From: Wietse Venema Date: Fri, 25 Nov 2005 05:00:00 +0000 (-0500) Subject: postfix-2.3-20051125 X-Git-Tag: v2.3-RC1~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a1acc75b8f02021183a5c82b1c2c26fc571ca9e;p=thirdparty%2Fpostfix.git postfix-2.3-20051125 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 7583a29b4..5b2275f29 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -11436,25 +11436,26 @@ Apologies for any names omitted. sites that used permit_mx_backup to authorize all their incoming mail. -20051122 - - Feature: sender_relayhost_maps, lookup tables that specify - a per-sender override for the relayhost parameter setting. - This is an extended version of a patch by Mathias Hasselmann. - Files: trivial-rewrite/resolve.c, trivial-rewrite/transport.c, +20051122-24 + + Feature: sender_dependent_relayhost_maps, lookup tables that specify + a sender-dependent override for the relayhost parameter + setting. The lookup is done in the trivial-rewrite server, + instead of the queue manager where it does not belong. + Files: global/resolve_clnt.c, global/tok822_resolve.c, + trivial-rewrite/resolve.c, trivial-rewrite/transport.c, *qmgr/qmgr_message.c. - Feature: address_verify_sender_relayhost_maps, for consistency - with the other address_verify_mumble parameters. + Also: address_verify_sender_dependent_relayhost_maps for completeness. 20051124 - Feature: smtp_per_sender_auth, to enable per-sender SASL - authentication. This disables SMTP connection caching to - ensure that mail from different senders will be delivered - with the appropriate credentials. This is an extended version - of a patch by Mathias Hasselmann. Files: smtp/smtp_connect.c, - smtp/smtp_sasl_glue.c. + Feature: specify "smtp_sender_dependent_authentication = yes" to + enable sender-dependent SASL passwords. This disables SMTP + connection caching to ensure that mail from different senders + is delivered with the appropriate credentials. This is an + extended version of a patch by Mathias Hasselmann. Files: + smtp/smtp_connect.c, smtp/smtp_sasl_glue.c. Open problems: diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README index 1b86e0d56..f3339537c 100644 --- a/postfix/README_FILES/ADDRESS_VERIFICATION_README +++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README @@ -276,7 +276,9 @@ delivers an address verification probe message. First, the address_verify_relayhost parameter allows you to override the relayhost setting, and the address_verify_transport_maps parameter allows you -to override the transport_maps setting. +to override the transport_maps setting. The +address_verify_sender_dependent_relayhost_maps parameter does the same for +sender-dependent relayhost selection. Second, each address class is given its own address verification version of the message delivery transport, as shown in the table below. Address classes are diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index f538c4387..d924ef2d7 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -17,23 +17,40 @@ Incompatibility with Postfix 2.1 and earlier If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2 before proceeding. -Major changes with snapshot 20051124 +Incompatibility with snapshot 20051125 +====================================== + +You MUST stop and restart Postfix, because the address resolver +protocol has changed. If you don't stop and restart Postfix, you +will have an endless stream of warning messages with "problem talking +to service rewrite: Unknown error: 0" and "warning: unexpected +attribute address in input from rewrite socket". + +Major changes with snapshot 20051125 ==================================== This snapshot adds support for sender-dependent ISP accounts. -- Per-sender relayhost support, with the sender_relayhost_maps - feature. The maps are searched with the sender address and with - the sender @domain. The result overrides the global relayhost - setting, but otherwise has identical behavior. +- Sender-dependent smarthost lookup tables. The maps are searched + with the sender address and with the sender @domain. The result + overrides the global relayhost setting, but otherwise has identical + behavior. See the postconf(5) manual page for more details. - Example: sender_relayhost_maps = hash:/etc/postfix/sender_relay + Example: + /etc/postfix/main.cf: + sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay -- Per-sender SASL authentication support. This disables SMTP +- Sender-dependent SASL authentication support. This disables SMTP connection caching to ensure that mail from different senders - will use the correct authentication credentials. - - Example: smtp_per_sender_authentication = yes + will use the correct authentication credentials. The SMTP SASL + password file is first searched by sender address, and then by + the remote domain and hostname as usual. + + Example: + /etc/postfix/main.cf: + smtp_sasl_auth_enable = yes + smtp_sender_dependent_authentication = yes + smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass Incompatibility with snapshot 20051121 ====================================== diff --git a/postfix/conf/transport b/postfix/conf/transport index ecbecdb58..c3718ac08 100644 --- a/postfix/conf/transport +++ b/postfix/conf/transport @@ -35,15 +35,15 @@ # This is the default for remote delivery to domains # listed with relay_domains. In order of decreasing # precedence, the nexthop destination is taken from -# relay_transport, sender_relayhost_maps, relayhost, -# or from the recipient domain. +# relay_transport, sender_dependent_relayhost_maps, +# relayhost, or from the recipient domain. # # default_transport (default: smtp:) # This is the default for remote delivery to other # destinations. In order of decreasing precedence, # the nexthop destination is taken from -# default_transport, sender_relayhost_maps, relay- -# host, or from the recipient domain. +# default_transport, sender_dependent_relayhost_maps, +# relayhost, or from the recipient domain. # # Normally, the transport(5) table is specified as a text # file that serves as input to the postmap(1) command. The diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html index 02a0a38d2..190bbaa7e 100644 --- a/postfix/html/ADDRESS_VERIFICATION_README.html +++ b/postfix/html/ADDRESS_VERIFICATION_README.html @@ -35,7 +35,7 @@ until the address has been verified to be deliverable.

with an unreplyable sender address.

The technique may also be useful to block mail for undeliverable -recipients, for example on a mail relay host that does not have a +recipients, for example on a mail relay host that does not have a list of all the valid recipient addresses. This prevents undeliverable junk mail from entering the queue, so that Postfix doesn't have to waste resources trying to send MAILER-DAEMON messages back.

@@ -416,7 +416,9 @@ parameters when it delivers an address verification probe message.

First, the address_verify_relayhost parameter allows you to override the relayhost setting, and the address_verify_transport_maps -parameter allows you to override the transport_maps setting.

+parameter allows you to override the transport_maps setting. +The address_verify_sender_dependent_relayhost_maps parameter +does the same for sender-dependent relayhost selection.

Second, each address class is given its own address verification version of the message delivery transport, as shown in the table diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index bea228c66..271364db1 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -333,7 +333,7 @@ This feature is available in Postfix 2.1 and later.

Overrides the relayhost parameter setting for address verification -probes. +probes. This information can be overruled with the transport(5) table.

@@ -373,11 +373,11 @@ This feature is available in Postfix 2.1 and later. -

address_verify_sender_relayhost_maps +
address_verify_sender_dependent_relayhost_maps (default: empty)

-Overrides the sender_relayhost_maps parameter setting for address +Overrides the sender_dependent_relayhost_maps parameter setting for address verification probes.

@@ -589,7 +589,7 @@ $local_header_rewrite_cli -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -675,7 +675,7 @@ are calculated.

This feature is implemented by the anvil(8) service which is not -part of the stable Postfix 2.1 release. +part of the stable Postfix version 2.1 release.

@@ -741,7 +741,7 @@ $local_header_rewrite_cli -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -778,7 +778,7 @@ $local_header_rewrite_cli -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -1123,10 +1123,10 @@ proportionally.

(default: empty)

Pathname of a configuration file with bounce message templates. -These override the bounce(8) server built-in templates of delivery -status notification (DSN) messages for undeliverable mail, for -delayed mail, for successful delivery, or for mail delivery -verification.

+These override the built-in templates of delivery status notification +(DSN) messages for undeliverable mail, for delayed mail, successful +delivery, or delivery verification. The bounce(5) manual page +describes how to edit and test template files.

Template message body text may contain $name references to Postfix configuration parameters. The result of $name expansion can @@ -1208,7 +1208,7 @@ $local_header_rewrite_cli -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -1752,7 +1752,7 @@ address, or Recipient address.

The numerical SMTP response code, as specified with the maps_rbl_reject_code configuration parameter. Note: The numerical SMTP response code is required, and must appear at the start of the -reply. With Postfix 2.3 and later this information may be followed +reply. With Postfix version 2.3 and later this information may be followed by an RFC 3463 enhanced status code.
$rbl_domain
@@ -1845,10 +1845,14 @@ and qmgr_message_recipi (default: smtp)

-The default mail delivery transport for domains that do not match -$mydestination, $inet_interfaces, $proxy_interfaces, -$virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. -This information can be overruled with the transport(5) table. +The default mail delivery transport and next-hop destination for +destinations that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains. In order of decreasing precedence, the nexthop +destination is taken from $default_transport, +$sender_dependent_relayhost_maps, $relayhost, or from the recipient +domain. This information can be overruled with the transport(5) +table.

@@ -2168,8 +2172,8 @@ created locally as the result of configuration or software error.

Report mail delivery errors to the address specified with the non-standard Errors-To: message header, instead of the envelope -sender address (this feature is removed with Postfix 2.2, is -turned off by default with Postfix 2.1, and is always turned on +sender address (this feature is removed with Postfix version 2.2, is +turned off by default with Postfix version 2.1, and is always turned on with older Postfix versions).

@@ -2191,7 +2195,7 @@ duplicate elimination on the rewritten recipient address only, and generates empty original recipient queue file records.

This feature is available in Postfix 2.1 and later. With Postfix -2.0, support for the X-Original-To message header is always turned +version 2.0, support for the X-Original-To message header is always turned on. Postfix versions before 2.0 have no support for the X-Original-To message header.

@@ -2261,7 +2265,7 @@ time keeping on System-V-ish systems.

Specify a list of names and/or name=value pairs, separated by whitespace or comma. The name=value form is supported with -Postfix 2.1 and later. +Postfix version 2.1 and later.

@@ -2284,7 +2288,7 @@ from message headers when mail is submitted with "sendmail -t".

-This feature was removed in Postfix 2.1. +This feature was removed in Postfix version 2.1.

@@ -2747,7 +2751,7 @@ parameters:

Specify a list of names and/or name=value pairs, separated by whitespace or comma. The name=value form is supported with -Postfix 2.1 and later.

+Postfix version 2.1 and later.

@@ -2779,7 +2783,7 @@ Specify 0 to disable the feature. Valid delays are 0..10.

The network interface addresses that this mail system receives mail on. Specify "all" to receive mail on all network interfaces (default), and "loopback-only" to receive mail -on loopback network interfaces only (Postfix 2.2 and later). The +on loopback network interfaces only (Postfix version 2.2 and later). The parameter also controls delivery of mail to user@[ip.address].

@@ -2825,9 +2829,9 @@ Examples: 
 inet_interfaces = all (DEFAULT)
-inet_interfaces = loopback-only (Postfix 2.2 and later)
+inet_interfaces = loopback-only (Postfix version 2.2 and later)
 inet_interfaces = 127.0.0.1
-inet_interfaces = 127.0.0.1, [::1] (Postfix 2.2 and later)
+inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later)
 inet_interfaces = 192.168.1.2, 127.0.0.1
@@ -2843,7 +2847,7 @@ or "ipv6", separated by whitespace or commas. The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6.

-

This feature is available in Postfix version 2.2 and later.

+

This feature is available in Postfix 2.2 and later.

Note: you MUST stop and start Postfix after changing this parameter.

@@ -3556,9 +3560,10 @@ Examples:
local_transport (default: local:$myhostname)
-

The default mail delivery transport for domains that match -$mydestination, $inet_interfaces or $proxy_interfaces. This -information can be overruled with the transport(5) table.

+

The default mail delivery transport and next-hop destination +for final delivery to domains listed with mydestination, and for +[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. +This information can be overruled with the transport(5) table.

By default, local mail is delivered to the transport called "local", @@ -3691,7 +3696,7 @@ or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.

When this parameter value is changed you need to re-run "postfix -set-permissions" (with Postfix 2.0 and earlier: +set-permissions" (with Postfix version 2.0 and earlier: "/etc/postfix/post-install set-permissions".

@@ -3769,22 +3774,22 @@ The following environment variables are exported to the command:
CLIENT_ADDRESS
-
Remote client network address. Available in Postfix 2.2 and +
Remote client network address. Available in Postfix version 2.2 and later.
CLIENT_HELO
-
Remote client EHLO command parameter. Available in Postfix 2.2 +
Remote client EHLO command parameter. Available in Postfix version 2.2 and later.
CLIENT_HOSTNAME
-
Remote client hostname. Available in Postfix 2.2 and later. +
Remote client hostname. Available in Postfix version 2.2 and later.
CLIENT_PROTOCOL
-
Remote client protocol. Available in Postfix 2.2 and later. +
Remote client protocol. Available in Postfix version 2.2 and later.
DOMAIN
@@ -3814,17 +3819,17 @@ and later.
SASL_METHOD
SASL authentication method specified in the remote client AUTH -command. Available in Postfix 2.2 and later.
+command. Available in Postfix version 2.2 and later.
SASL_SENDER
SASL sender address specified in the remote client MAIL FROM -command. Available in Postfix 2.2 and later.
+command. Available in Postfix version 2.2 and later.
SASL_USER
SASL username specified in the remote client AUTH command. -Available in Postfix 2.2 and later.
+Available in Postfix version 2.2 and later.
SENDER
@@ -4080,7 +4085,7 @@ $local_header_rewrite_cli -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -5039,7 +5044,7 @@ server to decide if it will accept any mail at all.

-By default, the Postfix 2.1 SMTP server rejects MAIL FROM commands +By default, the Postfix version 2.1 SMTP server rejects MAIL FROM commands when the amount of free space is less than 1.5*$message_size_limit. To specify a higher minimum free space limit, specify a queue_minfree value that is at least 1.5*$message_size_limit. @@ -5338,7 +5343,7 @@ D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home

an appropriate access(5) policy for each client. See RESTRICTION_CLASS_README.

-

This feature is available with Postfix 2.2.

+

This feature is available with Postfix version 2.2.

@@ -5351,7 +5356,7 @@ via the relay message delivery transport. This limit is enforced by the queue manager. The message delivery transport name is the first field in the entry in the master.cf file.

-

This feature is available in Postfix version 2.0 and later.

+

This feature is available in Postfix 2.0 and later.

@@ -5368,7 +5373,7 @@ the entry in the master.cf file.

relay_destination_concurrency_limit from concurrency per domain into concurrency per recipient.

-

This feature is available in Postfix version 2.0 and later.

+

This feature is available in Postfix 2.0 and later.

@@ -5458,9 +5463,12 @@ This feature is available in Postfix 2.0 and later. (default: relay)

-The default mail delivery transport and next-hop information for -domains that match the $relay_domains parameter value. This -information can be overruled with the transport(5) table. +The default mail delivery transport and next-hop destination for +remote delivery to domains listed with $relay_domains. In order of +decreasing precedence, the nexthop destination is taken from +$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or +from the recipient domain. This information can be overruled with +the transport(5) table.

@@ -5486,9 +5494,10 @@ This feature is available in Postfix 2.0 and later. (default: empty)

-The default host to send non-local mail to when no entry is matched -in the optional transport(5) table. When no relayhost is given, -mail is routed directly to the destination. +The next-hop destination of non-local mail; overrides non-local +domains in recipient addresses. This information is overruled with +relay_transport, default_transport, sender_dependent_relayhost_maps +and with the transport(5) table.

@@ -5619,7 +5628,7 @@ backup MX service for Sendmail systems.

local hostname were specified, instead of rejecting the address as invalid.

-

This feature is available in Postfix version 2.1 and later. +

This feature is available in Postfix 2.1 and later. Earlier versions always resolve the null domain as the local hostname.

@@ -5660,8 +5669,8 @@ The name of the directory with example Postfix configuration files. (default: no)

-This parameter should not be used. It was replaced by sender_relayhost_maps -in Postfix 2.3. +This parameter should not be used. It was replaced by sender_dependent_relayhost_maps +in Postfix version 2.3.

@@ -5772,12 +5781,13 @@ Example:
-
sender_relayhost_maps +
sender_dependent_relayhost_maps (default: empty)
-

A sender-specific override for the global relayhost parameter +

A sender-dependent override for the global relayhost parameter setting. The tables are searched by the sender address and by the -sender @domain.

+sender @domain. This information is overruled with relay_transport, +default_transport and with the transport(5) table.

This feature is available in Postfix 2.3 and later. @@ -5820,7 +5830,7 @@ The default time unit is s (seconds).

The group ownership of set-gid Postfix commands and of group-writable Postfix directories. When this parameter value is changed you need -to re-run "postfix set-permissions" (with Postfix 2.0 and +to re-run "postfix set-permissions" (with Postfix version 2.0 and earlier: "/etc/postfix/post-install set-permissions".

