBUG_README +++ b/postfix/DEBUG_README @@ -16,6 +16,8 @@ from or to the loopback interface: debug_peer_list = 127.0.0.1 +You can specify one or more hosts, domains, addresses or net/masks. + 3 - Making daemon programs more verbose ======================================= diff --git a/postfix/HISTORY b/postfix/HISTORY index 79eb92e26..f74d0fecf 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -2744,14 +2744,11 @@ Apologies for any names omitted. = canonical, virtual, alias, forward, include" to restore previous behavior. - Feature: forward_expansion_filter configuration parameter - that controls what characters may appear in $name expansions - of forward_path. - 19990509 - Feature: USER, EXTENSION and DOMAIN environment variables - are exported to shell commands (including mailbox_command). + Feature: USER, EXTENSION, DOMAIN, RECIPIENT (entire address) + and MAILBOX (address localpart) environment variables are + exported to shell commands (including mailbox_command). Feature: new command_expansion_filter parameter to control what characters may appear in message attributes that are @@ -2774,7 +2771,8 @@ Apologies for any names omitted. Bugfix: missing duplicate filter call. This caused too many deliveries when a user is listed multiple times in an alias. Reported by Hideyuki Suzuki, School of Engineering, University - of Tokyo. + of Tokyo. Backed out on 19990512 because it caused problems. + Fixed 19990513 but needs further study. Feature: it is now possible to move queue files back into the maildrop queue, so that they can benefit from changes @@ -2785,3 +2783,9 @@ Apologies for any names omitted. Feature: made a start with integrating Joerg Henne's dictionary extensions to remove entries and to iterate over entries. That code is almost four months old by now. + +19990511 + + Feature: added a "undeliverable postmaster notification + discarded" warning when mail is dropped on the floor. + Requested by Michael Hasenstein, SuSE, Germany. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index cbd9aa256..79ddd58e7 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,35 +1,38 @@ -Incompatible changes with snapshot-19990509: +Incompatible changes with snapshot-19990513: =========================================== -- The SMTP server now always delays UCE restrictions until RCPT -TO, VRFY or ETRN command. To change back to the default specify +- The SMTP server now delays all UCE restrictions until the RCPT +TO, VRFY or ETRN command. This makes the restrictions more useful, +because many SMTP clients do not expect negative responses earlier +in the protocol. In order to restore the old behavior, specify "smtpd_delay_reject = no" in /etc/postfix/main.cf. - The Postfix local delivery agent no longer automatically propagates -the address extension to aliases/include/forward addresses. Specify +address extensions to aliases/include/forward addresses. Specify "propagate_unmatched_extensions = canonical, virtual, alias, forward, include" to restore the old behavior. +- The Postfix local delivery agent no longer does $name expansion +on words found in the mailbox_command configuration parameter. This +makes it easier to specify shell syntax. See conf/main.cf. + - The luser_relay syntax has changed. You can specify one address; it is subjected to $user, etc. expansions. See conf/main.cf. -- File system reorganization: daemon executables are in the libexec -subdirectory, command executables in the bin subdirectory. The -INSTALL instructions now recommend installing daemons and commands -into separate directories. +- File system reorganization: daemon executables are now in the +libexec subdirectory, command executables in the bin subdirectory. +The INSTALL instructions now recommend installing daemons and +commands into separate directories. -Major changes with snapshot-19990509: +Major changes with snapshot-19990513: ===================================== -In addition to several little bugfixes, none related to security, -lots of internal code cleanup, lots of new functionality, and lots -of Solaris workarounds. - -- New USER, EXTENSION and DOMAIN environment variables for delivery -to command by the local delivery agent. As you might expect, the -information is censored. The list of acceptable characters is -specified with the command_expansion_filter configuration parameter. -Unacceptable characters are replaced by underscores. +- New USER, EXTENSION, LOCAL and DOMAIN environment variables for +delivery to command (including mailbox_command) by the local delivery +agent. As you might expect, the information is censored. The list +of acceptable characters is specified with the command_expansion_filter +configuration parameter. Unacceptable characters are replaced by +underscores. - Specify "forward_path = /var/forward/$user" to avoid looking up .forward files in user home directories. The default value is @@ -38,13 +41,13 @@ Initial code by Philip A. Prindeville, Mirapoint, Inc., USA. - Conditional $name expansion in forward_path and luser_relay. Available names are: $user (bare user name) $shell (user login -shell), $home (user home directory), $recipient (everything to the -left of @), $extension (optional address extension), $domain -(everything to the right of @), and $recipient_delimiter. A simple -$name expands as usual. ${name?value} expands to value when $name -is defined. ${name:value} expands to value when $name is not -defined. With ${name?value} and ${name:value}, the value is subject -to another iteration of $name expansion. +shell), $home (user home directory), $local (everything to the left +of @), $extension (optional address extension), $domain (everything +to the right of @), $recipient (the complete address) and +$recipient_delimiter. A simple $name expands as usual. ${name?value} +expands to value when $name is defined. ${name:value} expands to +value when $name is not defined. With ${name?value} and ${name:value}, +the value is subject to another iteration of $name expansion. - POSIX regular expression support, enabled by default on 4.4BSD, LINUX, HP-UX, and Solaris 2.5 and later. See conf/sample-regexp.cf. diff --git a/postfix/bounce/bounce_notify_service.c b/postfix/bounce/bounce_notify_service.c index 53ef22c7d..514c5aad0 100644 --- a/postfix/bounce/bounce_notify_service.c +++ b/postfix/bounce/bounce_notify_service.c @@ -378,6 +378,8 @@ int bounce_notify_service(char *service, char *queue_name, * and substitute something else so mail does not come back at us. */ if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) { + msg_warn("%s: undeliverable postmaster notification discarded", + queue_id); bounce_status = 0; } diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index e6657abff..79e998acc 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -9,8 +9,8 @@ # # The queue_directory specifies the location of the Postfix queue. # This is also the root directory of Postfix daemons that run chrooted. -# The contributed source code from http://www.postfix.org/ has examples -# for setting up Postfix chroot environments on different UNIX systems. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. # queue_directory = /var/spool/postfix @@ -222,20 +222,22 @@ program_directory = /some/where/postfix/bin # The mailbox_command parameter specifies the optional external # command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME settings. +# the recipient with proper HOME, SHELL and LOGNAME environment settings. # Exception: delivery for root is done as $default_user. # -# The following expansions are done on mailbox_command: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $mailbox (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# # Avoid shell meta characters because they will force Postfix to run # an expensive shell process. Procmail alone is expensive enough. # #mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" # The mailbox_transport specifies the optional transport in master.cf # to use after processing aliases and .forward files. This parameter @@ -257,13 +259,13 @@ program_directory = /some/where/postfix/bin # The following expansions are done on luser_relay: $user (recipient # username), $shell (recipient shell), $home (recipient home directory), # $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $mailbox (entire recipient +# extension), $domain (recipient domain), $local (entire recipient # localpart), $recipient_delimiter. Specify ${name?value} or # ${name:value} to expand value only when $name does (does not) exist. # # luser_relay = $user@other.host -# luser_relay = $mailbox@other.host -# luser_relay = admin+$mailbox +# luser_relay = $local@other.host +# luser_relay = admin+$local # JUNK MAIL CONTROLS # diff --git a/postfix/conf/main.cf.default b/postfix/conf/main.cf.default index fed943f16..ef7182e6f 100644 --- a/postfix/conf/main.cf.default +++ b/postfix/conf/main.cf.default @@ -50,7 +50,7 @@ home_mailbox = hopcount_limit = 50 ignore_mx_lookup_error = no inet_interfaces = all -initial_destination_concurrency = 2 +initial_destination_concurrency = 5 invalid_hostname_reject_code = 501 ipc_idle = 100 ipc_timeout = 3600 @@ -62,7 +62,7 @@ luser_relay = mail_name = Postfix mail_owner = postfix mail_spool_directory = /var/mail -mail_version = Snapshot-19990510 +mail_version = Snapshot-19990513 mailbox_command = mailbox_transport = maps_rbl_domains = rbl.maps.vix.com diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index d300bb89a..adb7adebf 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -68,3 +68,5 @@ cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -q -m ${extension} ${user} uucp unix - n n - - pipe flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) diff --git a/postfix/conf/sample-local.cf b/postfix/conf/sample-local.cf index f6dce292b..e46b20592 100644 --- a/postfix/conf/sample-local.cf +++ b/postfix/conf/sample-local.cf @@ -30,7 +30,7 @@ # The following expansions are done on forward_path: $user (recipient # username), $shell (recipient shell), $home (recipient home directory), # $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $mailbox (entire recipient +# extension), $domain (recipient domain), $local (entire recipient # localpart), $recipient_delimiter. Specify ${name?value} or # ${name:value} to expand value only when $name does (does not) exist. # @@ -78,13 +78,13 @@ home_mailbox = # The following expansions are done on luser_relay: $user (recipient # username), $shell (recipient shell), $home (recipient home directory), # $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $mailbox (entire recipient +# extension), $domain (recipient domain), $local (entire recipient # localpart), $recipient_delimiter. Specify ${name?value} or # ${name:value} to expand value only when $name does (does not) exist. # # luser_relay = $user@other.host -# luser_relay = $mailbox@other.host -# luser_relay = admin+$mailbox +# luser_relay = $local@other.host +# luser_relay = admin+$local # The mail_spool_directory parameter specifies the directory where # UNIX-style mailboxes are kept. The default setting depends on the @@ -95,20 +95,22 @@ home_mailbox = # The mailbox_command parameter specifies the optional external # command to use instead of mailbox delivery. The command is run -# as the recipient with proper HOME, SHELL and LOGNAME settings. +# as the recipient with proper HOME, SHELL and LOGNAME environment settings. # Exception: delivery for root is done as $default_user. # -# The following expansions are done on mailbox_command: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $mailbox (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). # # Avoid shell meta characters because they will force Postfix to run # an expensive shell process. Procmail alone is expensive enough. # # mailbox_command = /some/where/procmail +# mailbox_command = /some/where/procmail -a "$EXTENSION" mailbox_command = # The mailbox_transport specifies the optional transport in master.cf diff --git a/postfix/global/ext_prop.c b/postfix/global/ext_prop.c index 845c3a028..41fa8f0e1 100644 --- a/postfix/global/ext_prop.c +++ b/postfix/global/ext_prop.c @@ -16,20 +16,20 @@ /* recognized in \fBpattern\fR, with the corresponding bit mask /* given in parentheses: /* .IP "canonical (EXP_PROP_CANONICAL)" -/* Propagate unmatched address extensions tothe right-hand side -/* canonical map entries. +/* Propagate unmatched address extensions to the right-hand side +/* of canonical table entries (not: regular expressions). /* .IP "virtual (EXP_PROP_VIRTUAL) -/* Propagate unmatched address extensions tothe right-hand side -/* canonical map entries. +/* Propagate unmatched address extensions to the right-hand side +/* of virtual table entries (not: regular expressions). /* .IP "alias (EXP_PROP_ALIAS) -/* Propagate unmatched address extensions tothe right-hand side -/* canonical map entries. +/* Propagate unmatched address extensions to the right-hand side +/* of alias database entries. /* .IP "forward (EXP_PROP_FORWARD)" -/* Propagate unmatched address extensions tothe right-hand side -/* canonical map entries. +/* Propagate unmatched address extensions to the right-hand side +/* of .forward file entries. /* .IP "include (EXP_PROP_INCLUDE)" -/* Propagate unmatched address extensions tothe right-hand side -/* canonical map entries. +/* Propagate unmatched address extensions to the right-hand side +/* of :include: file entries. /* DIAGNOSTICS /* Panic: inappropriate use. /* LICENSE diff --git a/postfix/global/mail_params.h b/postfix/global/mail_params.h index 7e9ebb493..bd1ce7422 100644 --- a/postfix/global/mail_params.h +++ b/postfix/global/mail_params.h @@ -397,7 +397,7 @@ extern int var_qmgr_rcpt_limit; * Queue manager: default destination concurrency levels. */ #define VAR_INIT_DEST_CON "initial_destination_concurrency" -#define DEF_INIT_DEST_CON 2 +#define DEF_INIT_DEST_CON 5 extern int var_init_dest_concurrency; #define VAR_DEST_CON_LIMIT "default_destination_concurrency_limit" diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h index 648c4f857..f23ded7f7 100644 --- a/postfix/global/mail_version.h +++ b/postfix/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-19990510" +#define DEF_MAIL_VERSION "Snapshot-19990513" extern char *var_mail_version; /* LICENSE diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index ae92f3a6c..3440d9bee 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -41,7 +41,7 @@ LOCAL(8) LOCAL(8) interpolation of $user (recipient username), $home (recip- ient home directory), $shell (recipient shell), $recipient (complete recipient address), $extension (recipient - address extension), $domain (recipient domain), mailbox + address extension), $domain (recipient domain), local (entire recipient address localpart) and $recipient_delim- iter. The forms ${name?value} and ${name:value} expand conditionally to value when $name is (is not) defined. @@ -183,14 +183,14 @@ LOCAL(8) LOCAL(8) LOGNAME The bare recipient name. - The PATH environment variable is always reset to a system- - dependent default path, and the TZ (time zone) environment - variable is always passed on without change. + LOCAL The entire recipient address localpart (text to the + left of the rightmost @ character). - The current working directory is the mail queue directory. + RECIPIENT + The entire recipient address. - The local daemon prepends a "From sender time_stamp" enve- - lope header to each message, prepends a Delivered-To: + The PATH environment variable is always reset to a system- + dependent default path, and the TZ (time zone) environment @@ -203,61 +203,61 @@ LOCAL(8) LOCAL(8) LOCAL(8) LOCAL(8) - header with the recipient envelope address, prepends a - Return-Path: header with the sender envelope address, and + variable is always passed on without change. + + The current working directory is the mail queue directory. + + The local daemon prepends a "From sender time_stamp" enve- + lope header to each message, prepends a Delivered-To: + header with the recipient envelope address, prepends a + Return-Path: header with the sender envelope address, and appends an empty line. EXTERNAL FILE DELIVERY - The allow_mail_to_files configuration parameter restricts - delivery to external files. The default setting (alias, - forward) forbids file destinations in :include: files. + The allow_mail_to_files configuration parameter restricts + delivery to external files. The default setting (alias, + forward) forbids file destinations in :include: files. Specify a pathname ending in / for qmail-compatible maildir delivery. The local daemon prepends a "From sender time_stamp" enve- - lope header to each message, prepends a Delivered-To: - header with the recipient envelope address, prepends a > - character to lines beginning with "From ", and appends an - empty line. The envelope sender address is available in - the Return-Path: header. When the destination is a regu- + lope header to each message, prepends a Delivered-To: + header with the recipient envelope address, prepends a > + character to lines beginning with "From ", and appends an + empty line. The envelope sender address is available in + the Return-Path: header. When the destination is a regu- lar file, it is locked for exclusive access while delivery is in progress. In case of problems, an attempt is made to truncate a regular file to its original length. In the case of maildir delivery, the local daemon prepends - a Delivered-To: header with the envelope recipient - address. The envelope sender address is available in the + a Delivered-To: header with the envelope recipient + address. The envelope sender address is available in