From: Wietse Venema Date: Sun, 20 May 2018 05:00:00 +0000 (-0500) Subject: postfix-3.4-20180520 X-Git-Tag: v3.4.0-RC1~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39cb3784c0c702c87964e52eca43d1414f660cc4;p=thirdparty%2Fpostfix.git postfix-3.4-20180520 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 85cbf711a..6796c1882 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23425,5 +23425,17 @@ Apologies for any names omitted. master/master.c, master/master_sig.c, util/killme_after.c. Documentation: document non-iterative lookup behavior - in postmap and postalias manpages. Files: postmap/postmap.c, + in postmap(1) and postalias(1) manpages. Files: postmap/postmap.c, postalias/postalias.c. + + Cleanup: the init-mode change should not forbid the combined + use of -D, -d and -w. File: master/master.c. + +20180520 + + Documentation: add backscatter remediation to the virtual(5) + and canonical(5) manpages. Files: proto/virtual, proto/canonical. + + Bugfix (introduced: 20180425): broken implementation of + voluntary dnsblog retirement after max_use*max_idle seconds. + File: master/single_server.c. diff --git a/postfix/conf/canonical b/postfix/conf/canonical index de4468687..9881f4ef8 100644 --- a/postfix/conf/canonical +++ b/postfix/conf/canonical @@ -121,13 +121,29 @@ # recipients and then tries to return that mail as # "undeliverable" to the often forged sender address. # +# To avoid backscatter with mail for a wild-card +# domain, replace the wild-card mapping with explicit +# 1:1 mappings, or add a reject_unverified_recipient +# restriction for that domain: +# +# smtpd_recipient_restrictions = +# ... +# reject_unauth_destination +# check_recipient_access +# inline:{example.com=reject_unverified_recipient} +# unverified_recipient_reject_code = 550 +# +# In the above example, Postfix may contact a remote +# server if the recipient is rewritten to a remote +# address. +# # RESULT ADDRESS REWRITING # The lookup result is subject to address rewriting: # -# o When the result has the form @otherdomain, the +# o When the result has the form @otherdomain, the # result becomes the same user in otherdomain. # -# o When "append_at_myorigin=yes", append "@$myorigin" +# o When "append_at_myorigin=yes", append "@$myorigin" # to addresses without "@domain". # # o When "append_dot_mydomain=yes", append ".$mydomain" @@ -135,86 +151,84 @@ # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order +# ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, user+foo, user, and # @domain. # -# The propagate_unmatched_extensions parameter controls -# whether an unmatched address extension (+foo) is propa- +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- # gated to the result of table lookup. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire address being looked up. Thus, user@domain mail -# addresses are not broken up into their user and @domain +# addresses are not broken up into their user and @domain # constituent parts, nor is user+foo broken up into user and # foo. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.4. # # Each lookup operation uses the entire address once. Thus, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user and @domain constituent parts, nor is user+foo broken # up into user and foo. # # Results are the same as with indexed file lookups. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant. -# The text below provides only a parameter summary. See +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See # postconf(5) for more details including examples. # -# canonical_classes -# What addresses are subject to canonical address -# mapping. +# canonical_classes (envelope_sender, envelope_recipient, +# header_sender, header_recipient) +# What addresses are subject to canonical_maps +# address mapping. # -# canonical_maps -# List of canonical mapping tables. +# canonical_maps (empty) +# Optional address mapping lookup tables for message +# headers and envelopes. # -# recipient_canonical_maps -# Address mapping lookup table for envelope and -# header recipient addresses. +# recipient_canonical_maps (empty) +# Optional address mapping lookup tables for envelope +# and header recipient addresses. # -# sender_canonical_maps -# Address mapping lookup table for envelope and -# header sender addresses. +# sender_canonical_maps (empty) +# Optional address mapping lookup tables for envelope +# and header sender addresses. # -# propagate_unmatched_extensions -# A list of address rewriting or forwarding mecha- -# nisms that propagate an address extension from the -# original address to the result. Specify zero or -# more of canonical, virtual, alias, forward, -# include, or generic. +# propagate_unmatched_extensions (canonical, virtual) +# What address lookup tables copy an address exten- +# sion from the lookup key to the lookup result. # # Other parameters of interest: # -# inet_interfaces -# The network interface addresses that this system -# receives mail on. You need to stop and start Post- -# fix when this parameter changes. +# inet_interfaces (all) +# The network interface addresses that this mail sys- +# tem receives mail on. # -# local_header_rewrite_clients +# local_header_rewrite_clients (permit_inet_interfaces) # Rewrite message header addresses in mail from these # clients and update incomplete addresses with the # domain name in $myorigin or $mydomain; either don't @@ -223,39 +237,44 @@ # addresses with the domain specified in the # remote_header_rewrite_domain parameter. # -# proxy_interfaces -# Other interfaces that this machine receives mail on -# by way of a proxy agent or network address transla- -# tor. -# -# masquerade_classes -# List of address classes subject to masquerading: -# zero or more of envelope_sender, envelope_recipi- -# ent, header_sender, header_recipient. -# -# masquerade_domains -# List of domains that hide their subdomain struc- -# ture. -# -# masquerade_exceptions -# List of user names that are not subject to address -# masquerading. -# -# mydestination -# List of domains that this mail system considers -# local. -# -# myorigin -# The domain that is appended to locally-posted mail. -# -# owner_request_special -# Give special treatment to owner-xxx and xxx-request -# addresses. -# -# remote_header_rewrite_domain -# Don't rewrite message headers from remote clients +# proxy_interfaces (empty) +# The network interface addresses that this mail sys- +# tem receives mail on by way of a proxy or network +# address translation unit. +# +# masquerade_classes (envelope_sender, header_sender, +# header_recipient) +# What addresses are subject to address masquerading. +# +# masquerade_domains (empty) +# Optional list of domains whose subdomain structure +# will be stripped off in email addresses. +# +# masquerade_exceptions (empty) +# Optional list of user names that are not subjected +# to address masquerading, even when their address +# matches $masquerade_domains. +# +# mydestination ($myhostname, localhost.