From: Wietse Venema Date: Sun, 30 Dec 2001 05:00:00 +0000 (-0500) Subject: snapshot-20011230 X-Git-Tag: v1.1.0~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c06b690165fd2ea79acbb04a3e27a4615b3e267;p=thirdparty%2Fpostfix.git snapshot-20011230 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index c598f3926..9cf5f1d44 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -5850,8 +5850,38 @@ Apologies for any names omitted. Distant derivative of code by Michael Tokarev. File: smtpd/smtpd.c. +20011228 + + Bugfix: a readlline() error message showed less text than + intended. Christian von Roques. + + Cleanup: postfix now installs with group-writable maildrop + directory and with a set-gid postdrop mail submission + command. The pickup service is now unprivileged. The + world-writable maildrop directory no longer exists. + + The cleanup service is now public, in preparation for local + sendmail/postdrop mail submission that avoids the maildrop + queue directory while Postfix is up. + + Cleanup: moved the main.cf/master.cf file editing from the + postfix-script file to the INSTALL.sh file. + + Cleanup: INSTALL.sh no longer accepts "no" as the destination + of Postfix manual pages. + +20011230 + + Cleanup: the code for "mailq", "sendmail -q", and for + "sendmail -qRsite" was moved from the sendmail command to + a new set-gid postqueue command. The pickup and qmgr FIFOs + are no longer world writable. + Open problems: + Low: don't do user@domain and @domain lookups in + local_recipient_maps queries. + Low: after reorganizing configuration parameters, add flags to all parameters whose value can be read from file. diff --git a/postfix/INSTALL b/postfix/INSTALL index 8c5419b22..301d288cd 100644 --- a/postfix/INSTALL +++ b/postfix/INSTALL @@ -197,10 +197,11 @@ programs may be in a different place): In order to install or upgrade Postfix: -- Create a user "postfix" with a unique user id and group id. - Preferably, this is an account that no-one can log into. The - account does not need an executable login shell, and needs no - existing home directory. My password file entry looks like this: +- Create a user account "postfix" with a user id and group id that + are not used by any other user account. Preferably, this is an + account that no-one can log into. The account does not need an + executable login shell, and needs no existing home directory. + My password file entry looks like this: postfix:*:12345:12345:postfix:/no/where:/no/shell @@ -208,8 +209,14 @@ In order to install or upgrade Postfix: postfix: root -- Review section 12 of this file, and decide if a world-writable - maildrop is OK, or if Postfix needs a set-gid posting agent. +- Create a group "postdrop" with a group id that is not used by + any other user account. Not even by the postfix user account. + My group file entry looks like: + + postdrop:*:54321: + + NB: this group was optional with older Postfix releases; it is + now required. - Run the INSTALL.sh script as the super-user: @@ -245,8 +252,8 @@ to change your existing sendmail setup. Instead, set up your mail user agent so that it calls the Postfix sendmail program directly. Follow the instructions in the "Mandatory configuration file edits" -in section 10, review the "To chroot or not to chroot" text in -section 11, and choose a security model according to section 12. +in section 10, and review the "To chroot or not to chroot" text in +section 11. You MUST comment out the `smtp inet' entry in /etc/postfix/master.cf, in order to avoid conflicts with the real sendmail. @@ -294,8 +301,8 @@ In the /etc/postfix/main.cf file, I would specify mydestination = $myhostname Follow the instructions in the "Mandatory configuration file edits" -in section 10, review the "To chroot or not to chroot" text in -section 11, and choose a security model according to section 12. +in section 10, and review the "To chroot or not to chroot" text in +section 11. Start the mail system: @@ -473,52 +480,7 @@ files or device nodes. The examples/chroot-setup directory has a collection of scripts that help you set up chroot environments for Postfix systems. -12 - Security: writable versus protected maildrop directory -=========================================================== - -Postfix offers a choice of submission mechanisms. - -1 - Postfix can use a world-writable, sticky, mode 1733 maildrop - directory where local users can submit mail. This approach - avoids the need for set-uid or set-gid software. Mail can be - posted even while the mail system is down. Queue files in the - maildrop directory have no read/write/execute permission for - other users. The maildrop directory is not used for mail - received via the network. - - With directory world write permission come opportunities for - annoyance: a local user can make hard links to someone else's - maildrop files so they don't go away and may be delivered - multiple times; a local user can fill the maildrop directory - with junk and try to crash the mail system; and a local user - can hard link someone else's files into the maildrop directory - and try to have them delivered as mail. However, Postfix queue - files have a specific format; less than one in 10^12 non-Postfix - files would be recognized as a valid Postfix queue file. - - In order to enable maildrop world-write permission: - - - Specify "no" when asked by the INSTALL.sh script whether - Postfix needs set-gid privileges. - -2 - On systems with many users it may be desirable to revoke maildrop - directory world write permission, and to enable set-gid privileges - on a small "maildrop" command that is provided for this purpose. - - In order to revoke maildrop world-write permission: - - - Create a group "maildrop" that is unique and that does not - share its