From: Wietse Venema Date: Sun, 7 May 2000 00:00:00 +0000 (+0000) Subject: snapshot-20000507 X-Git-Tag: v20010228~56 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27b4bead1de703c89915ab0d2e45825d4e9c184f;p=thirdparty%2Fpostfix.git snapshot-20000507 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 0df70aa11..33ba6aebd 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -3618,7 +3618,7 @@ Apologies for any names omitted. field by the recipient localpart when a destination matches $mydestination/$inet_interfaces. The price is the introduction of a new parameter local_destination_recipient_limit which - defaults to 1 i order to maintain backwards compatibility. + defaults to 1 in order to maintain backwards compatibility. Files: qmgr/qmgr.c, qmgr/qmgr_message.c. 20000129 @@ -3843,13 +3843,6 @@ Apologies for any names omitted. record delimiter (for example, eol=\r\n). This is necessary for transports that require CRLF instead of UNIX-style LF. -20000428 - - New code: added support to the vstring module for fixed-size - buffers. This may help to avoid clumsy code that would have - to prevent memory leaks. The buffers cause a fatal error - when they turn out too small. File: util/vstring.[hc]. - 20000502 In order to support timeouts more conveniently, VSTREAMs @@ -3881,13 +3874,45 @@ Apologies for any names omitted. 20000505 - Bugfix: the SMTP server now flushes output in-between tarpit - delays, to avoid protocol timeouts when a client causes lots - of errors. Found by Lamont Jones, HP. File: smtpd/smtpd_chat.c. + Bugfix: the SMTP server now flushes unwritten output before + tarpit delays, to avoid protocol timeouts in pipelined + sessions when a client causes lots of errors. Found by + Lamont Jones, HP. File: smtpd/smtpd_chat.c. + + Finished the LMTP client, which is based on a modified + version of the SMTP client by Philippe Prindeville, Mirapoint, + Inc., later modified by Amos Gouaux, UTDallas, and then + Wietse ripped it all up again. Currently this talks LMTP + over TCP only. + + Feature: override main.cf parameters in master.cf. Specify + "-o parameter=value" after the program name. This allows + you to selectively override myhostname etc. See also the + new smtp_bind_address parameter below. 20000506 Convenience: the LMTP and SMTP clients now append the local domain to unqualified nexthop destinations. This makes it - more convenient to set up transport maps. Files: + more convenient to set up transport maps. Files: lmtp/lmtp_addr.c, smtp/smtp_addr.c. + + Sendmail compatibility: the Postfix SMTP client now skips + servers that greet the client with a 4xx or 5xx status + code. To disable, set both smtp_skip_4xx_greeting and + smtp_skip_5xx_greeting to "no". + +20000507 + + Portability: NetBSD has migrated to /etc/mail/aliases. We + can expect to see this happen more often when systems start + shipping Sendmail 8.10. File: util/sys_defs.h + + Updated LDAP code by John Hensley, with support for + dereferencing of LDAP aliases, which have nothing to do + with Postfix aliases. + + Feature: "smtp_bind_address=x.x.x.x" specifies the source + IP address for SMTP client connections. Specify in master.cf + as "smtp -o smtp_bind_address=x.x.x.x" in order to give + different delivery agents different source addresses. diff --git a/postfix/INSTALL b/postfix/INSTALL index 2a1620e62..b383ed897 100644 --- a/postfix/INSTALL +++ b/postfix/INSTALL @@ -92,10 +92,8 @@ development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in your command search path. If you need to build Postfix for multiple architectures, use the -makelinks shell script to build a shadow tree with symbolic links -to the source files. - - % sh makelinks `pwd` /some/where/else +lndir command to build a shadow tree with symbolic links to the +source files. lndir is part of X11R6. If at any time in the build process you get messages like: "make: don't know how to ..." you should be able to recover by running diff --git a/postfix/LDAP_README b/postfix/LDAP_README index 76d26eb05..50b020ed1 100644 --- a/postfix/LDAP_README +++ b/postfix/LDAP_README @@ -1,3 +1,15 @@ +LDAP SUPPORT IN POSTFIX +======================= + +Postfix can use an LDAP directory as a source for any of its lookups: +aliases, virtual, canonical, etc. This allows you to keep information +for your mail service in a replicated network database with fine-grained +access controls. By not storing it locally on the mail server, the +administrators can maintain it from anywhere, and the users can control +whatever bits of it you think appropriate. You can have multiple mail +servers using the same information, without the hassle and delay of +having to copy it to each. + BUILDING WITH LDAP SUPPORT ========================== @@ -7,13 +19,14 @@ accordingly. If you're using the libraries from the UM distribution (http://www.umich.edu/~dirsvcs/ldap/ldap.html) or OpenLDAP -(http://www.openldap.org), something like this should work: +(http://www.openldap.org), something like this in the top level of your +Postfix source tree should work: % make tidy % make makefiles CCARGS="-I/some/where/include -DHAS_LDAP" \ - AUXLIBS="/some/where/libldap.a /some/where/liblber.a" + AUXLIBS="/some/where/lib/libldap.a /some/where/lib/liblber.a" -The `make tidy' command is needed only if you have previously built +The 'make tidy' command is needed only if you have previously built Postfix without LDAP support. If your LDAP libraries were built with Kerberos support, you'll also @@ -21,16 +34,16 @@ need to include your Kerberos libraries in this line. Note that the KTH Kerberos IV libraries might conflict with Postfix's lib/libdns.a, which defines dns_lookup. If that happens, you'll probably want to link with LDAP libraries that lack Kerberos support just to build Postfix, as it -doesn't yet support Kerberos binds to the LDAP server anyway. Sorry -about the bother. +doesn't support Kerberos binds to the LDAP server anyway. Sorry about +the bother. If you're using one of the Netscape LDAP SDKs, you'll need to change the AUXLIBS line to point to libldap10.so or libldapssl30.so or whatever you -have, and you may need to use the -R option so the executables can find -it at runtime. +have, and you may need to use the appropriate linker option (e.g. '-R') +so the executables can find it at runtime. -USING LDAP LOOKUPS -================== +CONFIGURING LDAP LOOKUPS +======================== In order to use LDAP lookups, define at least one LDAP source as a table lookup in main.cf, for example: @@ -39,22 +52,24 @@ lookup in main.cf, for example: Each LDAP source can have the following parameters, which should be prefixed in main.cf with the name you've given the source in its -definition. To continue the example, the first parameter below, -"server_host", would be defined in main.cf as "ldapsource_server_host". -Defaults are given in parentheses: +definition and an underscore. To continue the example, the first +parameter below, "server_host", would be defined in main.cf as +"ldapsource_server_host". Defaults are given in parentheses: server_host (localhost) The name of the host running the LDAP server, e.g. ldapsource_server_host = ldap.your.com It should be possible with all the libraries mentioned above to specify multiple servers separated by spaces, with the libraries - trying them in order should the first one fail. + trying them in order should the first one fail. It should also + be possible to give each server in the list a different port, by + naming them like "ldap.your.com:1444". server_port (389) The port the LDAP server listens on, e.g. ldapsource_server_port = 778 - search_base (no default) + search_base (No default; you must configure this.) The base at which to conduct the search, e.g. ldapsource_search_base = dc=your, dc=com @@ -72,12 +87,23 @@ Defaults are given in parentheses: returned by the lookup, to be resolved to an email address. ldapsource_result_attribute = mailbox + scope (sub) + The LDAP search scope: sub, base, or one. These translate into + LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, and LDAP_SCOPE_ONELEVEL. + bind (yes) Whether or not to bind to the LDAP server. Newer LDAP implementations don't require clients to bind, which saves time. Example: ldapsource_bind = no + If you do need to bind, you might consider configuring Postfix + to connect to the local machine on a port that's an SSL tunnel + to your LDAP server. If your LDAP server doesn't natively + support SSL, put a tunnel (wrapper, proxy, whatever you want to + call it) on that system too. This should prevent the password + from traversing the network in the clear. + bind_dn ("") If you do have to bind, do it with this distinguished name. Example: @@ -85,18 +111,44 @@ Defaults are given in parentheses: bind_pw ("") The password for the distinguished name above. If you have to - have this, you probably want to make main.cf readable only by + use this, you probably want to make main.cf readable only by the Postfix user. Example: ldapsource_bind_pw = postfixpw + cache (no) + Whether to use a client-side cache for the LDAP connection. See + ldap_enable_cache(3). It's off by default. + + cache_expiry (30 seconds) + If the client-side cache is enabled, cached results will expire + after this many seconds. + + cache_size (32768 bytes) + If the client-side cache is enabled, this is its size in bytes. + + dereference (0) + When to dereference LDAP aliases. (Note that this has nothing + do with Postfix aliases.) The permitted values are those + legal for the OpenLDAP/UM LDAP implementations: + + 0 never + 1 when searching + 2 when locating the base object for the search + 3 always + + See ldap.h or the ldap_open(3) or ldapsearch(1) man pages for + more information. And if you're using an LDAP package that has + other possible values, please bring it to the attention of the + postfix-users@postfix.org mailing list. + Don't use quotes in these variables; at least, not until the Postfix configuration routines understand how to deal with quoted strings. -EXAMPLE -======= +EXAMPLES +======== -Here's a basic example. In main.cf, you have these configuration -parameters defined: +Here's a basic example for using LDAP to look up aliases. In main.cf, +you have these configuration parameters defined: alias_maps = hash:/etc/aliases, ldap:ldapsource ldapsource_server_host = ldap.my.com @@ -110,6 +162,45 @@ read the "maildrop" attributes of those found, and build a list of