@@ -5913,7 +5923,7 @@ An optional numerical network address that the SMTP client should bind to when making an IPv6 connection.

-

This feature is available in Postfix version 2.2 and later.

+

This feature is available in Postfix 2.2 and later.

This can be specified in the main.cf file for all SMTP clients, or @@ -6068,7 +6078,7 @@ delivery latency becomes effectively that of the slowest MX host divided by the total number of MX hosts.

The solution uses connection caching in a way that differs from -Postfix 2.2. By limiting the amount of time during which a connection +Postfix version 2.2. By limiting the amount of time during which a connection can be used repeatedly (instead of limiting the number of deliveries over that connection), Postfix not only restores fairness in the distribution of simultaneous connections across a set of MX hosts, @@ -6080,7 +6090,7 @@ smtp transaction timeouts which are fair estimates of maximum excess latency for a slow delivery. Note that hosts may accept thousands of messages over a single connection within the default connection reuse time limit. This number is much larger than the default Postfix -2.2 limit of 10 messages per cached connection. It may prove necessary +version 2.2 limit of 10 messages per cached connection. It may prove necessary to lower the limit to avoid interoperability issues with MTAs that exhibit bugs when many messages are delivered via a single connection. A lower reuse time limit risks losing the benefit of connection @@ -6400,7 +6410,7 @@ The default time unit is s (seconds).

The maximal number of MX (mail exchanger) IP addresses that can result from mail exchanger lookups, or zero (no limit). Prior to -Postfix 2.3, this limit was disabled by default. +Postfix version 2.3, this limit was disabled by default.

@@ -6416,8 +6426,8 @@ This feature is available in Postfix 2.1 and later.

The maximal number of SMTP sessions per delivery request before giving up or delivering to a fall-back relay host, or zero (no limit). This restriction ignores sessions that fail to complete the -SMTP initial handshake (Postfix 2.2 and earlier) or that fail to -complete the EHLO and TLS handshake (Postfix 2.3 and later).

+SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to +complete the EHLO and TLS handshake (Postfix version 2.3 and later).

This feature is available in Postfix 2.1 and later.

@@ -6431,23 +6441,6 @@ complete the EHLO and TLS handshake (Postfix 2.3 and later).

smtp_always_send_ehlo parameter.

-
- -
smtp_per_sender_authentication -(default: no)
- -

-Enable per-sender authentication in the SMTP client; this is available -only with SASL authentication, and disables SMTP connection caching -to ensure that mail from different senders will use the appropriate -credentials. -

- -

-This feature is available in Postfix 2.3 and later. -

- -
smtp_pix_workaround_delay_time @@ -6632,8 +6625,8 @@ Examples:

Optional SMTP client lookup tables with one username:password entry -per remote hostname or domain (or per sender address, when per-sender -authentication is enabled). If no username:password entry is found, +per remote hostname or domain, or sender address when sender-dependent +authentication is enabled. If no username:password entry is found, then the Postfix SMTP client will not attempt to authenticate to the remote host.

@@ -6726,6 +6719,22 @@ This feature is available in Postfix 2.1 and later.

+ + +
smtp_sender_dependent_authentication +(default: no)
+ +

+Enable sender-dependent authentication in the SMTP client; this is +available only with SASL authentication, and disables SMTP connection +caching to ensure that mail from different senders will use the +appropriate credentials.

+ +

+This feature is available in Postfix 2.3 and later. +

+ +
smtp_skip_4xx_greeting @@ -6742,7 +6751,7 @@ By default, Postfix moves on the next mail exchanger. Specify immediately.

-

This feature is available in Postfix version 2.0 and earlier. +

This feature is available in Postfix 2.0 and earlier. Later Postfix versions always skip SMTP servers that greet with a 4XX status code.

@@ -7104,8 +7113,8 @@ time with a per recipient return address.

By default, no clients are allowed to specify XVERP.

-

This parameter was renamed with Postfix 2.1. The default value -is backwards compatible with Postfix 2.0.

+

This parameter was renamed with Postfix version 2.1. The default value +is backwards compatible with Postfix version 2.0.

Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the @@ -7467,7 +7476,7 @@ client network address information.

When the remote SMTP client certificate is verified successfully, use the client certificate fingerprint as lookup key for the specified -access(5) database. This feature is available with Postfix 2.2.
+access(5) database. This feature is available with Postfix version 2.2.
check_client_access type:table
@@ -7496,13 +7505,13 @@ authenticated via the RFC 2554 +allowed to relay. This feature is available with Postfix version 2.2.
permit_tls_clientcerts
Permit the request when the remote SMTP client certificate is verified successfully, and the certificate fingerprint is listed -in $relay_clientcerts. This feature is available with Postfix 2.2.
+in $relay_clientcerts. This feature is available with Postfix version 2.2.
reject_rbl_client rbl_domain=d.d.d.d
Reject the request when the reversed client network address is @@ -7548,7 +7557,7 @@ also that the two mappings reproduce the client IP address.
The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name lookup failed due to a temporary -problem.
This feature is available in Postfix version 2.3 and +problem.
This feature is available in Postfix 2.3 and later.
@@ -7579,14 +7588,14 @@ the SMTP server reply code (default: 450).
Defer the request if some later restriction would result in an explicit or implicit PERMIT action. This is useful when a blacklisting feature fails due to a temporary problem. This feature is available -in Postfix 2.1 and later.
+in Postfix version 2.1 and later.
defer_if_reject
Defer the request if some later restriction would result in a REJECT action. This is useful when a whitelisting feature fails due to a temporary problem. This feature is available in Postfix -2.1 and later.
+version 2.1 and later.
permit
@@ -7823,12 +7832,12 @@ key. This is intended behavior.

smtpd_error_sleep_time (default: 1s)
-

With Postfix 2.1 and later: the SMTP server response delay after +

With Postfix version 2.1 and later: the SMTP server response delay after a client has made more than $smtpd_soft_error_limit errors, and fewer than $smtpd_hard_error_limit errors, without delivering mail.

-

With Postfix 2.0 and earlier: the SMTP server delay before +

With Postfix version 2.0 and earlier: the SMTP server delay before sending a reject (4xx or 5xx) response, when the client has made fewer than $smtpd_soft_error_limit errors without delivering mail.

@@ -8388,7 +8397,7 @@ parameter specifies the response code for rejected requests (default: 554); the default_rbl_reply parameter specifies the default server reply; and the rbl_reply_maps parameter specifies tables with server replies indexed by rbl_domain. This feature is available -in Postfix 2.0 and later.
+in Postfix version 2.0 and later.
reject_unauth_destination
@@ -8413,12 +8422,12 @@ code for rejected requests (default: 554).
Reject the request when Postfix is not final destination for the recipient address, and the RCPT TO address has no DNS A or MX record, or when it has a malformed MX record such as a record with -a zero-length MX hostname (Postfix 2.3 and later).
The +a zero-length MX hostname (Postfix version 2.3 and later).
The unknown_address_reject_code parameter specifies the response code for rejected requests (default: 450). The response is always 450 in case of a temporary DNS error.
-
reject_unlisted_recipient (with Postfix 2.0: check_recipient_maps)
+
reject_unlisted_recipient (with Postfix version 2.0: check_recipient_maps)
Reject the request when the RCPT TO address is not listed in the list of valid recipients for its domain class. See the @@ -8885,7 +8894,7 @@ Postfix version 2.1 and later.
Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM address has no DNS A or MX record, or when it has a malformed MX record such as a record with -a zero-length MX hostname (Postfix 2.3 and later).
The +a zero-length MX hostname (Postfix version 2.3 and later).
The unknown_address_reject_code parameter specifies the response code for rejected requests (default: 450). The response is always 450 in case of a temporary DNS error.
@@ -9507,7 +9516,7 @@ $local_header_rewrite_cli -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -9924,7 +9933,7 @@ in the ADDRESS_CLASS_README file

This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1.

@@ -9986,7 +9995,7 @@ manipulations see the ADDRESS_REWRITING_

This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1.

@@ -10124,7 +10133,7 @@ configuration parameter.

This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1.

@@ -10221,7 +10230,7 @@ it will open the table directly. Before Postfix version 2.2, the addresses are aliased to addresses in other local or remote domains, and b) addresses that are aliased to addresses in other local or remote domains. Available before Postfix version 2.0. With Postfix -2.0 and later, this is replaced by separate controls: virtual_alias_domains +version 2.0 and later, this is replaced by separate controls: virtual_alias_domains and virtual_alias_maps.

@@ -10244,9 +10253,9 @@ deferred. (default: virtual)

-The default mail delivery transport for domains that match the -$virtual_mailbox_domains parameter value. This information can -be overruled with the transport(5) table. +The default mail delivery transport and next-hop destination for +final delivery to domains listed with virtual_mailbox_domains. +This information can be overruled with the transport(5) table.

diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index f7be280cf..65b2ff9db 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -188,9 +188,9 @@ SMTP(8) SMTP(8) smtp_sasl_password_maps (empty) Optional SMTP client lookup tables with one user- - name:password entry per remote hostname or domain - (or per sender, when per-sender authentication is - enabled). + name:password entry per remote hostname or domain, + or sender address when sender-dependent authentica- + tion is enabled. smtp_sasl_security_options (noplaintext, noanonymous) What authentication mechanisms the Postfix SMTP @@ -205,8 +205,8 @@ SMTP(8) SMTP(8) Available in Postfix version 2.3 and later: - smtp_per_sender_authentication (no) - Enable per-sender authentication in the SMTP + smtp_sender_dependent_authentication (no) + Enable sender-dependent authentication in the SMTP client; this is available only with SASL authenti- cation, and disables SMTP connection caching to ensure that mail from different senders will use diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html index a0263aad0..5e9225f39 100644 --- a/postfix/html/transport.5.html +++ b/postfix/html/transport.5.html @@ -41,15 +41,15 @@ TRANSPORT(5) TRANSPORT(5) This is the default for remote delivery to domains listed with relay_domains. In order of decreasing precedence, the nexthop destination is taken from - relay_transport, sender_relayhost_maps, relayhost, - or from the recipient domain. + relay_transport, sender_dependent_relayhost_maps, + relayhost, or from the recipient domain. default_transport (default: smtp:) This is the default for remote delivery to other destinations. In order of decreasing precedence, the nexthop destination is taken from - default_transport, sender_relayhost_maps, relay- - host, or from the recipient domain. + default_transport, sender_dependent_relayhost_maps, + relayhost, or from the recipient domain. Normally, the transport(5) table is specified as a text file that serves as input to the postmap(1) command. The @@ -114,8 +114,8 @@ TRANSPORT(5) TRANSPORT(5) .domain transport:nexthop Deliver mail for any subdomain of domain through transport to nexthop. This applies only when the - string transport_maps is not listed in the par- - ent_domain_matches_subdomains configuration set- + string transport_maps is not listed in the par- + ent_domain_matches_subdomains configuration set- ting. Otherwise, a domain name matches itself and its subdomains. diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index 9bb40a081..1aaa7183d 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -36,10 +36,10 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) the local domain to spam from poorly written remote clients. - resolve address - Resolve an address to a (transport, nexthop, recip- - ient, flags) quadruple. The meaning of the results - is as follows: + resolve sender address + Resolve the address to a (transport, nexthop, + recipient, flags) quadruple. The meaning of the + results is as follows: transport The delivery agent to use. This is the first @@ -57,8 +57,8 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) requires relaying, whether the address has problems, and whether the request failed. - verify address - Resolve an address for address verification pur- + verify sender address + Resolve the address for address verification pur- poses. SERVER PROCESS MANAGEMENT @@ -145,36 +145,38 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) virtual_mailbox_domains or proxy_interfaces. local_transport (local:$myhostname) - The default mail delivery transport for domains - that match $mydestination, $inet_interfaces or - $proxy_interfaces. + The default mail delivery transport and next-hop + destination for final delivery to domains listed + with mydestination, and for [ipaddress] destina- + tions that match $inet_interfaces or $proxy_inter- + faces. virtual_transport (virtual) - The default mail delivery transport for domains - that match the $virtual_mailbox_domains parameter - value. + The default mail delivery transport and next-hop + destination for final delivery to domains listed + with virtual_mailbox_domains. relay_transport (relay) The default mail delivery transport and next-hop - information for domains that match the - $relay_domains parameter value. + destination for remote delivery to domains listed + with $relay_domains. default_transport (smtp) - The default mail delivery transport for domains - that do not match $mydestination, $inet_interfaces, - $proxy_interfaces, $virtual_alias_domains, $vir- - tual_mailbox_domains, or $relay_domains. + The default mail delivery transport and next-hop + destination for destinations that do not match + $mydestination, $inet_interfaces, $proxy_inter- + faces, $virtual_alias_domains, $virtual_mail- + box_domains, or $relay_domains. - parent_domain_matches_subdomains (see 'postconf -d' out- + parent_domain_matches_subdomains (see 'postconf -d' out- put) What Postfix features match subdomains of "domain.tld" automatically, instead of requiring an explicit ".domain.tld" pattern. relayhost (empty) - The default host to send non-local mail to when no - entry is matched in the optional transport(5) ta- - ble. + The next-hop destination of non-local mail; over- + rides non-local domains in recipient addresses. transport_maps (empty) Optional lookup tables with mappings from recipient @@ -183,9 +185,9 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) Available in Postfix version 2.3 and later: - sender_relayhost_maps (empty) - A sender-specific override for the global relayhost - parameter setting. + sender_dependent_relayhost_maps (empty) + A sender-dependent override for the global relay- + host parameter setting. ADDRESS VERIFICATION CONTROLS Postfix version 2.1 introduces sender and recipient @@ -216,26 +218,28 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) Overrides the relayhost parameter setting for address verification probes. - address_verify_sender_relayhost_maps (empty) - Overrides the sender_relayhost_maps parameter set- - ting for address verification probes. - address_verify_transport_maps ($transport_maps) - Overrides the transport_maps parameter setting for + Overrides the transport_maps parameter setting for address verification probes. + Available in Postfix version 2.3 and later: + + address_verify_sender_dependent_relayhost_maps (empty) + Overrides the sender_dependent_relayhost_maps + parameter setting for address verification probes. + MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. empty_address_recipient (MAILER-DAEMON) - The recipient of mail addressed to the null + The recipient of mail addressed to the null address. ipc_timeout (3600s) @@ -243,12 +247,12 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for the next service request + The maximum amount of time that an idle Postfix + daemon process waits for the next service request before exiting. max_use (100) - The maximal number of connection requests before a + The maximal number of connection requests before a Postfix daemon process terminates. relocated_maps (empty) @@ -256,33 +260,33 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) for users or domains that no longer exist. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. show_user_unknown_table_name (yes) - Display the name of the recipient table in the + Display the name of the recipient table in the "User unknown" responses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". Available in Postfix version 2.0 and later: helpful_warnings (yes) - Log warnings about problematic configuration set- + Log warnings about problematic configuration set- tings, and provide helpful suggestions. SEE ALSO @@ -297,7 +301,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) ADDRESS_VERIFICATION_README, Postfix address verification LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 481151606..4d4a5de7e 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -172,7 +172,7 @@ verification probes. This feature is available in Postfix 2.1 and later. .SH address_verify_relayhost (default: $relayhost) Overrides the relayhost parameter setting for address verification -probes. +probes. This information can be overruled with the \fBtransport\fR(5) table. .PP This feature is available in Postfix 2.1 and later. .SH address_verify_sender (default: postmaster) @@ -197,8 +197,8 @@ address_verify_sender = postmaster@my.domain .ft R .PP This feature is available in Postfix 2.1 and later. -.SH address_verify_sender_relayhost_maps (default: empty) -Overrides the sender_relayhost_maps parameter setting for address +.SH address_verify_sender_dependent_relayhost_maps (default: empty) +Overrides the sender_dependent_relayhost_maps parameter setting for address verification probes. .PP This feature is available in Postfix 2.3 and later. @@ -322,7 +322,7 @@ $local_header_rewrite_clients, The message is received from the network, and the remote_header_rewrite_domain parameter specifies a non-empty value. .PP -To get the behavior before Postfix 2.2, specify +To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all". .PP Example: @@ -369,7 +369,7 @@ The time unit over which client connection rates and other rates are calculated. .PP This feature is implemented by the \fBanvil\fR(8) service which is not -part of the stable Postfix 2.1 release. +part of the stable Postfix version 2.1 release. .PP The default interval is relatively short. Because of the high frequency of updates, the \fBanvil\fR(8) server uses volatile memory @@ -404,7 +404,7 @@ $local_header_rewrite_clients, The message is received from the network, and the remote_header_rewrite_domain parameter specifies a non-empty value. .PP -To get the behavior before Postfix 2.2, specify +To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all". .SH append_dot_mydomain (default: yes) With locally submitted mail, append the string ".$mydomain" to @@ -427,7 +427,7 @@ $local_header_rewrite_clients, The message is received from the network, and the remote_header_rewrite_domain parameter specifies a non-empty value. .PP -To get the behavior before Postfix 2.2, specify +To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all". .SH application_event_drain_time (default: 100s) How long the \fBpostkick\fR(1) command waits for a request to enter the @@ -606,10 +606,10 @@ this limit, then you should increase the mime_nesting_limit value proportionally. .SH bounce_template_file (default: empty) Pathname of a configuration file with bounce message templates. -These override the \fBbounce\fR(8) server built-in templates of delivery -status notification (DSN) messages for undeliverable mail, for -delayed mail, for successful delivery, or for mail delivery -verification. +These override the built-in templates of delivery status notification +(DSN) messages for undeliverable mail, for delayed mail, successful +delivery, or delivery verification. The \fBbounce\fR(5) manual page +describes how to edit and test template files. .PP Template message body text may contain $name references to Postfix configuration parameters. The result of $name expansion can @@ -661,7 +661,7 @@ $local_header_rewrite_clients, The message is received from the network, and the remote_header_rewrite_domain parameter specifies a non-empty value. .PP -To get the behavior before Postfix 2.2, specify +To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all". .PP Examples: @@ -953,7 +953,7 @@ address, or Recipient address. The numerical SMTP response code, as specified with the maps_rbl_reject_code configuration parameter. Note: The numerical SMTP response code is required, and must appear at the start of the -reply. With Postfix 2.3 and later this information may be followed +reply. With Postfix version 2.3 and later this information may be followed by an RFC 3463 enhanced status code. .IP "\fB$rbl_domain\fR" The RBL domain where $rbl_what is blacklisted. @@ -1001,10 +1001,14 @@ qmgr_message_recipient_limit after the message has been assigned to the respective transports. See also default_extra_recipient_limit and qmgr_message_recipient_minimum. .SH default_transport (default: smtp) -The default mail delivery transport for domains that do not match -$mydestination, $inet_interfaces, $proxy_interfaces, -$virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. -This information can be overruled with the \fBtransport\fR(5) table. +The default mail delivery transport and next-hop destination for +destinations that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains. In order of decreasing precedence, the nexthop +destination is taken from $default_transport, +$sender_dependent_relayhost_maps, $relayhost, or from the recipient +domain. This information can be overruled with the \fBtransport\fR(5) +table. .PP Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR is the name of a mail delivery transport defined in master.cf. @@ -1155,8 +1159,8 @@ created locally as the result of configuration or software error. .SH enable_errors_to (default: no) Report mail delivery errors to the address specified with the non-standard Errors-To: message header, instead of the envelope -sender address (this feature is removed with Postfix 2.2, is -turned off by default with Postfix 2.1, and is always turned on +sender address (this feature is removed with Postfix version 2.2, is +turned off by default with Postfix version 2.1, and is always turned on with older Postfix versions). .SH enable_original_recipient (default: yes) Enable support for the X-Original-To message header. This header @@ -1172,7 +1176,7 @@ duplicate elimination on the rewritten recipient address only, and generates empty original recipient queue file records. .PP This feature is available in Postfix 2.1 and later. With Postfix -2.0, support for the X-Original-To message header is always turned +version 2.0, support for the X-Original-To message header is always turned on. Postfix versions before 2.0 have no support for the X-Original-To message header. .SH error_notice_recipient (default: postmaster) @@ -1203,7 +1207,7 @@ time keeping on System-V-ish systems. .PP Specify a list of names and/or name=value pairs, separated by whitespace or comma. The name=value form is supported with -Postfix 2.1 and later. +Postfix version 2.1 and later. .PP Example: .PP @@ -1218,7 +1222,7 @@ export_environment = TZ PATH=/bin:/usr/bin The maximal number of recipient addresses that Postfix will extract from message headers when mail is submitted with "\fBsendmail -t\fR". .PP -This feature was removed in Postfix 2.1. +This feature was removed in Postfix version 2.1. .SH fallback_relay (default: empty) Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. @@ -1444,7 +1448,7 @@ Needed to make "\fBpostfix -c\fR" work. .PP Specify a list of names and/or name=value pairs, separated by whitespace or comma. The name=value form is supported with -Postfix 2.1 and later. +Postfix version 2.1 and later. .SH in_flow_delay (default: 1s) Time to pause before accepting a new message, when the message arrival rate exceeds the message delivery rate. This feature is @@ -1459,7 +1463,7 @@ Specify 0 to disable the feature. Valid delays are 0..10. The network interface addresses that this mail system receives mail on. Specify "all" to receive mail on all network interfaces (default), and "loopback-only" to receive mail -on loopback network interfaces only (Postfix 2.2 and later). The +on loopback network interfaces only (Postfix version 2.2 and later). The parameter also controls delivery of mail to user@[ip.address]. .PP Note 1: you need to stop and start Postfix when this parameter changes. @@ -1498,9 +1502,9 @@ Examples: .na .ft C inet_interfaces = all (DEFAULT) -inet_interfaces = loopback-only (Postfix 2.2 and later) +inet_interfaces = loopback-only (Postfix version 2.2 and later) inet_interfaces = 127.0.0.1 -inet_interfaces = 127.0.0.1, [::1] (Postfix 2.2 and later) +inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) inet_interfaces = 192.168.1.2, 127.0.0.1 .fi .ad @@ -1512,7 +1516,7 @@ or "ipv6", separated by whitespace or commas. The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6. .PP -This feature is available in Postfix version 2.2 and later. +This feature is available in Postfix 2.2 and later. .PP Note: you MUST stop and start Postfix after changing this parameter. @@ -1934,9 +1938,10 @@ local_recipient_maps = .ad .ft R .SH local_transport (default: local:$myhostname) -The default mail delivery transport for domains that match -$mydestination, $inet_interfaces or $proxy_interfaces. This -information can be overruled with the \fBtransport\fR(5) table. +The default mail delivery transport and next-hop destination +for final delivery to domains listed with mydestination, and for +[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. +This information can be overruled with the \fBtransport\fR(5) table. .PP By default, local mail is delivered to the transport called "local", which is just the name of a service that is defined the master.cf file. @@ -2008,7 +2013,7 @@ or processes on the system. In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. .PP When this parameter value is changed you need to re-run "\fBpostfix -set-permissions\fR" (with Postfix 2.0 and earlier: +set-permissions\fR" (with Postfix version 2.0 and earlier: "\fB/etc/postfix/post-install set-permissions\fR". .SH mail_release_date (default: see "postconf -d" output) The Postfix release date, in "YYYYMMDD" format. @@ -2047,15 +2052,15 @@ aliased to a real user and 2) don't log in as root, use "su" instead. .PP The following environment variables are exported to the command: .IP "\fBCLIENT_ADDRESS\fR" -Remote client network address. Available in Postfix 2.2 and +Remote client network address. Available in Postfix version 2.2 and later. .IP "\fBCLIENT_HELO\fR" -Remote client EHLO command parameter. Available in Postfix 2.2 +Remote client EHLO command parameter. Available in Postfix version 2.2 and later. .IP "\fBCLIENT_HOSTNAME\fR" -Remote client hostname. Available in Postfix 2.2 and later. +Remote client hostname. Available in Postfix version 2.2 and later. .IP "\fBCLIENT_PROTOCOL\fR" -Remote client protocol. Available in Postfix 2.2 and later. +Remote client protocol. Available in Postfix version 2.2 and later. .IP "\fBDOMAIN\fR" The domain part of the recipient address. .IP "\fBEXTENSION\fR" @@ -2070,13 +2075,13 @@ The recipient's username. The full recipient address. .IP "\fBSASL_METHOD\fR" SASL authentication method specified in the remote client AUTH -command. Available in Postfix 2.2 and later. +command. Available in Postfix version 2.2 and later. .IP "\fBSASL_SENDER\fR" SASL sender address specified in the remote client MAIL FROM -command. Available in Postfix 2.2 and later. +command. Available in Postfix version 2.2 and later. .IP "\fBSASL_USER\fR" SASL username specified in the remote client AUTH command. -Available in Postfix 2.2 and later. +Available in Postfix version 2.2 and later. .IP "\fBSENDER\fR" The full sender address. .IP "\fBSHELL\fR" @@ -2218,7 +2223,7 @@ $local_header_rewrite_clients, The message is received from the network, and the remote_header_rewrite_domain parameter specifies a non-empty value. .PP -To get the behavior before Postfix 2.2, specify +To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all". .PP Example: @@ -2759,7 +2764,7 @@ The minimal amount of free space in bytes in the queue file system that is needed to receive mail. This is currently used by the SMTP server to decide if it will accept any mail at all. .PP -By default, the Postfix 2.1 SMTP server rejects MAIL FROM commands +By default, the Postfix version 2.1 SMTP server rejects MAIL FROM commands when the amount of free space is less than 1.5*$message_size_limit. To specify a higher minimum free space limit, specify a queue_minfree value that is at least 1.5*$message_size_limit. @@ -2947,14 +2952,14 @@ For more fine-grained control, use check_ccert_access to select an appropriate \fBaccess\fR(5) policy for each client. See RESTRICTION_CLASS_README. .PP -This feature is available with Postfix 2.2. +This feature is available with Postfix version 2.2. .SH relay_destination_concurrency_limit (default: $default_destination_concurrency_limit) The maximal number of parallel deliveries to the same destination via the relay message delivery transport. This limit is enforced by the queue manager. The message delivery transport name is the first field in the entry in the master.cf file. .PP -This feature is available in Postfix version 2.0 and later. +This feature is available in Postfix 2.0 and later. .SH relay_destination_recipient_limit (default: $default_destination_recipient_limit) The maximal number of recipients per delivery via the relay message delivery transport. This limit is enforced by the queue @@ -2965,7 +2970,7 @@ Setting this parameter to a value of 1 changes the meaning of relay_destination_concurrency_limit from concurrency per domain into concurrency per recipient. .PP -This feature is available in Postfix version 2.0 and later. +This feature is available in Postfix 2.0 and later. .SH relay_domains (default: $mydestination) What destination domains (and subdomains thereof) this system will relay mail to. Subdomain matching is controlled with the @@ -3022,9 +3027,12 @@ relay_recipient_maps = hash:/etc/postfix/relay_recipients .PP This feature is available in Postfix 2.0 and later. .SH relay_transport (default: relay) -The default mail delivery transport and next-hop information for -domains that match the $relay_domains parameter value. This -information can be overruled with the \fBtransport\fR(5) table. +The default mail delivery transport and next-hop destination for +remote delivery to domains listed with $relay_domains. In order of +decreasing precedence, the nexthop destination is taken from +$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or +from the recipient domain. This information can be overruled with +the \fBtransport\fR(5) table. .PP Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR is the name of a mail delivery transport defined in master.cf. @@ -3036,9 +3044,10 @@ file. .PP This feature is available in Postfix 2.0 and later. .SH relayhost (default: empty) -The default host to send non-local mail to when no entry is matched -in the optional \fBtransport\fR(5) table. When no relayhost is given, -mail is routed directly to the destination. +The next-hop destination of non-local mail; overrides non-local +domains in recipient addresses. This information is overruled with +relay_transport, default_transport, sender_dependent_relayhost_maps +and with the \fBtransport\fR(5) table. .PP On an intranet, specify the organizational domain name. If your internal DNS uses no MX records, specify the name of the intranet @@ -3138,7 +3147,7 @@ Resolve an address that ends in the "@" null domain as if the local hostname were specified, instead of rejecting the address as invalid. .PP -This feature is available in Postfix version 2.1 and later. +This feature is available in Postfix 2.1 and later. Earlier versions always resolve