$mydomain, local- +# host) +# The list of domains that are delivered via the +# $local_transport mail delivery transport. +# +# myorigin ($myhostname) +# The domain name that locally-posted mail appears to +# come from, and that locally posted mail is deliv- +# ered to. +# +# owner_request_special (yes) +# Enable special treatment for owner-listname entries +# in the aliases(5) file, and don't split owner-list- +# name and listname-request address localparts when +# the recipient_delimiter is set to "-". +# +# remote_header_rewrite_domain (empty) +# Don't rewrite message headers from remote clients # at all when this parameter is empty; otherwise, re- -# write message headers and append the specified +# write message headers and append the specified # domain name to incomplete addresses. # # SEE ALSO @@ -265,13 +284,13 @@ # virtual(5), virtual aliasing # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # ADDRESS_REWRITING_README, address rewriting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/virtual b/postfix/conf/virtual index d2d551aec..da9cd655c 100644 --- a/postfix/conf/virtual +++ b/postfix/conf/virtual @@ -117,15 +117,31 @@ # that mail as "undeliverable" to the often forged # sender address. # +# To avoid backscatter with mail for a wild-card +# domain, replace the wild-card mapping with explicit +# 1:1 mappings, or add a reject_unverified_recipient +# restriction for that domain: +# +# smtpd_recipient_restrictions = +# ... +# reject_unauth_destination +# check_recipient_access +# inline:{example.com=reject_unverified_recipient} +# unverified_recipient_reject_code = 550 +# +# In the above example, Postfix may contact a remote +# server if the recipient is aliased to a remote +# address. +# # RESULT ADDRESS REWRITING # The lookup result is subject to address rewriting: # -# o When the result has the form @otherdomain, the -# result becomes the same user in otherdomain. This +# o When the result has the form @otherdomain, the +# result becomes the same user in otherdomain. This # works only for the first address in a multi-address # lookup result. # -# o When "append_at_myorigin=yes", append "@$myorigin" +# o When "append_at_myorigin=yes", append "@$myorigin" # to addresses without "@domain". # # o When "append_dot_mydomain=yes", append ".$mydomain" @@ -133,29 +149,29 @@ # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order +# ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, user+foo, user, and # @domain. # -# The propagate_unmatched_extensions parameter controls -# whether an unmatched address extension (+foo) is propa- +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- # gated to the result of table lookup. # # VIRTUAL ALIAS DOMAINS -# Besides virtual aliases, the virtual alias table can also +# Besides virtual aliases, the virtual alias table can also # be used to implement virtual alias domains. With a virtual -# alias domain, all recipient addresses are aliased to +# alias domain, all recipient addresses are aliased to # addresses in other domains. # # Virtual alias domains are not to be confused with the vir- # tual mailbox domains that are implemented with the Postfix # virtual(8) mail delivery agent. With virtual mailbox -# domains, each recipient address can have its own mailbox. +# domains, each recipient address can have its own mailbox. # -# With a virtual alias domain, the virtual domain has its -# own user name space. Local (i.e. non-virtual) usernames -# are not visible in a virtual alias domain. In particular, -# local aliases(5) and local mailing lists are not visible +# With a virtual alias domain, the virtual domain has its +# own user name space. Local (i.e. non-virtual) usernames +# are not visible in a virtual alias domain. In particular, +# local aliases(5) and local mailing lists are not visible # as localname@virtual-alias.domain. # # Support for a virtual alias domain looks like: @@ -164,7 +180,7 @@ # virtual_alias_maps = hash:/etc/postfix/virtual # # Note: some systems use dbm databases instead of hash. See -# the output from "postconf -m" for available database +# the output from "postconf -m" for available database # types. # # /etc/postfix/virtual: @@ -173,105 +189,109 @@ # user1@virtual-alias.domain address1 # user2@virtual-alias.domain address2, address3 # -# The virtual-alias.domain anything entry is required for a +# The virtual-alias.domain anything entry is required for a # virtual alias domain. Without this entry, mail is rejected -# with "relay access denied", or bounces with "mail loops +# with "relay access denied", or bounces with "mail loops # back to myself". # -# Do not specify virtual alias domain names in the main.cf +# Do not specify virtual alias domain names in the main.cf # mydestination or relay_domains configuration parameters. # -# With a virtual alias domain, the Postfix SMTP server -# accepts mail for known-user@virtual-alias.domain, and -# rejects mail for unknown-user@virtual-alias.domain as +# With a virtual alias domain, the Postfix SMTP server +# accepts mail for known-user@virtual-alias.domain, and +# rejects mail for unknown-user@virtual-alias.domain as # undeliverable. # -# Instead of specifying the virtual alias domain name via -# the virtual_alias_maps table, you may also specify it via +# Instead of specifying the virtual alias domain name via +# the virtual_alias_maps table, you may also specify it via # the main.cf virtual_alias_domains configuration parameter. -# This latter parameter uses the same syntax as the main.cf +# This latter parameter uses the same syntax as the main.cf # mydestination configuration parameter. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire address being looked up. Thus, user@domain mail -# addresses are not broken up into their user and @domain +# addresses are not broken up into their user and @domain # constituent parts, nor is user+foo broken up into user and # foo. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.4. # # Each lookup operation uses the entire address once. Thus, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user and @domain constituent parts, nor is user+foo broken # up into user and foo. # # Results are the same as with indexed file lookups. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant -# to this topic. See the Postfix main.cf file for syntax -# details and for default values. Use the "postfix reload" +# The following main.cf parameters are especially relevant +# to this topic. See the Postfix main.cf file for syntax +# details and for default values. Use the "postfix reload" # command after a configuration change. # -# virtual_alias_maps -# List of virtual aliasing tables. +# virtual_alias_maps ($virtual_maps) +# Optional lookup tables that alias specific mail +# addresses or domains to other local or remote +# address. # -# virtual_alias_domains -# List of virtual alias domains. This uses the same -# syntax as the mydestination parameter. +# virtual_alias_domains ($virtual_alias_maps) +# Postfix is final destination for the specified list +# of virtual alias domains, that is, domains for +# which all addresses are aliased to addresses in +# other local or remote domains. # -# propagate_unmatched_extensions -# A list of address rewriting or forwarding mecha- -# nisms that propagate an address extension from the -# original address to the result. Specify zero or -# more of canonical, virtual, alias, forward, -# include, or generic. +# propagate_unmatched_extensions (canonical, virtual) +# What address lookup tables copy an address exten- +# sion from the lookup key to the lookup result. # # Other parameters of interest: # -# inet_interfaces -# The network interface addresses that this system -# receives mail on. You need to stop and start Post- -# fix when this parameter changes. -# -# mydestination -# List of domains that this mail system considers -# local. -# -# myorigin -# The domain that is appended to any address that -# does not have a domain. -# -# owner_request_special -# Give special treatment to owner-xxx and xxx-request -# addresses. -# -# proxy_interfaces -# Other interfaces that this machine receives mail on -# by way of a proxy agent or network address transla- -# tor. +# inet_interfaces (all) +# The network interface addresses that this mail sys- +# tem receives mail on. +# +# mydestination ($myhostname, localhost.$mydomain, local- +# host) +# The list of domains that are delivered via the +# $local_transport mail delivery transport. +# +# myorigin ($myhostname) +# The domain name that locally-posted mail appears to +# come from, and that locally posted mail is deliv- +# ered to. +# +# owner_request_special (yes) +# Enable special treatment for owner-listname entries +# in the aliases(5) file, and don't split owner-list- +# name and listname-request address localparts when +# the recipient_delimiter is set to "-". +# +# proxy_interfaces (empty) +# The network interface addresses that this mail sys- +# tem receives mail on by way of a proxy or network +# address translation unit. # # SEE ALSO # cleanup(8), canonicalize and enqueue mail diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html index fed1cb60b..c54dc0962 100644 --- a/postfix/html/canonical.5.html +++ b/postfix/html/canonical.5.html @@ -115,13 +115,27 @@ CANONICAL(5) CANONICAL(5) and then tries to return that mail as "undeliverable" to the often forged sender address. + To avoid backscatter with mail for a wild-card domain, replace + the wild-card mapping with explicit 1:1 mappings, or add a + reject_unverified_recipient restriction for that domain: + + smtpd_recipient_restrictions = + ... + reject_unauth_destination + check_recipient_access + inline:{example.com=reject_unverified_recipient} + unverified_recipient_reject_code = 550 + + In the above example, Postfix may contact a remote server if the + recipient is rewritten to a remote address. + RESULT ADDRESS REWRITING The lookup result is subject to address rewriting: - o When the result has the form @otherdomain, the result becomes + o When the result has the form @otherdomain, the result becomes the same user in otherdomain. - o When "append_at_myorigin=yes", append "@$myorigin" to addresses + o When "append_at_myorigin=yes", append "@$myorigin" to addresses without "@domain". o When "append_dot_mydomain=yes", append ".$mydomain" to addresses @@ -129,38 +143,38 @@ CANONICAL(5) CANONICAL(5) ADDRESS EXTENSION When a mail address localpart contains the optional recipient delimiter - (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, + (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls whether an + The propagate_unmatched_extensions parameter controls whether an unmatched address extension (+foo) is propagated to the result of table lookup. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when the table is - given in the form of regular expressions. For a description of regular + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to the entire - address being looked up. Thus, user@domain mail addresses are not bro- - ken up into their user and @domain constituent parts, nor is user+foo + Each pattern is a regular expression that is applied to the entire + address being looked up. Thus, user@domain mail addresses are not bro- + ken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the table, until a + Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with the additional - feature that parenthesized substrings from the pattern can be interpo- + Results are the same as with indexed file lookups, with the additional + feature that parenthesized substrings from the pattern can be interpo- lated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when lookups are - directed to a TCP-based server. For a description of the TCP - client/server lookup protocol, see tcp_table(5). This feature is not + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not available up to and including Postfix version 2.4. - Each lookup operation uses the entire address once. Thus, user@domain - mail addresses are not broken up into their user and @domain con- + Each lookup operation uses the entire address once. Thus, user@domain + mail addresses are not broken up into their user and @domain con- stituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. @@ -169,70 +183,75 @@ CANONICAL(5) CANONICAL(5) The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. The text - below provides only a parameter summary. See postconf(5) for more + The following main.cf parameters are especially relevant. The text + below provides only a parameter summary. See postconf(5) for more details including examples. - canonical_classes - What addresses are subject to canonical address mapping. + canonical_classes (envelope_sender, envelope_recipient, header_sender, + header_recipient) + What addresses are subject to canonical_maps address mapping. - canonical_maps - List of canonical mapping tables. + canonical_maps (empty) + Optional address mapping lookup tables for message headers and + envelopes. - recipient_canonical_maps - Address mapping lookup table for envelope and header recipient - addresses. + recipient_canonical_maps (empty) + Optional