the Return-Path: header. ADDRESS EXTENSION - The optional recipient_delimiter configuration parameter - specifies how to separate address extensions from local + The optional recipient_delimiter configuration parameter + specifies how to separate address extensions from local recipient names. - For example, with "recipient_delimiter = +", mail for - name+foo is delivered to the alias name+foo or to the - alias name, to the destinations listed in ~name/.for- + For example, with "recipient_delimiter = +", mail for + name+foo is delivered to the alias name+foo or to the + alias name, to the destinations listed in ~name/.for- ward+foo or in ~name/.forward, to the mailbox owned by the user name, or it is sent back as undeliverable. - In all cases the local daemon prepends a `Delivered-To: + In all cases the local daemon prepends a `Delivered-To: name+foo' header line. DELIVERY RIGHTS - Deliveries to external files and external commands are + Deliveries to external files and external commands are made with the rights of the receiving user on whose behalf - the delivery is made. In the absence of a user context, - the local daemon uses the owner rights of the :include: + the delivery is made. In the absence of a user context, + the local daemon uses the owner rights of the :include: file or alias database. When those files are owned by the superuser, delivery is made with the rights specified with the default_privs configuration parameter. -STANDARDS - RFC 822 (ARPA Internet Text Messages) - -DIAGNOSTICS - Problems and transactions are logged to syslogd(8). - 4 @@ -269,28 +269,33 @@ LOCAL(8) LOCAL(8) LOCAL(8) LOCAL(8) - Corrupted message files are marked so that the queue man- - ager can move them to the corrupt queue afterwards. +STANDARDS + RFC 822 (ARPA Internet Text Messages) + +DIAGNOSTICS + Problems and transactions are logged to syslogd(8). Cor- + rupted message files are marked so that the queue manager + can move them to the corrupt queue afterwards. - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces and of other trou- + Depending on the setting of the notify_classes parameter, + the postmaster is notified of bounces and of other trou- ble. BUGS - For security reasons, the message delivery status of - external commands or of external files is never check- + For security reasons, the message delivery status of + external commands or of external files is never check- pointed to file. As a result, the program may occasionally deliver more than once to a command or external file. Bet- ter safe than sorry. - Mutually-recursive aliases or ~/.forward files are not - detected early. The resulting mail forwarding loop is + Mutually-recursive aliases or ~/.forward files are not + detected early. The resulting mail forwarding loop is broken by the use of the Delivered-To: message header. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + The following main.cf parameters are especially relevant + to this program. See the Postfix main.cf file for syntax + details and for default values. Use the postfix reload command after a configuration change. Miscellaneous @@ -302,10 +307,10 @@ LOCAL(8) LOCAL(8) ject to $name expansion. local_command_shell - Shell to use for external command execution (for - example, /some/where/smrsh -c). When a shell is + Shell to use for external command execution (for + example, /some/where/smrsh -c). When a shell is specified, it is invoked even when the command con- - tains no shell built-in commands or meta charac- + tains no shell built-in commands or meta charac- ters. owner_request_special @@ -318,11 +323,6 @@ LOCAL(8) LOCAL(8) Mailbox delivery fallback_transport Message transport for recipients that are not found - in the UNIX passwd database. This parameter over- - rides luser_relay. - - home_mailbox - Pathname of a mailbox relative to a user's home @@ -335,38 +335,43 @@ LOCAL(8) LOCAL(8) LOCAL(8) LOCAL(8) + in the UNIX passwd database. This parameter over- + rides luser_relay. + + home_mailbox + Pathname of a mailbox relative to a user's home directory. Specify a path ending in / for maildir- style delivery. luser_relay - Destination (@domain or address) for non-existent - users. The address is subjected to $name expan- + Destination (@domain or address) for non-existent + users. The address is subjected to $name expan- sion. mail_spool_directory - Directory with UNIX-style mailboxes. The default + Directory with UNIX-style mailboxes. The default pathname is system dependent. mailbox_command - External command to use for mailbox delivery. The + External command to use for mailbox delivery. The command executes with the recipient privileges - (exception: root). The string is subject to $name + (exception: root). The string is subject to $name expansions. mailbox_transport - Message transport to use for mailbox delivery to + Message transport to use for mailbox delivery to all local recipients, whether or not they are found - in the UNIX passwd database. This parameter over- - rides all other configuration parameters that con- + in the UNIX passwd database. This parameter over- + rides all other configuration parameters that con- trol mailbox delivery, including luser_relay. Locking controls deliver_lock_attempts - Limit the number of attempts to acquire an exclu- + Limit the number of attempts to acquire an exclu- sive lock on a mailbox or external file. deliver_lock_delay - Time in seconds between successive attempts to + Time in seconds between successive attempts to acquire an exclusive lock. stale_lock_time @@ -374,22 +379,17 @@ LOCAL(8) LOCAL(8) Resource controls command_time_limit - Limit the amount of time for delivery to external + Limit the amount of time for delivery to external command. duplicate_filter_limit - Limit the size of the duplicate filter for results + Limit the size of the duplicate filter for results from alias etc. expansion. line_length_limit - Limit the amount of memory used for processing a + Limit the amount of memory used for processing a partial input line. - local_destination_concurrency_limit - Limit the number of parallel deliveries to the same - user. The default limit is taken from the - default_destination_concurrency_limit parameter. - 6 @@ -401,34 +401,39 @@ LOCAL(8) LOCAL(8) LOCAL(8) LOCAL(8) + local_destination_concurrency_limit + Limit the number of parallel deliveries to the same + user. The default limit is taken from the + default_destination_concurrency_limit parameter. + local_destination_recipient_limit - Limit the number of recipients per message deliv- - ery. The default limit is taken from the + Limit the number of recipients per message deliv- + ery. The default limit is taken from the default_destination_recipient_limit parameter. Security controls allow_mail_to_commands - Restrict the usage of mail delivery to external + Restrict the usage of mail delivery to external command. allow_mail_to_files - Restrict the usage of mail delivery to external + Restrict the usage of mail delivery to external file. command_expansion_filter - What characters are allowed to appear in $name - expansions of mailbox_command. Illegal characters + What characters are allowed to appear in $name + expansions of mailbox_command. Illegal characters are replaced by underscores. default_privs - Default rights for delivery to external file or + Default rights for delivery to external file or command. HISTORY - The Delivered-To: header appears in the qmail system by + The Delivered-To: header appears in the qmail system by Daniel Bernstein. - The maildir structure appears in the qmail system by + The maildir structure appears in the qmail system by Daniel Bernstein. SEE ALSO @@ -439,7 +444,7 @@ LOCAL(8) LOCAL(8) qmgr(8) queue manager LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) @@ -453,11 +458,6 @@ LOCAL(8) LOCAL(8) - - - - - 7 diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html index 77fe88a36..b778c7b5d 100644 --- a/postfix/html/transport.5.html +++ b/postfix/html/transport.5.html @@ -91,6 +91,13 @@ TRANSPORT(5) TRANSPORT(5) port 2025. Instead of a numerical port a symbolic name may be used. Specify [] around the destination in order to disable MX lookups. + The error mailer can be used to bounce mail: + + .foo.org error:mail for *.foo.org is not deliverable + + This causes all mail for user@anythingfoo.org + to be bounced. + CONFIGURATION PARAMETERS The following main.cf parameters are especially relevant to this topic. See the Postfix main.cf file for syntax @@ -118,6 +125,18 @@ TRANSPORT(5) TRANSPORT(5) The Secure Mailer license must be distributed with this software. + + + + 2 + + + + + +TRANSPORT(5) TRANSPORT(5) + + AUTHOR(S) Wietse Venema IBM T.J. Watson Research @@ -128,7 +147,54 @@ TRANSPORT(5) TRANSPORT(5) - 2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 3 diff --git a/postfix/local/command.c b/postfix/local/command.c index e96bc3af6..edf29d47f 100644 --- a/postfix/local/command.c +++ b/postfix/local/command.c @@ -16,7 +16,8 @@ /* output is captured for diagnostics purposes. /* Duplicate commands for the same recipient are suppressed. /* A limited amount of information is exported via the environment: -/* HOME, SHELL, LOGNAME, USER, EXTENSION, and DOMAIN. The exported +/* HOME, SHELL, LOGNAME, USER, EXTENSION, DOMAIN, RECIPIENT (entire +/* address) and LOCAL (just the local part). The exported /* information is censored with var_cmd_filter. /* /* Arguments: @@ -146,8 +147,12 @@ int deliver_command(LOCAL_STATE state, USER_ATTR usr_attr, char *command) env = argv_alloc(1); if (usr_attr.home) argv_add(env, "HOME", usr_attr.home, ARGV_END); - argv_add(env, "LOGNAME", state.msg_attr.user, ARGV_END); - argv_add(env, "USER", state.msg_attr.user, ARGV_END); + argv_add(env, + "LOGNAME", state.msg_attr.user, + "USER", state.msg_attr.user, + "RECIPIENT", state.msg_attr.recipient, + "LOCAL", state.msg_attr.local, + ARGV_END); if (usr_attr.shell) argv_add(env, "SHELL", usr_attr.shell, ARGV_END); if (state.msg_attr.domain) diff --git a/postfix/local/dotforward.c b/postfix/local/dotforward.c index a5ae42efe..ed1e13429 100644 --- a/postfix/local/dotforward.c +++ b/postfix/local/dotforward.c @@ -102,7 +102,6 @@ int deliver_dotforward(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) char *saved_forward_path; char *lhs; char *next; - const char *forward_path; int expand_status; /* @@ -113,25 +112,11 @@ int deliver_dotforward(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) MSG_LOG_STATE(myname, state); /* - * Skip this module if per-user forwarding is disabled. XXX We need to - * extend the mail_conf_XXX() interface to request no expansion of $names - * in the given value or in the default value. + * Skip this module if per-user forwarding is disabled. */ - if ((forward_path = mail_conf_lookup(VAR_FORWARD_PATH)) == 0) - forward_path = DEF_FORWARD_PATH; - if (*forward_path == 0) + if (*var_forward_path == 0) return (NO); - /* - * DUPLICATE/LOOP ELIMINATION - * - * If this user includes (an alias of) herself in her own .forward file, - * deliver to the user instead. - */ - if (been_here(state.dup_filter, "forward %s", state.msg_attr.local)) - return (NO); - state.msg_attr.exp_from = state.msg_attr.local; - /* * Skip non-existing users. The mailbox delivery routine will catch the * error. @@ -180,7 +165,7 @@ int deliver_dotforward(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) * be this user and 2) mail forwarded to other local users will be * resubmitted as a new queue file. */ - state.msg_attr.owner = state.msg_attr.recipient; + state.msg_attr.owner = state.msg_attr.user; /* * Search the forward_path for an existing forward file. @@ -193,7 +178,7 @@ int deliver_dotforward(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) status = 0; path = vstring_alloc(100); - saved_forward_path = mystrdup(forward_path); + saved_forward_path = mystrdup(var_forward_path); next = saved_forward_path; lookup_status = -1; @@ -221,8 +206,15 @@ int deliver_dotforward(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) * .forward file as the user. Ignore files that aren't regular files, * files that are owned by the wrong user, or files that have world write * permission enabled. + * + * DUPLICATE/LOOP ELIMINATION + * + * If this user includes (an alias of) herself in her own .forward file, + * deliver to the user instead. */ - if (lookup_status >= 0) { + if (lookup_status >= 0 + && been_here(state.dup_filter, "forward %s", STR(path)) == 0) { + state.msg_attr.exp_from = state.msg_attr.local; if (S_ISREG(st.st_mode) == 0) { msg_warn("file %s is not a regular file", STR(path)); } else if (st.st_uid != 0 && st.st_uid != usr_attr.uid) { diff --git a/postfix/local/local.c b/postfix/local/local.c index 9e529b346..91cdfc96a 100644 --- a/postfix/local/local.c +++ b/postfix/local/local.c @@ -35,7 +35,7 @@ /* \fB$user\fR (recipient username), \fB$home\fR (recipient home /* directory), \fB$shell\fR (recipient shell), \fB$recipient\fR /* (complete recipient address), \fB$extension\fR (recipient address -/* extension), \fB$domain\fR (recipient domain), \fBmailbox\fR +/* extension), \fB$domain\fR (recipient domain), \fBlocal\fR /* (entire recipient address localpart) and /* \fB$recipient_delimiter.\fR The forms \fI${name?value}\fR and /* \fI${name:value}\fR expand conditionally to \fIvalue\fR when @@ -149,6 +149,11 @@ /* The recipient address domain part. /* .IP \fBLOGNAME\fR /* The bare recipient name. +/* .IP \fBLOCAL\fR +/* The entire recipient address localpart (text to the left of the +/* rightmost @ character). +/* .IP \fBRECIPIENT\fR +/* The entire recipient address. /* .PP /* The \fBPATH\fR environment variable is always reset to a /* system-dependent default path, and the \fBTZ\fR (time zone) @@ -575,7 +580,6 @@ int main(int argc, char **argv) VAR_ALLOW_FILES, DEF_ALLOW_FILES, &var_allow_files, 0, 0, VAR_RCPT_FDELIM, DEF_RCPT_FDELIM, &var_rcpt_fdelim, 0, 0, VAR_LOCAL_CMD_SHELL, DEF_LOCAL_CMD_SHELL, &var_local_cmd_shell, 0, 0, - VAR_LUSER_RELAY, DEF_LUSER_RELAY, &var_luser_relay, 0, 0, VAR_MAIL_SPOOL_DIR, DEF_MAIL_SPOOL_DIR, &var_mail_spool_dir, 0, 0, VAR_MAILBOX_TRANSP, DEF_MAILBOX_TRANSP, &var_mailbox_transport, 0, 0, VAR_FALLBACK_TRANSP, DEF_FALLBACK_TRANSP, &var_fallback_transport, 0, 0, diff --git a/postfix/local/local_expand.c b/postfix/local/local_expand.c index e42d2e685..8800b4e0e 100644 --- a/postfix/local/local_expand.c +++ b/postfix/local/local_expand.c @@ -28,10 +28,10 @@ /* The recipient address extension. /* .IP home /* The recipient home directory. -/* .IP mailbox -/* The full recipient address localpart. +/* .IP local +/* The entire recipient address localpart. /* .IP recipient -/* The full recipient address. +/* The entire recipient address. /* .IP recipient_delimiter /* The recipient delimiter. /* .IP shell @@ -110,6 +110,8 @@ static const char *local_expand_lookup(const char *name, int mode, char *ptr) return (local->usr_attr->shell); } else if (STREQ(name, "domain")) { return (local->state->msg_attr.domain); + } else if (STREQ(name, "local")) { + return (local->state->msg_attr.local); } else if (STREQ(name, "mailbox")) { return (local->state->msg_attr.local); } else if (STREQ(name, "recipient")) { diff --git a/postfix/local/recipient.c b/postfix/local/recipient.c index 2b443006f..5cc549d12 100644 --- a/postfix/local/recipient.c +++ b/postfix/local/recipient.c @@ -151,8 +151,7 @@ static int deliver_switch(LOCAL_STATE state, USER_ATTR usr_attr) * recipient domain is local, so we only have to compare local parts. */ if (state.msg_attr.owner != 0 - && strncasecmp(state.msg_attr.owner, state.msg_attr.recipient, - strlen(state.msg_attr.local) + 1) != 0) + && strcasecmp(state.msg_attr.owner, state.msg_attr.user) != 0) return (deliver_indirect(state)); /* @@ -182,7 +181,8 @@ int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) /* * Duplicate filter. */ - if (been_here(state.dup_filter, "recipient %s", state.msg_attr.recipient)) + if (been_here(state.dup_filter, "recipient %d %s", + state.level, state.msg_attr.recipient)) return (0); /* @@ -212,7 +212,7 @@ int deliver_recipient(LOCAL_STATE state, USER_ATTR usr_attr) state.msg_attr.user = mystrdup(state.msg_attr.local); if (*var_rcpt_delim) { state.msg_attr.extension = - split_addr(state.msg_attr.local, *var_rcpt_delim); + split_addr(state.msg_attr.user, *var_rcpt_delim); if (state.msg_attr.extension && strchr(state.msg_attr.extension, '/')) { msg_warn("%s: address with illegal extension: %s", state.msg_attr.queue_id, state.msg_attr.local); diff --git a/postfix/local/resolve.c b/postfix/local/resolve.c index 2067c4766..4c410461b 100644 --- a/postfix/local/resolve.c +++ b/postfix/local/resolve.c @@ -112,7 +112,6 @@ int deliver_resolve_tree(LOCAL_STATE state, USER_ATTR usr_attr, TOK822 *addr */ tok822_rewrite(addr, REWRITE_CANON); tok822_resolve(addr, &reply); - state.msg_attr.recipient = STR(reply.recipient); /* * Splice in the optional unmatched address extension. @@ -124,12 +123,15 @@ int deliver_resolve_tree(LOCAL_STATE state, USER_ATTR usr_attr, TOK822 *addr } else { ext_len = strlen(state.msg_attr.unmatched); VSTRING_SPACE(reply.recipient, ext_len + 2); + if ((ratsign = strrchr(STR(reply.recipient), '@')) == 0) + msg_panic("%s: recipient @ botch", myname); memmove(ratsign + ext_len + 1, ratsign, strlen(ratsign) + 1); *ratsign = *var_rcpt_delim; memcpy(ratsign + 1, state.msg_attr.unmatched, ext_len); VSTRING_SKIP(reply.recipient); } } + state.msg_attr.recipient = STR(reply.recipient); /* * Delivery to a local or non-local address. For a while there was some diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5 index b209ecc08..d6293343f 100644 --- a/postfix/man/man5/transport.5 +++ b/postfix/man/man5/transport.5 @@ -79,6 +79,14 @@ In the case of delivery via SMTP, one may specify This directs mail for \fIuser\fR@\fBfoo.org\fR to host \fBbar.org\fR port \fB2025\fR. Instead of a numerical port a symbolic name may be used. Specify [] around the destination in order to disable MX lookups. + +The error mailer can be used to bounce mail: + +.ti +5 +\fB\&.foo.org error:mail for *.foo.org is not deliverable\fR + +This causes all mail for \fIuser\fR@\fIanything\fBfoo.org\fR +to be bounced. .SH CONFIGURATION PARAMETERS .na .nf diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8 index d87023edf..9142b6a0f 100644 --- a/postfix/man/man8/local.8 +++ b/postfix/man/man8/local.8 @@ -43,7 +43,7 @@ The \fBforward_path\fR parameter is subject to interpolation of \fB$user\fR (recipient username), \fB$home\fR (recipient home directory), \fB$shell\fR (recipient shell), \fB$recipient\fR (complete recipient address), \fB$extension\fR (recipient address -extension), \fB$domain\fR (recipient domain), \fBmailbox\fR +extension), \fB$domain\fR (recipient domain), \fBlocal\fR (entire recipient address localpart) and \fB$recipient_delimiter.