From: Wietse Venema Date: Wed, 9 Dec 2009 05:00:00 +0000 (-0500) Subject: postfix-2.7-20091209 X-Git-Tag: v2.7.0-RC1~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51826fc8f25adce02b3d7a3dbe6975fa7c186934;p=thirdparty%2Fpostfix.git postfix-2.7-20091209 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 6053f9524..2cee54e8d 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15521,3 +15521,45 @@ Apologies for any names omitted. Safety: don't send postmaster notifications to report problems delivering (possible) postmaster notifications. File: smtp/smtp_connect.c. + +20091121 + + Feature: sender_dependent_default_transport_maps, to override + the default transport in a sender-dependent manner. This + is not a transport_maps override, and therefore it does not + use the transport_maps syntax for null transport, null + nexthop, or null email address. + +20091127 + + Usability: the Postfix SMTP client now logs a warning that + wrappermode TLS is not supported, when configured to connect + to port smtps/465. File: smtp/smtp_connect.c. + +20091203 + + Safety: the postscreen daemon logs a warning when table + lookup is slow. Slow lookups cause postscreen to fall behind, + and worse, to catch up in bursts, which results in overload + elsewhere. File: postscreen/postscreen.c. + +20091206 + + Feature: by popular demand, the Postfix SMTP server now + logs the before-queue content filter's end-of-message + accept/reject response. File: smtpd/smtpd.c. + +20091209 + + Portability: as the result of continuous improvement, + Berkeley DB no longer allows fork-then-close. File: + postscreen/postscreen.c. + + Bugfix: sender_dependent_relayhost_maps did not reject an + empty lookup result, and did not recognize lookup errors, + thus treating errors as "not found". Problem found during + code maintenance. File: trivial-rewrite/resolve.c. + + Cleanup: the postscreen daemon now applies the permanent + whitelist first. It is a safety feature that prevents mail + from being blocked. File: postscreeb/postscreen.c. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 6f2324dc1..a7cba8714 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -14,6 +14,31 @@ specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 2.5 or earlier, read RELEASE_NOTES-2.6 before proceeding. +Incompatibility with snapshot 20091209 +====================================== + +The postscreen daemon now checks the permanent whitelist before +the permanent blacklist. This makes the whitelist easier to use +for its intended purpose, which is to receive mail. + +Major changes with snapshot 20091209 +==================================== + +sender_dependent_default_transport_maps, a per-sender override for +default_transport. It's original motivation is to use different +output channels (with different source IP addresses) for different +sender addresses, in order to keep their IP-based reputations +separate from each other. + +The result value syntax is that of default_transport, not transport_maps. +Thus, sender_dependent_default_transport_maps does not support the +special transport_maps result value syntax for null transport, null +nexthop, or null email address. + +This feature makes sender_dependent_relayhost_maps pretty much +redundant (though sender_dependent_relayhost_maps will often be +easier to use because that is the only thing people want to override). + Major changes with snapshot 20091109 ==================================== @@ -30,9 +55,9 @@ filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively -reject recipients of a multi-recipient message. Rejecting all -recipients is OK, as is deferring all recipients, or accepting all -recipients of the same multi-recipient message. +reject recipients of a multi-recipient message. It is OK to reject +all recipients of the same multi-recipient message, as is deferring +or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 4371db943..6430c0a72 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -2,6 +2,16 @@ Wish list: Remove this file from the stable release. + Find a place to document all the mail routing mechanisms + in one place so people can figure out how Postfix works. + + owner-listname does not work for shell commands. + + The BCC action is marked "not stable", perhaps because + people would also expect BCC actions in header/body_checks. + How much would it take to make the queue file editing code + generally usable? + Move smtpd_command_filter into smtpd_chat_query() and update the session transcript (see smtp_chat_reply() for an example). diff --git a/postfix/conf/transport b/postfix/conf/transport index 0544b2779..74c63ae0b 100644 --- a/postfix/conf/transport +++ b/postfix/conf/transport @@ -43,32 +43,33 @@ # default_transport (default: smtp:) # This is the default for remote delivery to other # destinations. In order of decreasing precedence, -# the nexthop destination is taken from -# default_transport, sender_dependent_relayhost_maps, -# relayhost, or from the recipient domain. -# -# Normally, the transport(5) table is specified as a text -# file that serves as input to the postmap(1) command. The -# result, an indexed file in dbm or db format, is used for -# fast searching by the mail system. Execute the command -# "postmap /etc/postfix/transport" to rebuild an indexed +# the nexthop destination is taken from sender_depen- +# dent_default_transport_maps, default_transport, +# sender_dependent_relayhost_maps, relayhost, or from +# the recipient domain. +# +# Normally, the transport(5) table is specified as a text +# file that serves as input to the postmap(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast searching by the mail system. Execute the command +# "postmap /etc/postfix/transport" to rebuild an indexed # file after changing the corresponding transport table. # -# When the table is provided via other means such as NIS, -# LDAP or SQL, the same lookups are done as for ordinary +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- +# Alternatively, the table can be provided as a regular- # expression map where patterns are given as regular expres- -# sions, or lookups can be directed to TCP-based server. In -# those case, the lookups are done in a slightly different -# way as described below under "REGULAR EXPRESSION TABLES" +# sions, or lookups can be directed to TCP-based server. In +# those case, the lookups are done in a slightly different +# way as described below under "REGULAR EXPRESSION TABLES" # or "TCP-BASED TABLES". # # CASE FOLDING -# The search string is folded to lowercase before database -# lookup. As of Postfix 2.3, the search string is not case -# folded with database types such as regexp: or pcre: whose +# The search string is folded to lowercase before database +# lookup. As of Postfix 2.3, the search string is not case +# folded with database types such as regexp: or pcre: whose # lookup fields can match both upper and lower case. # # TABLE FORMAT @@ -79,127 +80,127 @@ # domain, use the corresponding result. # # blank lines and comments -# Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # # multi-line text -# A logical line starts with non-whitespace text. A -# line that starts with whitespace continues a logi- +# A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- # cal line. # -# The pattern specifies an email address, a domain name, or -# a domain name hierarchy, as described in section "TABLE +# The pattern specifies an email address, a domain name, or +# a domain name hierarchy, as described in section "TABLE # LOOKUP". # -# The result is of the form transport:nexthop and specifies +# The result is of the form transport:nexthop and specifies # how or where to deliver mail. This is described in section # "RESULT FORMAT". # # TABLE SEARCH ORDER # With lookups from indexed files such as DB or DBM, or from -# networked tables such as NIS, LDAP or SQL, patterns are +# networked tables such as NIS, LDAP or SQL, patterns are # tried in the order as listed below: # # user+extension@domain transport:nexthop -# Deliver mail for user+extension@domain through +# Deliver mail for user+extension@domain through # transport to nexthop. # # user@domain transport:nexthop -# Deliver mail for user@domain through transport to +# Deliver mail for user@domain through transport to # nexthop. # # domain transport:nexthop -# Deliver mail for domain through transport to nex- +# Deliver mail for domain through transport to nex- # thop. # # .domain transport:nexthop -# Deliver mail for any subdomain of domain through -# transport to nexthop. This applies only when the -# string transport_maps is not listed in the par- -# ent_domain_matches_subdomains configuration set- -# ting. Otherwise, a domain name matches itself and +# Deliver mail for any subdomain of domain through +# transport to nexthop. This applies only when the +# string transport_maps is not listed in the par- +# ent_domain_matches_subdomains configuration set- +# ting. Otherwise, a domain name matches itself and # its subdomains. # # * transport:nexthop -# The special pattern * represents any address (i.e. -# it functions as the wild-card pattern, and is +# The special pattern * represents any address (i.e. +# it functions as the wild-card pattern, and is # unique to Postfix transport tables). # -# Note 1: the null recipient address is looked up as +# Note 1: the null recipient address is looked up as # $empty_address_recipient@$myhostname (default: mailer-dae- # mon@hostname). # -# Note 2: user@domain or user+extension@domain lookup is +# Note 2: user@domain or user+extension@domain lookup is # available in Postfix 2.0 and later. # # RESULT FORMAT -# The lookup result is of the form transport:nexthop. The -# transport field specifies a mail delivery transport such -# as smtp or local. The nexthop field specifies where and +# The lookup result is of the form transport:nexthop. The +# transport field specifies a mail delivery transport such +# as smtp or local. The nexthop field specifies where and # how to deliver mail. # -# The transport field specifies the name of a mail delivery +# The transport field specifies the name of a mail delivery # transport (the first name of a mail delivery service entry # in the Postfix master.cf file). # -# The interpretation of the nexthop field is transport -# dependent. In the case of SMTP, specify a service on a -# non-default port as host:service, and disable MX (mail -# exchanger) DNS lookups with [host] or [host]:port. The [] +# The interpretation of the nexthop field is transport +# dependent. In the case of SMTP, specify a service on a +# non-default port as host:service, and disable MX (mail +# exchanger) DNS lookups with [host] or [host]:port. The [] # form is required when you specify an IP address instead of # a hostname. # -# A null transport and null nexthop result means "do not -# change": use the delivery transport and nexthop informa- -# tion that would be used when the entire transport table +# A null transport and null nexthop result means "do not +# change": use the delivery transport and nexthop informa- +# tion that would be used when the entire transport table # did not exist. # -# A non-null transport field with a null nexthop field +# A non-null transport field with a null nexthop field # resets the nexthop information to the recipient domain. # -# A null transport field with non-null nexthop field does +# A null transport field with non-null nexthop field does # not modify the transport information. # # EXAMPLES -# In order to deliver internal mail directly, while using a -# mail relay for all other mail, specify a null entry for -# internal destinations (do not change the delivery trans- -# port or the nexthop information) and specify a wildcard +# In order to deliver internal mail directly, while using a +# mail relay for all other mail, specify a null entry for +# internal destinations (do not change the delivery trans- +# port or the nexthop information) and specify a wildcard # for all other destinations. # # my.domain : # .my.domain : # * smtp:outbound-relay.my.domain # -# In order to send mail for example.com and its subdomains +# In order to send mail for example.com and its subdomains # via the uucp transport to the UUCP host named example: # # example.com uucp:example # .example.com uucp:example # -# When no nexthop host name is specified, the destination -# domain name is used instead. For example, the following -# directs mail for user@example.com via the slow transport -# to a mail exchanger for example.com. The slow transport +# When no nexthop host name is specified, the destination +# domain name is used instead. For example, the following +# directs mail for user@example.com via the slow transport +# to a mail exchanger for example.com. The slow transport # could be configured to run at most one delivery process at # a time: # # example.com slow: # # When no transport is specified, Postfix uses the transport -# that matches the address domain class (see DESCRIPTION -# above). The following sends all mail for example.com and +# that matches the address domain class (see DESCRIPTION +# above). The following sends all mail for example.com and # its subdomains to host gateway.example.com: # # example.com :[gateway.example.com] # .example.com :[gateway.example.com] # -# In the above example, the [] suppress MX lookups. This -# prevents mail routing loops when your machine is primary +# In the above example, the [] suppress MX lookups. This +# prevents mail routing loops when your machine is primary # MX host for example.com. # -# In the case of delivery via SMTP, one may specify host- +# In the case of delivery via SMTP, one may specify host- # name:service instead of just a host: # # example.com smtp:bar.example:2025 @@ -213,55 +214,55 @@ # # .example.com error:mail for *.example.com is not deliverable # -# This causes all mail for user@anything.example.com to be +# This causes all mail for user@anything.example.com to be # bounced. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to -# the entire address being looked up. Thus, -# some.domain.hierarchy is not looked up via its parent -# domains, nor is user+foo@domain looked up as user@domain. +# Each pattern is a regular expression that is applied to +# the entire address being looked up. Thus, +# some.domain.hierarchy is not looked up via its parent +# domains, nor is user+foo@domain looked up as user@domain. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # # The trivial-rewrite(8) server disallows regular expression -# substitution of $1 etc. in regular expression lookup -# tables, because that could open a security hole (Postfix +# substitution of $1 etc. in regular expression lookup +# tables, because that could open a security hole (Postfix # version 2.3 and later). # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.4. # -# Each lookup operation uses the entire recipient address -# once. Thus, some.domain.hierarchy is not looked up via -# its parent domains, nor is user+foo@domain looked up as +# Each lookup operation uses the entire recipient address +# once. Thus, some.domain.hierarchy is not looked up via +# its parent domains, nor is user+foo@domain looked up as # user@domain. # # Results are the same as with indexed file lookups. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant. -# The text below provides only a parameter summary. See +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See # postconf(5) for more details including examples. # # empty_address_recipient -# The address that is looked up instead of the null +# The address that is looked up instead of the null # sender address. # # parent_domain_matches_subdomains -# List of Postfix features that use domain.tld pat- -# terns to match sub.domain.tld (as opposed to +# List of Postfix features that use domain.tld pat- +# terns to match sub.domain.tld (as opposed to # requiring .domain.tld patterns). # # transport_maps @@ -274,14 +275,14 @@ # postmap(1), Postfix lookup table manager # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # ADDRESS_REWRITING_README, address rewriting guide # DATABASE_README, Postfix lookup table overview # FILTER_README, external content filter # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 4a60338e0..9465bd00c 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -401,6 +401,17 @@ This feature is available in Postfix 2.1 and later.