address mapping lookup tables for envelope and header + recipient addresses. - sender_canonical_maps - Address mapping lookup table for envelope and header sender - addresses. + sender_canonical_maps (empty) + Optional address mapping lookup tables for envelope and header + sender addresses. - propagate_unmatched_extensions - A list of address rewriting or forwarding mechanisms that propa- - gate an address extension from the original address to the - result. Specify zero or more of canonical, virtual, alias, for- - ward, include, or generic. + propagate_unmatched_extensions (canonical, virtual) + What address lookup tables copy an address extension from the + lookup key to the lookup result. Other parameters of interest: - inet_interfaces - The network interface addresses that this system receives mail - on. You need to stop and start Postfix when this parameter - changes. + inet_interfaces (all) + The network interface addresses that this mail system receives + mail on. - local_header_rewrite_clients - Rewrite message header addresses in mail from these clients and + local_header_rewrite_clients (permit_inet_interfaces) + Rewrite message header addresses in mail from these clients and update incomplete addresses with the domain name in $myorigin or - $mydomain; either don't rewrite message headers from other + $mydomain; either don't rewrite message headers from other clients at all, or rewrite message headers and update incomplete - addresses with the domain specified in the remote_header_re- + addresses with the domain specified in the remote_header_re- write_domain parameter. - proxy_interfaces - Other interfaces that this machine receives mail on by way of a - proxy agent or network address translator. + proxy_interfaces (empty) + The network interface addresses that this mail system receives + mail on by way of a proxy or network address translation unit. - masquerade_classes - List of address classes subject to masquerading: zero or more of - envelope_sender, envelope_recipient, header_sender, - header_recipient. + masquerade_classes (envelope_sender, header_sender, header_recipient) + What addresses are subject to address masquerading. - masquerade_domains - List of domains that hide their subdomain structure. + masquerade_domains (empty) + Optional list of domains whose subdomain structure will be + stripped off in email addresses. - masquerade_exceptions - List of user names that are not subject to address masquerading. + masquerade_exceptions (empty) + Optional list of user names that are not subjected to address + masquerading, even when their address matches $masquer- + ade_domains. - mydestination - List of domains that this mail system considers local. + mydestination ($myhostname, localhost.$mydomain, localhost) + The list of domains that are delivered via the $local_transport + mail delivery transport. - myorigin - The domain that is appended to locally-posted mail. + myorigin ($myhostname) + The domain name that locally-posted mail appears to come from, + and that locally posted mail is delivered to. - owner_request_special - Give special treatment to owner-xxx and xxx-request addresses. + owner_request_special (yes) + Enable special treatment for owner-listname entries in the + aliases(5) file, and don't split owner-listname and list- + name-request address localparts when the recipient_delimiter is + set to "-". - remote_header_rewrite_domain + remote_header_rewrite_domain (empty) Don't rewrite message headers from remote clients at all when this parameter is empty; otherwise, rewrite message headers and append the specified domain name to incomplete addresses. diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index aa0b9f30d..97e7e5e3e 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -107,14 +107,28 @@ VIRTUAL(5) VIRTUAL(5) non-existent recipients and then tries to return that mail as "undeliverable" to the often forged sender address. + To avoid backscatter with mail for a wild-card domain, replace + the wild-card mapping with explicit 1:1 mappings, or add a + reject_unverified_recipient restriction for that domain: + + smtpd_recipient_restrictions = + ... + reject_unauth_destination + check_recipient_access + inline:{example.com=reject_unverified_recipient} + unverified_recipient_reject_code = 550 + + In the above example, Postfix may contact a remote server if the + recipient is aliased to a remote address. + RESULT ADDRESS REWRITING The lookup result is subject to address rewriting: - o When the result has the form @otherdomain, the result becomes - the same user in otherdomain. This works only for the first + o When the result has the form @otherdomain, the result becomes + the same user in otherdomain. This works only for the first address in a multi-address lookup result. - o When "append_at_myorigin=yes", append "@$myorigin" to addresses + o When "append_at_myorigin=yes", append "@$myorigin" to addresses without "@domain". o When "append_dot_mydomain=yes", append ".$mydomain" to addresses @@ -122,26 +136,26 @@ VIRTUAL(5) VIRTUAL(5) ADDRESS EXTENSION When a mail address localpart contains the optional recipient delimiter - (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, + (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls whether an + The propagate_unmatched_extensions parameter controls whether an unmatched address extension (+foo) is propagated to the result of table lookup. VIRTUAL ALIAS DOMAINS - Besides virtual aliases, the virtual alias table can also be used to - implement virtual alias domains. With a virtual alias domain, all + Besides virtual aliases, the virtual alias table can also be used to + implement virtual alias domains. With a virtual alias domain, all recipient addresses are aliased to addresses in other domains. - Virtual alias domains are not to be confused with the virtual mailbox - domains that are implemented with the Postfix virtual(8) mail delivery - agent. With virtual mailbox domains, each recipient address can have + Virtual alias domains are not to be confused with the virtual mailbox + domains that are implemented with the Postfix virtual(8) mail delivery + agent. With virtual mailbox domains, each recipient address can have its own mailbox. - With a virtual alias domain, the virtual domain has its own user name - space. Local (i.e. non-virtual) usernames are not visible in a virtual - alias domain. In particular, local aliases(5) and local mailing lists + With a virtual alias domain, the virtual domain has its own user name + space. Local (i.e. non-virtual) usernames are not visible in a virtual + alias domain. In particular, local aliases(5) and local mailing lists are not visible as localname@virtual-alias.domain. Support