\fR The forms \fI${name?value}\fR and \fI${name:value}\fR expand conditionally to \fIvalue\fR when @@ -163,6 +163,11 @@ The optional recipient address extension. The recipient address domain part. .IP \fBLOGNAME\fR The bare recipient name. +.IP \fBLOCAL\fR +The entire recipient address localpart (text to the left of the +rightmost @ character). +.IP \fBRECIPIENT\fR +The entire recipient address. .PP The \fBPATH\fR environment variable is always reset to a system-dependent default path, and the \fBTZ\fR (time zone) diff --git a/postfix/qmgr/qmgr_message.c b/postfix/qmgr/qmgr_message.c index 56041d86e..ec928ea80 100644 --- a/postfix/qmgr/qmgr_message.c +++ b/postfix/qmgr/qmgr_message.c @@ -513,6 +513,8 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) sent(message->queue_id, recipient->address, "none", message->arrival_time, "discarded"); deliver_completed(message->fp, recipient->offset); + msg_warn("%s: undeliverable postmaster notification discarded", + message->queue_id); continue; } } diff --git a/postfix/smtpd/smtpd_check.c b/postfix/smtpd/smtpd_check.c index 3bc3d11a4..f9542f110 100644 --- a/postfix/smtpd/smtpd_check.c +++ b/postfix/smtpd/smtpd_check.c @@ -400,21 +400,11 @@ static int smtpd_check_reject(SMTPD_STATE *state, int error_class, * postmaster notices, this may be the only trace left that service was * rejected. Print the request, client name/address, and response. */ - msg_info("%s: reject: %s from %s: %s", - state->queue_id, state->where, - state->namaddr, STR(error_text)); - - /* - * Log from/to information if available, for the benefit of the local - * sysadmin. - */ - if (state->sender) { - msg_info(state->recipient ? - "%s: reject: %s from %s: from=<%s> to=<%s>" : - "%s: reject: %s from %s: from=<%s>", - state->queue_id, state->where, state->namaddr, - state->sender, state->recipient); - } + msg_info(state->recipient ? "reject: %s from %s: %s; from=<%s> to=<%s>" + : state->sender ? "reject: %s from %s: %s; from=<%s>" + : "reject: %s from %s: %s", + state->where, state->namaddr, STR(error_text), + state->sender, state->recipient); return (SMTPD_CHECK_REJECT); } @@ -891,6 +881,12 @@ static int check_table_result(SMTPD_STATE *state, char *table, if (msg_verbose) msg_info("%s: %s %s %s", myname, table, value, datum); + /* + * DUNNO means skip this table. + */ + if (strcasecmp(value, "DUNNO") == 0) + return (SMTPD_CHECK_DUNNO); + /* * REJECT means NO. Generate a generic error response. */ @@ -1327,6 +1323,8 @@ char *smtpd_check_client(SMTPD_STATE *state) /* * Initialize. */ + if (state->name == 0 && state->addr == 0) + return (0); status = setjmp(smtpd_check_buf); if (status != 0) return (0); @@ -1361,6 +1359,8 @@ char *smtpd_check_helo(SMTPD_STATE *state, char *helohost) /* * Initialize. */ + if (helohost == 0) + return (0); status = setjmp(smtpd_check_buf); if (status != 0) return (0); @@ -1399,6 +1399,8 @@ char *smtpd_check_mail(SMTPD_STATE *state, char *sender) /* * Initialize. */ + if (sender == 0) + return (0); status = setjmp(smtpd_check_buf); if (status != 0) return (0); @@ -1435,6 +1437,24 @@ char *smtpd_check_rcpt(SMTPD_STATE *state, char *recipient) char *saved_recipient = state->recipient; char *err; + /* + * Initialize. + */ + if (recipient == 0) + return (0); + + /* + * Minor kluge so that we can delegate work to the generic routine and so + * that we can syslog the recipient with the reject messages. + */ + state->recipient = mystrdup(recipient); + +#define SMTPD_CHECK_RCPT_RETURN(x) { \ + myfree(state->recipient); \ + state->recipient = saved_recipient; \ + return (x); \ + } + /* * Apply delayed restrictions. */ @@ -1442,20 +1462,18 @@ char *smtpd_check_rcpt(SMTPD_STATE *state, char *recipient) if ((err = smtpd_check_client(state)) != 0 || (err = smtpd_check_helo(state, state->helo_name)) != 0 || (err = smtpd_check_mail(state, state->sender)) != 0) - return (err); + SMTPD_CHECK_RCPT_RETURN(err); /* - * Initialize. + * More initialization. */ status = setjmp(smtpd_check_buf); if (status != 0) - return (0); + SMTPD_CHECK_RCPT_RETURN(0); /* - * Apply restrictions in the order as specified. Minor kluge so that we - * can delegate work to the generic routine. + * Apply restrictions in the order as specified. */ - state->recipient = mystrdup(recipient); for (cpp = rcpt_restrctions->argv; (name = *cpp) != 0; cpp++) { if (strchr(name, ':') != 0) { status = check_mail_access(state, name, recipient, @@ -1482,9 +1500,7 @@ char *smtpd_check_rcpt(SMTPD_STATE *state, char *recipient) if (status != 0) break; } - myfree(state->recipient); - state->recipient = saved_recipient; - return (status == SMTPD_CHECK_REJECT ? STR(error_text) : 0); + SMTPD_CHECK_RCPT_RETURN(status == SMTPD_CHECK_REJECT ? STR(error_text) : 0); } /* smtpd_check_etrn - validate ETRN request */ @@ -1507,6 +1523,8 @@ char *smtpd_check_etrn(SMTPD_STATE *state, char *domain) /* * Initialize. */ + if (domain == 0) + return (0); status = setjmp(smtpd_check_buf); if (status != 0) return (0); diff --git a/postfix/smtpd/smtpd_check.ref b/postfix/smtpd/smtpd_check.ref index c6c6eec83..febc154f1 100644 --- a/postfix/smtpd/smtpd_check.ref +++ b/postfix/smtpd/smtpd_check.ref @@ -15,22 +15,22 @@ OK >>> client_restrictions permit_mynetworks,reject_unknown_client,hash:./smtpd_check_access OK >>> client unknown 131.155.210.17 -./smtpd_check: : reject: CONNECT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] +./smtpd_check: reject: CONNECT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK >>> client random.bad.domain 123.123.123.123 -./smtpd_check: : reject: CONNECT from random.bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain +./smtpd_check: reject: CONNECT from random.bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain 554 : Client host rejected: match bad.domain >>> client friend.bad.domain 123.123.123.123 OK >>> client bad.domain 123.123.123.123 -./smtpd_check: : reject: CONNECT from bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain +./smtpd_check: reject: CONNECT from bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain 554 : Client host rejected: match bad.domain >>> client wzv.win.tue.nl 131.155.210.17 OK >>> client aa.win.tue.nl 131.155.210.18 -./smtpd_check: : reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 : Client host rejected: match 131.155.210 +./smtpd_check: reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 : Client host rejected: match 131.155.210 554 : Client host rejected: match 131.155.210 >>> client_restrictions permit_mynetworks OK @@ -42,22 +42,22 @@ OK >>> client unknown 131.155.210.17 OK >>> helo foo. -./smtpd_check: : reject: HELO from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] +./smtpd_check: reject: HELO from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client foo 123.123.123.123 OK >>> helo foo. -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found +./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found 450 : Helo command rejected: Host not found >>> helo foo -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found +./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found 450 : Helo command rejected: Host not found >>> helo spike.porcupine.org OK >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access OK >>> helo random.bad.domain -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 : Helo command rejected: match bad.domain +./smtpd_check: reject: HELO from foo[123.123.123.123]: 554 : Helo command rejected: match bad.domain 554 : Helo command rejected: match bad.domain >>> helo friend.bad.domain OK @@ -65,7 +65,7 @@ OK OK >>> helo 123.123.123.123 ./smtpd_check: warning: valid_hostname: numeric hostname: 123.123.123.123 -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 <123.123.123.123>: Helo command rejected: Host not found +./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 <123.123.123.123>: Helo command rejected: Host not found 450 <123.123.123.123>: Helo command rejected: Host not found >>> helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname OK @@ -79,8 +79,7 @@ OK >>> client unknown 131.155.210.17 OK >>> mail foo@watson.ibm.com -./smtpd_check: : reject: MAIL from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] -./smtpd_check: : reject: MAIL from unknown[131.155.210.17]: from= +./smtpd_check: reject: MAIL from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17]; from= 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK @@ -95,36 +94,29 @@ OK >>> mail foo@watson.ibm.com OK >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 450 : Sender address rejected: Domain not found -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 450 : Sender address rejected: Domain not found; from= 450 : Sender address rejected: Domain not found >>> sender_restrictions hash:./smtpd_check_access OK >>> mail bad-sender@any.