+ + +
address_verify_sender_dependent_default_transport_maps +(default: $sender_dependent_default_transport_maps)
+ +

Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes.

+ +

This feature is available in Postfix 2.7 and later.

+ +
address_verify_sender_dependent_relayhost_maps @@ -2209,11 +2220,15 @@ name of the message delivery transport. The default mail delivery transport and next-hop destination for destinations that do not match $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, -or $relay_domains. In order of decreasing precedence, the nexthop -destination is taken from $default_transport, +or $relay_domains. This information can be overruled with the +sender_dependent_default_transport_maps parameter and with the +transport(5) table.

+ +

+In order of decreasing precedence, the nexthop destination is taken +from $sender_dependent_default_transport_maps, $default_transport, $sender_dependent_relayhost_maps, $relayhost, or from the recipient -domain. This information can be overruled with the transport(5) -table. +domain.

@@ -2540,6 +2555,17 @@ duplicate filter for aliases(5) or showq(8) queue displays.

+ + +
empty_address_default_transport_maps_lookup_key +(default: <>)
+ +

The sender_dependent_default_transport_maps search string that +will be used instead of the null sender address.

+ +

This feature is available in Postfix 2.7 and later.

+ +
empty_address_recipient @@ -7588,7 +7614,8 @@ This feature is available in Postfix 2.0 and later.

The next-hop destination of non-local mail; overrides non-local domains in recipient addresses. This information is overruled with -relay_transport, default_transport, sender_dependent_relayhost_maps +relay_transport, sender_dependent_default_transport_maps, +default_transport, sender_dependent_relayhost_maps and with the transport(5) table.

@@ -7906,6 +7933,28 @@ Example: + + +
sender_dependent_default_transport_maps +(default: empty)
+ +

A sender-dependent override for the global default_transport +parameter setting. The tables are searched by the envelope sender +address and @domain. A lookup result of DUNNO terminates the search +without overriding the global default_transport parameter setting. +This information is overruled with the transport(5) table.

+ +

Note: this overrides default_transport, not transport_maps, and +therefore the expected syntax is that of default_transport. This +feature does not support the transport_maps syntax for null transport, +null nexthop, or null email addresses.

+ +

For safety reasons, this feature does not allow $number +substitutions in regular expression maps.

+ +

This feature is available in Postfix 2.7 and later.

+ +
sender_dependent_relayhost_maps @@ -7916,7 +7965,8 @@ setting. The tables are searched by the envelope sender address and @domain. A lookup result of DUNNO terminates the search without overriding the global relayhost parameter setting (Postfix 2.6 and later). This information is overruled with relay_transport, -default_transport and with the transport(5) table.

+sender_dependent_default_transport_maps, default_transport and with +the transport(5) table.

For safety reasons, this feature does not allow $number substitutions in regular expression maps.

@@ -10824,7 +10874,7 @@ with the anvil_rate_time_unit

-By default, a client can make as many recipient addresses per time +By default, a client can send as many recipient addresses per time unit as Postfix can accept.

diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index 374c46f31..836d3f92d 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -39,46 +39,45 @@ POSTSCREEN(8) POSTSCREEN(8) tional. The purpose is to prioritize legitimate clients with as little overhead as possible. - postscreen(8) logs its observations and takes actions as - described in the sections that follow. + postscreen(8) performs tests in the order described below. -PERMANENT BLACKLIST TEST - The postscreen_blacklist_networks parameter (default: - empty) specifies a permanent blacklist for SMTP client IP +1. PERMANENT WHITELIST TEST + The postscreen_whitelist_networks parameter (default: + $mynetworks) specifies a permanent whitelist for SMTP + client IP addresses. This feature is not used for + addresses that appear on the permanent blacklist. + + When the SMTP client address matches the permanent + whitelist, this is logged as: + + WHITELISTED address + + The action is not configurable: immediately forward the + connection to a real SMTP server process. + +2. PERMANENT BLACKLIST TEST + The postscreen_blacklist_networks parameter (default: + empty) specifies a permanent blacklist for SMTP client IP addresses. The address syntax is as with mynetworks. - When the SMTP client address matches the permanent black- + When the SMTP client address matches the permanent black- list, this is logged as: BLACKLISTED address - The postscreen_blacklist_action parameter specifies the + The postscreen_blacklist_action parameter specifies the action that is taken next: continue (default, observation mode) - Continue with the SMTP GREETING PHASE TESTS below. + Continue with the SMTP GREETING PHASE TESTS below. drop (enforcement mode) - Drop the connection immediately with a 521 SMTP - reply. In a future implementation, the connection - may instead be passed to a dummy SMTP protocol - engine that logs sender and recipient information. - -PERMANENT WHITELIST TEST - The postscreen_whitelist_networks parameter (default: - $mynetworks) specifies a permanent whitelist for SMTP - client IP addresses. This feature is not used for - addresses that appear on the permanent blacklist. - - When the SMTP client address matches the permanent - whitelist, this is logged as: - - WHITELISTED address - - The action is not configurable: immediately forward the - connection to a real SMTP server process. + Drop the connection immediately with a 521 SMTP + reply. In a future implementation, the connection + may instead be passed to a dummy SMTP protocol + engine that logs sender and recipient information. -TEMPORARY WHITELIST TEST +3. TEMPORARY WHITELIST TEST The postscreen(8) daemon maintains a temporary whitelist for SMTP client IP addresses that have passed all the tests described below. The postscreen_cache_map parameter @@ -98,7 +97,7 @@ POSTSCREEN(8) POSTSCREEN(8) parameter. Expired entries are silently renewed if possi- ble. -SMTP GREETING PHASE TESTS +4. SMTP GREETING PHASE TESTS The postscreen_greet_wait parameter specifies a time interval during which postscreen(8) runs a number of tests as described below. These tests run before the client may @@ -120,7 +119,7 @@ POSTSCREEN(8) POSTSCREEN(8) more protocol tests including greylisting, before the client is allowed to talk to a real SMTP server process. -PREGREET TEST +4A. PREGREET TEST The postscreen_greet_banner parameter specifies the text for a "220-text..." teaser banner (default: $smtpd_ban- ner). The postscreen(8) daemon sends this before the @@ -161,7 +160,7 @@ POSTSCREEN(8) POSTSCREEN(8) may instead be passed to a dummy SMTP protocol engine that logs sender and recipient information. -HANGUP TEST +4B. HANGUP TEST When the SMTP client hangs up without sending any data before the postscreen_greet_wait time has elapsed, this is logged as: @@ -180,7 +179,7 @@ POSTSCREEN(8) POSTSCREEN(8) drop (enforcement mode) Drop the connection immediately. -DNS BLOCKLIST TEST +4C. DNS BLOCKLIST TEST The postscreen_dnsbl_sites parameter (default: empty) specifies a list of DNS blocklist servers. diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html index 749c6c1db..90fe3fe57 100644 --- a/postfix/html/transport.5.html +++ b/postfix/html/transport.5.html @@ -49,32 +49,33 @@ TRANSPORT(5) TRANSPORT(5) default_transport (default: smtp:) This is the default for remote delivery to other destinations. In order of decreasing precedence, - the nexthop destination is taken from - default_transport, sender_dependent_relayhost_maps, - relayhost, or from the recipient domain. - - Normally, the transport(5) table is specified as a text - file that serves as input to the postmap(1) command. The - result, an indexed file in dbm or db format, is used for - fast searching by the mail system. Execute the command - "postmap /etc/postfix/transport" to rebuild an indexed + the nexthop destination is taken from sender_depen- + dent_default_transport_maps, default_transport, + sender_dependent_relayhost_maps, relayhost, or from + the recipient domain. + + Normally, the transport(5) table is specified as a text + file that serves as input to the postmap(1) command. The + result, an indexed file in dbm or db format, is used for + fast searching by the mail system. Execute the command + "postmap /etc/postfix/transport" to rebuild an indexed file after changing the corresponding transport table. - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary + When the table is provided via other means such as NIS, + LDAP or SQL, the same lookups are done as for ordinary indexed files. - Alternatively, the table can be provided as a regular- + Alternatively, the table can be provided as a regular- expression map where patterns are given as regular expres- - sions, or lookups can be directed to TCP-based server. In - those case, the lookups are done in a slightly different - way as described below under "REGULAR EXPRESSION TABLES" + sions, or lookups can be directed to TCP-based server. In + those case, the lookups are done in a slightly different + way as described below under "REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES". CASE FOLDING - The search string is folded to lowercase before database - lookup. As of Postfix 2.3, the search string is not case - folded with database types such as regexp: or pcre: whose + The search string is folded to lowercase before database + lookup. As of Postfix 2.3, the search string is not case + folded with database types such as regexp: or pcre: whose lookup fields can match both upper and lower case. TABLE FORMAT @@ -85,127 +86,127 @@ TRANSPORT(5) TRANSPORT(5) domain, use the corresponding result. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character + Empty lines and whitespace-only lines are ignored, + as are lines whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- + A logical line starts with non-whitespace text. A + line that starts with whitespace continues a logi- cal line. - The pattern specifies an email address, a domain name, or - a domain name hierarchy, as described in section "TABLE + The pattern specifies an email address, a domain name, or + a domain name hierarchy, as described in section "TABLE LOOKUP". - The result is of the form transport:nexthop and specifies + The result is of the form transport:nexthop and specifies how or where to deliver mail. This is described in section "RESULT FORMAT". TABLE SEARCH ORDER With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are + networked tables such as NIS, LDAP or SQL, patterns are tried in the order as listed below: user+extension@domain transport:nexthop - Deliver mail for user+extension@domain through + Deliver mail for user+extension@domain through transport to nexthop. user@domain transport:nexthop - Deliver mail for user@domain through transport to + Deliver mail for user@domain through transport to nexthop. domain transport:nexthop - Deliver mail for domain through transport to nex- + Deliver mail for domain through transport to nex- thop. .domain transport:nexthop - Deliver mail for any subdomain of domain through - transport to nexthop. This applies only when the - string transport_maps is not listed in the par- - ent_domain_matches_subdomains configuration set- - ting. Otherwise, a domain name matches itself and + Deliver mail for any subdomain of domain through + transport to nexthop. This applies only when the + string transport_maps is not listed in the par- + ent_domain_matches_subdomains configuration set- + ting. Otherwise, a domain name matches itself and its subdomains. * transport:nexthop - The special pattern * represents any address (i.e. - it functions as the wild-card pattern, and is + The special pattern * represents any address (i.e. + it functions as the wild-card pattern, and is unique to Postfix transport tables). - Note 1: the null recipient address is looked up as + Note 1: the null recipient address is looked up as $empty_address_recipient@$myhostname (default: mailer-dae- mon@hostname). - Note 2: user@domain or user+extension@domain lookup is + Note 2: user@domain or user+extension@domain lookup is available in Postfix 2.0 and later. RESULT FORMAT - The lookup result is of the form transport:nexthop. The - transport field specifies a mail delivery transport such - as smtp or local. The nexthop field specifies where and + The lookup result is of the form transport:nexthop. The + transport field specifies a mail delivery transport such + as smtp or local. The nexthop field specifies where and how to deliver mail. - The transport field specifies the name of a mail delivery + The transport field specifies the name of a mail delivery transport (the first name of a mail delivery service entry in the Postfix master.cf file). - The interpretation of the nexthop field is transport - dependent. In the case of SMTP, specify a service on a - non-default port as host:service, and disable MX (mail - exchanger) DNS lookups with [host] or [host]:port. The [] + The interpretation of the nexthop field is transport + dependent. In the case of SMTP, specify a service on a + non-default port as host:service, and disable MX (mail + exchanger) DNS lookups with [host] or [host]:port. The [] form is required when you specify an IP address instead of a hostname. - A null transport and null nexthop result means "do not - change": use the delivery transport and nexthop informa- - tion that would be used when the entire transport table + A null transport