group ID with any other user, certainly not with - the postfix account, - - - Specify "maildrop" when asked by the INSTALL.sh script whether - Postfix needs set-gid privileges. - - The sendmail posting program will automatically invoke the - postdrop command when maildrop directory write permission is - restricted. - -13 - Care and feeding of the Postfix system +12 - Care and feeding of the Postfix system =========================================== The Postfix programs log all problems to the syslog daemon. The diff --git a/postfix/INSTALL.sh b/postfix/INSTALL.sh index 93e11aa64..0470d728c 100644 --- a/postfix/INSTALL.sh +++ b/postfix/INSTALL.sh @@ -34,9 +34,10 @@ only once. All definitions have a reasonable default value. newaliases_path - full pathname of the Postfix newaliases command. mailq_path - full pathname of the Postfix mailq command. - mail_owner - owner of Postfix queue files. + mail_owner - Postfix queue account (with unique user/group id numbers). + + setgid - group for submission (with a unique group id number). - setgid - groupname, e.g., postdrop (default: no). See INSTALL section 12. manpages - "no" or path to man tree. Example: /usr/local/man. EOF @@ -120,7 +121,7 @@ fi : ${newaliases_path=/usr/bin/newaliases} : ${mailq_path=/usr/bin/mailq} : ${mail_owner=postfix} -: ${setgid=no} +: ${setgid=postdrop} : ${manpages=/usr/local/man} # Find out the location of configuration files. @@ -203,7 +204,6 @@ for path in $daemon_directory $command_directory \ do case $path in /*) ;; - no) ;; *) echo Error: $path should be an absolute path name. 1>&2; exit 1;; esac done @@ -227,14 +227,11 @@ chown "$mail_owner" $tempdir/junk >/dev/null 2>&1 || { exit 1 } -case $setgid in -no) ;; - *) chgrp "$setgid" $tempdir/junk >/dev/null 2>&1 || { - echo Error: $setgid needs an entry in the group file. 1>&2 - echo Remember, $setgid must have a dedicated group id. 1>&2 - exit 1 - } -esac +chgrp "$setgid" $tempdir/junk >/dev/null 2>&1 || { + echo Error: $setgid needs an entry in the group file. 1>&2 + echo Remember, $setgid must have a dedicated group id. 1>&2 + exit 1 +} rm -f $tempdir/junk @@ -308,52 +305,100 @@ done) >$tempdir/junk || exit 1 compare_or_move a+x,go-w $tempdir/junk $CONFIG_DIRECTORY/install.cf || exit 1 rm -f $tempdir/junk -# Use set-gid privileges instead of writable maildrop (optional). +compare_or_replace a+x,go-w conf/postfix-script $CONFIG_DIRECTORY/postfix-script || + exit 1 -test -d $QUEUE_DIRECTORY/maildrop || { - mkdir -p $QUEUE_DIRECTORY/maildrop || exit 1 - chown $mail_owner $QUEUE_DIRECTORY/maildrop || exit 1 -} +# Install manual pages. -case $setgid in -no) - chmod 1733 $QUEUE_DIRECTORY/maildrop || exit 1 - chmod g-s $COMMAND_DIRECTORY/postdrop || exit 1 - postfix_script=conf/postfix-script-nosgid - ;; - *) - chgrp $setgid $COMMAND_DIRECTORY/postdrop || exit 1 - chmod g+s $COMMAND_DIRECTORY/postdrop || exit 1 - chgrp $setgid $QUEUE_DIRECTORY/maildrop || exit 1 - chmod 1730 $QUEUE_DIRECTORY/maildrop || exit 1 - postfix_script=conf/postfix-script-sgid - ;; -esac +(cd man || exit 1 +for dir in man? + do test -d $MANPAGES/$dir || mkdir -p $MANPAGES/$dir || exit 1 +done +for file in `censored_ls man?/*` +do + (test -f $MANPAGES/$file && cmp -s $file $MANPAGES/$file && + echo Skipping $MANPAGES/$file...) || { + echo Updating $MANPAGES/$file... + rm -f $MANPAGES/$file + cp $file $MANPAGES/$file || exit 1 + chmod 644 $MANPAGES/$file || exit 1 + } +done) -compare_or_replace a+x,go-w $postfix_script $CONFIG_DIRECTORY/postfix-script || - exit 1 +# Use set-gid/group privileges for restricted access. -# Install manual pages (optional). - -case $manpages in -no) ;; - *) ( - cd man || exit 1 - for dir in man? - do test -d $MANPAGES/$dir || mkdir -p $MANPAGES/$dir || exit 1 - done - for file in `censored_ls man?/*` - do - (test -f $MANPAGES/$file && cmp -s $file $MANPAGES/$file && - echo Skipping $MANPAGES/$file...) || { - echo Updating $MANPAGES/$file... - rm -f $MANPAGES/$file - cp $file $MANPAGES/$file || exit 1 - chmod 644 $MANPAGES/$file || exit 1 - } - done - ) -esac +for directory in maildrop +do + test -d $QUEUE_DIRECTORY/$directory || { + mkdir -p $QUEUE_DIRECTORY/$directory || exit 1 + chown $mail_owner $QUEUE_DIRECTORY/$directory || exit 1 + } + # Fix group if upgrading from world-writable maildrop. + chgrp $setgid $QUEUE_DIRECTORY/$directory || exit 1 + chmod 730 $QUEUE_DIRECTORY/$directory || exit 1 +done + +for directory in public +do + test -d $QUEUE_DIRECTORY/$directory || { + mkdir -p $QUEUE_DIRECTORY/$directory || exit 1 + chown $mail_owner $QUEUE_DIRECTORY/$directory || exit 1 + } + # Fix group if upgrading from world-accessible directory. + chgrp $setgid $QUEUE_DIRECTORY/$directory || exit 1 + chmod 710 $QUEUE_DIRECTORY/$directory || exit 1 +done + +for directory in pid +do + test -d $QUEUE_DIRECTORY/$directory && { + chown root $QUEUE_DIRECTORY/$directory || exit 1 + } +done + +chgrp $setgid $COMMAND_DIRECTORY/postdrop $COMMAND_DIRECTORY/postqueue || exit 1 +chmod g+s $COMMAND_DIRECTORY/postdrop $COMMAND_DIRECTORY/postqueue || exit 1 + +grep 'flush.