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@ -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@; from= 554 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail Reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@Bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK @@ -136,8 +128,7 @@ OK >>> client unknown 131.155.210.17 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: : reject: RCPT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] -./smtpd_check: : reject: RCPT from unknown[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17]; from= to= 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK @@ -146,8 +137,7 @@ OK >>> client foo 123.123.123.123 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: : reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied -./smtpd_check: : reject: RCPT from foo[123.123.123.123]: from= to= +./smtpd_check: reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied; from= to= 554 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org OK @@ -162,30 +152,25 @@ OK >>> client foo 123.123.123.123 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: : reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied -./smtpd_check: : reject: RCPT from foo[123.123.123.123]: from= to= +./smtpd_check: reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied; from= to= 554 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org OK >>> recipient_restrictions hash:./smtpd_check_access OK >>> mail bad-sender@any.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@ -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@; from= 554 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK @@ -197,8 +182,7 @@ OK >>> client spike.porcupine.org 168.100.189.2 OK >>> client foo 127.0.0.2 -./smtpd_check: : reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com -./smtpd_check: : reject: CONNECT from foo[127.0.0.2]: from= +./smtpd_check: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com; from= 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com >>> # >>> # Hybrids @@ -208,8 +192,7 @@ OK >>> client foo 131.155.210.17 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 : Recipient address rejected: Relay access denied -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Recipient address rejected: Relay access denied; from= to= 554 : Recipient address rejected: Relay access denied >>> recipient_restrictions check_client_access,hash:./smtpd_check_access,check_relay_domains OK @@ -222,12 +205,10 @@ OK >>> recipient_restrictions check_helo_access,hash:./smtpd_check_access,check_relay_domains OK >>> helo bad.domain -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain; from= 554 : Helo command rejected: match bad.domain >>> rcpt foo@porcupine.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain; from= to= 554 : Helo command rejected: match bad.domain >>> helo 131.155.210.17 ./smtpd_check: warning: valid_hostname: numeric hostname: 131.155.210.17 @@ -237,12 +218,10 @@ OK >>> recipient_restrictions check_sender_access,hash:./smtpd_check_access,check_relay_domains OK >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[131.155.210.17]: from= +./smtpd_check: reject: MAIL from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> rcpt foo@porcupine.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain; from= to= 554 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK @@ -260,8 +239,7 @@ OK >>> rcpt wietse@wzv.win.tue.nl OK >>> rcpt wietse@trouble.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 : Recipient address rejected: Access denied -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Recipient address rejected: Access denied; from= to= 554 : Recipient address rejected: Access denied >>> rcpt wietse@porcupine.org OK @@ -281,16 +259,14 @@ OK >>> mail foo@good.domain OK >>> rcpt foo@porcupine.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Helo command rejected: match bad.domain; from= to= 554 : Helo command rejected: match bad.domain >>> helo good.domain OK >>> mail foo@bad.domain OK >>> rcpt foo@porcupine.org -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from foo[131.155.210.17]: 554 : Sender address rejected: match bad.domain; from= to= 554 : Sender address rejected: match bad.domain >>> # >>> # FQDN restrictions @@ -306,32 +282,27 @@ OK >>> helo foo.bar OK >>> helo foo -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 504 : Helo command rejected: need fully-qualified hostname -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 504 : Helo command rejected: need fully-qualified hostname; from= 504 : Helo command rejected: need fully-qualified hostname >>> mail foo@foo.bar. OK >>> mail foo@foo.bar OK >>> mail foo@foo -./smtpd_check: : reject: MAIL from foo[131.155.210.17]: 504 : Sender address rejected: need fully-qualified address -./smtpd_check: : reject: MAIL from foo[131.155.210.17]: from= +./smtpd_check: reject: MAIL from foo[131.155.210.17]: 504 : Sender address rejected: need fully-qualified address; from= 504 : Sender address rejected: need fully-qualified address >>> mail foo -./smtpd_check: : reject: MAIL from foo[131.155.210.17]: 504 : Sender address rejected: need fully-qualified address -./smtpd_check: : reject: MAIL from foo[131.155.210.17]: from= +./smtpd_check: reject: MAIL from foo[131.155.210.17]: 504 : Sender address rejected: need fully-qualified address; from= 504 : Sender address rejected: need fully-qualified address >>> rcpt foo@foo.bar. OK >>> rcpt foo@foo.bar OK >>> rcpt foo@foo -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 504 : Recipient address rejected: need fully-qualified address -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from foo[131.155.210.17]: 504 : Recipient address rejected: need fully-qualified address; from= to= 504 : Recipient address rejected: need fully-qualified address >>> rcpt foo -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: 504 : Recipient address rejected: need fully-qualified address -./smtpd_check: : reject: RCPT from foo[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from foo[131.155.210.17]: 504 : Recipient address rejected: need fully-qualified address; from= to= 504 : Recipient address rejected: need fully-qualified address >>> # >>> # Numerical HELO checks @@ -346,50 +317,42 @@ OK >>> helo [321.255.255.255] ./smtpd_check: reject_invalid_hostaddr: [321.255.255.255] ./smtpd_check: warning: valid_hostaddr: invalid octet value: 321.255.255.255 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <[321.255.255.255]>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[321.255.255.255]>: Helo command rejected: invalid ip address; from= 501 <[321.255.255.255]>: Helo command rejected: invalid ip address >>> helo [0.255.255.255] ./smtpd_check: reject_invalid_hostaddr: [0.255.255.255] ./smtpd_check: warning: valid_hostaddr: bad initial octet value: 0.255.255.255 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <[0.255.255.255]>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[0.255.255.255]>: Helo command rejected: invalid ip address; from= 501 <[0.255.255.255]>: Helo command rejected: invalid ip address >>> helo [1.2.3.321] ./smtpd_check: reject_invalid_hostaddr: [1.2.3.321] ./smtpd_check: warning: valid_hostaddr: invalid octet value: 1.2.3.321 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.321]>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.321]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.321]>: Helo command rejected: invalid ip address >>> helo [1.2.3] ./smtpd_check: reject_invalid_hostaddr: [1.2.3] ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <[1.2.3]>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3]>: Helo command rejected: invalid ip address >>> helo [1.2.3.4.5] ./smtpd_check: reject_invalid_hostaddr: [1.2.3.4.5] ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3.4.5 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.4.5]>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.4.5]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.4.5]>: Helo command rejected: invalid ip address >>> helo [1..2.3.4] ./smtpd_check: reject_invalid_hostaddr: [1..2.3.4] ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1..2.3.4 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <[1..2.3.4]>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1..2.3.4]>: Helo command rejected: invalid ip address; from= 501 <[1..2.3.4]>: Helo command rejected: invalid ip address >>> helo [.1.2.3.4] ./smtpd_check: reject_invalid_hostaddr: [.1.2.3.4] ./smtpd_check: warning: valid_hostaddr: misplaced dot: .1.2.3.4 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <[.1.2.3.4]>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[.1.2.3.4]>: Helo command rejected: invalid ip address; from= 501 <[.1.2.3.4]>: Helo command rejected: invalid ip address >>> helo [1.2.3.4.5.] ./smtpd_check: reject_invalid_hostaddr: [1.2.3.4.5.] ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1.2.3.4.5. -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address; from= 501 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address >>> helo 1.2.3.4 ./smtpd_check: reject_invalid_hostaddr: 1.2.3.4 @@ -397,48 +360,40 @@ OK >>> helo 321.255.255.255 ./smtpd_check: reject_invalid_hostaddr: 321.255.255.255 ./smtpd_check: warning: valid_hostaddr: invalid octet value: 321.255.255.255 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <321.255.255.255>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <321.255.255.255>: Helo command rejected: invalid ip address; from= 501 <321.255.255.255>: Helo command rejected: invalid ip address >>> helo 0.255.255.255 ./smtpd_check: reject_invalid_hostaddr: 0.255.255.255 ./smtpd_check: warning: valid_hostaddr: bad initial octet value: 0.255.255.255 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <0.255.255.255>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <0.255.255.255>: Helo command rejected: invalid ip address; from= 501 <0.255.255.255>: Helo command rejected: invalid ip address >>> helo 1.2.3.321 ./smtpd_check: reject_invalid_hostaddr: 1.2.3.321 ./smtpd_check: warning: valid_hostaddr: invalid octet value: 1.2.3.321 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <1.2.3.321>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.321>: Helo command rejected: invalid ip address; from= 501 <1.2.3.321>: Helo command rejected: invalid ip address >>> helo 1.2.3 ./smtpd_check: reject_invalid_hostaddr: 1.2.3 ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <1.2.3>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3>: Helo command rejected: invalid ip address; from= 501 <1.2.3>: Helo command rejected: invalid ip address >>> helo 1.2.3.4.5 ./smtpd_check: reject_invalid_hostaddr: 1.2.3.4.5 ./smtpd_check: warning: valid_hostaddr: invalid octet count: 1.2.3.4.5 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <1.2.3.4.5>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.4.5>: Helo command rejected: invalid ip address; from= 501 <1.2.3.4.5>: Helo command rejected: invalid ip address >>> helo 1..2.3.4 ./smtpd_check: reject_invalid_hostaddr: 1..2.3.4 ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1..2.3.4 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <1..2.3.4>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1..2.3.4>: Helo command rejected: invalid ip address; from= 501 <1..2.3.4>: Helo command rejected: invalid ip address >>> helo .1.2.3.4 ./smtpd_check: reject_invalid_hostaddr: .1.2.3.4 ./smtpd_check: warning: valid_hostaddr: misplaced dot: .1.2.3.4 -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <.1.2.3.4>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <.1.2.3.4>: Helo command rejected: invalid ip address; from= 501 <.1.2.3.4>: Helo command rejected: invalid ip address >>> helo 1.2.3.4.5. ./smtpd_check: reject_invalid_hostaddr: 1.2.3.4.5. ./smtpd_check: warning: valid_hostaddr: misplaced dot: 1.2.3.4.5. -./smtpd_check: : reject: HELO from foo[131.155.210.17]: 501 <1.2.3.4.5.>: Helo command rejected: invalid ip address -./smtpd_check: : reject: HELO from foo[131.155.210.17]: from= +./smtpd_check: reject: HELO from foo[131.155.210.17]: 501 <1.2.3.4.5.>: Helo command rejected: invalid ip address; from= 501 <1.2.3.4.5.>: Helo command rejected: invalid ip address diff --git a/postfix/smtpd/smtpd_check.ref2 b/postfix/smtpd/smtpd_check.ref2 index a396d7329..f6cb0c849 100644 --- a/postfix/smtpd/smtpd_check.ref2 +++ b/postfix/smtpd/smtpd_check.ref2 @@ -15,22 +15,22 @@ OK >>> client_restrictions permit_mynetworks,reject_unknown_client,check_client_access,hash:./smtpd_check_access OK >>> client unknown 131.155.210.17 -./smtpd_check: : reject: CONNECT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] +./smtpd_check: reject: CONNECT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK >>> client random.bad.domain 123.123.123.123 -./smtpd_check: : reject: CONNECT from random.bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain +./smtpd_check: reject: CONNECT from random.bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain 554 : Client host rejected: match bad.domain >>> client friend.bad.domain 123.123.123.123 OK >>> client bad.domain 123.123.123.123 -./smtpd_check: : reject: CONNECT from bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain +./smtpd_check: reject: CONNECT from bad.domain[123.123.123.123]: 554 : Client host rejected: match bad.domain 554 : Client host rejected: match bad.domain >>> client wzv.win.tue.nl 131.155.210.17 OK >>> client aa.win.tue.nl 131.155.210.18 -./smtpd_check: : reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 : Client host rejected: match 131.155.210 +./smtpd_check: reject: CONNECT from aa.win.tue.nl[131.155.210.18]: 554 : Client host rejected: match 131.155.210 554 : Client host rejected: match 131.155.210 >>> client_restrictions permit_mynetworks OK @@ -42,22 +42,22 @@ OK >>> client unknown 131.155.210.17 OK >>> helo foo. -./smtpd_check: : reject: HELO from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] +./smtpd_check: reject: HELO from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client foo 123.123.123.123 OK >>> helo foo. -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found +./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found 450 : Helo command rejected: Host not found >>> helo foo -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found +./smtpd_check: reject: HELO from foo[123.123.123.123]: 450 : Helo command rejected: Host not found 450 : Helo command rejected: Host not found >>> helo spike.porcupine.org OK >>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,check_helo_access,hash:./smtpd_check_access OK >>> helo random.bad.domain -./smtpd_check: : reject: HELO from foo[123.123.123.123]: 554 : Helo command rejected: match bad.domain +./smtpd_check: reject: HELO from foo[123.123.123.123]: 554 : Helo command rejected: match bad.domain 554 : Helo command rejected: match bad.domain >>> helo friend.bad.domain OK @@ -69,8 +69,7 @@ OK >>> client unknown 131.155.210.17 OK >>> mail foo@watson.ibm.com -./smtpd_check: : reject: MAIL from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] -./smtpd_check: : reject: MAIL from unknown[131.155.210.17]: from= +./smtpd_check: reject: MAIL from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17]; from= 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK @@ -85,36 +84,29 @@ OK >>> mail foo@watson.ibm.com OK >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 450 : Sender address rejected: Domain not found -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 450 : Sender address rejected: Domain not found; from= 450 : Sender address rejected: Domain not found >>> sender_restrictions check_sender_access,hash:./smtpd_check_access OK >>> mail bad-sender@any.