the null domain as the local hostname. .PP @@ -3154,8 +3163,8 @@ This feature is available in Postfix 2.0 and later. .SH sample_directory (default: /etc/postfix) The name of the directory with example Postfix configuration files. .SH sender_based_routing (default: no) -This parameter should not be used. It was replaced by sender_relayhost_maps -in Postfix 2.3. +This parameter should not be used. It was replaced by sender_dependent_relayhost_maps +in Postfix version 2.3. .SH sender_bcc_maps (default: empty) Optional BCC (blind carbon-copy) address lookup tables, indexed by sender address. The BCC address (multiple results are not @@ -3228,10 +3237,11 @@ sender_canonical_maps = hash:/etc/postfix/sender_canonical .fi .ad .ft R -.SH sender_relayhost_maps (default: empty) -A sender-specific override for the global relayhost parameter +.SH sender_dependent_relayhost_maps (default: empty) +A sender-dependent override for the global relayhost parameter setting. The tables are searched by the sender address and by the -sender @domain. +sender @domain. This information is overruled with relay_transport, +default_transport and with the \fBtransport\fR(5) table. .PP This feature is available in Postfix 2.3 and later. .SH sendmail_path (default: see "postconf -d" output) @@ -3247,7 +3257,7 @@ The default time unit is s (seconds). .SH setgid_group (default: postdrop) The group ownership of set-gid Postfix commands and of group-writable Postfix directories. When this parameter value is changed you need -to re-run "\fBpostfix set-permissions\fR" (with Postfix 2.0 and +to re-run "\fBpostfix set-permissions\fR" (with Postfix version 2.0 and earlier: "\fB/etc/postfix/post-install set-permissions\fR". .SH show_user_unknown_table_name (default: yes) Display the name of the recipient table in the "User unknown" @@ -3295,7 +3305,7 @@ but this form is not recommended here. An optional numerical network address that the SMTP client should bind to when making an IPv6 connection. .PP -This feature is available in Postfix version 2.2 and later. +This feature is available in Postfix 2.2 and later. .PP This can be specified in the main.cf file for all SMTP clients, or it can be specified in the master.cf file for a specific client, @@ -3403,7 +3413,7 @@ delivery latency becomes effectively that of the slowest MX host divided by the total number of MX hosts. .PP The solution uses connection caching in a way that differs from -Postfix 2.2. By limiting the amount of time during which a connection +Postfix version 2.2. By limiting the amount of time during which a connection can be used repeatedly (instead of limiting the number of deliveries over that connection), Postfix not only restores fairness in the distribution of simultaneous connections across a set of MX hosts, @@ -3415,7 +3425,7 @@ smtp transaction timeouts which are fair estimates of maximum excess latency for a slow delivery. Note that hosts may accept thousands of messages over a single connection within the default connection reuse time limit. This number is much larger than the default Postfix -2.2 limit of 10 messages per cached connection. It may prove necessary +version 2.2 limit of 10 messages per cached connection. It may prove necessary to lower the limit to avoid interoperability issues with MTAs that exhibit bugs when many messages are delivered via a single connection. A lower reuse time limit risks losing the benefit of connection @@ -3580,27 +3590,20 @@ The default time unit is s (seconds). .SH smtp_mx_address_limit (default: 5) The maximal number of MX (mail exchanger) IP addresses that can result from mail exchanger lookups, or zero (no limit). Prior to -Postfix 2.3, this limit was disabled by default. +Postfix version 2.3, this limit was disabled by default. .PP This feature is available in Postfix 2.1 and later. .SH smtp_mx_session_limit (default: 2) The maximal number of SMTP sessions per delivery request before giving up or delivering to a fall-back relay host, or zero (no limit). This restriction ignores sessions that fail to complete the -SMTP initial handshake (Postfix 2.2 and earlier) or that fail to -complete the EHLO and TLS handshake (Postfix 2.3 and later). +SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to +complete the EHLO and TLS handshake (Postfix version 2.3 and later). .PP This feature is available in Postfix 2.1 and later. .SH smtp_never_send_ehlo (default: no) Never send EHLO at the start of an SMTP session. See also the smtp_always_send_ehlo parameter. -.SH smtp_per_sender_authentication (default: no) -Enable per-sender authentication in the SMTP client; this is available -only with SASL authentication, and disables SMTP connection caching -to ensure that mail from different senders will use the appropriate -credentials. -.PP -This feature is available in Postfix 2.3 and later. .SH smtp_pix_workaround_delay_time (default: 10s) How long the Postfix SMTP client pauses before sending "." in order to work around the PIX firewall @@ -3703,8 +3706,8 @@ smtp_sasl_mechanism_filter = !gssapi, !login, static:rest .ft R .SH smtp_sasl_password_maps (default: empty) Optional SMTP client lookup tables with one username:password entry -per remote hostname or domain (or per sender address, when per-sender -authentication is enabled). If no username:password entry is found, +per remote hostname or domain, or sender address when sender-dependent +authentication is enabled. If no username:password entry is found, then the Postfix SMTP client will not attempt to authenticate to the remote host. .PP @@ -3751,6 +3754,13 @@ queuing SMTP server. This can produce more useful logging than localhost[127.0.0.1] etc. .PP This feature is available in Postfix 2.1 and later. +.SH smtp_sender_dependent_authentication (default: no) +Enable sender-dependent authentication in the SMTP client; this is +available only with SASL authentication, and disables SMTP connection +caching to ensure that mail from different senders will use the +appropriate credentials. +.PP +This feature is available in Postfix 2.3 and later. .SH smtp_skip_4xx_greeting (default: yes) Skip SMTP servers that greet with a 4XX status code (go away, try again later). @@ -3759,7 +3769,7 @@ By default, Postfix moves on the next mail exchanger. Specify "smtp_skip_4xx_greeting = no" if Postfix should defer delivery immediately. .PP -This feature is available in Postfix version 2.0 and earlier. +This feature is available in Postfix 2.0 and earlier. Later Postfix versions always skip SMTP servers that greet with a 4XX status code. .SH smtp_skip_5xx_greeting (default: yes) @@ -4008,8 +4018,8 @@ time with a per recipient return address. .PP By default, no clients are allowed to specify XVERP. .PP -This parameter was renamed with Postfix 2.1. The default value -is backwards compatible with Postfix 2.0. +This parameter was renamed with Postfix version 2.1. The default value +is backwards compatible with Postfix version 2.0. .PP Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the @@ -4237,7 +4247,7 @@ client network address information. .IP "\fBcheck_ccert_access \fItype:table\fR\fR" When the remote SMTP client certificate is verified successfully, use the client certificate fingerprint as lookup key for the specified -\fBaccess\fR(5) database. This feature is available with Postfix 2.2. +\fBaccess\fR(5) database. This feature is available with Postfix version 2.2. .IP "\fBcheck_client_access \fItype:table\fR\fR" Search the specified access database for the client hostname, parent domains, client IP address, or networks obtained by stripping @@ -4256,11 +4266,11 @@ Permit the request when the remote SMTP client certificate is verified successfully. This option must be used only if a special CA issues the certificates and only this CA is listed as trusted CA, otherwise all clients with a recognized certificate would be -allowed to relay. This feature is available with Postfix 2.2. +allowed to relay. This feature is available with Postfix version 2.2. .IP "\fBpermit_tls_clientcerts\fR" Permit the request when the remote SMTP client certificate is verified successfully, and the certificate fingerprint is listed -in $relay_clientcerts. This feature is available with Postfix 2.2. +in $relay_clientcerts. This feature is available with Postfix version 2.2. .IP "\fBreject_rbl_client \fIrbl_domain=d.d.d.d\fR\fR" Reject the request when the reversed client network address is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR @@ -4309,7 +4319,7 @@ code for rejected requests (default: 450). The reply is always 450 in case the address->name lookup failed due to a temporary problem. .br -This feature is available in Postfix version 2.3 and +This feature is available in Postfix 2.3 and later. .PP In addition, you can use any of the following @@ -4330,12 +4340,12 @@ the SMTP server reply code (default: 450). Defer the request if some later restriction would result in an explicit or implicit PERMIT action. This is useful when a blacklisting feature fails due to a temporary problem. This feature is available -in Postfix 2.1 and later. +in Postfix version 2.1 and later. .IP "\fBdefer_if_reject\fR" Defer the request if some later restriction would result in a REJECT action. This is useful when a whitelisting feature fails due to a temporary problem. This feature is available in Postfix -2.1 and later. +version 2.1 and later. .IP "\fBpermit\fR" Permit the request. This restriction is useful at the end of a restriction list, to make the default policy explicit. @@ -4499,11 +4509,11 @@ Note 2: when invoked via "\fBsendmail -bs\fR", Postfix will never offer STARTTLS due to insufficient privileges to access the server private key. This is intended behavior. .SH smtpd_error_sleep_time (default: 1s) -With Postfix 2.1 and later: the SMTP server response delay after +With Postfix version 2.1 and later: the SMTP server response delay after a client has made more than $smtpd_soft_error_limit errors, and fewer than $smtpd_hard_error_limit errors, without delivering mail. .PP -With Postfix 2.0 and earlier: the SMTP server delay before +With Postfix version 2.0 and earlier: the SMTP server delay before sending a reject (4xx or 5xx) response, when the client has made fewer than $smtpd_soft_error_limit errors without delivering mail. @@ -4826,7 +4836,7 @@ parameter specifies the response code for rejected requests (default: 554); the default_rbl_reply parameter specifies the default server reply; and the rbl_reply_maps parameter specifies tables with server replies indexed by \fIrbl_domain\fR. This feature is available -in Postfix 2.0 and later. +in Postfix version 2.0 and later. .IP "\fBreject_unauth_destination\fR" Reject the request unless one of the following is true: .IP \(bu @@ -4844,13 +4854,13 @@ code for rejected requests (default: 554). Reject the request when Postfix is not final destination for the recipient address, and the RCPT TO address has no DNS A or MX record, or when it has a malformed MX record such as a record with -a zero-length MX hostname (Postfix 2.3 and later). +a zero-length MX hostname (Postfix version 2.3 and later). .br The unknown_address_reject_code parameter specifies the response code for rejected requests (default: 450). The response is always 450 in case of a temporary DNS error. -.IP "\fBreject_unlisted_recipient\fR (with Postfix 2.0: check_recipient_maps)" +.IP "\fBreject_unlisted_recipient\fR (with Postfix version 2.0: check_recipient_maps)" Reject the request when the RCPT TO address is not listed in the list of valid recipients for its domain class. See the smtpd_reject_unlisted_recipient parameter description for details. @@ -5151,7 +5161,7 @@ Postfix version 2.1 and later. Reject the request when Postfix is not final destination for the sender address, and the MAIL FROM address has no DNS A or MX record, or when it has a malformed MX record such as a record with -a zero-length MX hostname (Postfix 2.3 and later). +a zero-length MX hostname (Postfix version 2.3 and later). .br The unknown_address_reject_code parameter specifies the response code @@ -5552,7 +5562,7 @@ $local_header_rewrite_clients, The message is received from the network, and the remote_header_rewrite_domain parameter specifies a non-empty value. .PP -To get the behavior before Postfix 2.2, specify +To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all". .PP Example: @@ -5756,7 +5766,7 @@ non-existent recipients. See also the virtual alias domain class in the ADDRESS_CLASS_README file .PP This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1. .PP The default value is $virtual_alias_maps so that you can keep all information about virtual alias domains in one place. If you have @@ -5796,7 +5806,7 @@ are documented in \fBvirtual\fR(5). For an overview of Postfix address manipulations see the ADDRESS_REWRITING_README document. .PP This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1. .PP If you use this feature with indexed files, run "\fBpostmap /etc/postfix/virtual\fR" after changing the file. @@ -5882,7 +5892,7 @@ This parameter expects the same syntax as the mydestination configuration parameter. .PP This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1. .SH virtual_mailbox_limit (default: 51200000) The maximal size in bytes of an individual mailbox or maildir file, or zero (no limit). @@ -5932,7 +5942,7 @@ Optional lookup tables with a) names of domains for which all addresses are aliased to addresses in other local or remote domains, and b) addresses that are aliased to addresses in other local or remote domains. Available before Postfix version 2.0. With Postfix -2.0 and later, this is replaced by separate controls: virtual_alias_domains +version 2.0 and later, this is replaced by separate controls: virtual_alias_domains and virtual_alias_maps. .SH virtual_minimum_uid (default: 100) The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts @@ -5940,9 +5950,9 @@ as a result from $virtual_uid_maps table lookup. Returned values less than this will be rejected, and the message will be deferred. .SH virtual_transport (default: virtual) -The default mail delivery transport for domains that match the -$virtual_mailbox_domains parameter value. This information can -be overruled with the \fBtransport\fR(5) table. +The default mail delivery transport and next-hop destination for +final delivery to domains listed with virtual_mailbox_domains. +This information can be overruled with the \fBtransport\fR(5) table. .PP Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR is the name of a mail delivery transport defined in master.cf. diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5 index 6528941b8..ff1096f7d 100644 --- a/postfix/man/man5/transport.5 +++ b/postfix/man/man5/transport.5 @@ -36,13 +36,13 @@ destination is the recipient domain. This is the default for remote delivery to domains listed with \fBrelay_domains\fR. In order of decreasing precedence, the \fInexthop\fR destination is taken from \fBrelay_transport\fR, -\fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the +\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the recipient domain. .IP "\fBdefault_transport (default: smtp:)\fR" This is the default for remote delivery to other destinations. In order of decreasing precedence, the \fInexthop\fR destination is taken from \fBdefault_transport\fR, -\fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the +\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the recipient domain. .PP Normally, the \fBtransport\fR(5) table is specified as a text file diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 0f3aefbe7..bce7bafc5 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -176,8 +176,8 @@ response announces XFORWARD support. Enable SASL authentication in the Postfix SMTP client. .IP "\fBsmtp_sasl_password_maps (empty)\fR" Optional SMTP client lookup tables with one username:password entry -per remote hostname or domain (or per sender, when per-sender -authentication is enabled). +per remote hostname or domain, or sender address when sender-dependent +authentication is enabled. .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" What authentication mechanisms the Postfix SMTP client is allowed to use. @@ -188,11 +188,11 @@ If non-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. .PP Available in Postfix version 2.3 and later: -.IP "\fBsmtp_per_sender_authentication (no)\fR" -Enable per-sender authentication in the SMTP client; this is available -only with SASL authentication, and disables SMTP connection caching -to ensure that mail from different senders will use the appropriate -credentials. +.IP "\fBsmtp_sender_dependent_authentication (no)\fR" +Enable sender-dependent authentication in the SMTP client; this is +available only with SASL authentication, and disables SMTP connection +caching to ensure that mail from different senders will use the +appropriate credentials. .SH "STARTTLS SUPPORT CONTROLS" .na .nf diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index 6c580a087..d51635ddb 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -32,8 +32,8 @@ the \fBlocal\fR address rewriting context. This prevents Postfix from appending the local domain to spam from poorly written remote clients. .RE -.IP "\fBresolve \fIaddress\fR" -Resolve an address to a (\fItransport\fR, \fInexthop\fR, +.IP "\fBresolve \fIsender\fR \fIaddress\fR" +Resolve the address to a (\fItransport\fR, \fInexthop\fR, \fIrecipient\fR, \fIflags\fR) quadruple. The meaning of the results is as follows: .RS @@ -48,8 +48,8 @@ The envelope recipient address that is passed on to \fInexthop\fR. The address class, whether the address requires relaying, whether the address has problems, and whether the request failed. .RE -.IP "\fBverify \fIaddress\fR" -Resolve an address for address verification purposes. +.IP "\fBverify \fIsender\fR \fIaddress\fR" +Resolve the address for address verification purposes. .SH "SERVER PROCESS MANAGEMENT" .na .nf @@ -141,31 +141,33 @@ Earlier versions do not have support for: virtual_transport, relay_transport, virtual_alias_domains, virtual_mailbox_domains or proxy_interfaces. .IP "\fBlocal_transport (local:$myhostname)\fR" -The default mail delivery transport for domains that match -$mydestination, $inet_interfaces or $proxy_interfaces. +The default mail delivery transport and next-hop destination +for final delivery to domains listed with mydestination, and for +[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. .IP "\fBvirtual_transport (virtual)\fR" -The default mail delivery transport for domains that match the -$virtual_mailbox_domains parameter value. +The default mail delivery transport and next-hop destination for +final delivery to domains listed with virtual_mailbox_domains. .IP "\fBrelay_transport (relay)\fR" -The default mail delivery transport and next-hop information for -domains that match the $relay_domains parameter value. +The default mail delivery transport and next-hop destination for +remote delivery to domains listed with $relay_domains. .IP "\fBdefault_transport (smtp)\fR" -The default mail delivery transport for domains that do not match -$mydestination, $inet_interfaces, $proxy_interfaces, -$virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. +The default mail delivery transport and next-hop destination for +destinations that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains. .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" What Postfix features match subdomains of "domain.tld" automatically, instead of requiring an explicit ".domain.tld" pattern. .IP "\fBrelayhost (empty)\fR" -The default host to send non-local mail to when no entry is matched -in the optional \fBtransport\fR(5) table. +The next-hop destination of non-local mail; overrides non-local +domains in recipient addresses. .IP "\fBtransport_maps (empty)\fR" Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). .PP Available in Postfix version 2.3 and later: -.IP "\fBsender_relayhost_maps (empty)\fR" -A sender-specific override for the global relayhost parameter +.IP "\fBsender_dependent_relayhost_maps (empty)\fR" +A sender-dependent override for the global relayhost parameter setting. .SH "ADDRESS VERIFICATION CONTROLS" .na @@ -194,12 +196,14 @@ verification probes. .IP "\fBaddress_verify_relayhost ($relayhost)\fR" Overrides the relayhost parameter setting for address verification probes. -.IP "\fBaddress_verify_sender_relayhost_maps (empty)\fR" -Overrides the sender_relayhost_maps parameter setting for address -verification probes. .IP "\fBaddress_verify_transport_maps ($transport_maps)\fR" Overrides the transport_maps parameter setting for address verification probes. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBaddress_verify_sender_dependent_relayhost_maps (empty)\fR" +Overrides the sender_dependent_relayhost_maps parameter setting for address +verification probes. .SH "MISCELLANEOUS CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index efce85a0d..00fb66a3a 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -78,7 +78,7 @@ while (<>) { s;\baddress_verify_positive_refresh_time\b;$&;g; s;\baddress_verify_relay_transport\b;$&;g; s;\baddress_verify_relay[-]*\n*[ ]*host\b;$&;g; - s;\baddress_verify_sender_relay[-]*\n*[ ]*host_maps\b;$&;g; + s;\baddress_verify_sender_dependent_relay[-]*\n*[ ]*host_maps\b;$&;g; s;\baddress_verify_sender\b;$&;g; s;\baddress_verify_service_name\b;$&;g; s;\baddress_verify_transport_maps\b;$&;g; @@ -245,7 +245,7 @@ while (<>) { s;\bmime_nesting_limit\b;$&;g; s;\bminimal_backoff_time\b;$&;g; s;\bmulti_recip[-]*\n* *[]*ient_bounce_reject_code\b;$&;g; - s;\bmydes[-]*\n*[ ]*tina[-]*\n*[ ]*tion\b;$&;g; + s;\bmydes[-]*\n*[ ]*ti[-]*\n*[ ]*na[-]*\n*[ ]*tion\b;$&;g; s;\bmydo[-]*\n* *[]*main\b;$&;g; s;\bmyhostname\b;$&;g; s;\bmynet[-]*\n* *[]*works\b;$&;g; @@ -256,7 +256,7 @@ while (<>) { s;\bnon_fqdn_reject_code\b;$&;g; s;\bnotify_classes\b;$&;g; s;\bowner_request_special\b;$&;g; - s;\bparent_domain_matches_subdomains\b;$&;g; + s;\bpar[-]*\n* *[]*ent_domain_matches_subdomains\b;$&;g; s;\bpermit_mx_backup_networks\b;$&;g; s;\bpickup_service_name\b;$&;g; s;\bprepend_delivered_header\b;$&;g; @@ -306,7 +306,7 @@ while (<>) { s;\bsender_bcc_maps\b;$&;g; s;\bsender_canonical_classes\b;$&;g; s;\bsender_canonical_maps\b;$&;g; - s;\bsender_relay[-]*\n*[ ]*host_maps\b;$&;g; + s;\bsender_dependent_relay[-]*\n*[ ]*host_maps\b;$&;g; s;\bsendmail_path\b;$&;g; s;\bservice_throttle_time\b;$&;g; s;\bsetgid_group\b;$&;g; @@ -352,7 +352,7 @@ while (<>) { s;\bsmtp_mx_address_limit\b;$&;g; s;\bsmtp_mx_session_limit\b;$&;g; s;\bsmtp_never_send_ehlo\b;$&;g; - s;\bsmtp_per_sender_authentication\b;$&;g; + s;\bsmtp_sender_depen[-]*\n*[ ]*dent_authentication\b;$&;g; s;\bsmtp_pix_workaround_delay_time\b;$&;g; s;\bsmtp_pix_workaround_threshold_time\b;$&;g; s;\bsmtp_quit_timeout\b;$&;g; diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html index 091c4e562..ef1fb069c 100644 --- a/postfix/proto/ADDRESS_VERIFICATION_README.html +++ b/postfix/proto/ADDRESS_VERIFICATION_README.html @@ -416,7 +416,9 @@ parameters when it delivers an address verification probe message.