*flush' $CONFIG_DIRECTORY/master.cf >/dev/null || { + echo adding missing entry for flush service to master.cf + cat >>$CONFIG_DIRECTORY/master.cf </dev/null && { + echo changing master.cf, making the pickup service unprivileged + ed $CONFIG_DIRECTORY/master.cf </dev/null && { + echo changing master.cf, making the cleanup service public + ed $CONFIG_DIRECTORY/master.cf </dev/null) || missing="$missing active" +(echo "$found" | grep bounce >/dev/null) || missing="$missing bounce" +(echo "$found" | grep defer >/dev/null) || missing="$missing defer" +(echo "$found" | grep flush >/dev/null) || missing="$missing flush" +(echo "$found" | grep incoming>/dev/null)|| missing="$missing incoming" +(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred" +test -n "$missing" && { + echo fixing main.cf hash_queue_names for missing $missing + bin/postconf -c $CONFIG_DIRECTORY -e hash_queue_names="$found$missing" +} test "$need_config" = 1 || exit 0 diff --git a/postfix/Makefile.in b/postfix/Makefile.in index b20bb4cb5..ffe36d4d3 100644 --- a/postfix/Makefile.in +++ b/postfix/Makefile.in @@ -5,8 +5,9 @@ DIRS = src/util src/global src/dns src/master src/postfix src/smtpstone \ src/sendmail src/error src/pickup src/cleanup src/smtpd src/local \ src/lmtp src/trivial-rewrite src/qmgr src/smtp src/bounce src/pipe \ src/showq src/postalias src/postcat src/postconf src/postdrop \ - src/postkick src/postlock src/postlog src/postmap src/postsuper \ - src/nqmgr src/qmqpd src/spawn src/flush src/virtual # proto man html + src/postkick src/postlock src/postlog src/postmap src/postqueue \ + src/postsuper src/nqmgr src/qmqpd src/spawn src/flush src/virtual \ + # proto man html default: update diff --git a/postfix/PCRE_README b/postfix/PCRE_README index 6437686ae..05d458f25 100644 --- a/postfix/PCRE_README +++ b/postfix/PCRE_README @@ -43,6 +43,6 @@ addresses (breaking down user@domain into user@, domain, user, @domain) that is normally done with Postfix access control tables, canonical maps and virtual maps. -As a side effect, pcre maps can only match user@domain strings, so -that regexps cannot be used for local alias database lookups. That -would be a security exposure anyway. +An additional restriction is that regular expression tables cannot +cannot be used for local alias database lookups. That would be a +security exposure anyway. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index b8b2a48b9..c247f9cc5 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,3 +1,28 @@ +Incompatible changes with snapshot-20011230 +=========================================== + +This release modifies the existing master.cf file, making the local +pickup unprivileged, and making the cleanup service "public" (for +future performance improvements of local mail submission). + +Should you have to back out to a previous release, then you have +to edit the master.cf file, making the pickup service "privileged", +and making the cleanup service "private". + +Major changes with snapshot-20011230 +==================================== + +Simplification of the local Postfix security model. + +- The world-writable maildrop directory is gone. Postfix now uses + the set-gid postdrop command for local mail submissions. The + local mail pickup daemon is now an unprivileged process. + +- The world-writable pickup and queue manager FIFOs are gone. + Postfix now uses the new set-gid postqueue command for all the + queue operations that were implemented by the Postfix sendmail + command. + Incompatible changes with snapshot-20011226 =========================================== diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index d4cd4fb35..7ff376a40 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -70,8 +70,8 @@ # ========================================================================== smtp inet n - n - - smtpd #628 inet n - n - - qmqpd -pickup fifo n n n 60 1 pickup -cleanup unix - - n - 0 cleanup +pickup fifo n - n 60 1 pickup +cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 nqmgr rewrite unix - - n - - trivial-rewrite diff --git a/postfix/conf/postfix-script b/postfix/conf/postfix-script old mode 100755 new mode 100644 index 3cc2ef9ff..4ba5e2f33 --- a/postfix/conf/postfix-script +++ b/postfix/conf/postfix-script @@ -1,3 +1,261 @@ #!/bin/sh -echo Please read the SECURITY notes at the end of the INSTALL document 1>&2 +#++ +# NAME +# postfix-script 1 +# SUMMARY +# execute Postfix administrative commands +# SYNOPSIS +# \fBpostfix-script\fR \fIcommand\fR +# DESCRIPTION +# The \fBfBpostfix-script\fR script executes Postfix administrative +# commands in an environtment that is set up by the \fBpostfix\fR(1) +# command. +# SEE ALSO +# master(8) Postfix master program +# postfix(1) Postfix administrative interface +# LICENSE +# .ad +# .fi +# The Secure Mailer license must be distributed with this software. +# AUTHOR(S) +# Wietse Venema +# IBM T.J. Watson Research +# P.O. Box 704 +# Yorktown Heights, NY 10598, USA +#-- + +# Avoid POSIX death due to SIGHUP when some parent process exits. + +trap '' 1 + +case $daemon_directory in +"") echo This script must be run by the postfix command. 1>&2 + echo Do not run directly. 1>&2 + exit 1 +esac + +LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script" +INFO="$LOGGER -p info" +WARN="$LOGGER -p warn" +ERROR="$LOGGER -p error" +FATAL="$LOGGER -p fatal" +PANIC="$LOGGER -p panic" + +umask 022 + +# +# LINUX by default does not synchronously update directories - +# that's dangerous for mail. +# +if [ -f /usr/bin/chattr ] +then + CHATTR="/usr/bin/chattr +S" +else + CHATTR=: +fi + +# +# Can't do much without these in place. +# +cd $command_directory || { + $FATAL no Postfix command directory $command_directory! + exit 1 +} +cd $daemon_directory || { + $FATAL no Postfix daemon directory $daemon_directory! + exit 1 +} +test -f master || { + $FATAL no Postfix master program $daemon_directory/master! + exit 1 +} +cd $config_directory || { + $FATAL no Postfix configuration directory $config_directory! + exit 1 +} +cd $queue_directory || { + $FATAL no Postfix queue directory $queue_directory! + exit 1 +} + +# +# Parse JCL +# +case $1 in + +start_msg) + + echo "Start postfix" + ;; + +stop_msg) + + echo "Stop postfix" + ;; + +start) + + $daemon_directory/master -t 2>/dev/null || { + $FATAL the Postfix mail system is already running + exit 1 + } + $config_directory/postfix-script check || { + $FATAL Postfix integrity check failed! + exit 1 + } + $INFO starting the Postfix