and null nexthop result means "do not + change": use the delivery transport and nexthop informa- + tion that would be used when the entire transport table did not exist. - A non-null transport field with a null nexthop field + A non-null transport field with a null nexthop field resets the nexthop information to the recipient domain. - A null transport field with non-null nexthop field does + A null transport field with non-null nexthop field does not modify the transport information. EXAMPLES - In order to deliver internal mail directly, while using a - mail relay for all other mail, specify a null entry for - internal destinations (do not change the delivery trans- - port or the nexthop information) and specify a wildcard + In order to deliver internal mail directly, while using a + mail relay for all other mail, specify a null entry for + internal destinations (do not change the delivery trans- + port or the nexthop information) and specify a wildcard for all other destinations. my.domain : .my.domain : * smtp:outbound-relay.my.domain - In order to send mail for example.com and its subdomains + In order to send mail for example.com and its subdomains via the uucp transport to the UUCP host named example: example.com uucp:example .example.com uucp:example - When no nexthop host name is specified, the destination - domain name is used instead. For example, the following - directs mail for user@example.com via the slow transport - to a mail exchanger for example.com. The slow transport + When no nexthop host name is specified, the destination + domain name is used instead. For example, the following + directs mail for user@example.com via the slow transport + to a mail exchanger for example.com. The slow transport could be configured to run at most one delivery process at a time: example.com slow: When no transport is specified, Postfix uses the transport - that matches the address domain class (see DESCRIPTION - above). The following sends all mail for example.com and + that matches the address domain class (see DESCRIPTION + above). The following sends all mail for example.com and its subdomains to host gateway.example.com: example.com :[gateway.example.com] .example.com :[gateway.example.com] - In the above example, the [] suppress MX lookups. This - prevents mail routing loops when your machine is primary + In the above example, the [] suppress MX lookups. This + prevents mail routing loops when your machine is primary MX host for example.com. - In the case of delivery via SMTP, one may specify host- + In the case of delivery via SMTP, one may specify host- name:service instead of just a host: example.com smtp:bar.example:2025 @@ -219,55 +220,55 @@ TRANSPORT(5) TRANSPORT(5) .example.com error:mail for *.example.com is not deliverable - This causes all mail for user@anything.example.com to be + This causes all mail for user@anything.example.com to be bounced. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to - the entire address being looked up. Thus, - some.domain.hierarchy is not looked up via its parent - domains, nor is user+foo@domain looked up as user@domain. + Each pattern is a regular expression that is applied to + the entire address being looked up. Thus, + some.domain.hierarchy is not looked up via its parent + domains, nor is user+foo@domain looked up as user@domain. - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search + Patterns are applied in the order as specified in the ta- + ble, until a pattern is found that matches the search string. The trivial-rewrite(8) server disallows regular expression - substitution of $1 etc. in regular expression lookup - tables, because that could open a security hole (Postfix + substitution of $1 etc. in regular expression lookup + tables, because that could open a security hole (Postfix version 2.3 and later). TCP-BASED TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when lookups are directed to a TCP-based server. For a descrip- tion of the TCP client/server lookup protocol, see tcp_ta- ble(5). This feature is not available up to and including Postfix version 2.4. - Each lookup operation uses the entire recipient address - once. Thus, some.domain.hierarchy is not looked up via - its parent domains, nor is user+foo@domain looked up as + Each lookup operation uses the entire recipient address + once. Thus, some.domain.hierarchy is not looked up via + its parent domains, nor is user+foo@domain looked up as user@domain. Results are the same as with indexed file lookups. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See + The following main.cf parameters are especially relevant. + The text below provides only a parameter summary. See postconf(5) for more details including examples. empty_address_recipient - The address that is looked up instead of the null + The address that is looked up instead of the null sender address. parent_domain_matches_subdomains - List of Postfix features that use domain.tld pat- - terns to match sub.domain.tld (as opposed to + List of Postfix features that use domain.tld pat- + terns to match sub.domain.tld (as opposed to requiring .domain.tld patterns). transport_maps @@ -285,7 +286,7 @@ TRANSPORT(5) TRANSPORT(5) FILTER_README, external content filter LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index 2919775dd..6da7aced5 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -206,13 +206,24 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) that will be used instead of the null sender address. + Available in Postfix version 2.7 and later: + + empty_address_default_transport_maps_lookup_key (<>) + The sender_dependent_default_transport_maps search + string that will be used instead of the null sender + address. + + sender_dependent_default_transport_maps (empty) + A sender-dependent override for the global + default_transport parameter setting. + ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient - address verification. This feature is implemented by - sending probe email messages that are not actually deliv- - ered. By default, address verification probes use the - same route as regular mail. To override specific aspects - of message routing for address verification probes, spec- + Postfix version 2.1 introduces sender and recipient + address verification. This feature is implemented by + sending probe email messages that are not actually deliv- + ered. By default, address verification probes use the + same route as regular mail. To override specific aspects + of message routing for address verification probes, spec- ify one or more of the following: address_verify_local_transport ($local_transport) @@ -220,7 +231,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) address verification probes. address_verify_virtual_transport ($virtual_transport) - Overrides the virtual_transport parameter setting + Overrides the virtual_transport parameter setting for address verification probes. address_verify_relay_transport ($relay_transport) @@ -228,15 +239,15 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) address verification probes. address_verify_default_transport ($default_transport) - Overrides the default_transport parameter setting + Overrides the default_transport parameter setting for address verification probes. address_verify_relayhost ($relayhost) - Overrides the relayhost parameter setting for + Overrides the relayhost parameter setting for address verification probes. address_verify_transport_maps ($transport_maps) - Overrides the transport_maps parameter setting for + Overrides the transport_maps parameter setting for address verification probes. Available in Postfix version 2.3 and later: @@ -244,20 +255,28 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) address_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps) Overrides the sender_dependent_relayhost_maps - parameter setting for address verification probes. + parameter setting for address verification probes. + + Available in Postfix version 2.7 and later: + + address_verify_sender_dependent_default_transport_maps + ($sender_dependent_default_transport_maps) + Overrides the sender_dependent_default_trans- + port_maps parameter setting for address verifica- + tion probes. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. empty_address_recipient (MAILER-DAEMON) - The recipient of mail addressed to the null + The recipient of mail addressed to the null address. ipc_timeout (3600s) @@ -265,13 +284,13 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- + The maximal number of incoming connections that a + Postfix daemon process will service before termi- nating voluntarily. relocated_maps (empty) @@ -279,33 +298,33 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) for users or domains that no longer exist. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. show_user_unknown_table_name (yes) - Display the name of the recipient table in the + Display the name of the recipient table in the "User unknown" responses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". Available in Postfix version 2.0 and later: helpful_warnings (yes) - Log warnings about problematic configuration set- + Log warnings about problematic configuration set- tings, and provide helpful suggestions. SEE ALSO @@ -320,7 +339,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) ADDRESS_VERIFICATION_README, Postfix address verification LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 4ae4cb785..1b31a4186 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -215,6 +215,11 @@ address_verify_sender = postmaster@my.domain .ft R .PP This feature is available in Postfix 2.1 and later. +.SH address_verify_sender_dependent_default_transport_maps (default: $sender_dependent_default_transport_maps) +Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes. +.PP +This feature is available in Postfix 2.7 and later. .SH address_verify_sender_dependent_relayhost_maps (default: $sender_dependent_relayhost_maps) Overrides the sender_dependent_relayhost_maps parameter setting for address verification probes. @@ -1254,11 +1259,14 @@ This feature is available in Postfix 2.4 and later. The default mail delivery transport and next-hop destination for destinations that do not match $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, -or $relay_domains. In order of decreasing precedence, the nexthop -destination is taken from $default_transport, +or $relay_domains. This