First, the address_verify_relayhost parameter allows you to override the relayhost setting, and the address_verify_transport_maps -parameter allows you to override the transport_maps setting.

+parameter allows you to override the transport_maps setting. +The address_verify_sender_dependent_relayhost_maps parameter +does the same for sender-dependent relayhost selection.

Second, each address class is given its own address verification version of the message delivery transport, as shown in the table diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 2809d39f6..35230c37a 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -333,7 +333,7 @@ This feature is available in Postfix 2.1 and later.

Overrides the relayhost parameter setting for address verification -probes. +probes. This information can be overruled with the transport(5) table.

@@ -526,7 +526,7 @@ remote_header_rewrite_domain parameter specifies a non-empty value. -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -718,7 +718,7 @@ remote_header_rewrite_domain parameter specifies a non-empty value. -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -1006,7 +1006,7 @@ address, or Recipient address.

The numerical SMTP response code, as specified with the maps_rbl_reject_code configuration parameter. Note: The numerical SMTP response code is required, and must appear at the start of the -reply. With Postfix 2.3 and later this information may be followed +reply. With Postfix version 2.3 and later this information may be followed by an RFC 3463 enhanced status code.
$rbl_domain
@@ -1098,10 +1098,14 @@ and qmgr_message_recipient_minimum. %PARAM default_transport smtp

-The default mail delivery transport for domains that do not match -$mydestination, $inet_interfaces, $proxy_interfaces, -$virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. -This information can be overruled with the transport(5) table. +The default mail delivery transport and next-hop destination for +destinations that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains. In order of decreasing precedence, the nexthop +destination is taken from $default_transport, +$sender_dependent_relayhost_maps, $relayhost, or from the recipient +domain. This information can be overruled with the transport(5) +table.

@@ -1208,7 +1212,7 @@ duplicate elimination on the rewritten recipient address only, and generates empty original recipient queue file records.

This feature is available in Postfix 2.1 and later. With Postfix -2.0, support for the X-Original-To message header is always turned +version 2.0, support for the X-Original-To message header is always turned on. Postfix versions before 2.0 have no support for the X-Original-To message header.

@@ -1223,7 +1227,7 @@ time keeping on System-V-ish systems.

Specify a list of names and/or name=value pairs, separated by whitespace or comma. The name=value form is supported with -Postfix 2.1 and later. +Postfix version 2.1 and later.

@@ -1626,7 +1630,7 @@ parameters:

Specify a list of names and/or name=value pairs, separated by whitespace or comma. The name=value form is supported with -Postfix 2.1 and later.

+Postfix version 2.1 and later.

%PARAM in_flow_delay 1s @@ -1650,7 +1654,7 @@ Specify 0 to disable the feature. Valid delays are 0..10.

The network interface addresses that this mail system receives mail on. Specify "all" to receive mail on all network interfaces (default), and "loopback-only" to receive mail -on loopback network interfaces only (Postfix 2.2 and later). The +on loopback network interfaces only (Postfix version 2.2 and later). The parameter also controls delivery of mail to user@[ip.address].

@@ -1696,9 +1700,9 @@ Examples: 
 inet_interfaces = all (DEFAULT)
-inet_interfaces = loopback-only (Postfix 2.2 and later)
+inet_interfaces = loopback-only (Postfix version 2.2 and later)
 inet_interfaces = 127.0.0.1
-inet_interfaces = 127.0.0.1, [::1] (Postfix 2.2 and later)
+inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later)
 inet_interfaces = 192.168.1.2, 127.0.0.1
@@ -1710,7 +1714,7 @@ or "ipv6", separated by whitespace or commas. The form "all" is equivalent to "ipv4, ipv6" or "ipv4", depending on whether the operating system implements IPv6.

-

This feature is available in Postfix version 2.2 and later.

+

This feature is available in Postfix 2.2 and later.

Note: you MUST stop and start Postfix after changing this parameter.

@@ -2091,9 +2095,10 @@ local_recipient_maps = %PARAM local_transport local:$myhostname -

The default mail delivery transport for domains that match -$mydestination, $inet_interfaces or $proxy_interfaces. This -information can be overruled with the transport(5) table.

+

The default mail delivery transport and next-hop destination +for final delivery to domains listed with mydestination, and for +[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. +This information can be overruled with the transport(5) table.

By default, local mail is delivered to the transport called "local", @@ -2214,7 +2219,7 @@ or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.

When this parameter value is changed you need to re-run "postfix -set-permissions" (with Postfix 2.0 and earlier: +set-permissions" (with Postfix version 2.0 and earlier: "/etc/postfix/post-install set-permissions".

@@ -2270,22 +2275,22 @@ The following environment variables are exported to the command:
CLIENT_ADDRESS
-
Remote client network address. Available in Postfix 2.2 and +
Remote client network address. Available in Postfix version 2.2 and later.
CLIENT_HELO
-
Remote client EHLO command parameter. Available in Postfix 2.2 +
Remote client EHLO command parameter. Available in Postfix version 2.2 and later.
CLIENT_HOSTNAME
-
Remote client hostname. Available in Postfix 2.2 and later. +
Remote client hostname. Available in Postfix version 2.2 and later.
CLIENT_PROTOCOL
-
Remote client protocol. Available in Postfix 2.2 and later. +
Remote client protocol. Available in Postfix version 2.2 and later.
DOMAIN
@@ -2315,17 +2320,17 @@ and later.
SASL_METHOD
SASL authentication method specified in the remote client AUTH -command. Available in Postfix 2.2 and later.
+command. Available in Postfix version 2.2 and later.
SASL_SENDER
SASL sender address specified in the remote client MAIL FROM -command. Available in Postfix 2.2 and later.
+command. Available in Postfix version 2.2 and later.
SASL_USER
SASL username specified in the remote client AUTH command. -Available in Postfix 2.2 and later.
+Available in Postfix version 2.2 and later.
SENDER
@@ -2470,7 +2475,7 @@ remote_header_rewrite_domain parameter specifies a non-empty value. -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -3001,7 +3006,7 @@ server to decide if it will accept any mail at all.

-By default, the Postfix 2.1 SMTP server rejects MAIL FROM commands +By default, the Postfix version 2.1 SMTP server rejects MAIL FROM commands when the amount of free space is less than 1.5*$message_size_limit. To specify a higher minimum free space limit, specify a queue_minfree value that is at least 1.5*$message_size_limit. @@ -3274,9 +3279,10 @@ This feature is available in Postfix 2.0 and later. %PARAM relayhost

-The default host to send non-local mail to when no entry is matched -in the optional transport(5) table. When no relayhost is given, -mail is routed directly to the destination. +The next-hop destination of non-local mail; overrides non-local +domains in recipient addresses. This information is overruled with +relay_transport, default_transport, sender_dependent_relayhost_maps +and with the transport(5) table.

@@ -3362,7 +3368,7 @@ backup MX service for Sendmail systems.

local hostname were specified, instead of rejecting the address as invalid.

-

This feature is available in Postfix version 2.1 and later. +

This feature is available in Postfix 2.1 and later. Earlier versions always resolve the null domain as the local hostname.

@@ -3498,7 +3504,7 @@ An optional numerical network address that the SMTP client should bind to when making an IPv6 connection.

-

This feature is available in Postfix version 2.2 and later.

+

This feature is available in Postfix 2.2 and later.

This can be specified in the main.cf file for all SMTP clients, or @@ -3565,7 +3571,7 @@ delivery latency becomes effectively that of the slowest MX host divided by the total number of MX hosts.

The solution uses connection caching in a way that differs from -Postfix 2.2. By limiting the amount of time during which a connection +Postfix version 2.2. By limiting the amount of time during which a connection can be used repeatedly (instead of limiting the number of deliveries over that connection), Postfix not only restores fairness in the distribution of simultaneous connections across a set of MX hosts, @@ -3577,7 +3583,7 @@ smtp transaction timeouts which are fair estimates of maximum excess latency for a slow delivery. Note that hosts may accept thousands of messages over a single connection within the default connection reuse time limit. This number is much larger than the default Postfix -2.2 limit of 10 messages per cached connection. It may prove necessary +version 2.2 limit of 10 messages per cached connection. It may prove necessary to lower the limit to avoid interoperability issues with MTAs that exhibit bugs when many messages are delivered via a single connection. A lower reuse time limit risks losing the benefit of connection @@ -3738,7 +3744,7 @@ via the relay message delivery transport. This limit is enforced by the queue manager. The message delivery transport name is the first field in the entry in the master.cf file.

-

This feature is available in Postfix version 2.0 and later.

+

This feature is available in Postfix 2.0 and later.

%PARAM relay_destination_recipient_limit $default_destination_recipient_limit @@ -3751,7 +3757,7 @@ the entry in the master.cf file.

relay_destination_concurrency_limit from concurrency per domain into concurrency per recipient.

-

This feature is available in Postfix version 2.0 and later.

+

This feature is available in Postfix 2.0 and later.

%PARAM smtp_destination_concurrency_limit $default_destination_concurrency_limit @@ -3890,7 +3896,7 @@ The default time unit is s (seconds).

The maximal number of MX (mail exchanger) IP addresses that can result from mail exchanger lookups, or zero (no limit). Prior to -Postfix 2.3, this limit was disabled by default. +Postfix version 2.3, this limit was disabled by default.

@@ -3902,8 +3908,8 @@ This feature is available in Postfix 2.1 and later.

The maximal number of SMTP sessions per delivery request before giving up or delivering to a fall-back relay host, or zero (no limit). This restriction ignores sessions that fail to complete the -SMTP initial handshake (Postfix 2.2 and earlier) or that fail to -complete the EHLO and TLS handshake (Postfix 2.3 and later).

+SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to +complete the EHLO and TLS handshake (Postfix version 2.3 and later).

This feature is available in Postfix 2.1 and later.

@@ -4002,8 +4008,8 @@ smtp_sasl_auth_enable = yes

Optional SMTP client lookup tables with one username:password entry -per remote hostname or domain (or per sender address, when per-sender -authentication is enabled). If no username:password entry is found, +per remote hostname or domain, or sender address when sender-dependent +authentication is enabled. If no username:password entry is found, then the Postfix SMTP client will not attempt to authenticate to the remote host.

@@ -4117,7 +4123,7 @@ By default, Postfix moves on the next mail exchanger. Specify immediately.

-

This feature is available in Postfix version 2.0 and earlier. +

This feature is available in Postfix 2.0 and earlier. Later Postfix versions always skip SMTP servers that greet with a 4XX status code.

@@ -4192,8 +4198,8 @@ time with a per recipient return address.

By default, no clients are allowed to specify XVERP.

-

This parameter was renamed with Postfix 2.1. The default value -is backwards compatible with Postfix 2.0.

+

This parameter was renamed with Postfix version 2.1. The default value +is backwards compatible with Postfix version 2.0.

Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the @@ -4515,7 +4521,7 @@ client network address information.

When the remote SMTP client certificate is verified successfully, use the client certificate fingerprint as lookup key for the specified -access(5) database. This feature is available with Postfix 2.2.
+access(5) database. This feature is available with Postfix version 2.2.
check_client_access type:table
@@ -4545,13 +4551,13 @@ authenticated via the RFC 2554 (AUTH) protocol. verified successfully. This option must be used only if a special CA issues the certificates and only this CA is listed as trusted CA, otherwise all clients with a recognized certificate would be -allowed to relay. This feature is available with Postfix 2.2. +allowed to relay. This feature is available with Postfix version 2.2.
permit_tls_clientcerts
Permit the request when the remote SMTP client certificate is verified successfully, and the certificate fingerprint is listed -in $relay_clientcerts. This feature is available with Postfix 2.2.
+in $relay_clientcerts. This feature is available with Postfix version 2.2.
reject_rbl_client rbl_domain=d.d.d.d
Reject the request when the reversed client network address is @@ -4597,7 +4603,7 @@ also that the two mappings reproduce the client IP address.
The unknown_client_reject_code parameter specifies the response code for rejected requests (default: 450). The reply is always 450 in case the address->name lookup failed due to a temporary -problem.
This feature is available in Postfix version 2.3 and +problem.
This feature is available in Postfix 2.3 and later.
#
reject_unknown_forward_client_hostname
@@ -4641,14 +4647,14 @@ the SMTP server reply code (default: 450).
Defer the request if some later restriction would result in an explicit or implicit PERMIT action. This is useful when a blacklisting feature fails due to a temporary problem. This feature is available -in Postfix 2.1 and later.
+in Postfix version 2.1 and later.
defer_if_reject
Defer the request if some later restriction would result in a REJECT action. This is useful when a whitelisting feature fails due to a temporary problem. This feature is available in Postfix -2.1 and later.
+version 2.1 and later.
permit
@@ -4751,7 +4757,7 @@ client makes without delivering mail. -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

@@ -5944,7 +5950,7 @@ in the ADDRESS_CLASS_README file

This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1.

@@ -5998,7 +6004,7 @@ manipulations see the ADDRESS_REWRITING_README document.

This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1.

@@ -6117,7 +6123,7 @@ remote_header_rewrite_domain parameter specifies a non-empty value. -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

%PARAM append_dot_mydomain yes @@ -6150,7 +6156,7 @@ remote_header_rewrite_domain parameter specifies a non-empty value. -

To get the behavior before Postfix 2.2, specify +

To get the behavior before Postfix version 2.2, specify "local_header_rewrite_clients = static:all".

%PARAM application_event_drain_time 100s @@ -6331,8 +6337,8 @@ The default time unit is s (seconds).

Report mail delivery errors to the address specified with the non-standard Errors-To: message header, instead of the envelope -sender address (this feature is removed with Postfix 2.2, is -turned off by default with Postfix 2.1, and is always turned on +sender address (this feature is removed with Postfix version 2.2, is +turned off by default with Postfix version 2.1, and is always turned on with older Postfix versions).

%PARAM extract_recipient_limit 10240 @@ -6343,7 +6349,7 @@ from message headers when mail is submitted with "sendmail -t".

-This feature was removed in Postfix 2.1. +This feature was removed in Postfix version 2.1.

%PARAM anvil_rate_time_unit 60s @@ -6355,7 +6361,7 @@ are calculated.

This feature is implemented by the anvil(8) service which is not -part of the stable Postfix 2.1 release. +part of the stable Postfix version 2.1 release.

@@ -6434,7 +6440,7 @@ encoded in the envelope sender address. The VERP_README file describes configuration and operation details of Postfix support for variable envelope return path addresses. VERP style delivery is requested with the SMTP XVERP command or with the "sendmail --V" command-line option and is available in Postfix version +-V" command-line option and is available in Postfix 1.1 and later.

@@ -7071,9 +7077,12 @@ configure or operate a specific Postfix subsystem or feature. %PARAM relay_transport relay

-The default mail delivery transport and next-hop information for -domains that match the $relay_domains parameter value. This -information can be overruled with the transport(5) table. +The default mail delivery transport and next-hop destination for +remote delivery to domains listed with $relay_domains. In order of +decreasing precedence, the nexthop destination is taken from +$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or +from the recipient domain. This information can be overruled with +the transport(5) table.

@@ -7113,8 +7122,8 @@ The name of the directory with example Postfix configuration files. %PARAM sender_based_routing no

-This parameter should not be used. It was replaced by sender_relayhost_maps -in Postfix 2.3. +This parameter should not be used. It was replaced by sender_dependent_relayhost_maps +in Postfix version 2.3.

%PARAM sendmail_path see "postconf -d" output @@ -7142,7 +7151,7 @@ The default time unit is s (seconds).

The group ownership of set-gid Postfix commands and of group-writable Postfix directories. When this parameter value is changed you need -to re-run "postfix set-permissions" (with Postfix 2.0 and +to re-run "postfix set-permissions" (with Postfix version 2.0 and earlier: "/etc/postfix/post-install set-permissions".

@@ -7617,7 +7626,7 @@ configuration parameter.

This feature is available in Postfix 2.0 and later. The default -value is backwards compatible with Postfix 1.1. +value is backwards compatible with Postfix version 1.1.

%PARAM virtual_mailbox_limit 51200000 @@ -7704,9 +7713,9 @@ deferred. %PARAM virtual_transport virtual

-The default mail delivery transport for domains that match the -$virtual_mailbox_domains parameter value. This information can -be overruled with the transport(5) table. +The default mail delivery transport and next-hop destination for +final delivery to domains listed with virtual_mailbox_domains. +This information can be overruled with the transport(5) table.