their maildrops, which will be treated as RFC822 addresses to which the message will be delivered. +If you want to keep information for virtual lookups in your directory, +it's only a little more complicated. You'll want to make sure all of +your virtual mailacceptinggeneralid attributes are fully qualified with +their virtual domains. If you want to designate a directory entry as the +default user for a virtual domain, just give it an additional +mailacceptinggeneralid (or the equivalent in your directory) of +"@virtual.dom". That's right, no user part. + +If you want to get information for relay_domains out of your directory, +the simplest way to get it is to add the domain name (without even the +'@') as a mailacceptinggeneralid to some recipient in each domain, then +add "$virtual_maps" to your relay_domains line. Then you can use the +same map you use to find virtual recipients to determine if a domain is +a valid virtual domain and should be allowed to relay. + +For example, the catchall user for a virtual domain might look like +this: + + dn: cn=defaultrecipient, dc=fake, dc=dom + objectclass: top + objectclass: rfc822mailgroup + cn: defaultrecipient + owner: uid=root, dc=someserver, dc=isp, dc=dom + mailacceptinggeneralid: fake.dom + mailacceptinggeneralid: @fake.dom + maildrop: realuser@real.dom + +If you don't necessarily have a catchall user for the domain (i.e. you +want mail to unknown users in the domain to bounce), and don't want to +tag an arbitrary user in the virtual domain, you might define another +LDAP map that finds your virtual domain's domain object entry, and add +that map to relay_domains instead of "$virtual_maps". All that's +necessary is that a search for the domain name return something. + +Other common uses for LDAP lookups include rewriting senders and +recipients with Postfix' canonical lookups, for example in order to make +mail leaving your site appear to be coming from "First.Last@site.dom" +instead of "userid@site.dom". + NOTES AND THINGS TO THINK ABOUT =============================== @@ -117,10 +208,11 @@ NOTES AND THINGS TO THINK ABOUT unique, and that not just anyone can specify theirs as postmaster or root, say. -- An entry can have an arbitrary number of maildrops. Maildrops can also - be comma-separated lists of addresses. For example, you could define - an entry intended for use as a mailing list that looks like this - (Warning! Schema made up just for this example): +- An entry can have an arbitrary number of mailacceptinggeneralids or + maildrops. Maildrops can also be comma-separated lists of addresses. + They will all be found and returned by the lookups. For example, you + could define an entry intended for use as a mailing list that looks + like this (Warning! Schema made up just for this example): dn: cn=Accounting Staff List, dc=my, dc=com cn: Accounting Staff List @@ -135,61 +227,41 @@ NOTES AND THINGS TO THINK ABOUT - If you use an LDAP map for lookups other than aliases, you may have to make sure the lookup makes sense. In the case of virtual lookups, - maildrops like "|/some/program" are pretty useless. Your query_filter - should probably look something like this: + maildrops other than mail addresses are pretty useless, because + Postfix can't know how to set the ownership for program or file + delivery. Your query_filter should probably look something like this: - virtual_query_filter = - (&(mailacceptinggeneralid=%s)(!(|(maildrop="*|*")(maildrop="*:*")))) + virtual_query_filter = (&(mailacceptinggeneralid=%s)(!(|(maildrop="*|*")(maildrop="*:*")(maildrop="*/*")))) -- And for that matter, you may not want users able to specify their - maildrops as programs, particularly if they'd be executed on the - server. A safer local query_filter could look something like: +- And for that matter, even for aliases, you may not want users able to + specify their maildrops as programs, includes, etc. This might be + particularly pertinent on a "sealed" server where they don't have + local UNIX accounts, but exist only in LDAP and Cyrus. You might allow + the fun stuff only for directory entries owned by an administrative + account: - local_query_filter = (&(mailacceptinggeneralid=%s)(|(!(maildrop="*|*"))(owner=cn=root, dc=your, dc=com))) + local_query_filter = (&(mailacceptinggeneralid=%s)(|(!(maildrop="*|*")(maildrop="*:*")(maildrop="*/*"))(owner=cn=root, dc=your, dc=com))) So that if the object had a program as its maildrop and weren't owned by "cn=root" it wouldn't be returned as a valid local user. This will - probably require some thought on your part to implement safely, - considering the ramifications of includes and programs. You may decide - it's not worth the bother to allow any of that nonsense in LDAP - lookups, ban it in the query_filter, and keep things like majordomo - lists in local alias databases. - -- It's not yet known how all this scales, but LDAP lookups are much more - expensive than checking a DB file. If you anticipate a lot of lookups, - it may pay to plan your directory to reduce the number of lookups. For - instance, rather than having a bunch of objects that serve as aliases - to just one object, you could simply add their mailacceptinggeneralids - to the