information can be overruled with the +sender_dependent_default_transport_maps parameter and with the +\fBtransport\fR(5) table. +.PP +In order of decreasing precedence, the nexthop destination is taken +from $sender_dependent_default_transport_maps, $default_transport, $sender_dependent_relayhost_maps, $relayhost, or from the recipient -domain. This information can be overruled with the \fBtransport\fR(5) -table. +domain. .PP Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR is the name of a mail delivery transport defined in master.cf. @@ -1416,6 +1424,11 @@ in order to terminate mail bounce loops. The maximal number of addresses remembered by the address duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or for \fBshowq\fR(8) queue displays. +.SH empty_address_default_transport_maps_lookup_key (default: <>) +The sender_dependent_default_transport_maps search string that +will be used instead of the null sender address. +.PP +This feature is available in Postfix 2.7 and later. .SH empty_address_recipient (default: MAILER-DAEMON) The recipient of mail addressed to the null address. Postfix does not accept such addresses in SMTP commands, but they may still be @@ -4253,7 +4266,8 @@ This feature is available in Postfix 2.0 and later. .SH relayhost (default: empty) The next-hop destination of non-local mail; overrides non-local domains in recipient addresses. This information is overruled with -relay_transport, default_transport, sender_dependent_relayhost_maps +relay_transport, sender_dependent_default_transport_maps, +default_transport, sender_dependent_relayhost_maps and with the \fBtransport\fR(5) table. .PP On an intranet, specify the organizational domain name. If your @@ -4466,13 +4480,30 @@ sender_canonical_maps = hash:/etc/postfix/sender_canonical .fi .ad .ft R +.SH sender_dependent_default_transport_maps (default: empty) +A sender-dependent override for the global default_transport +parameter setting. The tables are searched by the envelope sender +address and @domain. A lookup result of DUNNO terminates the search +without overriding the global default_transport parameter setting. +This information is overruled with the \fBtransport\fR(5) table. +.PP +Note: this overrides default_transport, not transport_maps, and +therefore the expected syntax is that of default_transport. This +feature does not support the transport_maps syntax for null transport, +null nexthop, or null email addresses. +.PP +For safety reasons, this feature does not allow $number +substitutions in regular expression maps. +.PP +This feature is available in Postfix 2.7 and later. .SH sender_dependent_relayhost_maps (default: empty) A sender-dependent override for the global relayhost parameter setting. The tables are searched by the envelope sender address and @domain. A lookup result of DUNNO terminates the search without overriding the global relayhost parameter setting (Postfix 2.6 and later). This information is overruled with relay_transport, -default_transport and with the \fBtransport\fR(5) table. +sender_dependent_default_transport_maps, default_transport and with +the \fBtransport\fR(5) table. .PP For safety reasons, this feature does not allow $number substitutions in regular expression maps. @@ -6582,7 +6613,7 @@ to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. The time unit is specified with the anvil_rate_time_unit configuration parameter. .PP -By default, a client can make as many recipient addresses per time +By default, a client can send as many recipient addresses per time unit as Postfix can accept. .PP To disable this feature, specify a limit of 0. diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5 index 9f76856b0..288923f23 100644 --- a/postfix/man/man5/transport.5 +++ b/postfix/man/man5/transport.5 @@ -44,9 +44,9 @@ recipient domain. .IP "\fBdefault_transport (default: smtp:)\fR" This is the default for remote delivery to other destinations. In order of decreasing precedence, the \fInexthop\fR -destination is taken from \fBdefault_transport\fR, -\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the -recipient domain. +destination is taken from \fBsender_dependent_default_transport_maps, +\fBdefault_transport\fR, \fBsender_dependent_relayhost_maps\fR, +\fBrelayhost\fR, or from the recipient domain. .PP Normally, the \fBtransport\fR(5) table is specified as a text file that serves as input to the \fBpostmap\fR(1) command. diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8 index 1d2e0cca4..380f1cf11 100644 --- a/postfix/man/man8/postscreen.8 +++ b/postfix/man/man8/postscreen.8 @@ -38,11 +38,25 @@ Note: \fBpostscreen\fR(8) is not an SMTP proxy; this is intentional. The purpose is to prioritize legitimate clients with as little overhead as possible. -\fBpostscreen\fR(8) logs its observations and takes actions -as described in the sections that follow. -.SH "PERMANENT BLACKLIST TEST" -.na +\fBpostscreen\fR(8) performs tests in the order described below. +.SH 1. PERMANENT WHITELIST TEST +.ad +.fi +The postscreen_whitelist_networks parameter (default: +$mynetworks) specifies a permanent whitelist for SMTP client +IP addresses. This feature is not used for addresses that +appear on the permanent blacklist. + +When the SMTP client address matches the permanent whitelist, +this is logged as: +.sp .nf +\fBWHITELISTED \fIaddress\fR +.fi +.sp +The action is not configurable: immediately forward the +connection to a real SMTP server process. +.SH 2. PERMANENT BLACKLIST TEST .ad .fi The postscreen_blacklist_networks parameter (default: empty) @@ -65,28 +79,7 @@ Drop the connection immediately with a 521 SMTP reply. In a future implementation, the connection may instead be passed to a dummy SMTP protocol engine that logs sender and recipient information. -.SH "PERMANENT WHITELIST TEST" -.na -.nf -.ad -.fi -The postscreen_whitelist_networks parameter (default: -$mynetworks) specifies a permanent whitelist for SMTP client -IP addresses. This feature is not used for addresses that -appear on the permanent blacklist. - -When the SMTP client address matches the permanent whitelist, -this is logged as: -.sp -.nf -\fBWHITELISTED \fIaddress\fR -.fi -.sp -The action is not configurable: immediately forward the -connection to a real SMTP server process. -.SH "TEMPORARY WHITELIST TEST" -.na -.nf +.SH 3. TEMPORARY WHITELIST TEST .ad .fi The \fBpostscreen\fR(8) daemon maintains a \fItemporary\fR @@ -108,9 +101,7 @@ connection to a real SMTP server process. The client is excluded from further tests until its temporary whitelist entry expires, as controlled with the postscreen_cache_ttl parameter. Expired entries are silently renewed if possible. -.SH "SMTP GREETING PHASE TESTS" -.na -.nf +.SH 4. SMTP GREETING PHASE TESTS .ad .fi The postscreen_greet_wait parameter specifies a time interval @@ -135,9 +126,7 @@ In a future implementation, the connection may first be passed to a dummy SMTP protocol engine that implements more protocol tests including greylisting, before the client is allowed to talk to a real SMTP server process. -.SH "PREGREET TEST" -.na -.nf +.SH 4A. PREGREET TEST .ad .fi The postscreen_greet_banner parameter specifies the text @@ -179,9 +168,7 @@ Drop the connection immediately with a 521 SMTP reply. In a future implementation, the connection may instead be passed to a dummy SMTP protocol engine that logs sender and recipient information. -.SH "HANGUP TEST" -.na -.nf +.SH 4B. HANGUP TEST .ad .fi When the SMTP client hangs up without sending any data @@ -200,9 +187,7 @@ report DNSBL lookup results if applicable. Do not forward the broken connection to a real SMTP server process. .IP "\fBdrop\fR (enforcement mode)" Drop the connection immediately. -.SH "DNS BLOCKLIST TEST" -.na -.nf +.SH 4C. DNS BLOCKLIST TEST .ad .fi The postscreen_dnsbl_sites parameter (default: empty) diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index ccf1f354d..ca85bd36b 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -182,6 +182,14 @@ Available in Postfix version 2.5 and later: .IP "\fBempty_address_relayhost_maps_lookup_key (<>)\fR" The sender_dependent_relayhost_maps search string that will be used instead of the null sender address. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBempty_address_default_transport_maps_lookup_key (<>)\fR" +The sender_dependent_default_transport_maps search string that +will be used instead of the null sender address. +.IP "\fBsender_dependent_default_transport_maps (empty)\fR" +A sender-dependent override for the global default_transport +parameter setting. .SH "ADDRESS VERIFICATION CONTROLS" .na .nf @@ -217,6 +225,11 @@ Available in Postfix version 2.3 and later: .IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR" Overrides the sender_dependent_relayhost_maps parameter setting for address verification probes. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR" +Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes. .SH "MISCELLANEOUS CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 16802d9e4..78fc376c5 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -70,6 +70,7 @@ while (<>) { s;\baccess_map_reject_code\b;$&;g; s;\baccess_map_defer_code\b;$&;g; s;\baddress_verify_default_transport\b;$&;g; + s;\baddress_verify_sender_depen[-]*\n*[ ]*dent_default_trans[-]*\n*[ ]*port_maps\b;$&;g; s;\baddress_verify_local_transport\b;$&;g; s;\baddress_verify_map\b;$&;g; s;\baddress_verify_negative_cache\b;$&;g; @@ -145,6 +146,8 @@ while (<>) { s;\bdefault_recipi[-]*\n* *[]*ent_refill_delay\b;$&;g; s;\bdefault_recip[-]*\n* *[]*ient_limit\b;$&;g; s;\bdefault_transport\b;$&;g; + s;\bsender_depen[-]*\n* *[]*dent_default_trans[-]*\n* *[]*port_maps\b;$&;g; + s;\bempty_address_default_transport_maps_lookup_key\b;$&;g; s;\bdefault_verp_delimiters\b;$&;g; s;\bdefer_code\b;$&;g; s;\bdefer_service_name\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 3a56f1386..62281a169 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -1231,11 +1231,15 @@ name of the message delivery transport. The default mail delivery transport and next-hop destination for destinations that do not match $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, -or $relay_domains. In order of decreasing precedence, the nexthop -destination is taken from $default_transport, +or $relay_domains. This information can be overruled with the +sender_dependent_default_transport_maps parameter and with the +transport(5) table.