@@ -7779,7 +7788,7 @@ parameter in the default main.cf file.

addresses are aliased to addresses in other local or remote domains, and b) addresses that are aliased to addresses in other local or remote domains. Available before Postfix version 2.0. With Postfix -2.0 and later, this is replaced by separate controls: virtual_alias_domains +version 2.0 and later, this is replaced by separate controls: virtual_alias_domains and virtual_alias_maps.

%PARAM smtp_discard_ehlo_keywords @@ -8230,7 +8239,7 @@ relay_clientcerts = hash:/etc/postfix/relay_clientcerts an appropriate access(5) policy for each client. See RESTRICTION_CLASS_README.

-

This feature is available with Postfix 2.2.

+

This feature is available with Postfix version 2.2.

%PARAM smtpd_tls_cipherlist @@ -8694,10 +8703,10 @@ precision.

%PARAM bounce_template_file empty

Pathname of a configuration file with bounce message templates. -These override the bounce(8) server built-in templates of delivery -status notification (DSN) messages for undeliverable mail, for -delayed mail, for successful delivery, or for mail delivery -verification.

+These override the built-in templates of delivery status notification +(DSN) messages for undeliverable mail, for delayed mail, successful +delivery, or delivery verification. The bounce(5) manual page +describes how to edit and test template files.

Template message body text may contain $name references to Postfix configuration parameters. The result of $name expansion can @@ -8706,20 +8715,21 @@ is placed into the Postfix configuration directory.

This feature is available in Postfix 2.3 and later.

-%PARAM sender_relayhost_maps empty +%PARAM sender_dependent_relayhost_maps empty -

A sender-specific override for the global relayhost parameter +

A sender-dependent override for the global relayhost parameter setting. The tables are searched by the sender address and by the -sender @domain.

+sender @domain. This information is overruled with relay_transport, +default_transport and with the transport(5) table.

This feature is available in Postfix 2.3 and later.

-%PARAM address_verify_sender_relayhost_maps empty +%PARAM address_verify_sender_dependent_relayhost_maps empty

-Overrides the sender_relayhost_maps parameter setting for address +Overrides the sender_dependent_relayhost_maps parameter setting for address verification probes.

@@ -8727,14 +8737,13 @@ verification probes. This feature is available in Postfix 2.3 and later.

-%PARAM smtp_per_sender_authentication no +%PARAM smtp_sender_dependent_authentication no

-Enable per-sender authentication in the SMTP client; this is available -only with SASL authentication, and disables SMTP connection caching -to ensure that mail from different senders will use the appropriate -credentials. -

+Enable sender-dependent authentication in the SMTP client; this is +available only with SASL authentication, and disables SMTP connection +caching to ensure that mail from different senders will use the +appropriate credentials.