target object. This: - - dn: uid=firstlast, dc=your, dc=com - maildrop: firstlast@mailbox.your.com - mailacceptinggeneralid: firstlast - mailacceptinggeneralid: First.Last - mailacceptinggeneralid: F.Last - - Not this: - - dn: uid=firstlast, dc=your, dc=com - maildrop: firstlast@mailbox.your.com - mailacceptinggeneralid: firstlast - - dn: cn=First.Last, dc=your, dc=com - maildrop: firstlast - mailacceptinggeneralid: First.Last - - dn: cn=F.Last, dc=your, dc=com - maildrop: firstlast - mailacceptinggeneralid: F.Last - - Any performance reports will be much appreciated on the postfix-users - list. - - UPDATE: At Merit, I've seen over 150000 deliveries per day with no - noticeable delay from our OpenLDAP server. I'd now recommend not - resorting to the above unless you anticipate much more traffic than - that. It makes management of your directory less intuitive, which is - probably not worth the reduction in lookups. + require some thought on your part to implement safely, considering the + ramifications of this type of delivery. You may decide it's not worth + the bother to allow any of that nonsense in LDAP lookups, ban it in + the query_filter, and keep things like majordomo lists in local alias + databases. + +- LDAP lookups are slower than local DB or DBM lookups. For most sites + they won't be a bottleneck, but it's a good idea to know how to tune + your directory service. + +FEEDBACK +======== + +If you have questions, send them to postfix-users@postfix.org. Please +include relevant information about your Postfix setup: LDAP-related +output from postconf, which LDAP libraries you built with, and which +directory server you're using. If your question involves your directory +contents, please include the applicable bits of some directory entries. CREDITS ======= @@ -198,6 +270,13 @@ Support for LDAP was initially written by Prabhat K Singh of VSNL, Bombay, India, and then hideously bloated by John Hensley to support multiple sources and more configurable attributes. The caching bits were initially worked out by Prabhat, then munged to support the multiple -sources. Other contributions have been submitted to move toward better -support of Netscape/LDAPv3 libraries, and any other improvements are of -course welcome. +sources. + +Other contributors, of code or direction or dope slaps, include: + +Manuel Guesdon +Carsten Hoeger +Keith Stevenson +Samuel Tardieu + +And of course Wietse. diff --git a/postfix/LMTP_README b/postfix/LMTP_README index 2e39a785a..f21f7cbb9 100644 --- a/postfix/LMTP_README +++ b/postfix/LMTP_README @@ -1,10 +1,11 @@ Postfix LMTP support ==================== -Postfix LMTP support was initially implemented by Philip A. -Prindeville of Mirapoint, Inc., USA, and was modified further by -Amos Gouaux of University of Texas at Dallas, Richardson, USA. -Wietse then beat the code into its present shape. +Postfix LMTP support is based on a modified version of the Postfix +SMTP client. The initial version was by Philip A. Prindeville of +Mirapoint, Inc., USA. This code was modified further by Amos Gouaux +of University of Texas at Dallas, Richardson, USA. Wietse Venema +reduced the code to its present shape. Postfix can be configured to talk to a local or remote LMTP server. Most people will run the LMTP server on the same machine that runs @@ -27,10 +28,15 @@ Next, put the following in /etc/inetd.conf: lmtp stream tcp nowait cyrus /usr/sbin/tcpd /usr/local/cyrus/bin/deliver -e -l -/usr/sbin/tcpd is from the tcp_wrappers package. You want this -to make sure only your mail relay(s) can talk to the LMTP server. -Postfix by default enables connection cacheing for delivery via -LMTP, so do not worry about the load of wrapping the LMTP port. +/usr/sbin/tcpd is from the tcp_wrappers package. You want this to +make sure only your mail relay(s) can talk to the LMTP server. +Postfix by default does multiple deliveries per LMTP session +(connection cacheing), so do not worry about the overhead of +tcp_wrapping the LMTP port. + +On some systems, tcpd is built into inetd, so you do not have to +specify tcpd in the inetd.conf file. Instead of tcpd/inetd, xinetd +can do a similar job of logging and access control. Configuring Postfix =================== @@ -43,39 +49,45 @@ You may have to add the following entry to /etc/postfix/master.cf: lmtp unix - - n - - lmtp -NOTES: Root privs are not necessary! +NOTE: Root privileges are not necessary! -We put this in /etc/postfix/transport: +Put this in /etc/postfix/transport: inbox.domain.org lmtp:inbox.domain.org -Naturally, this means we also have to have in -/etc/postfix/main.cf: +Naturally, this means we also need in /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/transport -Use the map type of your choice. Use "postconf -m" to find out -what map types are supported. +Instead of "hash", use the map type of your choice. Some systems +use "dbm" instead. Use "postconf -m" to find out what map types +are supported. -Connection cacheing performance -=============================== +Improving connection cacheing performance +========================================= After delivering a message via LMTP, Postfix will keep the connection open for a while, so that it can be reused for