mail system + $daemon_directory/master & + ;; + +drain) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO stopping the Postfix mail system + kill -9 `sed 1q pid/master.pid` + ;; + +stop) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO stopping the Postfix mail system + kill `sed 1q pid/master.pid` + ;; + +abort) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO aborting the Postfix mail system + kill `sed 1q pid/master.pid` + ;; + +reload) + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running + exit 1 + } + $INFO refreshing the Postfix mail system + $command_directory/postsuper active || exit 1 + kill -HUP `sed 1q pid/master.pid` + $command_directory/postsuper & + ;; + +flush) + + cd $queue_directory || { + $FATAL no Postfix queue directory $queue_directory! + exit 1 + } + $command_directory/postqueue -f + ;; + +check) + + for dir in $daemon_directory $config_directory $queue_directory + do + ls -lLd $dir | (grep " root " >/dev/null || + $WARN not owned by root: $dir) + done + + find $daemon_directory/* $config_directory/* ! -user root \ + -exec $WARN not owned by root: {} \; + + find $daemon_directory/. $config_directory/. \ + \( -perm -020 -o -perm -002 \) -type f \ + -exec $WARN group or other writable: {} \; + + test -d maildrop || { + $WARN creating missing Postfix maildrop directory + mkdir maildrop || exit 1 + chmod 730 maildrop || exit 1 + chown $mail_owner maildrop || exit 1 + (. $config_directory/install.cf; chgrp $setgid maildrop) + } + test -d pid || { + $WARN creating missing Postfix pid directory + mkdir pid || exit 1 + chmod 755 pid || exit 1 + } + for dir in incoming active bounce defer deferred flush saved corrupt; do + test -d $dir || { + $WARN creating missing Postfix $dir directory + mkdir $dir || exit 1 + chmod 700 $dir || exit 1 + $CHATTR $dir 2>/dev/null + chown $mail_owner $dir || exit 1 + } + done + test -d public || { + $WARN creating missing Postfix public directory + mkdir public || exit 1 + chmod 710 public || exit 1 + chown $mail_owner public || exit 1 + } + test -d private || { + $WARN creating missing Postfix private directory + mkdir private || exit 1 + chmod 700 private || exit 1 + chown $mail_owner private || exit 1 + } + find `ls -d $queue_directory/* | \ + egrep '/(incoming|active|defer|deferred|bounce|saved|corrupt|public|private|flush)$'` \ + ! \( -type p -o -type s \) ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: {} \; + + for name in `ls -d $queue_directory/* | \ + egrep '/(bin|etc|lib|usr)$'` ; \ + do \ + find $name ! -user root \ + -exec $WARN not owned by root: {} \; ; \ + done + + for dir in $queue_directory/maildrop + do + ls -lLd $dir | (grep " $mail_owner " >/dev/null || + $WARN not owned by $mail_owner: $dir) + done + + for dir in bin etc lib sbin usr + do + test -d $dir && find $dir -type f -print | while read path + do + cmp -s $path /$path || + $WARN $queue_directory/$path and /$path differ + done + done + + # Look for incomplete upgrades. + + test -f $config_directory/master.cf || { + $FATAL no $config_directory/master.cf file found + exit 1 + } + + # See if all queue files are in the right place. This is slow. + # We must scan all queues for mis-named queue files before the + # mail system can run. + + $command_directory/postsuper || exit 1 + + find corrupt -type f -exec $WARN damaged message: {} \; + + # XXX also: look for weird stuff, weird permissions, etc. + ;; + +*) + + $FATAL "usage: postfix start (or stop, reload, abort, flush, or check)" + exit 1 + ;; + +esac diff --git a/postfix/conf/postfix-script-diff b/postfix/conf/postfix-script-diff deleted file mode 100644 index 1881b7380..000000000 --- a/postfix/conf/postfix-script-diff +++ /dev/null @@ -1,22 +0,0 @@ -*** postfix-script-nosgid Thu May 24 17:13:59 2001 ---- postfix-script-sgid Fri Jun 29 10:28:19 2001 -*************** -*** 177,184 **** - test -d maildrop || { - $WARN creating missing Postfix maildrop directory - mkdir maildrop || exit 1 -! chmod 1733 maildrop - chown $mail_owner maildrop - } - test -d pid || { - $WARN creating missing Postfix pid directory ---- 177,185 ---- - test -d maildrop || { - $WARN creating missing Postfix maildrop directory - mkdir maildrop || exit 1 -! chmod 1730 maildrop - chown $mail_owner maildrop -+ (. $config_directory/install.cf; chgrp $setgid maildrop) - } - test -d pid || { - $WARN creating missing Postfix pid directory diff --git a/postfix/conf/postfix-script-nosgid b/postfix/conf/postfix-script-nosgid deleted file mode 100755 index 40154a98a..000000000 --- a/postfix/conf/postfix-script-nosgid +++ /dev/null @@ -1,278 +0,0 @@ -#!/bin/sh - -#++ -# NAME -# postfix-script 1 -# SUMMARY -# execute Postfix administrative commands -# SYNOPSIS -# \fBpostfix-script\fR \fIcommand\fR -# DESCRIPTION -# The \fBfBpostfix-script\fR script executes Postfix administrative -# commands in an environtment that is set up by the \fBpostfix\fR(1) -# command. -# SEE ALSO -# master(8) Postfix master program -# postfix(1) Postfix administrative interface -# LICENSE -# .ad -# .fi -# The Secure Mailer license must be distributed with this software. -# AUTHOR(S) -# Wietse Venema -# IBM T.J. Watson Research -# P.O. Box 704 -# Yorktown Heights, NY 10598, USA -#-- - -# Avoid POSIX death due to SIGHUP when some parent process exits. - -trap '' 1 - -case $daemon_directory in -"") echo This script must be run by the postfix command. 1>&2 - echo Do not run directly. 