This feature is available in Postfix 2.3 and later. diff --git a/postfix/proto/transport b/postfix/proto/transport index f096779f4..8ad53e2cc 100644 --- a/postfix/proto/transport +++ b/postfix/proto/transport @@ -30,13 +30,13 @@ # This is the default for remote delivery to domains listed # with \fBrelay_domains\fR. In order of decreasing precedence, # the \fInexthop\fR destination is taken from \fBrelay_transport\fR, -# \fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the +# \fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the # recipient domain. # .IP "\fBdefault_transport (default: smtp:)\fR" # This is the default for remote delivery to other destinations. # In order of decreasing precedence, the \fInexthop\fR # destination is taken from \fBdefault_transport\fR, -# \fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the +# \fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the # recipient domain. # .PP # Normally, the \fBtransport\fR(5) table is specified as a text file diff --git a/postfix/src/bounce/bounce_template.c b/postfix/src/bounce/bounce_template.c index eb2e0167d..99ded0966 100644 --- a/postfix/src/bounce/bounce_template.c +++ b/postfix/src/bounce/bounce_template.c @@ -407,6 +407,7 @@ static const char *bounce_template_lookup(const char *key, int unused_mode, tp->origin, tp->class, key); msg_warn("please reduce time unit \"%s\" of \"%s\" " "in %s template", bd->suffix, key, tp->class); + msg_warn("for instructions see the bounce(5) manual"); } if (buf == 0) buf = vstring_alloc(10); diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 1f76e7ca8..fc513fe02 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -185,7 +185,7 @@ extern char *var_masq_classes; #define DEF_RELAYHOST "" extern char *var_relayhost; -#define VAR_SND_RELAY_MAPS "sender_relayhost_maps" +#define VAR_SND_RELAY_MAPS "sender_dependent_relayhost_maps" #define DEF_SND_RELAY_MAPS "" extern char *var_snd_relay_maps; @@ -2156,7 +2156,7 @@ extern char *var_vrfy_def_xport; #define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST extern char *var_vrfy_relayhost; -#define VAR_VRFY_RELAY_MAPS "address_verify_sender_relayhost_maps" +#define VAR_VRFY_RELAY_MAPS "address_verify_sender_dependent_relayhost_maps" #define DEF_VRFY_RELAY_MAPS "$" VAR_SND_RELAY_MAPS extern char *var_vrfy_relay_maps; @@ -2413,9 +2413,9 @@ extern int var_delay_max_res; extern char *var_bounce_tmpl; /* - * Per-sender authentication. + * Sender-dependent authentication. */ -#define VAR_SMTP_SENDER_AUTH "smtp_per_sender_authentication" +#define VAR_SMTP_SENDER_AUTH "smtp_sender_dependent_authentication" #define DEF_SMTP_SENDER_AUTH 0 extern bool var_smtp_sender_auth; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 731c190b4..143d31f27 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20051124" +#define MAIL_RELEASE_DATE "20051125" #define MAIL_VERSION_NUMBER "2.3" #ifdef SNAPSHOT diff --git a/postfix/src/global/resolve_clnt.c b/postfix/src/global/resolve_clnt.c index 123d0fe68..7dd7147a3 100644 --- a/postfix/src/global/resolve_clnt.c +++ b/postfix/src/global/resolve_clnt.c @@ -22,10 +22,20 @@ /* const char *address; /* RESOLVE_REPLY *reply; /* +/* void resolve_clnt_query_from(sender, address, reply) +/* const char *sender; +/* const char *address; +/* RESOLVE_REPLY *reply; +/* /* void resolve_clnt_verify(address, reply) /* const char *address; /* RESOLVE_REPLY *reply; /* +/* void resolve_clnt_verify_from(sender, address, reply) +/* const char *sender; +/* const char *address; +/* RESOLVE_REPLY *reply; +/* /* void resolve_clnt_free(reply) /* RESOLVE_REPLY *reply; /* DESCRIPTION @@ -44,6 +54,10 @@ /* resolve_clnt_verify() implements an alternative version that can /* be used for address verification. /* +/* resolve_clnt_query_from() and resolve_clnt_verify_from() +/* allow the caller to supply sender context that will be used +/* for sender-dependent relayhost lookup. +/* /* In the resolver reply, the flags member is the bit-wise OR of /* zero or more of the following: /* .IP RESOLVE_FLAG_FINAL @@ -59,9 +73,6 @@ /* The address resolved to something that has invalid syntax. /* .IP RESOLVE_FLAG_FAIL /* The request could not be completed. -/* .IP RESOLVE_FLAG_SMARTHOST -/* The client may override the next-hop host with per-sender -/* relay host information. /* .PP /* In addition, the address domain class is returned by setting /* one of the following flags (this is preliminary code awaiting @@ -131,6 +142,7 @@ extern CLNT_STREAM *rewrite_clnt_stream; static VSTRING *last_class; +static VSTRING *last_sender; static VSTRING *last_addr; static RESOLVE_REPLY last_reply; @@ -146,7 +158,8 @@ void resolve_clnt_init(RESOLVE_REPLY *reply) /* resolve_clnt - resolve address to (transport, next hop, recipient) */ -void resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply) +void resolve_clnt(const char *class, const char *sender, + const char *addr, RESOLVE_REPLY *reply) { char *myname = "resolve_clnt"; VSTREAM *stream; @@ -157,6 +170,7 @@ void resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply) */ if (last_addr == 0) { last_class = vstring_alloc(10); + last_sender = vstring_alloc(10); last_addr = vstring_alloc(100); resolve_clnt_init(&last_reply); } @@ -176,14 +190,15 @@ void resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply) #define IFSET(flag, text) ((reply->flags & (flag)) ? (text) : "") if (*addr && strcmp(addr, STR(last_addr)) == 0 - && strcmp(class, STR(last_class)) == 0) { + && strcmp(class, STR(last_class)) == 0 + && strcmp(sender, STR(last_sender)) == 0) { vstring_strcpy(reply->transport, STR(last_reply.transport)); vstring_strcpy(reply->nexthop, STR(last_reply.nexthop)); vstring_strcpy(reply->recipient, STR(last_reply.recipient)); reply->flags = last_reply.flags; if (msg_verbose) - msg_info("%s: cached: `%s' -> transp=`%s' host=`%s' rcpt=`%s' flags=%s%s%s%s class=%s%s%s%s%s", - myname, addr, STR(reply->transport), + msg_info("%s: cached: `%s' -> `%s' -> transp=`%s' host=`%s' rcpt=`%s' flags=%s%s%s%s class=%s%s%s%s%s", + myname, sender, addr, STR(reply->transport), STR(reply->nexthop), STR(reply->recipient), IFSET(RESOLVE_FLAG_FINAL, "final"), IFSET(RESOLVE_FLAG_ROUTED, "routed"), @@ -213,6 +228,7 @@ void resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply) errno = 0; if (attr_print(stream, ATTR_FLAG_NONE, ATTR_TYPE_STR, MAIL_ATTR_REQ, class, + ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender, ATTR_TYPE_STR, MAIL_ATTR_ADDR, addr, ATTR_TYPE_END) != 0 || vstream_fflush(stream) @@ -258,6 +274,7 @@ void resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply) * Update the cache. */ vstring_strcpy(last_class, class); + vstring_strcpy(last_sender, sender); vstring_strcpy(last_addr, addr); vstring_strcpy(last_reply.transport, STR(reply->transport)); vstring_strcpy(last_reply.nexthop, STR(reply->nexthop)); diff --git a/postfix/src/global/resolve_clnt.h b/postfix/src/global/resolve_clnt.h index 8f012a133..a198bfdaf 100644 --- a/postfix/src/global/resolve_clnt.h +++ b/postfix/src/global/resolve_clnt.h @@ -26,7 +26,6 @@ #define RESOLVE_FLAG_ROUTED (1<<1) /* routed destination */ #define RESOLVE_FLAG_ERROR (1<<2) /* bad destination syntax */ #define RESOLVE_FLAG_FAIL (1<<3) /* request failed */ -#define RESOLVE_FLAG_SMARTHOST (1<<4) /* smarthost route */ #define RESOLVE_CLASS_LOCAL (1<<8) /* mydestination/inet_interfaces */ #define RESOLVE_CLASS_ALIAS (1<<9) /* virtual_alias_domains */ @@ -46,14 +45,23 @@ typedef struct RESOLVE_REPLY { VSTRING *nexthop; VSTRING *recipient; int flags; -} RESOLVE_REPLY; +} RESOLVE_REPLY; extern void resolve_clnt_init(RESOLVE_REPLY *); -extern void resolve_clnt(const char *, const char *, RESOLVE_REPLY *); +extern void resolve_clnt(const char *, const char *, const char *, RESOLVE_REPLY *); extern void resolve_clnt_free(RESOLVE_REPLY *); -#define resolve_clnt_query(a, r) resolve_clnt(RESOLVE_REGULAR, (a), (r)) -#define resolve_clnt_verify(a, r) resolve_clnt(RESOLVE_VERIFY, (a), (r)) +#define RESOLVE_NULL_FROM "" + +#define resolve_clnt_query(a, r) \ + resolve_clnt(RESOLVE_REGULAR, RESOLVE_NULL_FROM, (a), (r)) +#define resolve_clnt_verify(a, r) \ + resolve_clnt(RESOLVE_VERIFY, RESOLVE_NULL_FROM, (a), (r)) + +#define resolve_clnt_query_from(f, a, r) \ + resolve_clnt(RESOLVE_REGULAR, (f), (a), (r)) +#define resolve_clnt_verify_from(f, a, r) \ + resolve_clnt(RESOLVE_VERIFY, (f), (a), (r)) #define RESOLVE_CLNT_ASSIGN(reply, transport, nexthop, recipient) { \ (reply).transport = (transport); \ diff --git a/postfix/src/global/tok822.h b/postfix/src/global/tok822.h index 23ddfbef0..11432965a 100644 --- a/postfix/src/global/tok822.h +++ b/postfix/src/global/tok822.h @@ -105,7 +105,9 @@ extern TOK822 *tok822_rewrite(TOK822 *, const char *); /* * tok822_resolve.c */ -extern void tok822_resolve(TOK822 *, RESOLVE_REPLY *); +#define tok822_resolve(t, r) tok822_resolve_from(RESOLVE_NULL_FROM, (t), (r)) + +extern void tok822_resolve_from(const char *, TOK822 *, RESOLVE_REPLY *); /* LICENSE /* .ad diff --git a/postfix/src/global/tok822_resolve.c b/postfix/src/global/tok822_resolve.c index ae491ff2d..f178aaf9a 100644 --- a/postfix/src/global/tok822_resolve.c +++ b/postfix/src/global/tok822_resolve.c @@ -9,10 +9,18 @@ /* void tok822_resolve(addr, reply) /* TOK822 *addr; /* RESOLVE_REPLY *reply; +/* +/* void tok822_resolve_from(sender, addr, reply) +/* const char *sender; +/* TOK822 *addr; +/* RESOLVE_REPLY *reply; /* DESCRIPTION /* tok822_resolve() takes an address token tree and finds out the /* transport to deliver via, the next-hop host on that transport, /* and the recipient relative to that host. +/* +/* tok822_resolve_from() allows the caller to specify sender context +/* that will be used to look up sender-dependent relayhost information. /* SEE ALSO /* resolve_clnt(3) basic resolver client interface /* LICENSE @@ -42,7 +50,8 @@ /* tok822_resolve - address rewriting interface */ -void tok822_resolve(TOK822 *addr, RESOLVE_REPLY *reply) +void tok822_resolve_from(const char *sender, TOK822 *addr, + RESOLVE_REPLY *reply) { VSTRING *intern_form = vstring_alloc(100); @@ -54,9 +63,10 @@ void tok822_resolve(TOK822 *addr, RESOLVE_REPLY *reply) * Shipping string forms is much simpler than shipping parse trees. */ tok822_internalize(intern_form, addr->head, TOK822_STR_DEFL); - resolve_clnt_query(vstring_str(intern_form), reply); + resolve_clnt_query_from(sender, vstring_str(intern_form), reply); if (msg_verbose) - msg_info("tok822_resolve: addr=%s -> chan=%s, host=%s, rcpt=%s", + msg_info("tok822_resolve: from=%s addr=%s -> chan=%s, host=%s, rcpt=%s", + sender, vstring_str(intern_form), vstring_str(reply->transport), vstring_str(reply->nexthop), vstring_str(reply->recipient)); diff --git a/postfix/src/oqmgr/qmgr.c b/postfix/src/oqmgr/qmgr.c index 319b56120..d666d3381 100644 --- a/postfix/src/oqmgr/qmgr.c +++ b/postfix/src/oqmgr/qmgr.c @@ -329,15 +329,10 @@ int var_local_con_lim; /* XXX */ int var_proc_limit; bool var_verp_bounce_off; int var_qmgr_clog_warn_time; -char *var_snd_relay_maps; -char *var_vrfy_relay_maps; static QMGR_SCAN *qmgr_incoming; static QMGR_SCAN *qmgr_deferred; -MAPS *qmgr_snd_relay_maps; -MAPS *qmgr_vrfy_relay_maps; - /* qmgr_deferred_run_event - queue manager heartbeat */ static void qmgr_deferred_run_event(int unused_event, char *dummy) @@ -488,12 +483,6 @@ static void pre_accept(char *unused_name, char **unused_argv) static void qmgr_pre_init(char *unused_name, char **unused_argv) { flush_init(); - if (*var_snd_relay_maps) - qmgr_snd_relay_maps = - maps_create(VAR_SND_RELAY_MAPS, var_snd_relay_maps, 0); - if (*var_vrfy_relay_maps) - qmgr_vrfy_relay_maps = - maps_create(VAR_VRFY_RELAY_MAPS, var_vrfy_relay_maps, 0); } /* qmgr_post_init - post-jail initialization */ @@ -542,8 +531,6 @@ int main(int argc, char **argv) { static CONFIG_STR_TABLE str_table[] = { VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0, - VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0, - VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0, 0, }; static CONFIG_TIME_TABLE time_table[] = { diff --git a/postfix/src/oqmgr/qmgr.h b/postfix/src/oqmgr/qmgr.h index 2630116bb..5966b8df8 100644 --- a/postfix/src/oqmgr/qmgr.h +++ b/postfix/src/oqmgr/qmgr.h @@ -25,7 +25,6 @@ */ #include #include -#include /* Grr.. sender relay maps */ /* * The queue manager is built around lots of mutually-referring structures. @@ -321,12 +320,6 @@ extern QMGR_SCAN *qmgr_scan_create(const char *); extern void qmgr_scan_request(QMGR_SCAN *, int); extern char *qmgr_scan_next(QMGR_SCAN *); - /* - * qmgr.c - */ -extern MAPS *qmgr_snd_relay_maps; -extern MAPS *qmgr_vrfy_relay_maps; - /* LICENSE /* .ad /* .fi diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index b282be6e1..a973ffa65 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -126,7 +126,6 @@ #include #include #include -#include /* Client stubs. */ @@ -845,23 +844,14 @@ static void qmgr_message_sort(QMGR_MESSAGE *message) /* qmgr_resolve_one - resolve or skip one recipient */ static int qmgr_resolve_one(QMGR_MESSAGE *message, RECIPIENT *recipient, - const char *addr, RESOLVE_REPLY *reply, - int do_snd_relay_maps) + const char *addr, RESOLVE_REPLY *reply) { - MAPS *snd_relay_maps; - const char *smarthost; DSN dsn; -#define NO_SENDER_RELAY_MAPS 0 -#define DO_SENDER_RELAY_MAPS 1 - - if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0) { - snd_relay_maps = qmgr_snd_relay_maps; - resolve_clnt_query(addr, reply); - } else { - snd_relay_maps = qmgr_vrfy_relay_maps; - resolve_clnt_verify(addr, reply); - } + if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0) + resolve_clnt_query_from(message->sender, addr, reply); + else + resolve_clnt_verify_from(message->sender, addr, reply); if (reply->flags & RESOLVE_FLAG_FAIL) { qmgr_defer_recipient(message, recipient, DSN_SMTP(&dsn, "4.3.0", @@ -875,31 +865,6 @@ static int qmgr_resolve_one(QMGR_MESSAGE *message, RECIPIENT *recipient, "bad address syntax")); return (-1); } else { - - /* - * The next-hop destination may be replaced by the per-sender relay - * host. - * - * XXX This violates the principle that qmgr does no map lookups. Map - * changes require process restart which is bad for queue manager - * performance. - */ - if ((reply->flags & RESOLVE_FLAG_SMARTHOST) && do_snd_relay_maps - && message->sender[0] && snd_relay_maps) { - if ((smarthost = mail_addr_find(snd_relay_maps, message->sender, - (char **) 0)) != 0) { - if (msg_verbose) - msg_info("using smart host %s for sender %s", - smarthost, message->sender); - vstring_strcpy(reply->nexthop, smarthost); - } else if (dict_errno != 0) { - qmgr_defer_recipient(message, recipient, - DSN_SMTP(&dsn, "4.3.0", - "451 address resolver failure", - "address resolver failure")); - return (-1); - } - } return (0); } } @@ -945,8 +910,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) reply.recipient); RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); if (qmgr_resolve_one(message, recipient, - recipient->address, &reply, - NO_SENDER_RELAY_MAPS) < 0) + recipient->address, &reply) < 0) continue; if (!STREQ(recipient->address, STR(reply.recipient))) RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); @@ -971,8 +935,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) */ else { if (qmgr_resolve_one(message, recipient, - recipient->address, &reply, - DO_SENDER_RELAY_MAPS) < 0) + recipient->address, &reply) < 0) continue; if (!STREQ(recipient->address, STR(reply.recipient))) RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c index fb8667f9a..1c43299a3 100644 --- a/postfix/src/qmgr/qmgr.c +++ b/postfix/src/qmgr/qmgr.c @@ -376,15 +376,10 @@ int var_local_rcpt_lim; int var_proc_limit; bool var_verp_bounce_off; int var_qmgr_clog_warn_time; -char *var_snd_relay_maps; -char *var_vrfy_relay_maps; static QMGR_SCAN *qmgr_incoming; static QMGR_SCAN *qmgr_deferred; -MAPS *qmgr_snd_relay_maps; -MAPS *qmgr_vrfy_relay_maps; - /* qmgr_deferred_run_event - queue manager heartbeat */ static void qmgr_deferred_run_event(int unused_event, char *dummy) @@ -532,12 +527,6 @@ static void pre_accept(char *unused_name, char **unused_argv) static void qmgr_pre_init(char *unused_name, char **unused_argv) { flush_init(); - if (*var_snd_relay_maps) - qmgr_snd_relay_maps = - maps_create(VAR_SND_RELAY_MAPS, var_snd_relay_maps, 0); - if (*var_vrfy_relay_maps) - qmgr_vrfy_relay_maps = - maps_create(VAR_VRFY_RELAY_MAPS, var_vrfy_relay_maps, 0); } /* qmgr_post_init - post-jail initialization */ @@ -596,8 +585,6 @@ int main(int argc, char **argv) { static CONFIG_STR_TABLE str_table[] = { VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0, - VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0, - VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0, 0, }; static CONFIG_TIME_TABLE time_table[] = { diff --git a/postfix/src/qmgr/qmgr.h b/postfix/src/qmgr/qmgr.h index 793ed8ce5..83be8073e 100644 --- a/postfix/src/qmgr/qmgr.h +++ b/postfix/src/qmgr/qmgr.h @@ -25,7 +25,6 @@ */ #include #include -#include /* Grr.. sender relay maps */ /* * The queue manager is built around lots of mutually-referring structures. @@ -423,12 +422,6 @@ extern QMGR_SCAN *qmgr_scan_create(const char *); extern void qmgr_scan_request(QMGR_SCAN *, int); extern char *qmgr_scan_next(QMGR_SCAN *); - /* - * qmgr.c - */ -extern MAPS *qmgr_snd_relay_maps; -extern MAPS *qmgr_vrfy_relay_maps; - /* LICENSE /* .ad /* .fi diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index e5232f8d8..bd4ab56e2 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -135,7 +135,6 @@ #include #include #include -#include /* Client stubs. */ @@ -887,23 +886,14 @@ static void qmgr_message_sort(QMGR_MESSAGE *message) /* qmgr_resolve_one - resolve or skip one recipient */ static int qmgr_resolve_one(QMGR_MESSAGE *message, RECIPIENT *recipient, - const char *addr, RESOLVE_REPLY *reply, - int do_snd_relay_maps) + const char *addr, RESOLVE_REPLY *reply) { - MAPS *snd_relay_maps; - const char *smarthost; DSN dsn; -#define NO_SENDER_RELAY_MAPS 0 -#define DO_SENDER_RELAY_MAPS 1 - - if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0) { - snd_relay_maps = qmgr_snd_relay_maps; - resolve_clnt_query(addr, reply); - } else { - snd_relay_maps = qmgr_vrfy_relay_maps; - resolve_clnt_verify(addr, reply); - } + if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0) + resolve_clnt_query_from(message->sender, addr, reply); + else + resolve_clnt_verify_from(message->sender, addr, reply); if (reply->flags & RESOLVE_FLAG_FAIL) { qmgr_defer_recipient(message, recipient, DSN_SMTP(&dsn, "4.3.0", @@ -917,31 +907,6 @@ static int qmgr_resolve_one(QMGR_MESSAGE *message, RECIPIENT *recipient, "bad address syntax")); return (-1); } else { - - /* - * The next-hop destination may be replaced by the per-sender relay - * host. - * - * XXX This violates the principle that qmgr does no map lookups. Map - * changes require process restart which is bad for queue manager - * performance. - */ - if ((reply->flags & RESOLVE_FLAG_SMARTHOST) && do_snd_relay_maps - && message->sender[0] && snd_relay_maps) { - if ((smarthost = mail_addr_find(snd_relay_maps, message->sender, - (char **) 0)) != 0) { - if (msg_verbose) - msg_info("using smart host %s for sender %s", - smarthost, message->sender); - vstring_strcpy(reply->nexthop, smarthost); - } else if (dict_errno != 0) { - qmgr_defer_recipient(message, recipient, - DSN_SMTP(&dsn, "4.3.0", - "451 address resolver failure", - "address resolver failure")); - return (-1); - } - } return (0); } } @@ -987,8 +952,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) reply.recipient); RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); if (qmgr_resolve_one(message, recipient, - recipient->address, &reply, - NO_SENDER_RELAY_MAPS) < 0) + recipient->address, &reply) < 0) continue; if (!STREQ(recipient->address, STR(reply.recipient))) RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); @@ -1013,8 +977,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) */ else { if (qmgr_resolve_one(message, recipient, - recipient->address, &reply, - DO_SENDER_RELAY_MAPS) < 0) + recipient->address, &reply) < 0) continue; if (!STREQ(recipient->address, STR(reply.recipient))) RECIPIENT_UPDATE(recipient->address, STR(reply.recipient)); diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 36230b60e..0208d2749 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -152,8 +152,8 @@ /* Enable SASL authentication in the Postfix SMTP client. /* .IP "\fBsmtp_sasl_password_maps (empty)\fR" /* Optional SMTP client lookup tables with one username:password entry -/* per remote hostname or domain (or per sender, when per-sender -/* authentication is enabled). +/* per remote hostname or domain, or sender address when sender-dependent +/* authentication is enabled. /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" /* What authentication mechanisms the Postfix SMTP client is allowed /* to use. @@ -164,11 +164,11 @@ /* server's list of offered SASL mechanisms. /* .PP /* Available in Postfix version 2.3 and later: -/* .IP "\fBsmtp_per_sender_authentication (no)\fR" -/* Enable per-sender authentication in the SMTP client; this is available -/* only with SASL authentication, and disables SMTP connection caching -/* to ensure that mail from different senders will use the appropriate -/* credentials. +/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR" +/* Enable sender-dependent authentication in the SMTP client; this