+ +

+In order of decreasing precedence, the nexthop destination is taken +from $sender_dependent_default_transport_maps, $default_transport, $sender_dependent_relayhost_maps, $relayhost, or from the recipient -domain. This information can be overruled with the transport(5) -table. +domain.

@@ -3481,7 +3485,8 @@ This feature is available in Postfix 2.0 and later.

The next-hop destination of non-local mail; overrides non-local domains in recipient addresses. This information is overruled with -relay_transport, default_transport, sender_dependent_relayhost_maps +relay_transport, sender_dependent_default_transport_maps, +default_transport, sender_dependent_relayhost_maps and with the transport(5) table.

@@ -4655,7 +4660,7 @@ with the anvil_rate_time_unit configuration parameter.

-By default, a client can make as many recipient addresses per time +By default, a client can send as many recipient addresses per time unit as Postfix can accept.

@@ -9497,7 +9502,8 @@ setting. The tables are searched by the envelope sender address and @domain. A lookup result of DUNNO terminates the search without overriding the global relayhost parameter setting (Postfix 2.6 and later). This information is overruled with relay_transport, -default_transport and with the transport(5) table.

+sender_dependent_default_transport_maps, default_transport and with +the transport(5) table.

For safety reasons, this feature does not allow $number substitutions in regular expression maps.

@@ -12699,3 +12705,36 @@ the Postfix SMTP client TLS session.

configuration parameter. See there for details.

This feature is available in Postfix 2.7 and later.

+ +%PARAM empty_address_default_transport_maps_lookup_key <> + +

The sender_dependent_default_transport_maps search string that +will be used instead of the null sender address.

+ +

This feature is available in Postfix 2.7 and later.

+ +%PARAM sender_dependent_default_transport_maps + +

A sender-dependent override for the global default_transport +parameter setting. The tables are searched by the envelope sender +address and @domain. A lookup result of DUNNO terminates the search +without overriding the global default_transport parameter setting. +This information is overruled with the transport(5) table.

+ +

Note: this overrides default_transport, not transport_maps, and +therefore the expected syntax is that of default_transport. This +feature does not support the transport_maps syntax for null transport, +null nexthop, or null email addresses.

+ +

For safety reasons, this feature does not allow $number +substitutions in regular expression maps.

+ +

This feature is available in Postfix 2.7 and later.

+ +%PARAM address_verify_sender_dependent_default_transport_maps $sender_dependent_default_transport_maps + +

Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes.

+ +

This feature is available in Postfix 2.7 and later.