1>&2 - exit 1 -esac - -LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script" -INFO="$LOGGER -p info" -WARN="$LOGGER -p warn" -ERROR="$LOGGER -p error" -FATAL="$LOGGER -p fatal" -PANIC="$LOGGER -p panic" - -umask 022 - -# -# LINUX by default does not synchronously update directories - -# that's dangerous for mail. -# -if [ -f /usr/bin/chattr ] -then - CHATTR="/usr/bin/chattr +S" -else - CHATTR=: -fi - -# -# Can't do much without these in place. -# -cd $command_directory || { - $FATAL no Postfix command directory $command_directory! - exit 1 -} -cd $daemon_directory || { - $FATAL no Postfix daemon directory $daemon_directory! - exit 1 -} -test -f master || { - $FATAL no Postfix master program $daemon_directory/master! - exit 1 -} -cd $config_directory || { - $FATAL no Postfix configuration directory $config_directory! - exit 1 -} -cd $queue_directory || { - $FATAL no Postfix queue directory $queue_directory! - exit 1 -} - -# -# Parse JCL -# -case $1 in - -start_msg) - - echo "Start postfix" - ;; - -stop_msg) - - echo "Stop postfix" - ;; - -start) - - $daemon_directory/master -t 2>/dev/null || { - $FATAL the Postfix mail system is already running - exit 1 - } - $config_directory/postfix-script check || { - $FATAL Postfix integrity check failed! - exit 1 - } - $INFO starting the Postfix mail system - $daemon_directory/master & - ;; - -drain) - - $daemon_directory/master -t 2>/dev/null && { - $FATAL the Postfix mail system is not running - exit 1 - } - $INFO stopping the Postfix mail system - kill -9 `sed 1q pid/master.pid` - ;; - -stop) - - $daemon_directory/master -t 2>/dev/null && { - $FATAL the Postfix mail system is not running - exit 1 - } - $INFO stopping the Postfix mail system - kill `sed 1q pid/master.pid` - ;; - -abort) - - $daemon_directory/master -t 2>/dev/null && { - $FATAL the Postfix mail system is not running - exit 1 - } - $INFO aborting the Postfix mail system - kill `sed 1q pid/master.pid` - ;; - -reload) - - $daemon_directory/master -t 2>/dev/null && { - $FATAL the Postfix mail system is not running - exit 1 - } - $INFO refreshing the Postfix mail system - $command_directory/postsuper active || exit 1 - kill -HUP `sed 1q pid/master.pid` - $command_directory/postsuper & - ;; - -flush) - - cd $queue_directory || { - $FATAL no Postfix queue directory $queue_directory! - exit 1 - } - $command_directory/postkick public qmgr IDFA - ;; - -check) - - for dir in $daemon_directory $config_directory $queue_directory - do - ls -lLd $dir | (grep " root " >/dev/null || - $WARN not owned by root: $dir) - done - - find $daemon_directory/* $config_directory/* ! -user root \ - -exec $WARN not owned by root: {} \; - - find $daemon_directory/. $config_directory/. \ - \( -perm -020 -o -perm -002 \) -type f \ - -exec $WARN group or other writable: {} \; - - test -d maildrop || { - $WARN creating missing Postfix maildrop directory - mkdir maildrop || exit 1 - chmod 1733 maildrop || exit 1 - chown $mail_owner maildrop || exit 1 - } - test -d pid || { - $WARN creating missing Postfix pid directory - mkdir pid || exit 1 - chmod 755 pid || exit 1 - } - for dir in incoming active bounce defer deferred flush saved corrupt; do - test -d $dir || { - $WARN creating missing Postfix $dir directory - mkdir $dir || exit 1 - chmod 700 $dir || exit 1 - $CHATTR $dir 2>/dev/null - chown $mail_owner $dir || exit 1 - } - done - test -d public || { - $WARN creating missing Postfix public directory - mkdir public || exit 1 - chmod 755 public || exit 1 - chown $mail_owner public || exit 1 - } - test -d private || { - $WARN creating missing Postfix private directory - mkdir private || exit 1 - chmod 700 private || exit 1 - chown $mail_owner private || exit 1 - } - find `ls -d $queue_directory/* | \ - egrep '/(incoming|active|defer|deferred|bounce|saved|corrupt|public|private|flush)$'` \ - ! \( -type p -o -type s \) ! -user $mail_owner \ - -exec $WARN not owned by $mail_owner: {} \; - - for name in `ls -d $queue_directory/* | \ - egrep '/(bin|etc|lib|usr)$'` ; \ - do \ - find $name ! -user root \ - -exec $WARN not owned by root: {} \; ; \ - done - - for dir in $queue_directory/maildrop - do - ls -lLd $dir | (grep " $mail_owner " >/dev/null || - $WARN not owned by $mail_owner: $dir) - done - - for dir in bin etc lib sbin usr - do - test -d $dir && find $dir -type f -print | while read path - do - cmp -s $path /$path || - $WARN $queue_directory/$path and /$path differ - done - done - - # Look for incomplete upgrades. - - test -f $config_directory/master.cf || { - $FATAL no $config_directory/master.cf file found - exit 1 - } - grep 'flush.*flush' $config_directory/master.cf >/dev/null || { - $WARN adding missing entry for flush service to master.cf - cat >>$config_directory/master.cf </dev/null) || missing="$missing active" - (echo "$found" | grep bounce >/dev/null) || missing="$missing bounce" - (echo "$found" | grep defer >/dev/null) || missing="$missing defer" - (echo "$found" | grep flush >/dev/null) || missing="$missing flush" - (echo "$found" | grep incoming>/dev/null)|| missing="$missing incoming" - (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred" - test -n "$missing" && { - $WARN fixing main.cf hash_queue_names for missing $missing - $command_directory/postconf -e hash_queue_names="$found$missing" - } - - # See if all queue files are in the right place. This is slow. - # We must scan all queues for mis-named queue files before the - # mail system can run. - - $command_directory/postsuper || exit 1 - - find corrupt -type f -exec $WARN damaged message: {} \; - - # XXX also: look for weird stuff, weird permissions, etc. - ;; - -*) - - $FATAL "usage: postfix start (or stop, reload, abort, flush, or check)" - exit 1 - ;; - -esac diff --git a/postfix/conf/postfix-script-sgid b/postfix/conf/postfix-script-sgid deleted file mode 100644 index 9f868f87a..000000000 --- a/postfix/conf/postfix-script-sgid +++ /dev/null @@ -1,279 +0,0 @@ -#!