a subsequent delivery. This reduces overhead of LMTP servers that create one process per connection. -The Postfix LMTP client makes only one connection at a time. For -connection cacheing to work well, the Postfix LMTP client has to -avoid switching destination hosts. If you have multiple LMTP servers, -configure separate master.cf entries for each LMTP server, and -configure transport entries that distribute mail domains to the -right LMTP servers. +For LMTP connection cacheing to work, the Postfix LMTP client should +not switch destination hosts. This is no problem when you run only +one LMTP server. However, if you run multiple LMTP servers, this +can be an issue. - /etc/postfix/transport: - foo.com lmtp1:lmtp1host - bar.com lmtp2:lmtp2host +You can prevent the LMTP client from switching between servers by +configuring a separate mail delivery transport for each LMTP server: /etc/postfix/master.cf: lmtp1 unix - - n - - lmtp lmtp2 unix - - n - - lmtp + . . . . . . . . + +Configure transport table entries such that the lmtp1 mail delivery +transport is used for all deliveries to the LMTP server #1, the +mail lmtp2 transport for the LMTP server #2, and so on. + + /etc/postfix/transport: + foo.com lmtp1:lmtp1host + bar.com lmtp2:lmtp2host diff --git a/postfix/Makefile.in b/postfix/Makefile.in index af831c767..ce59fd1d1 100644 --- a/postfix/Makefile.in +++ b/postfix/Makefile.in @@ -4,7 +4,7 @@ OPTS = "CC=$(CC)" DIRS = util global dns master postfix smtpstone sendmail error \ pickup cleanup smtpd local lmtp trivial-rewrite qmgr smtp bounce pipe \ showq postalias postcat postconf postdrop postkick postlock postlog \ - postmap postsuper spawn # base64 proto man html + postmap postsuper # spawn base64 proto man html default: update diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index aba10614a..c1fce4090 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,37 +1,64 @@ -Incompatible changes with snapshot-20000506 +Incompatible changes with snapshot-20000507 =========================================== -None. +As required by RFC 822, Postfix now inserts a generic destination +message header when no destination header is present. The text is +specified via the undisclosed_recipients_header configuration +parameter (default: "To: undisclosed-recipients:;"). + +The Postfix sendmail command treats a line with only `.' as +the end of input, for the sake of sendmail compatibility. To disable +this feature, specify the sendmail-compatible `-i' or `-oi' flags +on the sendmail command line. + +For the sake of Sendmail compatibility, the Postfix SMTP client +skips over SMTP servers that greet with a 4XX or 5XX reply code, +treating them as unreachable servers. To obtain prior behavior +(4XX=retry, 5XX=bounce), specify "smtp_skip_4xx_greeting = no" and +"smtp_skip_5xx_greeting = no". + +The read/write interface underneath VSTREAMs has been extended with +parameters that specify a read/write timeout and application context. +This should make it easier to plug in encryption modules such as TLS. -Major changes with snapshot-20000506 +Major changes with snapshot-20000507 ==================================== -Preliminary LMTP client support with connection cacheing, currently -only over TCP sockets. Support for LMTP over UNIX-domain support -will be added later. See the LMTP_README file for more details. +Better documentation of Postfix lookup tables, including descriptions +of how to use regular expressions in Postfix lookup tables. + +Updated mysql and LDAP client code with fixes and improvements. + +In master.cf you can selectively override main.cf configuration +parameters, for example: "smtpd -o myhostname=foo.com". + +In main.cf, specify "smtp_bind_address=x.x.x.x" to bind SMTP +connections to a specific local interface. Or override the default +setting in master.cf with "smtp -o smtp_bind_address=x.x.x.x". +For now, you must specify a numeric IP address. + +Preliminary LMTP client support over TCP with connection cacheing. +Support for LMTP over UNIX-domain sockets will be added later as +an enhancement to the transport table syntax. See the LMTP_README +file for more details. + +By the way, LMTP client-side connection cacheing is a good example +for how to do the same in the SMTP client. Preliminary support for SASL authentication, both in the SMTP server and in the SMTP client. See the SASL_README file for more details. -The pipe mailer now has a configurable end-of-line attribute. -Specify, for example, "pipe ... eol=\r\n" for delivery mechanisms -that require CRLF record delimiters. - -The manual pages in sample configuration files now show plain text -without TROFF escape sequences. +The pipe delivery agent has a configurable end-of-line attribute. +Specify "pipe ... eol=\r\n" for delivery mechanisms that require +CRLF record delimiters. The eol attribute understands the following +C-style escape sequences: \a \b \f \n \r \t \v \nnn \\. Incompatible changes with snapshot-20000309 =========================================== -As required by RFC 822, Postfix now inserts a generic destination -message header when no destination header is present. The text is -specified via the undisclosed_recipients_header configuration -parameter (default: "To: undisclosed-recipients:;"). - -The Postfix sendmail command now treats a line with only `.' as -the end of input, for the sake of sendmail compatibility. To disable -this feature, specify the sendmail-compatible `-i' or `-oi' flags -on the sendmail command line. +This release is mainly to have a reference point after reorganizing +the cleanup daemon, and before adding some major contributions from +other people. Major changes with snapshot-20000309 ==================================== @@ -50,7 +77,6 @@ read keys from stdin). The manual pages in Postfix configuration files no longer contain troff formatting codes. The text is now generated from prototype files in a new "proto" subdirectory. - Incompatible changes with postfix-19991231: =========================================== diff --git a/postfix/SASL_README b/postfix/SASL_README index dc1034c7a..13ebf317d 100644 --- a/postfix/SASL_README +++ b/postfix/SASL_README @@ -3,8 +3,8 @@ WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING Do not use this code. The Postfix SASL support is based on the Cyrus SASL library, which has not enough documentation about how -the software is supposed to work, and it is not clear if the code -is safe enough for security-critical applications. +the software is supposed to work. It is not clear if the code is +safe enough for security-critical applications. Postfix+SASL 1.5.5 appears to work on RedHat 6.1 (pwcheck_method set to shadow or sasldb), Solaris 2.7 (pwcheck_method set to shadow @@ -53,19 +53,19 @@ and that the Cyrus SASL libraries are in /usr/local/lib. On some systems this generates the necessary Makefile definitions: - % make tidy # if you have left-over files from a previus build + % make tidy # if you have left-over files from a previous build % make makefiles CCARGS=-DUSE_SASL_AUTH" -I/usr/local/include" \ AUXLIBS="-L/usr/local/lib -lsasl" On Solaris 2.x you need to specify run-time link information, otherwise ld.so will not find the SASL shared library: - % make tidy # if you have left-over files from a previus build + % make tidy # if you have left-over files from a previous build % make makefiles CCARGS=-DUSE_SASL_AUTH" -I/usr/local/include" \ AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl" -Enabling SASL authentication in the SMTP server -=============================================== +Enabling SASL authentication in the Postfix SMTP server +======================================================= If you installed the Cyrus SASL libraries as per the default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl. @@ -83,18 +83,34 @@ In order to allow mail relaying by authenticated clients: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated ... -In /usr/local/lib/sasl/smtpd.conf you need to specify what authentication -mechanism the server will support, for example: +In /usr/local/lib/sasl/smtpd.conf you need to specify how the server +should validate client passwords. For example: - pwcheck_method: sasldb + /usr/local/lib/sasl/smtpd.conf: + pwcheck_method: sasldb This will use the SASL password file (default: /etc/sasldb), which -is maintained with the saslpasswd command. On some systems the -saslpasswd command needs to be run multiple times before it stops -complaining. The Postfix SMTP server needs read access to the -sasldb file - you have to play games with group access permissions. +is maintained with the saslpasswd command (part of the Cyrus SASL +software). On some poorly-supported systems the saslpasswd command +needs to be run multiple times before it stops complaining. The +Postfix SMTP server needs read access to the sasldb file - you may +have to play games with group access permissions. On RedHat 6.1, +SASL 1.5.5 insists on write access to /etc/sasldb. -To run chrooted with SASL support is an interesting exercise. +Instead of the SASL-specific password file you can configure the +Postfix SMTP server to validate client passwords against the UNIX +shadow password file: + + /usr/local/lib/sasl/smtpd.conf: + pwcheck_method: shadow + +However this requires that Postfix has read access to the UNIX shadow +password file, which is normally readable only by root. Shadow +password support has been found to work for Solaris 2.7 and RedHat +6. 1 but not with freeBSD 3.4. + +To run software chrooted with SASL support is an interesting exercise. +This is one of the many problems with the present SASL support. To test the whole mess, connect to the SMTP server, and you should be able to have a conversation like this: @@ -114,8 +130,8 @@ Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded form of username\0username\0password (the \0 is a null byte). The example above is for a user named `test' with password `testpass'. -Enabling SASL authentication in the SMTP client -=============================================== +Enabling SASL authentication in the Postfix SMTP client +======================================================= Turn on client-side SASL authentication, and specify a table with per-host username and password information. @@ -128,6 +144,6 @@ per-host username and password information. foo.com username:password bar.com username -The SASL password file is opened before the SMTP server