+ diff --git a/postfix/proto/transport b/postfix/proto/transport index e411e3046..daf3e28fd 100644 --- a/postfix/proto/transport +++ b/postfix/proto/transport @@ -11,7 +11,7 @@ # \fBpostmap -q - /etc/postfix/transport <\fIinputfile\fR # DESCRIPTION # The optional \fBtransport\fR(5) table specifies a mapping from email -# addresses to message delivery transports and next-hop destinations. +# addresses to message delivery transports and next-hop destinations. # Message delivery transports such as \fBlocal\fR or \fBsmtp\fR # are defined in the \fBmaster.cf\fR file, and next-hop # destinations are typically hosts or domain names. The @@ -38,9 +38,9 @@ # .IP "\fBdefault_transport (default: smtp:)\fR" # This is the default for remote delivery to other destinations. # In order of decreasing precedence, the \fInexthop\fR -# destination is taken from \fBdefault_transport\fR, -# \fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the -# recipient domain. +# destination is taken from \fBsender_dependent_default_transport_maps, +# \fBdefault_transport\fR, \fBsender_dependent_relayhost_maps\fR, +# \fBrelayhost\fR, or from the recipient domain. # .PP # Normally, the \fBtransport\fR(5) table is specified as a text file # that serves as input to the \fBpostmap\fR(1) command. diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index b364d90a3..a440152e1 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -428,6 +428,14 @@ extern char *var_transport_maps; #define DEF_DEF_TRANSPORT MAIL_SERVICE_SMTP extern char *var_def_transport; +#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_" VAR_DEF_TRANSPORT "_maps" +#define DEF_SND_DEF_XPORT_MAPS "" +extern char *var_snd_def_xport_maps; + +#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key" +#define DEF_NULL_DEF_XPORT_MAPS_KEY "<>" +extern char *var_null_def_xport_maps_key; + /* * trivial rewrite/resolve service: rewriting controls. */ @@ -2595,6 +2603,10 @@ extern char *var_vrfy_relay_xport; #define DEF_VRFY_DEF_XPORT "$" VAR_DEF_TRANSPORT extern char *var_vrfy_def_xport; +#define VAR_VRFY_SND_DEF_XPORT_MAPS "address_verify_" VAR_SND_DEF_XPORT_MAPS +#define DEF_VRFY_SND_DEF_XPORT_MAPS "$" VAR_SND_DEF_XPORT_MAPS +extern char *var_snd_def_xport_maps; + #define VAR_VRFY_RELAYHOST "address_verify_relayhost" #define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST extern char *var_vrfy_relayhost; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index aeb38e3da..e187c4eeb 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20091115" +#define MAIL_RELEASE_DATE "20091209" #define MAIL_VERSION_NUMBER "2.7" #ifdef SNAPSHOT diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index 4178a57c5..2e9d4b8c4 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -32,9 +32,25 @@ /* intentional. The purpose is to prioritize legitimate clients /* with as little overhead as possible. /* -/* \fBpostscreen\fR(8) logs its observations and takes actions -/* as described in the sections that follow. -/* PERMANENT BLACKLIST TEST +/* \fBpostscreen\fR(8) performs tests in the order described below. +/* .SH 1. PERMANENT WHITELIST TEST +/* .ad +/* .fi +/* The postscreen_whitelist_networks parameter (default: +/* $mynetworks) specifies a permanent whitelist for SMTP client +/* IP addresses. This feature is not used for addresses that +/* appear on the permanent blacklist. +/* +/* When the SMTP client address matches the permanent whitelist, +/* this is logged as: +/* .sp +/* .nf +/* \fBWHITELISTED \fIaddress\fR +/* .fi +/* .sp +/* The action is not configurable: immediately forward the +/* connection to a real SMTP server process. +/* .SH 2. PERMANENT BLACKLIST TEST /* .ad /* .fi /* The postscreen_blacklist_networks parameter (default: empty) @@ -57,26 +73,9 @@ /* a future implementation, the connection may instead be /* passed to a dummy SMTP protocol engine that logs sender and /* recipient information. -/* PERMANENT WHITELIST TEST +/* .SH 3. TEMPORARY WHITELIST TEST /* .ad /* .fi -/* The postscreen_whitelist_networks parameter (default: -/* $mynetworks) specifies a permanent whitelist for SMTP client -/* IP addresses. This feature is not used for addresses that -/* appear on the permanent blacklist. -/* -/* When the SMTP client address matches the permanent whitelist, -/* this is logged as: -/* .sp -/* .nf -/* \fBWHITELISTED \fIaddress\fR -/* .fi -/* .sp -/* The action is not configurable: immediately forward the -/* connection to a real SMTP server process. -/* TEMPORARY WHITELIST TEST -/* .ad -/* .fi /* The \fBpostscreen\fR(8) daemon maintains a \fItemporary\fR /* whitelist for SMTP client IP addresses that have passed all /* the tests described below. The postscreen_cache_map parameter @@ -96,7 +95,7 @@ /* excluded from further tests until its temporary whitelist /* entry expires, as controlled with the postscreen_cache_ttl /* parameter. Expired entries are silently renewed if possible. -/* SMTP GREETING PHASE TESTS +/* .SH 4. SMTP GREETING PHASE TESTS /* .ad /* .fi /* The postscreen_greet_wait parameter specifies a time interval @@ -121,7 +120,7 @@ /* a dummy SMTP protocol engine that implements more protocol /* tests including greylisting, before the client is allowed /* to talk to a real SMTP server process. -/* PREGREET TEST +/* .SH 4A. PREGREET TEST /* .ad /* .fi /* The postscreen_greet_banner parameter specifies the text @@ -163,7 +162,7 @@ /* In a future implementation, the connection may instead be passed /* to a dummy SMTP protocol engine that logs sender and recipient /* information. -/* HANGUP TEST +/* .SH 4B. HANGUP TEST /* .ad /* .fi /* When the SMTP client hangs up without sending any data @@ -182,11 +181,11 @@ /* the broken connection to a real SMTP server process. /* .IP "\fBdrop\fR (enforcement mode)" /* Drop the connection immediately. -/* DNS BLOCKLIST TEST +/* .SH 4C. DNS BLOCKLIST TEST /* .ad /* .fi /* The postscreen_dnsbl_sites parameter (default: empty) -/* specifies a list of DNS blocklist servers. +/* specifies a list of DNS blocklist servers. /* /* When the postscreen_greet_wait time has elapsed, and the /* SMTP client address is listed with at least one of these @@ -449,7 +448,7 @@ typedef struct { int dt_usec; /* make sure it's signed */ } DELTA_TIME; -#define DELTA(x, y, z) \ +#define PS_CALC_DELTA(x, y, z) \ do { \ (x).dt_sec = (y).tv_sec - (z).tv_sec; \ (x).dt_usec = (y).tv_usec - (z).tv_usec; \ @@ -488,6 +487,61 @@ typedef struct { #define STR(x) vstring_str(x) #define LEN(x) VSTRING_LEN(x) + /* + * Monitor time-critical operations. + */ +#define PS_GET_TIME_BEFORE_LOOKUP \ + struct timeval _before, _after; \ + DELTA_TIME _delta; \ + GETTIMEOFDAY(&_before); + +#define PS_DELTA_MS(d) ((d).dt_sec * 1000 + (d).dt_usec / 1000) + +#define PS_CHECK_TIME_AFTER_LOOKUP(table, action) \ + GETTIMEOFDAY(&_after); \ + PS_CALC_DELTA(_delta, _after, _before); \ + if (_delta.dt_sec > 1 || _delta.dt_usec > 100000) \ + msg_warn("%s: %s %s took %d ms", \ + myname, (table), (action), PS_DELTA_MS(_delta)); + +/* ps_addr_match_list_match - time-critical address list lookup */ + +static int ps_addr_match_list_match(ADDR_MATCH_LIST *addr_list, + const char *addr_str) +{ + const char *myname = "ps_addr_match_list_match"; + int result; + + PS_GET_TIME_BEFORE_LOOKUP; + result = addr_match_list_match(addr_list, addr_str); + PS_CHECK_TIME_AFTER_LOOKUP("address list", "lookup"); + return (result); +} + +/* ps_dict_get - time-critical table lookup */ + +static const char *ps_dict_get(DICT *dict, const char *key) +{ + const char *myname = "ps_dict_get"; + const char *result; + + PS_GET_TIME_BEFORE_LOOKUP; + result = dict_get(dict, key); + PS_CHECK_TIME_AFTER_LOOKUP(dict->name, "lookup"); + return (result); +} + +/* ps_dict_put - table dictionary update */ + +static void ps_dict_put(DICT *dict, const char *key, const char *value) +{ + const char *myname = "ps_dict_put"; + + PS_GET_TIME_BEFORE_LOOKUP; + dict_put(dict, key, value); + PS_CHECK_TIME_AFTER_LOOKUP(dict->name, "update"); +} + /* * DNSBL lookup status per client IP address. */ @@ -666,7 +720,7 @@ static char *mydelta_time(VSTRING *buf, struct timeval tv, int *delta) struct timeval now; GETTIMEOFDAY(&now); - DELTA(pdelay, now, tv); + PS_CALC_DELTA(pdelay, now, tv); VSTRING_RESET(buf); format_tv(buf, pdelay.dt_sec, pdelay.dt_usec, SIG_DIGS, var_delay_max_res); *delta = pdelay.dt_sec; @@ -860,7 +914,7 @@ static void smtp_read_event(int event, char *context) "OLD" : "NEW", state->smtp_client_addr); if (cache_map != 0) { vstring_sprintf(temp, "%ld", (long) event_time()); - dict_put(cache_map, state->smtp_client_addr, STR(temp)); + ps_dict_put(cache_map, state->smtp_client_addr, STR(temp)); } } send_socket(state); @@ -930,7 +984,14 @@ static void postscreen_drain(char *unused_service, char **unused_argv) * could retry failed fork() operations in the event call-back routines, * but we don't need perfection. The host system is severely overloaded * and service levels are already way down. + * + * XXX Some Berkeley DB versions break with close-after-fork. Every new + * version is an improvement over its predecessor. */ + if (cache_map != 0) { + dict_close(cache_map); + cache_map = 0; + } for (count = 0; /* see below */ ; count++) { if (count >= 5) { msg_fatal("fork: %m"); @@ -939,10 +1000,6 @@ static void postscreen_drain(char *unused_service, char **unused_argv) sleep(1); continue; } else { - if (cache_map != 0) { - dict_close(cache_map); - cache_map = 0; - } return; } } @@ -1028,12 +1085,22 @@ static void postscreen_service(VSTREAM *smtp_client_stream, } /* - * The permanent blacklist has first precedence. If the client is + * The permanent whitelist has highest precedence (never block mail from + * whitelisted sites). + */ + if (wlist_nets != 0 + && ps_addr_match_list_match(wlist_nets, smtp_client_addr.buf) != 0) { + msg_info("WHITELISTED %s", smtp_client_addr.buf); + state_flags |= PS_FLAG_WHITELISTED; + } + + /* + * The permanent blacklist has second precedence. If the client is * permanently blacklisted, send some generic reply and hang up * immediately, or torture them a little longer. */ - if (blist_nets != 0 - && addr_match_list_match(blist_nets, smtp_client_addr.buf) != 0) { + else if (blist_nets != 0 + && ps_addr_match_list_match(blist_nets, smtp_client_addr.buf) != 0) { msg_info("BLACKLISTED %s", smtp_client_addr.buf); if (blist_action == PS_ACT_DROP) { smtp_reply(vstream_fileno(smtp_client_stream), @@ -1043,21 +1110,12 @@ static void postscreen_service(VSTREAM *smtp_client_stream, } } - /* - * The permanent whitelist has second precedence. - */ - else if (wlist_nets != 0 - && addr_match_list_match(wlist_nets, smtp_client_addr.buf) != 0) { - msg_info("WHITELISTED %s", smtp_client_addr.buf); - state_flags |= PS_FLAG_WHITELISTED; - } - /* * Finally, the temporary whitelist (i.e. the postscreen cache) has the * lowest precedence. */ else if (cache_map != 0 - && (stamp_str = dict_get(cache_map, smtp_client_addr.buf)) != 0) { + && (stamp_str = ps_dict_get(cache_map, smtp_client_addr.buf)) != 0) { stamp_time = strtoul(stamp_str, 0, 10); if (stamp_time > event_time() - var_ps_cache_ttl) { msg_info("PASS