/bin/sh - -#++ -# NAME -# postfix-script 1 -# SUMMARY -# execute Postfix administrative commands -# SYNOPSIS -# \fBpostfix-script\fR \fIcommand\fR -# DESCRIPTION -# The \fBfBpostfix-script\fR script executes Postfix administrative -# commands in an environtment that is set up by the \fBpostfix\fR(1) -# command. -# SEE ALSO -# master(8) Postfix master program -# postfix(1) Postfix administrative interface -# LICENSE -# .ad -# .fi -# The Secure Mailer license must be distributed with this software. -# AUTHOR(S) -# Wietse Venema -# IBM T.J. Watson Research -# P.O. Box 704 -# Yorktown Heights, NY 10598, USA -#-- - -# Avoid POSIX death due to SIGHUP when some parent process exits. - -trap '' 1 - -case $daemon_directory in -"") echo This script must be run by the postfix command. 1>&2 - echo Do not run directly. 1>&2 - exit 1 -esac - -LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script" -INFO="$LOGGER -p info" -WARN="$LOGGER -p warn" -ERROR="$LOGGER -p error" -FATAL="$LOGGER -p fatal" -PANIC="$LOGGER -p panic" - -umask 022 - -# -# LINUX by default does not synchronously update directories - -# that's dangerous for mail. -# -if [ -f /usr/bin/chattr ] -then - CHATTR="/usr/bin/chattr +S" -else - CHATTR=: -fi - -# -# Can't do much without these in place. -# -cd $command_directory || { - $FATAL no Postfix command directory $command_directory! - exit 1 -} -cd $daemon_directory || { - $FATAL no Postfix daemon directory $daemon_directory! - exit 1 -} -test -f master || { - $FATAL no Postfix master program $daemon_directory/master! - exit 1 -} -cd $config_directory || { - $FATAL no Postfix configuration directory $config_directory! - exit 1 -} -cd $queue_directory || { - $FATAL no Postfix queue directory $queue_directory! - exit 1 -} - -# -# Parse JCL -# -case $1 in - -start_msg) - - echo "Start postfix" - ;; - -stop_msg) - - echo "Stop postfix" - ;; - -start) - - $daemon_directory/master -t 2>/dev/null || { - $FATAL the Postfix mail system is already running - exit 1 - } - $config_directory/postfix-script check || { - $FATAL Postfix integrity check failed! - exit 1 - } - $INFO starting the Postfix mail system - $daemon_directory/master & - ;; - -drain) - - $daemon_directory/master -t 2>/dev/null && { - $FATAL the Postfix mail system is not running - exit 1 - } - $INFO stopping the Postfix mail system - kill -9 `sed 1q pid/master.pid` - ;; - -stop) - - $daemon_directory/master -t 2>/dev/null && { - $FATAL the Postfix mail system is not running - exit 1 - } - $INFO stopping the Postfix mail system - kill `sed 1q pid/master.pid` - ;; - -abort) - - $daemon_directory/master -t 2>/dev/null && { - $FATAL the Postfix mail system is not running - exit 1 - } - $INFO aborting the Postfix mail system - kill `sed 1q pid/master.pid` - ;; - -reload) - - $daemon_directory/master -t 2>/dev/null && { - $FATAL the Postfix mail system is not running - exit 1 - } - $INFO refreshing the Postfix mail system - $command_directory/postsuper active || exit 1 - kill -HUP `sed 1q pid/master.pid` - $command_directory/postsuper & - ;; - -flush) - - cd $queue_directory || { - $FATAL no Postfix queue directory $queue_directory! - exit 1 - } - $command_directory/postkick public qmgr IDFA - ;; - -check) - - for dir in $daemon_directory $config_directory $queue_directory - do - ls -lLd $dir | (grep " root " >/dev/null || - $WARN not owned by root: $dir) - done - - find $daemon_directory/* $config_directory/* ! -user root \ - -exec $WARN not owned by root: {} \; - - find $daemon_directory/. $config_directory/. \ - \( -perm -020 -o -perm -002 \) -type f \ - -exec $WARN group or other writable: {} \; - - test -d maildrop || { - $WARN creating missing Postfix maildrop directory - mkdir maildrop || exit 1 - chmod 1730 maildrop || exit 1 - chown $mail_owner maildrop || exit 1 - (. $config_directory/install.cf; chgrp $setgid maildrop) - } - test -d pid || { - $WARN creating missing Postfix pid directory - mkdir pid || exit 1 - chmod 755 pid || exit 1 - } - for dir in incoming active bounce defer deferred flush saved corrupt; do - test -d $dir || { - $WARN creating missing Postfix $dir directory - mkdir $dir || exit 1 - chmod 700 $dir || exit 1 - $CHATTR $dir 2>/dev/null - chown $mail_owner $dir || exit 1 - } - done - test -d public || { - $WARN creating missing Postfix public directory - mkdir public || exit 1 - chmod 755 public || exit 1 - chown $mail_owner public || exit 1 - } - test -d private || { - $WARN creating missing Postfix private directory - mkdir private || exit 1 - chmod 700 private || exit 1 - chown $mail_owner private || exit 1 - } - find `ls -d $queue_directory/* | \ - egrep '/(incoming|active|defer|deferred|bounce|saved|corrupt|public|private|flush)$'` \ - ! \( -type p -o -type s \) ! -user $mail_owner \ - -exec $WARN not owned by $mail_owner: {} \; - - for name in `ls -d $queue_directory/* | \ - egrep '/(bin|etc|lib|usr)$'` ; \ - do \ - find $name ! -user root \ - -exec $WARN not owned by root: {} \; ; \ - done - - for dir in $queue_directory/maildrop - do - ls -lLd $dir | (grep " $mail_owner " >/dev/null || - $WARN not owned by $mail_owner: $dir) - done - - for dir in bin etc lib sbin usr - do - test -d $dir && find $dir -type f -print | while read path - do - cmp -s $path /$path || - $WARN $queue_directory/$path and /$path differ - done - done - - # Look for incomplete upgrades. - - test -f $config_directory/master.cf || { - $FATAL no $config_directory/master.cf file found - exit 1 - } - grep 'flush.