enters the -optional chroot jail, so there is no need to copy the sasl_passwd -DB or DBM file into /var/spool/postfix/etc/postfix. +The SASL client password file is opened before the SMTP server +enters the optional chroot jail, so you can keep the file in +/etc/postfix. diff --git a/postfix/cleanup/cleanup_message.c b/postfix/cleanup/cleanup_message.c index c29808f00..1e5e5117d 100644 --- a/postfix/cleanup/cleanup_message.c +++ b/postfix/cleanup/cleanup_message.c @@ -358,11 +358,11 @@ static void cleanup_missing_headers(CLEANUP_STATE *state) vstring_sprintf(state->temp2, "%sFrom: %s", state->resent, vstring_str(state->temp1)); if (state->fullname && *state->fullname) { - vstring_strcat(state->temp2, " ("); - token = tok822_alloc(TOK822_COMMENT_TEXT, state->fullname); + vstring_sprintf(state->temp1, "(%s)", state->fullname); + token = tok822_parse(vstring_str(state->temp1)); + vstring_strcat(state->temp2, " "); tok822_externalize(state->temp2, token, TOK822_STR_NONE); - tok822_free(token); - vstring_strcat(state->temp2, ")"); + tok822_free_tree(token); } CLEANUP_OUT_BUF(state, REC_TYPE_NORM, state->temp2); } else if ((state->headers_seen & (1 << (state->resent[0] ? diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 34e222855..e3c05a1be 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -70,7 +70,7 @@ smtp unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local -lmtp unix - - n - - lmtp server=localhost +lmtp unix - - n - - lmtp cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} uucp unix - n n - - pipe diff --git a/postfix/conf/sample-auth.cf b/postfix/conf/sample-auth.cf index eaf66feec..e4e30d4ef 100644 --- a/postfix/conf/sample-auth.cf +++ b/postfix/conf/sample-auth.cf @@ -2,15 +2,24 @@ # HERE JUST SERVES AS AN EXAMPLE. # # This file contains example settings of Postfix configuration -# parameters that control SASL authentication. +# parameters that control SASL authentication for the Postfix +# SMTP server and client programs. # SMTP SERVER CONTROLS -# The smtpd_sasl_auth_enable parameter controls whether authentication -# is enabled in the Postfix SMTP server. +# The smtpd_sasl_auth_enable parameter controls whether SMTP client +# authentication is enabled in the Postfix SMTP server. By default, +# the Postfix SMTP server does not use authentication. # -# If a client is authenticated, then the permit_sasl_authenticated -# can be used to permit relay access. +# If an SMTP client is authenticated, then the permit_sasl_authenticated +# access restriction can be used to permit relay access, like this: +# +# smtpd_recipient_restrictions = permit_sasl_authenticated, ... +# +# To reject all SMTP connections from unauthenticated clients, +# specify smtpd_delay_reject=yes (which is the default) and use: +# +# smtpd_client_restrictions = permit_sasl_authenticated # # In order to enable server-side authentication, build Postfix with # SASL support, and install a configuration file /usr/lib/sasl/smtpd.conf @@ -19,15 +28,17 @@ # pwcheck_method: sasldb # # or whatever method is suitable for your environment: PAM, shadow, -# whatever. If you use sasldb, you can add users with the "saslpasswd" -# command that is part of the SASL library. If you use PAM, The PAM -# service name for SASL authentication is "smtp", and adding users -# depends entirely on how PAM is set up. +# etc. If you use sasldb, you can add users with the "saslpasswd" +# command that comes with the SASL library. If you configure Postfix +# to use PAM, the PAM service name for SASL authentication is "smtp", +# and adding users depends entirely on how PAM is set up. # # If you run your SMTP server chrooted, then you need to copy PAM # and/or SASL support libraries and data files into the chroot jail. +# That's a lot of files, and it seems not very practical to do so. # -smtpd_sasl_auth_enable = yes +#smtpd_sasl_auth_enable = yes +smtpd_sasl_auth_enable = no # The smtpd_sasl_security_options parameter controls what authentication # mechanisms the Postfix SMTP server will offer to the client. The @@ -43,10 +54,10 @@ smtpd_sasl_auth_enable = yes # By default, the Postfix SMTP server accepts plaintext passwords but # not anonymous logins. # -# Horror! It appears that clients try authentication methods in the -# order as advertised by the server (PLAIN ANONYMOUS CRAM-MD5 -# ...) which means that if you disable plaintext passwords, clients -# will log in anonymously even when they would be able to use CRAM-MD5. +# HORROR! It appears that clients try authentication methods in the +# order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) +# which means that if you disable plaintext passwords, clients will +# log in anonymously, even when they should be able to use CRAM-MD5. # So, if you disable plaintext logins, disable anonymous logins too. # Postfix treats anonymous login as no authentication. # @@ -56,9 +67,11 @@ smtpd_sasl_security_options = noanonymous # SMTP CLIENT CONTROLS # The smtp_sasl_auth_enable parameter controls whether authentication -# is enabled in the Postfix SMTP client. +# is enabled in the Postfix SMTP client. By default, the Postfix SMTP +# client uses no authentication. # -smtp_sasl_auth_enable = yes +#smtp_sasl_auth_enable = yes +smtp_sasl_auth_enable = no # The smtp_sasl_password_maps parameter specifies the names of lookup # tables with one username:password entry per remote hostname. If a @@ -66,7 +79,7 @@ smtp_sasl_auth_enable = yes # client will not attempt to authenticate to the remote host. # # The Postfix SMTP client opens the lookup table before going to -# chroot jail, so you can keep the password file in /etc/postfix. +# chroot jail, so you can leave the password file in /etc/postfix. # smtp_auth_passwd_map = hash:/etc/postfix/saslpass diff --git a/postfix/conf/sample-smtp.cf b/postfix/conf/sample-smtp.cf index 084c0ad6d..c0fea6563 100644 --- a/postfix/conf/sample-smtp.cf +++ b/postfix/conf/sample-smtp.cf @@ -33,6 +33,15 @@ fallback_relay = # ignore_mx_lookup_error = no +# The smtp_bind_address parameter specifies a numerical network +# address that the client should bind to when making a connection. +# This can be used in the main.cf file, or in the master.cf file, +# for example: +# +# smtp ... smtp -o smtp_bind_address=111.222.333.444 +# +#smtp_bind_address=111.222.333.444 + # The smtp_skip_4xx_greeting parameter controls what happens when # an SMTP server greets us with a 4XX status code. By default, Postfix # backs off. Specify "smtp_skip_4xx_greeting = yes" to move on the diff --git a/postfix/global/mail_conf.c b/postfix/global/mail_conf.c index bb491892c..2af13f29c 100644 --- a/postfix/global/mail_conf.c +++ b/postfix/global/mail_conf.c @@ -8,6 +8,8 @@ /* /* void mail_conf_read() /* +/* void mail_conf_suck() +/* /* void mail_conf_update(name, value) /* const char *name; /* const char *value; @@ -21,9 +23,12 @@ /* const char *mail_conf_lookup_eval(name) /* const char *name; /* DESCRIPTION -/* mail_conf_read() reads the global Postfix configuration file, and +/* mail_conf_suck() reads the global Postfix configuration file, and /* stores its values into a global configuration dictionary. /* +/* mail_conf_read() invokes mail_conf_suck() and assigns the values +/* to global variables by calling mail_params_init(). +/* /* The following routines are wrappers around the generic dictionary /* access routines. /* @@ -88,6 +93,14 @@ /* mail_conf_read - read global configuration file */ void mail_conf_read(void) +{ + mail_conf_suck(); + mail_params_init(); +} + +/* mail_conf_suck - suck in the global configuration file */ + +void mail_conf_suck(void) { char *config_dir; char *path; @@ -107,7 +120,6 @@ void mail_conf_read(void) path = concatenate(var_config_dir, "/", "main.cf", (char *) 0); dict_load_file(CONFIG_DICT, path); myfree(path); - mail_params_init(); } /* mail_conf_eval - expand macros in string */ diff --git a/postfix/global/mail_conf.h b/postfix/global/mail_conf.h index 6443ff78d..1d77f145c 100644 --- a/postfix/global/mail_conf.h +++ b/postfix/global/mail_conf.h @@ -33,6 +33,7 @@ * Basic configuration management. */ extern void mail_conf_read(void); +extern void mail_conf_suck(void); extern void mail_conf_update(const char *, const char *); extern const char *mail_conf_lookup(const char *); diff --git a/postfix/global/mail_copy.c b/postfix/global/mail_copy.c index a2e26aa86..912f1a7ee 100644 --- a/postfix/global/mail_copy.c +++ b/postfix/global/mail_copy.c @@ -136,10 +136,9 @@ int mail_copy(const char *sender, const char *delivered, quote_822_local(buf, sender); if (flags & MAIL_COPY_FROM) { time(&now); - vstream_fprintf(dst, "From %s %s", *sender == 0 ? - MAIL_ADDR_MAIL_DAEMON : - vstring_str(buf), - asctime(localtime(&now))); + vstream_fprintf(dst, "From %s %.24s%s", *sender == 0 ? + MAIL_ADDR_MAIL_DAEMON : vstring_str(buf), + asctime(localtime(&now)), eol); } if (flags & MAIL_COPY_RETURN_PATH) { vstream_fprintf(dst, "Return-Path: <%s>%s", diff --git a/postfix/global/mail_params.h b/postfix/global/mail_params.h index 29bd2d258..16eb7b5ef 100644 --- a/postfix/global/mail_params.h +++ b/postfix/global/mail_params.h @@ -609,6 +609,10 @@ extern bool var_skip_quit_resp; #define DEF_SMTP_ALWAYS_EHLO 0 extern bool var_smtp_always_ehlo; +#define VAR_SMTP_BIND_ADDR "smtp_bind_address" +#define DEF_SMTP_BIND_ADDR "" +extern char *var_smtp_bind_addr; + /* * SMTP server. The soft error limit determines how many errors an SMTP * client may make before we start to slow down; the hard error limit diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h index 81e972d26..df72da36d 100644 --- a/postfix/global/mail_version.h +++ b/postfix/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20000506" +#define DEF_MAIL_VERSION "Snapshot-20000507" extern char *var_mail_version; /* LICENSE diff --git a/postfix/global/smtp_stream.h b/postfix/global/smtp_stream.h index 296eae28a..f1f087b49 100644 --- a/postfix/global/smtp_stream.h +++ b/postfix/global/smtp_stream.h @@ -29,7 +29,6 @@ #define SMTP_ERR_EOF 1 /* unexpected client disconnect */ #define SMTP_ERR_TIME 2 /* time out */ -extern void smtp_jump_setup(VSTREAM *, jmp_buf *); extern void smtp_timeout_setup(VSTREAM *, int); extern void smtp_printf(VSTREAM *, const char *,...); extern int smtp_get(VSTRING *, VSTREAM *, int); diff --git a/postfix/html/faq.html b/postfix/html/faq.html index acad8c3af..c8c95e19b 100644 --- a/postfix/html/faq.html +++ b/postfix/html/faq.html @@ -99,7 +99,7 @@ distribution list