OLD %s", smtp_client_addr.buf); diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index cdd08732d..05d59c9f5 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -754,6 +754,10 @@ static void smtp_connect_remote(SMTP_STATE *state, const char *nexthop, * specified, or when DNS lookups are disabled. */ dest_buf = smtp_parse_destination(dest, def_service, &domain, &port); + if (var_helpful_warnings && ntohs(port) == 465) { + msg_info("CLIENT wrappermode (port smtps/465) is unimplemented"); + msg_info("instead, send to (port submission/587) with STARTTLS"); + } /* * Resolve an SMTP server. Skip mail exchanger lookups when a quoted diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 9b1da6644..cb855005f 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -1353,6 +1353,27 @@ static int sasl_client_exception(SMTPD_STATE *state) #endif +/* smtpd_whatsup - gather available evidence for logging */ + +static const char *smtpd_whatsup(SMTPD_STATE *state) +{ + static VSTRING *buf = 0; + + if (buf == 0) + buf = vstring_alloc(100); + else + VSTRING_RESET(buf); + if (state->sender) + vstring_sprintf_append(buf, " from=<%s>", state->sender); + if (state->recipient) + vstring_sprintf_append(buf, " to=<%s>", state->recipient); + if (state->protocol) + vstring_sprintf_append(buf, " proto=%s", state->protocol); + if (state->helo_name) + vstring_sprintf_append(buf, " helo=<%s>", state->helo_name); + return (STR(buf)); +} + /* collapse_args - put arguments together again */ static void collapse_args(int argc, SMTPD_TOKEN *argv) @@ -1371,23 +1392,9 @@ static void collapse_args(int argc, SMTPD_TOKEN *argv) static const char *check_milter_reply(SMTPD_STATE *state, const char *reply) { const char *queue_id = state->queue_id ? state->queue_id : "NOQUEUE"; - VSTRING *buf = vstring_alloc(100); const char *action; const char *text; - /* - * XXX Copied from log_whatsup(). Needs to be changed into a reusable - * function. - */ - if (state->sender) - vstring_sprintf_append(buf, " from=<%s>", state->sender); - if (state->recipient) - vstring_sprintf_append(buf, " to=<%s>", state->recipient); - if (state->protocol) - vstring_sprintf_append(buf, " proto=%s", state->protocol); - if (state->helo_name) - vstring_sprintf_append(buf, " helo=<%s>", state->helo_name); - /* * The syntax of user-specified SMTP replies is checked by the Milter * module, because the replies are also used in the cleanup server. @@ -1430,8 +1437,7 @@ static const char *check_milter_reply(SMTPD_STATE *state, const char *reply) break; } msg_info("%s: %s: %s from %s: %s;%s", queue_id, action, state->where, - state->namaddr, reply ? reply : text, STR(buf)); - vstring_free(buf); + state->namaddr, reply ? reply : text, smtpd_whatsup(state)); return (reply); } @@ -3096,6 +3102,14 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) detail->smtp, detail->dsn, state->err); } + /* + * By popular command: the proxy's end-of-data reply. + */ + if (proxy) + msg_info("proxy-%s: %s: %s;%s", + (state->err == CLEANUP_STAT_OK) ? "accept" : "reject", + state->where, STR(proxy->buffer), smtpd_whatsup(state)); + /* * Cleanup. The client may send another MAIL command. */ diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c index 74d33f6f8..7535eaeba 100644 --- a/postfix/src/smtpd/smtpd_proxy.c +++ b/postfix/src/smtpd/smtpd_proxy.c @@ -961,9 +961,9 @@ static int smtpd_proxy_replay_setup(SMTPD_STATE *state) * file is expensive compared to reading or writing. For security reasons * we must truncate the file before reuse. For performance reasons we * should truncate the file immediately after the end of a mail - * transaction. We enforce the security guarantee here by requiring that - * no I/O happened since the file was truncated. This is less expensive - * than truncating the file redundantly. + * transaction. We enforce the security guarantee upon reuse, by + * requiring that no I/O happened since the file was truncated. This is + * less expensive than truncating the file redundantly. */ if (smtpd_proxy_replay_stream != 0) { /* vstream_ftell() won't invoke the kernel, so all errors are mine. */ diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index 454cd5ae5..f9d29a86e 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -153,6 +153,8 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, char *oper; char *junk; const char *relay; + const char *xport; + const char *sender_key; *flags = 0; vstring_strcpy(channel, "CHANNEL NOT UPDATED"); @@ -498,8 +500,27 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, * Other off-host destination. */ else { - vstring_strcpy(channel, RES_PARAM_VALUE(rp->def_transport)); - blame = rp->def_transport_name; + if (rp->snd_def_xp_info + && (xport = mail_addr_find(rp->snd_def_xp_info, + sender_key = (*sender ? sender : + var_null_def_xport_maps_key), + (char **) 0)) != 0) { + if (*xport == 0) { + msg_warn("%s: ignoring null lookup result for %s", + rp->snd_def_xp_maps_name, sender_key); + xport = "DUNNO"; + } + vstring_strcpy(channel, strcasecmp(xport, "DUNNO") == 0 ? + RES_PARAM_VALUE(rp->def_transport) : xport); + blame = rp->snd_def_xp_maps_name; + } else if (dict_errno != 0) { + msg_warn("%s lookup failure", rp->snd_def_xp_maps_name); + *flags |= RESOLVE_FLAG_FAIL; + FREE_MEMORY_AND_RETURN; + } else { + vstring_strcpy(channel, RES_PARAM_VALUE(rp->def_transport)); + blame = rp->def_transport_name; + } *flags |= RESOLVE_CLASS_DEFAULT; } @@ -508,12 +529,22 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, * override the recipient domain. */ if (rp->snd_relay_info - && (relay = mail_addr_find(rp->snd_relay_info, *sender ? - sender : var_null_relay_maps_key, - (char **) 0)) != 0) + && (relay = mail_addr_find(rp->snd_relay_info, + sender_key = (*sender ? sender : + var_null_relay_maps_key), + (char **) 0)) != 0) { + if (*relay == 0) { + msg_warn("%s: ignoring null lookup result for %s", + rp->snd_relay_maps_name, sender_key); + relay = "DUNNO"; + } vstring_strcpy(nexthop, strcasecmp(relay, "DUNNO") == 0 ? rcpt_domain : relay); - else if (*RES_PARAM_VALUE(rp->relayhost)) + } else if (dict_errno != 0) { + msg_warn("%s lookup failure", rp->snd_relay_maps_name); + *flags |= RESOLVE_FLAG_FAIL; + FREE_MEMORY_AND_RETURN; + } else if (*RES_PARAM_VALUE(rp->relayhost)) vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost)); else vstring_strcpy(nexthop, rcpt_domain); diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index 6eae44dc2..22f1b79a2 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -160,6 +160,14 @@ /* .IP "\fBempty_address_relayhost_maps_lookup_key (<>)\fR" /* The sender_dependent_relayhost_maps search string that will be /* used instead of the null sender address. +/* .PP +/* Available in Postfix version 2.7 and later: +/* .IP "\fBempty_address_default_transport_maps_lookup_key (<>)\fR" +/* The sender_dependent_default_transport_maps search string that +/* will be used instead of the null sender address. +/* .IP "\fBsender_dependent_default_transport_maps (empty)\fR" +/* A sender-dependent override for the global default_transport +/* parameter setting. /* ADDRESS VERIFICATION CONTROLS /* .ad /* .fi @@ -193,6 +201,11 @@ /* .IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR" /* Overrides the sender_dependent_relayhost_maps parameter setting for address /* verification probes. +/* .PP +/* Available in Postfix version 2.7 and later: +/* .IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR" +/* Overrides the sender_dependent_default_transport_maps parameter +/* setting for address verification probes. /* MISCELLANEOUS CONTROLS /* .ad /* .fi @@ -320,12 +333,14 @@ char *var_virt_alias_doms; char *var_virt_mailbox_doms; char *var_relocated_maps; char *var_def_transport; +char *var_snd_def_xport_maps; char *var_empty_addr; int var_show_unk_rcpt_table; int var_resolve_nulldom; char *var_remote_rwr_domain; char *var_snd_relay_maps; char *var_null_relay_maps_key; +char *var_null_def_xport_maps_key; int var_resolve_num_dom; bool var_allow_min_user; @@ -337,6 +352,7 @@ char *var_vrfy_local_xport; char *var_vrfy_virt_xport; char *var_vrfy_relay_xport; char *var_vrfy_def_xport; +char *var_vrfy_snd_def_xport_maps; char *var_vrfy_relayhost; char *var_vrfy_relay_maps; @@ -348,6 +364,7 @@ RES_CONTEXT resolve_regular = { VAR_VIRT_TRANSPORT, &var_virt_transport, VAR_RELAY_TRANSPORT, &var_relay_transport, VAR_DEF_TRANSPORT, &var_def_transport, + VAR_SND_DEF_XPORT_MAPS, &var_snd_def_xport_maps, 0, VAR_RELAYHOST, &var_relayhost, VAR_SND_RELAY_MAPS, &var_snd_relay_maps, 0, VAR_TRANSPORT_MAPS, &var_transport_maps, 0 @@ -358,6 +375,7 @@ RES_CONTEXT resolve_verify = { VAR_VRFY_VIRT_XPORT, &var_vrfy_virt_xport, VAR_VRFY_RELAY_XPORT, &var_vrfy_relay_xport, VAR_VRFY_DEF_XPORT, &var_vrfy_def_xport, + VAR_VRFY_SND_DEF_XPORT_MAPS, &var_vrfy_snd_def_xport_maps, 0, VAR_VRFY_RELAYHOST, &var_vrfy_relayhost, VAR_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, VAR_VRFY_XPORT_MAPS, &var_vrfy_xport_maps, 0 @@ -524,6 +542,18 @@ static void pre_jail_init(char *unused_name, char **unused_argv) RES_PARAM_VALUE(resolve_verify.snd_relay_maps), DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX | DICT_FLAG_NO_REGSUB); + if (*RES_PARAM_VALUE(resolve_regular.snd_def_xp_maps)) + resolve_regular.snd_def_xp_info = + maps_create(resolve_regular.snd_def_xp_maps_name, + RES_PARAM_VALUE(resolve_regular.snd_def_xp_maps), + DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX + | DICT_FLAG_NO_REGSUB); + if (*RES_PARAM_VALUE(resolve_verify.snd_def_xp_maps)) + resolve_verify.snd_def_xp_info = + maps_create(resolve_verify.snd_def_xp_maps_name, + RES_PARAM_VALUE(resolve_verify.snd_def_xp_maps), + DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX + | DICT_FLAG_NO_REGSUB); } /* post_jail_init - initialize after entering chroot jail */ @@ -571,6 +601,9 @@ int main(int argc, char **argv) VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0, VAR_NULL_RELAY_MAPS_KEY, DEF_NULL_RELAY_MAPS_KEY, &var_null_relay_maps_key, 1, 0, VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0, + VAR_SND_DEF_XPORT_MAPS, DEF_SND_DEF_XPORT_MAPS, &var_snd_def_xport_maps, 0, 0, + VAR_NULL_DEF_XPORT_MAPS_KEY, DEF_NULL_DEF_XPORT_MAPS_KEY, &var_null_def_xport_maps_key, 1, 0, + VAR_VRFY_SND_DEF_XPORT_MAPS, DEF_VRFY_SND_DEF_XPORT_MAPS, &var_vrfy_snd_def_xport_maps, 0, 0, 0, }; static const CONFIG_BOOL_TABLE bool_table[] = { diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.h b/postfix/src/trivial-rewrite/trivial-rewrite.h index d94cbb3ba..5f89a87b6 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.h +++ b/postfix/src/trivial-rewrite/trivial-rewrite.h @@ -56,6 +56,9 @@ typedef struct { char **relay_transport; /* relay transport:nexthop */ const char *def_transport_name; /* name of variable */ char **def_transport; /* default transport:nexthop */ + const char *snd_def_xp_maps_name; /* name of variable */ + char **snd_def_xp_maps; /* maptype:mapname */ + MAPS *snd_def_xp_info; /* handle */ const char *relayhost_name; /* name of variable */ char **relayhost; /* for relay and default transport */ const char *snd_relay_maps_name; /* name of variable */