for a virtual alias domain looks like: @@ -149,7 +163,7 @@ VIRTUAL(5) VIRTUAL(5) /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual - Note: some systems use dbm databases instead of hash. See the output + Note: some systems use dbm databases instead of hash. See the output from "postconf -m" for available database types. /etc/postfix/virtual: @@ -159,46 +173,46 @@ VIRTUAL(5) VIRTUAL(5) user2@virtual-alias.domain address2, address3 The virtual-alias.domain anything entry is required for a virtual alias - domain. Without this entry, mail is rejected with "relay access + domain. Without this entry, mail is rejected with "relay access denied", or bounces with "mail loops back to myself". - Do not specify virtual alias domain names in the main.cf mydestination + Do not specify virtual alias domain names in the main.cf mydestination or relay_domains configuration parameters. - With a virtual alias domain, the Postfix SMTP server accepts mail for + With a virtual alias domain, the Postfix SMTP server accepts mail for known-user@virtual-alias.domain, and rejects mail for unknown-user@vir- tual-alias.domain as undeliverable. - Instead of specifying the virtual alias domain name via the vir- - tual_alias_maps table, you may also specify it via the main.cf vir- + Instead of specifying the virtual alias domain name via the vir- + tual_alias_maps table, you may also specify it via the main.cf vir- tual_alias_domains configuration parameter. This latter parameter uses the same syntax as the main.cf mydestination configuration parameter. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when the table is - given in the form of regular expressions. For a description of regular + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to the entire - address being looked up. Thus, user@domain mail addresses are not bro- - ken up into their user and @domain constituent parts, nor is user+foo + Each pattern is a regular expression that is applied to the entire + address being looked up. Thus, user@domain mail addresses are not bro- + ken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the table, until a + Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with the additional - feature that parenthesized substrings from the pattern can be interpo- + Results are the same as with indexed file lookups, with the additional + feature that parenthesized substrings from the pattern can be interpo- lated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when lookups are - directed to a TCP-based server. For a description of the TCP - client/server lookup protocol, see tcp_table(5). This feature is not + This section describes how the table lookups change when lookups are + directed to a TCP-based server. For a description of the TCP + client/server lookup protocol, see tcp_table(5). This feature is not available up to and including Postfix version 2.4. - Each lookup operation uses the entire address once. Thus, user@domain - mail addresses are not broken up into their user and @domain con- + Each lookup operation uses the entire address once. Thus, user@domain + mail addresses are not broken up into their user and @domain con- stituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. @@ -211,39 +225,42 @@ VIRTUAL(5) VIRTUAL(5) See the Postfix main.cf file for syntax details and for default values. Use the "postfix reload" command after a configuration change. - virtual_alias_maps - List of virtual aliasing tables. + virtual_alias_maps ($virtual_maps) + Optional lookup tables that alias specific mail addresses or + domains to other local or remote address. - virtual_alias_domains - List of virtual alias domains. This uses the same syntax as the - mydestination parameter. + virtual_alias_domains ($virtual_alias_maps) + Postfix is final destination for the specified list of virtual + alias domains, that is, domains for which all addresses are + aliased to addresses in other local or remote domains. - propagate_unmatched_extensions - A list of address rewriting or forwarding mechanisms that propa- - gate an address extension from the original address to the - result. Specify zero or more of canonical, virtual, alias, for- - ward, include, or generic. + propagate_unmatched_extensions (canonical, virtual) + What address lookup tables copy an address extension from the + lookup key to the lookup result. Other parameters of interest: - inet_interfaces - The network interface addresses that this system receives mail - on. You need to stop and start Postfix when this parameter - changes. + inet_interfaces (all) + The network interface addresses that this mail system receives + mail on. - mydestination - List of domains that this mail system considers local. + mydestination ($myhostname, localhost.$mydomain, localhost) + The list of domains that are delivered via the $local_transport + mail delivery transport. - myorigin - The domain that is appended to any address that does not have a - domain. + myorigin ($myhostname) + The domain name that locally-posted mail appears to come from, + and that locally posted mail is delivered to. - owner_request_special - Give special treatment to owner-xxx and xxx-request addresses. + owner_request_special (yes) + Enable special treatment for owner-listname entries in the + aliases(5) file, and don't split owner-listname and list- + name-request address localparts when the recipient_delimiter is + set to "-". - proxy_interfaces - Other interfaces that this machine receives mail on by way of a - proxy agent or network address translator. + proxy_interfaces (empty) + The network interface addresses that this mail system receives + mail on by way of a proxy or network address translation unit. SEE ALSO cleanup(8), canonicalize and enqueue mail diff --git a/postfix/man/man5/canonical.5 b/postfix/man/man5/canonical.5 index 280ba0121..f467ad42c 100644 --- a/postfix/man/man5/canonical.5 +++ b/postfix/man/man5/canonical.5 @@ -120,6 +120,23 @@ that recipient exists. This may turn your mail system into a backscatter source: Postfix first accepts mail for non\-existent recipients and then tries to return that mail as "undeliverable" to the often forged sender address. +.sp +To avoid backscatter with mail for a wild\-card domain, +replace the wild\-card mapping with explicit 1:1 mappings, +or add a reject_unverified_recipient restriction for that +domain: + +.nf + smtpd_recipient_restrictions = + ... + reject_unauth_destination + check_recipient_access + inline:{example.com=reject_unverified_recipient} + unverified_recipient_reject_code = 550 +.fi + +In the above example, Postfix may contact a remote server +if the recipient is rewritten to a remote address. .SH "RESULT ADDRESS REWRITING" .na .nf @@ -197,56 +214,58 @@ The table format does not understand quoting conventions. The following \fBmain.cf\fR parameters are especially relevant. The text below provides only a parameter summary. See \fBpostconf\fR(5) for more details including examples. -.IP \fBcanonical_classes\fR -What addresses are subject to canonical address mapping. -.IP \fBcanonical_maps\fR -List of canonical mapping tables. -.IP \fBrecipient_canonical_maps\fR -Address mapping lookup table for envelope and header recipient -addresses. -.IP \fBsender_canonical_maps\fR -Address mapping lookup table for envelope and header sender -addresses. -.IP \fBpropagate_unmatched_extensions\fR -A list of address rewriting or forwarding mechanisms that propagate -an address extension from the original address to the result. -Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, -\fBforward\fR, \fBinclude\fR, or \fBgeneric\fR. +.