*flush' $config_directory/master.cf >/dev/null || { - $WARN adding missing entry for flush service to master.cf - cat >>$config_directory/master.cf </dev/null) || missing="$missing active" - (echo "$found" | grep bounce >/dev/null) || missing="$missing bounce" - (echo "$found" | grep defer >/dev/null) || missing="$missing defer" - (echo "$found" | grep flush >/dev/null) || missing="$missing flush" - (echo "$found" | grep incoming>/dev/null)|| missing="$missing incoming" - (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred" - test -n "$missing" && { - $WARN fixing main.cf hash_queue_names for missing $missing - $command_directory/postconf -e hash_queue_names="$found$missing" - } - - # See if all queue files are in the right place. This is slow. - # We must scan all queues for mis-named queue files before the - # mail system can run. - - $command_directory/postsuper || exit 1 - - find corrupt -type f -exec $WARN damaged message: {} \; - - # XXX also: look for weird stuff, weird permissions, etc. - ;; - -*) - - $FATAL "usage: postfix start (or stop, reload, abort, flush, or check)" - exit 1 - ;; - -esac diff --git a/postfix/html/Makefile.in b/postfix/html/Makefile.in index 44a59f239..ca3515cb2 100644 --- a/postfix/html/Makefile.in +++ b/postfix/html/Makefile.in @@ -9,7 +9,7 @@ DAEMONS = bounce.8.html cleanup.8.html defer.8.html error.8.html local.8.html \ COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \ postconf.1.html postfix.1.html postkick.1.html postlock.1.html \ postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \ - postsuper.1.html + postqueue.1.html postsuper.1.html CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \ transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html @@ -29,6 +29,7 @@ clobber: rm -f $(DAEMONS) $(COMMANDS) $(CONFIG) bounce.8.html: ../src/bounce/bounce.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ defer.8.html: bounce.8.html @@ -36,120 +37,162 @@ defer.8.html: bounce.8.html ln -s $? $@ error.8.html: ../src/error/error.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ flush.8.html: ../src/flush/flush.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ cleanup.8.html: ../src/cleanup/cleanup.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ lmtp.8.html: ../src/lmtp/lmtp.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ local.8.html: ../src/local/local.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ master.8.html: ../src/master/master.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ nqmgr.8.html: ../src/nqmgr/qmgr.c + PATH=../mantools:$$PATH; \ srctoman $? | sed -e 's/qmgr[^_]/n&/' \ -e 's/qmgr$$/n&/' \ -e 's/QMGR[^_]/N&/' | \ $(AWK) | nroff -man | uniq | man2html | postlink >$@ pickup.8.html: ../src/pickup/pickup.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ pipe.8.html: ../src/pipe/pipe.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ qmgr.8.html: ../src/qmgr/qmgr.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ qmqpd.8.html: ../src/qmqpd/qmqpd.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ showq.8.html: ../src/showq/showq.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ spawn.8.html: ../src/spawn/spawn.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ smtp.8.html: ../src/smtp/smtp.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ smtpd.8.html: ../src/smtpd/smtpd.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ virtual.8.html: ../src/virtual/virtual.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ trivial-rewrite.8.html: ../src/trivial-rewrite/trivial-rewrite.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postalias.1.html: ../src/postalias/postalias.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postcat.1.html: ../src/postcat/postcat.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postconf.1.html: ../src/postconf/postconf.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postdrop.1.html: ../src/postdrop/postdrop.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postfix.1.html: ../src/postfix/postfix.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postkick.1.html: ../src/postkick/postkick.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postlock.1.html: ../src/postlock/postlock.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postlog.1.html: ../src/postlog/postlog.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postmap.1.html: ../src/postmap/postmap.c + PATH=../mantools:$$PATH; \ + srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ + +postqueue.1.html: ../src/postqueue/postqueue.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ postsuper.1.html: ../src/postsuper/postsuper.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ sendmail.1.html: ../src/sendmail/sendmail.c + PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ mailq.1.html: sendmail.1.html + PATH=../mantools:$$PATH; \ rm -f $@ ln -s $? $@ newaliases.1.html: sendmail.1.html + PATH=../mantools:$$PATH; \ rm -f $@ ln -s $? $@ access.5.html: ../proto/access + PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ aliases.5.html: ../proto/aliases + PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ canonical.5.html: ../proto/canonical + PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ pcre_table.5.html: ../proto/pcre_table + PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ regexp_table.5.html: ../proto/regexp_table + PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ relocated.5.html: ../proto/relocated + PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ transport.5.html: ../proto/transport + PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ virtual.5.html: ../proto/virtual + PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ diff --git a/postfix/html/commands.html b/postfix/html/commands.html index 0b1e5ce63..e4bb9d57b 100644 --- a/postfix/html/commands.html +++ b/postfix/html/commands.html @@ -61,8 +61,8 @@ something more powerful that can not only list but also edit the

  • The postdrop command is the mail -posting agent that is run by the sendmail -command on systems that have no world-writable maildrop queue +posting utility that is run by the sendmail +command in order to deposit mail into the maildrop queue directory.

    @@ -91,6 +91,12 @@ the UNIX makemap command.