is +/* available only with SASL authentication, and disables SMTP connection +/* caching to ensure that mail from different senders will use the +/* appropriate credentials. /* STARTTLS SUPPORT CONTROLS /* .ad /* .fi @@ -505,12 +505,14 @@ char *var_smtp_ehlo_dis_maps; bool var_smtp_use_tls; bool var_smtp_enforce_tls; char *var_smtp_tls_per_site; + #ifdef USE_TLS int var_smtp_starttls_tmout; char *var_smtp_sasl_tls_opts; bool var_smtp_tls_enforce_peername; int var_smtp_tls_scert_vd; bool var_smtp_tls_note_starttls_offer; + #endif char *var_smtp_generic_maps; diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index c042ad9be..681a7e05f 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -221,6 +221,7 @@ typedef struct SMTP_SESSION { TLScontext_t *tls_context; /* TLS session state */ #endif + SMTP_STATE *state; /* back link */ } SMTP_SESSION; extern SMTP_SESSION *smtp_session_alloc(VSTREAM *, const char *, const char *, diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index c23d87cfc..62fa9c53b 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -626,10 +626,10 @@ int smtp_connect(SMTP_STATE *state) * queue manager. This is turned temporarily when a destination has a * high volume of mail in the active queue. * - * XXX Disable connection caching when per-sender credentials are - * enabled. We must not send someone elses mail over an authenticated - * connection, and we must not send mail that requires authentication - * over a connection that wasn't authenticated. + * XXX Disable connection caching when sender-dependent authentication + * is enabled. We must not send someone elses mail over an + * authenticated connection, and we must not send mail that requires + * authentication over a connection that wasn't authenticated. */ if (cpp == sites->argv && !var_smtp_sender_auth @@ -699,6 +699,7 @@ int smtp_connect(SMTP_STATE *state) || (session = smtp_reuse_addr(state, addr, port)) == 0) session = smtp_connect_addr(dest, addr, port, why, sess_flags); if ((state->session = session) != 0) { + session->state = state; if (addr->pref == domain_best_pref) session->features |= SMTP_FEATURE_BEST_MX; /* Don't count handshake errors towards the session limit. */ diff --git a/postfix/src/smtp/smtp_sasl_glue.c b/postfix/src/smtp/smtp_sasl_glue.c index cec62363d..81a931d03 100644 --- a/postfix/src/smtp/smtp_sasl_glue.c +++ b/postfix/src/smtp/smtp_sasl_glue.c @@ -308,6 +308,7 @@ static int smtp_sasl_get_passwd(sasl_conn_t *conn, void *context, int smtp_sasl_passwd_lookup(SMTP_SESSION *session) { char *myname = "smtp_sasl_passwd_lookup"; + SMTP_STATE *state = session->state; const char *value; char *passwd; @@ -330,7 +331,7 @@ int smtp_sasl_passwd_lookup(SMTP_SESSION *session) * but didn't canonicalize the TCP port, and did not append the port to * the MX hostname. */ - if ((var_sender_auth + if ((var_smtp_sender_auth && state->request->sender[0] && (value = mail_addr_find(smtp_sasl_passwd_map, state->request->sender, (char **) 0)) != 0) || (value = maps_find(smtp_sasl_passwd_map, session->host, 0)) != 0 diff --git a/postfix/src/smtp/smtp_sasl_proto.c b/postfix/src/smtp/smtp_sasl_proto.c index 7b8ed12f0..153b041a5 100644 --- a/postfix/src/smtp/smtp_sasl_proto.c +++ b/postfix/src/smtp/smtp_sasl_proto.c @@ -82,7 +82,6 @@ static const char *smtp_sasl_compat_mechs(const char *words) char *mech_list; char *save_mech; char *mech; - int ret; /* * Use server's mechanisms if no filter specified diff --git a/postfix/src/smtp/smtp_session.c b/postfix/src/smtp/smtp_session.c index e9d8caf60..b5b51471f 100644 --- a/postfix/src/smtp/smtp_session.c +++ b/postfix/src/smtp/smtp_session.c @@ -277,6 +277,7 @@ SMTP_SESSION *smtp_session_alloc(VSTREAM *stream, const char *dest, session->tls_use_tls = 1; } #endif + session->state = 0; debug_peer_check(host, addr); return (session); } diff --git a/postfix/src/trivial-rewrite/Makefile.in b/postfix/src/trivial-rewrite/Makefile.in index 9fe752d80..d5c16e2e3 100644 --- a/postfix/src/trivial-rewrite/Makefile.in +++ b/postfix/src/trivial-rewrite/Makefile.in @@ -125,7 +125,6 @@ transport.o: ../../include/match_ops.h transport.o: ../../include/match_parent_style.h transport.o: ../../include/msg.h transport.o: ../../include/mymalloc.h -transport.o: ../../include/resolve_clnt.h transport.o: ../../include/split_at.h transport.o: ../../include/stringops.h transport.o: ../../include/strip_addr.h diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index a45c4dd9e..2ba518da9 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -134,7 +134,7 @@ static MAPS *relocated_maps; /* resolve_addr - resolve address according to rule set */ -static void resolve_addr(RES_CONTEXT *rp, char *addr, +static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, VSTRING *channel, VSTRING *nexthop, VSTRING *nextrcpt, int *flags) { @@ -152,6 +152,7 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr, char *local; char *oper; char *junk; + const char *relay; *flags = 0; vstring_strcpy(channel, "CHANNEL NOT UPDATED"); @@ -395,7 +396,7 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr, * highest precedence to transport associated nexthop information. * * Otherwise, with relay or other non-local destinations, the relayhost - * setting overrides the recipient domain name, and the per-sender + * setting overrides the recipient domain name, and the sender-dependent * relayhost overrides both. * * XXX Nag if the recipient domain is listed in multiple domain lists. The @@ -490,16 +491,14 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr, } /* - * With off-host delivery, per-sender or global relayhost - * override the recipient domain. The per-sender override is done - * in the client, and permission to do so is is signaled with the - * SMARTHOST flag. This is technically incorrect, but avoids the - * need to change the resolver client protocol for something that - * is irrelevant for most resolver clients, and that most Postfix - * sites will never need. + * With off-host delivery, sender-dependent or global relayhost + * override the recipient domain. */ - *flags |= RESOLVE_FLAG_SMARTHOST; - if (*RES_PARAM_VALUE(rp->relayhost)) + if (rp->snd_relay_info && *sender + && (relay = mail_addr_find(rp->snd_relay_info, sender, + (char **) 0)) != 0) + vstring_strcpy(nexthop, relay); + else if (*RES_PARAM_VALUE(rp->relayhost)) vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost)); else vstring_strcpy(nexthop, rcpt_domain); @@ -537,10 +536,8 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr, * force mail for any domain in $mydestination/${proxy,inet}_interfaces * to share the same queue. */ - if ((destination = split_at(STR(channel), ':')) != 0 && *destination) { + if ((destination = split_at(STR(channel), ':')) != 0 && *destination) vstring_strcpy(nexthop, destination); - *flags &= ~RESOLVE_FLAG_SMARTHOST; - } /* * Sanity checks. @@ -584,7 +581,7 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr, * XXX Don't override the virtual alias class (error:User unknown) result. */ if (rp->transport_info && !(*flags & RESOLVE_CLASS_ALIAS)) { - if (transport_lookup(rp->transport_info, flags, STR(nextrcpt), + if (transport_lookup(rp->transport_info, STR(nextrcpt), rcpt_domain, channel, nexthop) == 0 && dict_errno != 0) { msg_warn("%s lookup failure", rp->transport_maps_name); @@ -630,6 +627,7 @@ static VSTRING *channel; static VSTRING *nexthop; static VSTRING *nextrcpt; static VSTRING *query; +static VSTRING *sender; /* resolve_proto - read request and send reply */ @@ -638,15 +636,17 @@ int resolve_proto(RES_CONTEXT *context, VSTREAM *stream) int flags; if (attr_scan(stream, ATTR_FLAG_STRICT, + ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender, ATTR_TYPE_STR, MAIL_ATTR_ADDR, query, - ATTR_TYPE_END) != 1) + ATTR_TYPE_END) != 2) return (-1); - resolve_addr(context, STR(query), + resolve_addr(context, STR(sender), STR(query), channel, nexthop, nextrcpt, &flags); if (msg_verbose) - msg_info("%s -> (`%s' `%s' `%s' `%d')", STR(query), STR(channel), + msg_info("`%s' -> `%s' -> (`%s' `%s' `%s' `%d')", + STR(sender), STR(query), STR(channel), STR(nexthop), STR(nextrcpt), flags); attr_print(stream, ATTR_FLAG_NONE, @@ -668,6 +668,7 @@ int resolve_proto(RES_CONTEXT *context, VSTREAM *stream) void resolve_init(void) { + sender = vstring_alloc(100); query = vstring_alloc(100); channel = vstring_alloc(100); nexthop = vstring_alloc(100); diff --git a/postfix/src/trivial-rewrite/transport.c b/postfix/src/trivial-rewrite/transport.c index db29d12df..db6bc26c9 100644 --- a/postfix/src/trivial-rewrite/transport.c +++ b/postfix/src/trivial-rewrite/transport.c @@ -13,10 +13,8 @@ /* void transport_post_init(info) /* TRANSPORT_INFO *info; /* -/* int transport_lookup(info, res_flags, address, rcpt_domain, -/* channel, nexthop) +/* int transport_lookup(info, address, rcpt_domain, channel, nexthop) /* TRANSPORT_INFO *info; -/* int *res_flags; /* const char *address; /* const char *rcpt_domain; /* VSTRING *channel; @@ -37,8 +35,7 @@ /* /* transport_lookup() finds the channel and nexthop for the given /* domain, and returns 1 if something was found. Otherwise, 0 -/* is returned. The res_flags SMARTHOST bit is reset when the nexthop -/* information is updated. +/* is returned. /* DIAGNOSTICS /* The global \fIdict_errno\fR is non-zero when the lookup /* should be tried again. @@ -80,7 +77,6 @@ #include #include #include -#include /* Application-specific. */ @@ -132,7 +128,7 @@ void transport_free(TRANSPORT_INFO *tp) static void update_entry(const char *new_channel, const char *new_nexthop, const char *rcpt_domain, VSTRING *channel, - VSTRING *nexthop, int *res_flags) + VSTRING *nexthop) { /* @@ -141,10 +137,8 @@ static void update_entry(const char *new_channel, const char *new_nexthop, * side of ":" is the transport table equivalent of a NOOP. */ if (*new_channel == 0) { /* :[nexthop] */ - if (*new_nexthop != 0) { + if (*new_nexthop != 0) vstring_strcpy(nexthop, new_nexthop); - *res_flags &= ~RESOLVE_FLAG_SMARTHOST; - } } /* @@ -159,18 +153,14 @@ static void update_entry(const char *new_channel, const char *new_nexthop, vstring_strcpy(nexthop, rcpt_domain); else vstring_strcpy(nexthop, "Address is undeliverable"); - *res_flags &= ~RESOLVE_FLAG_SMARTHOST; } } /* find_transport_entry - look up and parse transport table entry */ -static int find_transport_entry(TRANSPORT_INFO *tp, int *res_flags, - const char *key, - const char *rcpt_domain, - int map_flags, - VSTRING *channel, - VSTRING *nexthop) +static int find_transport_entry(TRANSPORT_INFO *tp, const char *key, + const char *rcpt_domain, int flags, + VSTRING *channel, VSTRING *nexthop) { char *saved_value; const char *host; @@ -189,7 +179,7 @@ static int find_transport_entry(TRANSPORT_INFO *tp, int *res_flags, * * XXX Should report lookup failure status to caller instead of aborting. */ - if ((value = maps_find(tp->transport_path, key, map_flags)) == 0) + if ((value = maps_find(tp->transport_path, key, flags)) == 0) return (NOTFOUND); /* @@ -203,7 +193,7 @@ static int find_transport_entry(TRANSPORT_INFO *tp, int *res_flags, saved_value = mystrdup(value); host = split_at(saved_value, ':'); update_entry(saved_value, host ? host : "", rcpt_domain, - channel, nexthop, res_flags); + channel, nexthop); myfree(saved_value); return (FOUND); } @@ -215,7 +205,6 @@ static void transport_wildcard_init(TRANSPORT_INFO *tp) { VSTRING *channel = vstring_alloc(10); VSTRING *nexthop = vstring_alloc(10); - int dummy; /* * Technically, the wildcard lookup pattern is redundant. A static map @@ -231,8 +220,7 @@ static void transport_wildcard_init(TRANSPORT_INFO *tp) #define FULL 0 #define PARTIAL DICT_FLAG_FIXED - if (find_transport_entry(tp, &dummy, WILDCARD, "", - FULL, channel, nexthop)) { + if (find_transport_entry(tp, WILDCARD, "", FULL, channel, nexthop)) { tp->transport_errno = 0; if (tp->wildcard_channel) vstring_free(tp->wildcard_channel); @@ -252,7 +240,7 @@ static void transport_wildcard_init(TRANSPORT_INFO *tp) /* transport_lookup - map a transport domain */ -int transport_lookup(TRANSPORT_INFO *tp, int *res_flags, const char *addr, +int transport_lookup(TRANSPORT_INFO *tp, const char *addr, const char *rcpt_domain, VSTRING *channel, VSTRING *nexthop) { @@ -291,8 +279,7 @@ int transport_lookup(TRANSPORT_INFO *tp, int *res_flags, const char *addr, if ((ratsign = strrchr(full_addr, '@')) == 0 || ratsign[1] == 0) msg_panic("transport_lookup: bad address: \"%s\"", full_addr); - if (find_transport_entry(tp, res_flags, full_addr, rcpt_domain, - FULL, channel, nexthop)) + if (find_transport_entry(tp, full_addr, rcpt_domain, FULL, channel, nexthop)) RETURN_FREE(FOUND); if (dict_errno != 0) RETURN_FREE(NOTFOUND); @@ -304,8 +291,8 @@ int transport_lookup(TRANSPORT_INFO *tp, int *res_flags, const char *addr, */ if ((stripped_addr = strip_addr(full_addr, DISCARD_EXTENSION, *var_rcpt_delim)) != 0) { - found = find_transport_entry(tp, res_flags, stripped_addr, rcpt_domain, - PARTIAL, channel, nexthop); + found = find_transport_entry(tp, stripped_addr, rcpt_domain, PARTIAL, + channel, nexthop); myfree(stripped_addr); if (found) @@ -331,8 +318,7 @@ int transport_lookup(TRANSPORT_INFO *tp, int *res_flags, const char *addr, * with regular expressions. */ for (name = ratsign + 1; *name != 0; name = next) { - if (find_transport_entry(tp, res_flags, name, rcpt_domain, - PARTIAL, channel, nexthop)) + if (find_transport_entry(tp, name, rcpt_domain, PARTIAL, channel, nexthop)) RETURN_FREE(FOUND); if (dict_errno != 0) RETURN_FREE(NOTFOUND); @@ -352,7 +338,7 @@ int transport_lookup(TRANSPORT_INFO *tp, int *res_flags, const char *addr, RETURN_FREE(NOTFOUND); } else if (tp->wildcard_channel) { update_entry(STR(tp->wildcard_channel), STR(tp->wildcard_nexthop), - rcpt_domain, channel, nexthop, res_flags); + rcpt_domain, channel, nexthop); RETURN_FREE(FOUND); } diff --git a/postfix/src/trivial-rewrite/transport.h b/postfix/src/trivial-rewrite/transport.h index e52785d74..27912d821 100644 --- a/postfix/src/trivial-rewrite/transport.h +++ b/postfix/src/trivial-rewrite/transport.h @@ -30,7 +30,7 @@ typedef struct TRANSPORT_INFO { extern TRANSPORT_INFO *transport_pre_init(const char *, const char *); extern void transport_post_init(TRANSPORT_INFO *); -extern int transport_lookup(TRANSPORT_INFO *, int *, const char *, const char *, VSTRING *, VSTRING *); +extern int transport_lookup(TRANSPORT_INFO *, const char *, const char *, VSTRING *, VSTRING *); extern void transport_free(TRANSPORT_INFO *); /* LICENSE diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index 549ec0ff4..36db1b7b6 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -26,8 +26,8 @@ /* Postfix from appending the local domain to spam from poorly /* written remote clients. /* .RE -/* .IP "\fBresolve \fIaddress\fR" -/* Resolve an address to a (\fItransport\fR, \fInexthop\fR, +/* .IP "\fBresolve \fIsender\fR \fIaddress\fR" +/* Resolve the address to a (\fItransport\fR, \fInexthop\fR, /* \fIrecipient\fR, \fIflags\fR) quadruple. The meaning of /* the results is as follows: /* .RS @@ -42,8 +42,8 @@ /* The address class, whether the address requires relaying, /* whether the address has problems, and whether the request failed. /* .RE -/* .IP "\fBverify \fIaddress\fR" -/* Resolve an address for address verification purposes. +/* .IP "\fBverify \fIsender\fR \fIaddress\fR" +/* Resolve the address for address verification purposes. /* SERVER PROCESS MANAGEMENT /* .ad /* .fi @@ -119,31 +119,33 @@ /* relay_transport, virtual_alias_domains, virtual_mailbox_domains /* or proxy_interfaces. /* .IP "\fBlocal_transport (local:$myhostname)\fR" -/* The default mail delivery transport for domains that match -/* $mydestination, $inet_interfaces or $proxy_interfaces. +/* The default mail delivery transport and next-hop destination +/* for final delivery to domains listed with mydestination, and for +/* [ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. /* .IP "\fBvirtual_transport (virtual)\fR" -/* The default mail delivery transport for domains that match the -/* $virtual_mailbox_domains parameter value. +/* The default mail delivery transport and next-hop destination for +/* final delivery to domains listed with virtual_mailbox_domains. /* .IP "\fBrelay_transport (relay)\fR" -/* The default mail delivery transport and next-hop information for -/* domains that match the $relay_domains parameter value. +/* The default mail delivery transport and next-hop destination for +/* remote delivery to domains listed with $relay_domains. /* .IP "\fBdefault_transport (smtp)\fR" -/* The default mail delivery transport for domains that do not match -/* $mydestination, $inet_interfaces, $proxy_interfaces, -/* $virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. +/* The default mail delivery transport and next-hop destination for +/* destinations that do not match $mydestination, $inet_interfaces, +/* $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +/* or $relay_domains. /* .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" /* What Postfix features match subdomains of "domain.tld" automatically, /* instead of requiring an explicit ".domain.tld" pattern. /* .IP "\fBrelayhost (empty)\fR" -/* The default host to send non-local mail to when no entry is matched -/* in the optional \fBtransport\fR(5) table. +/* The next-hop destination of non-local mail; overrides non-local +/* domains in recipient addresses. /* .IP "\fBtransport_maps (empty)\fR" /* Optional lookup tables with mappings from recipient address to /* (message delivery transport, next-hop destination). /* .PP /* Available in Postfix version 2.3 and later: -/* .IP "\fBsender_relayhost_maps (empty)\fR" -/* A sender-specific override for the global relayhost parameter +/* .IP "\fBsender_dependent_relayhost_maps (empty)\fR" +/* A sender-dependent override for the global relayhost parameter /* setting. /* ADDRESS VERIFICATION CONTROLS /* .ad @@ -170,12 +172,14 @@ /* .IP "\fBaddress_verify_relayhost ($relayhost)\fR" /* Overrides the relayhost parameter setting for address verification /* probes. -/* .IP "\fBaddress_verify_sender_relayhost_maps (empty)\fR" -/* Overrides the sender_relayhost_maps parameter setting for address -/* verification probes. /* .IP "\fBaddress_verify_transport_maps ($transport_maps)\fR" /* Overrides the transport_maps parameter setting for address verification /* probes. +/* .PP +/* Available in Postfix version 2.3 and later: +/* .IP "\fBaddress_verify_sender_dependent_relayhost_maps (empty)\fR" +/* Overrides the sender_dependent_relayhost_maps parameter setting for address +/* verification probes. /* MISCELLANEOUS CONTROLS /* .ad /* .fi @@ -306,6 +310,7 @@ char *var_empty_addr; int var_show_unk_rcpt_table; int var_resolve_nulldom; char *var_remote_rwr_domain; +char *var_snd_relay_maps; /* * Shadow personality for address verification. @@ -316,6 +321,7 @@ char *var_vrfy_virt_xport; char *var_vrfy_relay_xport; char *var_vrfy_def_xport; char *var_vrfy_relayhost; +char *var_vrfy_relay_maps; /* * Different resolver personalities depending on the kind of request. @@ -326,6 +332,7 @@ RES_CONTEXT resolve_regular = { VAR_RELAY_TRANSPORT, &var_relay_transport, VAR_DEF_TRANSPORT, &var_def_transport, VAR_RELAYHOST, &var_relayhost, + VAR_SND_RELAY_MAPS, &var_snd_relay_maps, 0, VAR_TRANSPORT_MAPS, &var_transport_maps, 0 }; @@ -335,6 +342,7 @@ RES_CONTEXT resolve_verify = { VAR_VRFY_RELAY_XPORT, &var_vrfy_relay_xport, VAR_VRFY_DEF_XPORT, &var_vrfy_def_xport, VAR_VRFY_RELAYHOST, &var_vrfy_relayhost, + VAR_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, VAR_VRFY_XPORT_MAPS, &var_vrfy_xport_maps, 0 }; @@ -491,6 +499,14 @@ static void pre_jail_init(char *unused_name, char **unused_argv) resolve_verify.transport_info = transport_pre_init(resolve_verify.transport_maps_name, RES_PARAM_VALUE(resolve_verify.transport_maps)); + if (*RES_PARAM_VALUE(resolve_regular.snd_relay_maps)) + resolve_regular.snd_relay_info = + maps_create(resolve_regular.snd_relay_maps_name, + RES_PARAM_VALUE(resolve_regular.snd_relay_maps), 0); + if (*RES_PARAM_VALUE(resolve_verify.snd_relay_maps)) + resolve_verify.snd_relay_info = + maps_create(resolve_verify.snd_relay_maps_name, + RES_PARAM_VALUE(resolve_verify.snd_relay_maps), 0); } /* post_jail_init - initialize after entering chroot jail */ @@ -529,6 +545,8 @@ int main(int argc, char **argv) VAR_VRFY_DEF_XPORT, DEF_VRFY_DEF_XPORT, &var_vrfy_def_xport, 1, 0, VAR_VRFY_RELAYHOST, DEF_VRFY_RELAYHOST, &var_vrfy_relayhost, 0, 0, VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0, + VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0, + VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0, 0, }; static CONFIG_BOOL_TABLE bool_table[] = { diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.h b/postfix/src/trivial-rewrite/trivial-rewrite.h index c5f7d1b5b..d94cbb3ba 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.h +++ b/postfix/src/trivial-rewrite/trivial-rewrite.h @@ -58,6 +58,9 @@ typedef struct { char **def_transport; /* default transport:nexthop */ const char *relayhost_name; /* name of variable */ char **relayhost; /* for relay and default transport */ + const char *snd_relay_maps_name; /* name of variable */ + char **snd_relay_maps; /* maptype:mapname */ + MAPS *snd_relay_info; /* handle */ const char *transport_maps_name; /* name of variable */ char **transport_maps; /* maptype:mapname */ struct TRANSPORT_INFO *transport_info; /* handle */