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR" +What addresses are subject to canonical_maps address mapping. +.IP "\fBcanonical_maps (empty)\fR" +Optional address mapping lookup tables for message headers and +envelopes. +.IP "\fBrecipient_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +recipient addresses. +.IP "\fBsender_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +sender addresses. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. .PP Other parameters of interest: -.IP \fBinet_interfaces\fR -The network interface addresses that this system receives mail on. -You need to stop and start Postfix when this parameter changes. -.IP \fBlocal_header_rewrite_clients\fR -Rewrite message header addresses in mail from these clients -and update incomplete addresses with the domain name in -$myorigin or $mydomain; either don't rewrite message headers -from other clients at all, or rewrite message headers and -update incomplete addresses with the domain specified in -the remote_header_rewrite_domain parameter. -.IP \fBproxy_interfaces\fR -Other interfaces that this machine receives mail on by way of a -proxy agent or network address translator. -.IP \fBmasquerade_classes\fR -List of address classes subject to masquerading: zero or more of -\fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR, -\fBheader_recipient\fR. -.IP \fBmasquerade_domains\fR -List of domains that hide their subdomain structure. -.IP \fBmasquerade_exceptions\fR -List of user names that are not subject to address masquerading. -.IP \fBmydestination\fR -List of domains that this mail system considers local. -.IP \fBmyorigin\fR -The domain that is appended to locally\-posted mail. -.IP \fBowner_request_special\fR -Give special treatment to \fBowner\-\fIxxx\fR and \fIxxx\fB\-request\fR -addresses. -.IP \fBremote_header_rewrite_domain\fR -Don't rewrite message headers from remote clients at all -when this parameter is empty; otherwise, rewrite message -headers and append the specified domain name to incomplete -addresses. +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" +Rewrite message header addresses in mail from these clients and +update incomplete addresses with the domain name in $myorigin or +$mydomain; either don't rewrite message headers from other clients +at all, or rewrite message headers and update incomplete addresses +with the domain specified in the remote_header_rewrite_domain +parameter. +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR" +What addresses are subject to address masquerading. +.IP "\fBmasquerade_domains (empty)\fR" +Optional list of domains whose subdomain structure will be stripped +off in email addresses. +.IP "\fBmasquerade_exceptions (empty)\fR" +Optional list of user names that are not subjected to address +masquerading, even when their address matches $masquerade_domains. +.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +The list of domains that are delivered via the $local_transport +mail delivery transport. +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.IP "\fBremote_header_rewrite_domain (empty)\fR" +Don't rewrite message headers from remote clients at all when +this parameter is empty; otherwise, rewrite message headers and +append the specified domain name to incomplete addresses. .SH "SEE ALSO" .na .nf diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5 index cb6062ccc..74fbcef75 100644 --- a/postfix/man/man5/virtual.5 +++ b/postfix/man/man5/virtual.5 @@ -115,6 +115,23 @@ that recipient exists. This may turn your mail system into a backscatter source: Postfix first accepts mail for non\-existent recipients and then tries to return that mail as "undeliverable" to the often forged sender address. +.sp +To avoid backscatter with mail for a wild\-card domain, +replace the wild\-card mapping with explicit 1:1 mappings, +or add a reject_unverified_recipient restriction for that +domain: + +.nf + smtpd_recipient_restrictions = + ... + reject_unauth_destination + check_recipient_access + inline:{example.com=reject_unverified_recipient} + unverified_recipient_reject_code = 550 +.fi + +In the above example, Postfix may contact a remote server +if the recipient is aliased to a remote address. .SH "RESULT ADDRESS REWRITING" .na .nf @@ -250,31 +267,35 @@ The following \fBmain.cf\fR parameters are especially relevant to this topic. See the Postfix \fBmain.cf\fR file for syntax details and for default values. Use the "\fBpostfix reload\fR" command after a configuration change. -.IP \fBvirtual_alias_maps\fR -List of virtual aliasing tables. -.IP \fBvirtual_alias_domains\fR -List of virtual alias domains. This uses the same syntax -as the \fBmydestination\fR parameter. -.IP \fBpropagate_unmatched_extensions\fR -A list of address rewriting or forwarding mechanisms that propagate -an address extension from the original address to the result. -Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, -\fBforward\fR, \fBinclude\fR, or \fBgeneric\fR. +.IP "\fBvirtual_alias_maps ($virtual_maps)\fR" +Optional lookup tables that alias specific mail addresses or domains +to other local or remote address. +.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" +Postfix is final destination for the specified list of virtual +alias domains, that is, domains for which all addresses are aliased +to addresses in other local or remote domains. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. .PP Other parameters of interest: -.IP \fBinet_interfaces\fR -The network interface addresses that this system receives mail on. -You need to stop and start Postfix when this parameter changes. -.IP \fBmydestination\fR -List of domains that this mail system considers local. -.IP \fBmyorigin\fR -The domain that is appended to any address that does not have a domain. -.IP \fBowner_request_special\fR -Give special treatment to \fBowner\-\fIxxx\fR and \fIxxx\fB\-request\fR -addresses. -.IP \fBproxy_interfaces\fR -Other interfaces that this machine receives mail on by way of a -proxy agent or network address translator. +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +The list of domains that are delivered via the $local_transport +mail delivery transport. +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. .SH "SEE ALSO" .na .nf diff --git a/postfix/proto/canonical b/postfix/proto/canonical index 1ce205041..de9e19143 100644 --- a/postfix/proto/canonical +++ b/postfix/proto/canonical @@ -108,6 +108,23 @@ # a backscatter source: Postfix first accepts mail for # non-existent recipients and then tries to return that mail # as "undeliverable" to the often forged sender address. +# .sp +# To avoid backscatter with mail for a wild-card domain, +# replace the wild-card mapping with explicit 1:1 mappings, +# or add a reject_unverified_recipient restriction for that +# domain: +# +# .nf +# smtpd_recipient_restrictions = +# ... +# reject_unauth_destination +# check_recipient_access +# inline:{example.com=reject_unverified_recipient} +# unverified_recipient_reject_code = 550 +# .fi +# +# In the above example, Postfix may contact a remote server +# if the recipient is rewritten to a remote address. # RESULT ADDRESS REWRITING # .ad # .fi @@ -173,56 +190,58 @@ # The following \fBmain.cf\fR parameters are especially relevant. # The text below provides only a parameter summary. See # \fBpostconf\fR(5) for more details including examples. -# .IP \fBcanonical_classes\fR -# What addresses are subject to canonical address mapping. -# .IP \fBcanonical_maps\fR -# List of canonical mapping tables. -# .IP \fBrecipient_canonical_maps\fR -# Address mapping lookup table for envelope and header recipient -# addresses. -# .IP \fBsender_canonical_maps\fR -# Address mapping lookup table for envelope and header sender -# addresses. -# .IP \fBpropagate_unmatched_extensions\fR -# A list of address rewriting or forwarding mechanisms that propagate -# an address extension from the original address to the result. -# Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, -# \fBforward\fR, \fBinclude\fR, or \fBgeneric\fR. +# .IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR" +# What addresses are subject to canonical_maps address mapping. +# .IP "\fBcanonical_maps (empty)\fR" +# Optional address mapping lookup tables for message headers and +# envelopes. +# .IP "\fBrecipient_canonical_maps (empty)\fR" +# Optional address mapping lookup tables for envelope and header +# recipient addresses. +# .IP "\fBsender_canonical_maps (empty)\fR" +# Optional address mapping lookup tables for envelope and header +# sender addresses. +# .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +# What address lookup tables copy an address extension from the lookup +# key to the lookup result. # .PP # Other parameters of interest: -# .IP \fBinet_interfaces\fR -# The network interface addresses that this system receives mail on. -# You need to stop and start Postfix when this parameter changes. -# .IP \fBlocal_header_rewrite_clients\fR -# Rewrite message header addresses in mail from these clients -# and update incomplete addresses with the domain name in -# $myorigin or $mydomain; either don't rewrite message headers -# from other clients at all, or rewrite message headers and -# update incomplete addresses with the domain specified in -# the remote_header_rewrite_domain parameter. -# .IP \fBproxy_interfaces\fR -# Other interfaces that this machine receives mail on by way of a -# proxy agent or network address translator. -# .IP \fBmasquerade_classes\fR -# List of address classes subject to masquerading: zero or more of -# \fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR, -# \fBheader_recipient\fR. -# .IP \fBmasquerade_domains\fR -# List of domains that hide their subdomain structure. -# .IP \fBmasquerade_exceptions\fR -# List of user names that are not subject to address masquerading. -# .IP \fBmydestination\fR -# List of domains that this mail system considers local. -# .IP \fBmyorigin\fR -# The domain that is appended to locally-posted mail. -# .IP \fBowner_request_special\fR -# Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR -# addresses. -# .IP \fBremote_header_rewrite_domain\fR -# Don't rewrite message headers from remote clients at all -# when this parameter is empty; otherwise, rewrite message -# headers and append the specified domain name to incomplete -# addresses. +# .IP "\fBinet_interfaces (all)\fR" +# The network interface addresses that this mail system receives +# mail on. +# .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" +# Rewrite message header addresses in mail from these clients and +# update incomplete addresses with the domain name in $myorigin or +# $mydomain; either don't rewrite message headers from other clients +# at all, or rewrite message headers and update incomplete addresses +# with the domain specified in the remote_header_rewrite_domain +# parameter. +# .IP "\fBproxy_interfaces (empty)\fR" +# The network interface addresses that this mail system receives mail +# on by way of a proxy or network address translation unit. +# .IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR" +# What addresses are subject to address masquerading. +# .IP "\fBmasquerade_domains (empty)\fR" +# Optional list of domains whose subdomain structure will be stripped +# off in email addresses. +# .IP "\fBmasquerade_exceptions (empty)\fR" +# Optional list of user names that are not subjected to address +# masquerading, even when their address matches $masquerade_domains. +# .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +# The list of domains that are delivered via the $local_transport +# mail delivery transport. +# .IP "\fBmyorigin ($myhostname)\fR" +# The domain name that locally-posted mail appears to come +# from, and that locally posted mail is delivered to. +# .IP "\fBowner_request_special (yes)\fR" +# Enable special treatment for owner-\fIlistname\fR entries in the +# \fBaliases\fR(5) file, and don't split owner-\fIlistname\fR and +# \fIlistname\fR-request address localparts when the recipient_delimiter +# is set to "-". +# .IP "\fBremote_header_rewrite_domain (empty)\fR" +# Don't rewrite message headers from remote clients at all when +# this parameter is empty; otherwise, rewrite message headers and +# append the specified domain name to incomplete addresses. # SEE ALSO # cleanup(8), canonicalize and enqueue mail # postmap(1), Postfix lookup table manager diff --git a/postfix/proto/virtual b/postfix/proto/virtual index 3b3ffdaaf..8f047322f 100644 --- a/postfix/proto/virtual +++ b/postfix/proto/virtual @@ -103,6 +103,23 @@ # a backscatter source: Postfix first accepts mail for # non-existent recipients and then tries to return that mail # as "undeliverable" to the often forged sender address. +# .sp +# To avoid backscatter with mail for a wild-card domain, +# replace the wild-card mapping with explicit 1:1 mappings, +# or add a reject_unverified_recipient restriction for that +# domain: +# +# .nf +# smtpd_recipient_restrictions = +# ... +# reject_unauth_destination +# check_recipient_access +# inline:{example.com=reject_unverified_recipient} +# unverified_recipient_reject_code = 550 +#.fi +# +# In the above example, Postfix may contact a remote server +# if the recipient is aliased to a remote address. # RESULT ADDRESS REWRITING # .ad # .fi @@ -224,31 +241,35 @@ # this topic. See the Postfix \fBmain.cf\fR file for syntax details # and for default values. Use the "\fBpostfix reload\fR" command after # a configuration change. -# .IP \fBvirtual_alias_maps\fR -# List of virtual aliasing tables. -# .IP \fBvirtual_alias_domains\fR -# List of virtual alias domains. This uses the same syntax -# as the \fBmydestination\fR parameter. -# .IP \fBpropagate_unmatched_extensions\fR -# A list of address rewriting or forwarding mechanisms that propagate -# an address extension from the original address to the result. -# Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, -# \fBforward\fR, \fBinclude\fR, or \fBgeneric\fR. +# .IP "\fBvirtual_alias_maps ($virtual_maps)\fR" +# Optional lookup tables that alias specific mail addresses or domains +# to other local or remote address. +# .IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" +# Postfix is final destination for the specified list of virtual +# alias domains, that is, domains for which all addresses are aliased +# to addresses in other local or remote domains. +# .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +# What address lookup tables copy an address extension from the lookup +# key to the lookup result. # .PP # Other parameters of interest: -# .IP \fBinet_interfaces\fR -# The network interface addresses that this system receives mail on. -# You need to stop and start Postfix when this parameter changes. -# .IP \fBmydestination\fR -# List of domains that this mail system considers local. -# .IP \fBmyorigin\fR -# The domain that is appended to any address that does not have a domain. -# .IP \fBowner_request_special\fR -# Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR -# addresses. -# .IP \fBproxy_interfaces\fR -# Other interfaces that this machine receives mail on by way of a -# proxy agent or network address translator. +# .IP "\fBinet_interfaces (all)\fR" +# The network interface addresses that this mail system receives +# mail on. +# .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +# The list of domains that are delivered via the $local_transport +# mail delivery transport. +# .IP "\fBmyorigin ($myhostname)\fR" +# The domain name that locally-posted mail appears to come +# from, and that locally posted mail is delivered to. +# .IP "\fBowner_request_special (yes)\fR" +# Enable special treatment for owner-\fIlistname\fR entries in the +# \fBaliases\fR(5) file, and don't split owner-\fIlistname\fR and +# \fIlistname\fR-request address localparts when the recipient_delimiter +# is set to "-". +# .IP "\fBproxy_interfaces (empty)\fR" +# The network interface addresses that this mail system receives mail +# on by way of a proxy or network address translation unit. # SEE ALSO # cleanup(8), canonicalize and enqueue mail # postmap(1), Postfix lookup table manager diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4759f203d..c639a831c 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20180519" +#define MAIL_RELEASE_DATE "20180520" #define MAIL_VERSION_NUMBER "3.4" #ifdef SNAPSHOT diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index 37835f0aa..4d77f1041 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -387,8 +387,8 @@ int main(int argc, char **argv) */ if (test_lock && wait_flag) msg_fatal("the -t and -w options cannot be used together"); - if (init_mode + debug_me + !master_detach + wait_flag > 1) - msg_fatal("specify one of -i, -D, -d, or -w"); + if (init_mode && (debug_me || !master_detach || wait_flag)) + msg_fatal("the -i option cannot be used with -D, -d, or -w"); /* * Run a foreground monitor process that returns an exit status of 0 when diff --git a/postfix/src/master/single_server.c b/postfix/src/master/single_server.c index 1d174b192..3562e7b14 100644 --- a/postfix/src/master/single_server.c +++ b/postfix/src/master/single_server.c @@ -668,7 +668,11 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...) bounce_client_init(dsn_filter_title, *dsn_filter_maps); break; case MAIL_SERVER_RETIRE_ME: - retire_me = 1; + if (var_idle_limit == 0 || var_use_limit == 0 + || var_idle_limit > 86400 / var_use_limit) + retire_me = 86400; + else + retire_me = var_idle_limit * var_use_limit; break; default: msg_panic("%s: unknown argument type: %d", myname, key); @@ -787,9 +791,7 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...) if (var_idle_limit > 0) event_request_timer(single_server_timeout, (void *) 0, var_idle_limit); if (retire_me) - event_request_timer(single_server_retire, (void *) 0, - var_idle_limit > INT_MAX / var_use_limit ? - INT_MAX : var_idle_limit * var_use_limit); + event_request_timer(single_server_retire, (void *) 0, retire_me); for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) { event_enable_read(fd, single_server_accept, CAST_INT_TO_VOID_PTR(fd)); close_on_exec(fd, CLOSE_ON_EXEC); diff --git a/postfix/src/util/killme_after.c b/postfix/src/util/killme_after.c index b37a973d4..5d461706f 100644 --- a/postfix/src/util/killme_after.c +++ b/postfix/src/util/killme_after.c @@ -47,11 +47,11 @@ void killme_after(unsigned int seconds) * even if we are being called from a signal handler and SIGALRM delivery * is blocked. * - * Undocumented: when running in "init" mode on Linux, a signal won't be - * delivered unless the process specifies a handler (i.e. SIG_DFL is - * treated as SIG_IGN). Conveniently, _exit() can be used directly as a - * signal handler. This changes the wait status that a parent would see, - * but in the case of "init" mode on Linux, no-one would care. + * Undocumented: when a process runs with PID 1, Linux won't deliver a + * signal unless the process specifies a handler (i.e. SIG_DFL is treated + * as SIG_IGN). Conveniently, _exit() can be used directly as a signal + * handler. This changes the wait status that a parent would see, but in + * the case of "init" mode on Linux, no-one would care. */ alarm(0); sigemptyset(&sig_action.sa_mask);