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@ -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@; from= 554 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail Reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@Bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK @@ -126,8 +118,7 @@ OK >>> client unknown 131.155.210.17 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: : reject: RCPT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17] -./smtpd_check: : reject: RCPT from unknown[131.155.210.17]: from= to= +./smtpd_check: reject: RCPT from unknown[131.155.210.17]: 450 Client host rejected: cannot find your hostname, [131.155.210.17]; from= to= 450 Client host rejected: cannot find your hostname, [131.155.210.17] >>> client unknown 168.100.189.13 OK @@ -136,8 +127,7 @@ OK >>> client foo 123.123.123.123 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: : reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied -./smtpd_check: : reject: RCPT from foo[123.123.123.123]: from= to= +./smtpd_check: reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied; from= to= 554 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org OK @@ -152,30 +142,25 @@ OK >>> client foo 123.123.123.123 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: : reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied -./smtpd_check: : reject: RCPT from foo[123.123.123.123]: from= to= +./smtpd_check: reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied; from= to= 554 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org OK >>> recipient_restrictions check_recipient_access,hash:./smtpd_check_access OK >>> mail bad-sender@any.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@ -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad-sender@; from= 554 : Sender address rejected: match bad-sender@ >>> mail bad-sender@good.domain OK >>> mail reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match reject@this.address; from= 554 : Sender address rejected: match reject@this.address >>> mail foo@bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@random.bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain -./smtpd_check: : reject: MAIL from foo[123.123.123.123]: from= +./smtpd_check: reject: MAIL from foo[123.123.123.123]: 554 : Sender address rejected: match bad.domain; from= 554 : Sender address rejected: match bad.domain >>> mail foo@friend.bad.domain OK @@ -187,8 +172,7 @@ OK >>> client spike.porcupine.org 168.100.189.2 OK >>> client foo 127.0.0.2 -./smtpd_check: : reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com -./smtpd_check: : reject: CONNECT from foo[127.0.0.2]: from= +./smtpd_check: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com; from= 554 Service unavailable; [127.0.0.2] blocked using rbl.maps.vix.com >>> # >>> # unknown sender/recipient domain @@ -202,12 +186,10 @@ OK >>> rcpt wietse@porcupine.org OK >>> rcpt wietse@no.recipient.domain -./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 554 : Recipient address rejected: Domain not found -./smtpd_check: : reject: RCPT from foo[127.0.0.2]: from= to= +./smtpd_check: reject: RCPT from foo[127.0.0.2]: 554 : Recipient address rejected: Domain not found; from= to= 554 : Recipient address rejected: Domain not found >>> mail wietse@no.sender.domain OK >>> rcpt wietse@porcupine.org -./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 554 : Sender address rejected: Domain not found -./smtpd_check: : reject: RCPT from foo[127.0.0.2]: from= to= +./smtpd_check: reject: RCPT from foo[127.0.0.2]: 554 : Sender address rejected: Domain not found; from= to= 554 : Sender address rejected: Domain not found diff --git a/postfix/util/dict.h b/postfix/util/dict.h index 6dd6c9d71..3ec4e93fe 100644 --- a/postfix/util/dict.h +++ b/postfix/util/dict.h @@ -20,7 +20,6 @@ * Utility library. */ #include -#include /* * Generic dictionary interface - in reality, a dictionary extends this diff --git a/postfix/util/dict_db.c b/postfix/util/dict_db.c index 60e86fe0b..e96e8820c 100644 --- a/postfix/util/dict_db.c +++ b/postfix/util/dict_db.c @@ -331,8 +331,6 @@ static int dict_db_sequence(DICT *dict, const int function, return status; } - - /* dict_db_close - close data base */ static void dict_db_close(DICT *dict) diff --git a/postfix/util/dict_ldap.c b/postfix/util/dict_ldap.c index d241a4992..52185d274 100644 --- a/postfix/util/dict_ldap.c +++ b/postfix/util/dict_ldap.c @@ -329,7 +329,7 @@ DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags) dict_ldap->server_host = mystrdup((char *) get_mail_conf_str(vstring_str(config_param), - "localhost", 0, 0)); + "localhost", 0, 0)); if (msg_verbose) msg_info("%s: %s is %s", myname, vstring_str(config_param), dict_ldap->server_host); @@ -370,7 +370,7 @@ DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags) vstring_sprintf(config_param, "%s_result_attribute", ldapsource); dict_ldap->result_attribute = mystrdup((char *) get_mail_conf_str(vstring_str(config_param), - "maildrop", 0, 0)); + "maildrop", 0, 0)); if (msg_verbose) msg_info("%s: %s is %s", myname, vstring_str(config_param), dict_ldap->result_attribute); diff --git a/postfix/util/dict_pcre.c b/postfix/util/dict_pcre.c index 2d0be6b7a..98ba78a10 100644 --- a/postfix/util/dict_pcre.c +++ b/postfix/util/dict_pcre.c @@ -121,14 +121,18 @@ static int dict_pcre_action(int type, VSTRING *buf, char *ptr) if (ret < 0) { if (ret == PCRE_ERROR_NOSUBSTRING) msg_fatal("regexp %s, line %d: replace index out of range", - ctxt->dict_name, ctxt->lineno); + ctxt->dict_name, ctxt->lineno); else msg_fatal("regexp %s, line %d: pcre_get_substring error: %d", - ctxt->dict_name, ctxt->lineno, ret); + ctxt->dict_name, ctxt->lineno, ret); } - if (*pp == 0) + if (*pp == 0) { + myfree((char *) pp); return (MAC_PARSE_UNDEF); + } vstring_strcat(ctxt->buf, pp); + myfree((char *) pp); + return (0); } else /* Straight text - duplicate with no substitution */ vstring_strcat(ctxt->buf, vstring_str(buf)); @@ -226,6 +230,7 @@ static void dict_pcre_close(DICT *dict) if (pcre_list->replace) myfree((char *) pcre_list->replace); } + myfree(dict_pcre->map); myfree((char *) dict_pcre); } diff --git a/postfix/util/hattr.c b/postfix/util/hattr.c deleted file mode 100644 index 70cd423cf..000000000 --- a/postfix/util/hattr.c +++ /dev/null @@ -1,89 +0,0 @@ -/* mac_expand_update_va - update engine */ - -static MAC_EXP *mac_expand_update_va(MAC_EXP *mc, int key, va_list ap) -{ - HTABLE_INFO **ht_info; - HTABLE_INFO **ht; - HTABLE *table; - char *name; - char *value; - -#define HTABLE_CLOBBER(t, n, v) do { \ - HTABLE_INFO *_ht; \ - if ((_ht = htable_locate(t, n)) != 0) \ - _ht->value = v; \ - else \ - htable_enter(t, n, v); \ - } while(0); - - /* - * Optionally create expansion context. - */ - if (mc == 0) { - mc = (MAC_EXP *) mymalloc(sizeof(*mc)); - mc->table = htable_create(0); - mc->result = 0; - mc->flags = 0; - mc->filter = 0; - mc->clobber = '_'; - mc->level = 0; - } - - /* - * Stash away the attributes. - */ - for ( /* void */ ; key != 0; key = va_arg(ap, int)) { - switch (key) { - case MAC_EXP_ARG_ATTR: - name = va_arg(ap, char *); - value = va_arg(ap, char *); - HTABLE_CLOBBER(mc->table, name, value); - break; - case MAC_EXP_ARG_TABLE: - table = va_arg(ap, HTABLE *); - ht_info = htable_list(table); - for (ht = ht_info; *ht; ht++) - HTABLE_CLOBBER(mc->table, ht[0]->key, ht[0]->value); - myfree((char *) ht_info); - break; - case MAC_EXP_ARG_FILTER: - mc->filter = va_arg(ap, char *); - break; - case MAC_EXP_ARG_CLOBBER: - mc->clobber = va_arg(ap, int); - break; - } - } - return (mc); -} - -/* mac_expand_update - update or create macro expansion context */ - -MAC_EXP *mac_expand_update(MAC_EXP *mc, int key,...) -{ - va_list ap; - - va_start(ap, key); - mc = mac_expand_update(mc, key, ap); - va_end(ap); - return (mc); -} - -/* .IP key -/* The attribute information is specified as a null-terminated list. -/* Attributes are defined left to right; only the last definition -/* of an attribute is remembered. -/* The following keys are understood (types of arguments indicated -/* in parentheses): -/* .RS -/* .IP "MAC_EXP_ARG_ATTR (char *, char *)" -/* The next two arguments specify an attribute name and its attribute -/* string value. Specify a null string value for an attribute that is -/* known but unset. Attribute string values are not copied. -/* .IP "MAC_EXP_ARG_TABLE (HTABLE *)" -/* The next argument is a hash table with attribute names and values. -/* Specify a null string value for an attribute that is known but unset. -/* Attribute string values are not copied. -/* .RE -/* .IP MAC_EXP_ARG_END -/* A manifest constant that indicates the end of the argument list. diff --git a/postfix/util/mac_expand.ref b/postfix/util/mac_expand.ref index 08e1d87ea..d76d3877a 100644 --- a/postfix/util/mac_expand.ref +++ b/postfix/util/mac_expand.ref @@ -13,7 +13,7 @@ stat=2 result=name 2 undefined, |name1-value|| stat=2 result=|name1-value|| << $(name1 unknown: warning: truncated macro reference: "$(name1" -stat=1 result=name1-value +stat=1 result= << $(name ) unknown: warning: macro name syntax error: "name " stat=1 result= diff --git a/postfix/util/mac_parse.c b/postfix/util/mac_parse.c index de655c579..9bb07902f 100644 --- a/postfix/util/mac_parse.c +++ b/postfix/util/mac_parse.c @@ -122,6 +122,8 @@ int mac_parse(const char *value, MAC_PARSE_FN action, char *context) if (*ep == close_paren[pp - open_paren]) level--; } + if (status & MAC_PARSE_ERROR) + break; vstring_strncat(buf, vp, level > 0 ? ep - vp : ep - vp - 1); vp = ep; } else { /* plain $x */