    +

  • The postqueue command is the +utility that is run by the sendmail +command in order to flush or list the mail queue. + +

    +

  • The postsuper command maintains the Postfix queue. It removes old temporary files, and moves queue files into the right directory after a change in the hashing depth diff --git a/postfix/html/postdrop.1.html b/postfix/html/postdrop.1.html index e090229a4..49a4b5601 100644 --- a/postfix/html/postdrop.1.html +++ b/postfix/html/postdrop.1.html @@ -3,7 +3,7 @@ POSTDROP(1) POSTDROP(1) NAME - postdrop - Postfix mail posting agent + postdrop - Postfix mail posting utility SYNOPSIS postdrop [option ...] @@ -12,14 +12,6 @@ POSTDROP(1) POSTDROP(1) The postdrop command creates a file in the maildrop direc- tory and copies its standard input to the file. - The command is designed to run with set-gid privileges, - and with group write permission to the maildrop queue - directory. - - The postdrop command is automatically invoked by the send- - mail(1) mail posting agent when the maildrop queue direc- - tory is not world-writable. - Options: -v Enable verbose logging for debugging purposes. Mul- @@ -27,18 +19,19 @@ POSTDROP(1) POSTDROP(1) verbose. SECURITY - This program is designed so that it can run with set-user - (or group) id privileges. + The command is designed to run with set-gid privileges, + and with group write permission to the maildrop queue + directory. DIAGNOSTICS - Fatal errors: malformed input, I/O error, out of memory. - Problems are logged to syslogd(8) and to the standard - error stream. When the input is incomplete, or when the - process receives a HUP, INT, QUIT or TERM signal, the + Fatal errors: malformed input, I/O error, out of memory. + Problems are logged to syslogd(8) and to the standard + error stream. When the input is incomplete, or when the + process receives a HUP, INT, QUIT or TERM signal, the queue file is deleted. ENVIRONMENT - The program deletes all environment information, because + The program deletes most environment information, because the C library can't be trusted. FILES @@ -46,8 +39,8 @@ POSTDROP(1) POSTDROP(1) /etc/postfix, configuration files CONFIGURATION PARAMETERS - See the Postfix main.cf file for syntax details and for - default values. Use the postfix reload command after a + See the Postfix main.cf file for syntax details and for + default values. Use the postfix reload command after a configuration change. import_environment @@ -55,7 +48,7 @@ POSTDROP(1) POSTDROP(1) imported from non-Postfix processes. queue_directory - Top-level directory of the Postfix queue. This is + Top-level directory of the Postfix queue. This is also the root directory of Postfix daemons that run chrooted. @@ -64,7 +57,7 @@ POSTDROP(1) POSTDROP(1) syslogd(8) system logging LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html new file mode 100644 index 000000000..0387d7662 --- /dev/null +++ b/postfix/html/postqueue.1.html @@ -0,0 +1,98 @@ + 
    +
+POSTQUEUE(1)                                         POSTQUEUE(1)
+
+NAME
+       postqueue - Postfix queue control
+
+SYNOPSIS
+       postqueue -f
+       postqueue -p
+       postqueue -s site
+
+DESCRIPTION
+       The  postqueue  program implements the Postfix user inter-
+       face for queue management. It implements  all  the  opera-
+       tions that are traditionally available via the sendmail(1)
+       command.
+
+       The following options are recognized:
+
+       -f     Flush the queue:  attempt  to  deliver  all  queued
+              mail.
+
+              This  option implements the traditional sendmail -q
+              command, by contacting the Postfix qmgr(8)  daemon.
+
+       -p     Produce a traditional sendmail-style queue listing.
+
+              This option implements the traditional  mailq  com-
+              mand, by contacting the Postfix showq(8) daemon.
+
+       -s site
+              Schedule  immediate  delivery  of  all mail that is
+              queued for the named site. The site must be  eligi-
+              ble for the "fast flush" service.  See flush(8) for
+              more information about the "fast flush" service.
+
+              This option  implements  the  traditional  sendmail
+              -qRsite  command,  by connecting to the SMTP server
+              at $myhostname.
+
+       -v     Enable verbose logging for debugging purposes. Mul-
+              tiple  -v  options  make  the software increasingly
+              verbose.
+
+SECURITY
+       By design, this program is set-user (or group) id, so that
+       it  can  connect  to public, but protected, Postfix daemon
+       processes.
+
+DIAGNOSTICS
+       Problems are logged to  syslogd(8)  and  to  the  standard
+       error stream.
+
+ENVIRONMENT
+       The  program deletes most environment information, because
+       the C library can't be trusted.
+
+FILES
+       /var/spool/postfix, mail queue
+       /etc/postfix, configuration files
+
+CONFIGURATION PARAMETERS
+       import_environment
+              List of names of environment parameters that can be
+              imported from non-Postfix processes.
+
+       queue_directory
+              Top-level  directory  of the Postfix queue. This is
+              also the root directory of Postfix daemons that run
+              chrooted.
+
+       fast_flush_domains
+              List of domains that will receive "fast flush" ser-
+              vice (default: all  domains  that  this  system  is
+              willing  to relay mail to). This list specifies the
+              domains that  Postfix  accepts  in  the  SMTP  ETRN
+              request and in the sendmail -qR command.
+
+SEE ALSO
+       sendmail(8) sendmail-compatible user interface
+       qmgr(8) queue manager
+       showq(8) list mail queue
+       flush(8) fast flush service
+
+LICENSE
+       The  Secure  Mailer  license must be distributed with this
+       software.
+
+AUTHOR(S)
+       Wietse Venema
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
+
+                                                                1
+
+
    diff --git a/postfix/html/qmqpd.8.html b/postfix/html/qmqpd.8.html index 7bed7101b..5d5792ef3 100644 --- a/postfix/html/qmqpd.8.html +++ b/postfix/html/qmqpd.8.html @@ -102,7 +102,7 @@ QMQPD(8) QMQPD(8) of a problem. This slows down run-away errors. SEE ALSO - http://cr.yp.to/proto/qmqp.html, QMQP protocol + http://cr.yp.to/proto/qmqp.html, QMQP protocol cleanup(8) message canonicalization master(8) process manager syslogd(8) system logging diff --git a/postfix/html/receiving.html b/postfix/html/receiving.html index 5168e6434..62318562e 100644 --- a/postfix/html/receiving.html +++ b/postfix/html/receiving.html @@ -39,13 +39,12 @@ left-hand corner of this page.