From: Wietse Venema Date: Mon, 9 Jun 2003 05:00:00 +0000 (-0500) Subject: postfix-2.0.11-20030609 X-Git-Tag: v2.1-RC1-20040331~57 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e9e5c1246fa3795323d457a5aed455526a817e2;p=thirdparty%2Fpostfix.git postfix-2.0.11-20030609 --- diff --git a/postfix/.indent.pro b/postfix/.indent.pro index e1dd7986d..c662f44f5 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -67,7 +67,6 @@ -THEADER_OPTS -THEADER_TOKEN -THOST --THOST -THTABLE -THTABLE_INFO -TINET_ADDR_LIST @@ -132,6 +131,7 @@ -TRESOLVE_REPLY -TRESPONSE -TREST_TABLE +-TRES_CONTEXT -TSCAN_DIR -TSCAN_INFO -TSCAN_OBJ @@ -157,6 +157,7 @@ -TSTRING_TABLE -TSYS_EXITS_TABLE -TTOK822 +-TTRANSPORT_INFO -TTRIGGER_SERVER -TUSER_ATTR -TVBUF diff --git a/postfix/0README b/postfix/AAAREADME similarity index 97% rename from postfix/0README rename to postfix/AAAREADME index 0b13f9ca3..85420af5b 100644 --- a/postfix/0README +++ b/postfix/AAAREADME @@ -46,10 +46,10 @@ Web sites: Mail addresses (PLEASE send questions to the mailing list) - postfix-XXX@postfix.org Postfix mailing lists + postfix-users@postfix.org Postfix users mailing list wietse@porcupine.org the original author -In order to subscribe to a mailing list, see http://www.postfix.org/. +In order to subscribe to the mailing list, see http://www.postfix.org/. Acknowledgments =============== diff --git a/postfix/COMPATIBILITY b/postfix/COMPATIBILITY index 494efe453..c8d65fb0f 100644 --- a/postfix/COMPATIBILITY +++ b/postfix/COMPATIBILITY @@ -38,6 +38,7 @@ newaliases yes (main alias database only) nis tables yes nis+ tables not yet no <> in smtp yes (most common address forms) +pgsql tables yes (contributed) pipeline option yes (server and client) pop/imap yes (with third-party daemons that use /var[/spool]/mail) qmqp server yes (with verp support) @@ -49,7 +50,7 @@ sendmail -q yes sendmail -qRxxx yes (for domains specified in fast_flush_domains) sendmail -qSxxx no sendmail -qtime ignored -sendmail -v yes (but does not show delivery) +sendmail -v yes (sends delivery report via email) sendmail.cf no (uses table-driven address rewriting) size option yes, server and client smarthost yes (specify relayhost in main.cf) diff --git a/postfix/HISTORY b/postfix/HISTORY index dc0154521..637e1b47f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -1264,12 +1264,12 @@ Apologies for any names omitted. reorganization of the way queue scans were done. The queue manager socket now has become public. -10091002 +19981002 SMTPD now logs "lost connection after end-of-message" instead of "lost connection after DATA". -10091005 +19981005 More bullet proofing: timeouts on all triggers. @@ -8165,6 +8165,23 @@ Apologies for any names omitted. Cleanup: added support for vstream_fseek(.., .., SEEK_END). File: util/vstream.c. +20030608 + + Feature: separate address resolver controls for address + verification probe messages: address_verify_{local,virtual, + relay,default}_transport, address_verify_relayhost, and + address_verify_transport_maps. The default values are the + regular versions of the same controls. Files: trivial-rewrite/*, + global/resolve_clnt.[hc], *qmgr/qmgr_message.c. + +20030609 + + Bugfix: the "unread recipient" counter needs to be restored + after the queue manager has a problem reading a queue file. + This fix is for purists only, because after such a failure + Postfix closes the queue file and parks it in the corrupt + queue. Fix by Patrik Rak. File: nqmgr/qmgr_message.c. + Open problems: Low: smtp-source may block when sending large test messages. diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README index d6b2cd2d4..049877598 100644 --- a/postfix/README_FILES/ADDRESS_VERIFICATION_README +++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README @@ -28,6 +28,13 @@ nearest MTA accepts the recipient, then Postfix assumes that the address is deliverable, even when the address will bounce AFTER that MTA accepts it. +Normally, address verification probe messages follow the same path +as regular mail. However, some sites send mail to the Internet +via an intermediate relayhost; this breaks address verification. +See below, section "Controlling the routing of address verification +probes", for how to override mail routing and for possible limitations +when you have to do this. + Postfix assumes that an address is undeliverable when the nearest MTA for the address rejects the probe, regardless of the reason for rejection (client rejected, HELO rejected, MAIL FROM rejected, @@ -188,3 +195,73 @@ Right now, no tools are provided to manage the address verification database. If the file gets too big, or if it gets corrupted, you can manually delete the file and run "postfix reload". The new verify daemon process will then create a new, empty, database. + +Controlling the routing of address verification probes +====================================================== + +By default, Postfix sends address verification probe messages via +the same route as regular mail, because that normally produces the +most accurate result. It's no good to verify a local address by +connecting to your own SMTP port; that just triggers all kinds of +mailer loop alarms. The same is true for any destination that your +machine is best MX host for: hidden domains, virtual domains, etc. + +However, some sites have a complex infrastructure where mail is +not sent directly to the Internet, but is instead given to an +intermediate relayhost. This is a problem for address verification, +because remote Internet destinations can be verified only when +Postfix can access those destinations directly. + +For this reason, Postfix allows you to override the routing parameters +when it delivers an address verification probe message. + +First, the address_verify_relayhost parameter allows you to override +the relayhost setting, and the address_verify_transport_maps +parameter allows you to override the transport_maps setting. + +Second, each address class is given its own address verification +version of the message delivery transport (address classes are +defined in the ADDRESS_CLASS_README file) as shown in the table: + +Destination type Regular transport Verify transport + parameter name parameter name +===================================================================== +mydestination local_transport address_verify_local_transport +virtual_alias_domains (not applicable) (not applicable) +virtual_mailbox_domains virtual_transport address_verify_virtual_transport +relay_domains relay_transport address_verify_relay_transport +other default_transport address_verify_default_transport + +By default, the parameters that control delivery of address probes +have the same value as the parameters that control normal mail +delivery. + +Examples +-------- + +In a typical scenario one would override the relayhost setting +for address verification probes and leave everything else alone: + +/etc/postfix/main.cf: + relayhost = $mydomain + address_verify_relayhost = + +Sites behind an address translation relay might have to use a +different SMTP client that sends the correct hostname information: + +/etc/postfix/main.cf: + relayhost = $mydomain + address_verify_relayhost = + address_verify_default_transport = direct_smtp + +/etc/postfix/master.cf: + direct_smtp .. .. .. .. .. .. .. .. .. smtp -o smtp_helo_name=nat.box.tld + +Limitations +----------- + +Inconsistencies can happen when probe messages don't follow the +same path as regular mail. For example, a message can be accepted +when it follows the regular route while an otherwise identical +probe message is rejected when it follows the forced route. The +opposite can happen, too, but is less likely. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 710866067..0ac0eb790 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -22,6 +22,19 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. +Major changes with Postfix snapshot 2.0.11-20030609 +=================================================== + +Address verification probes can now follow a different route than +ordinary mail. To make this possible, the address resolver supports +multiple personalities. The regular personality is used for regular +mail, and the alternate personality is used for address verification +probes. The alternate personality is controlled by parameters named +address_verify_X with X = relayhost, transport_maps, local_transport, +virtual_transport, relay_transport, and default_transport. These +alternate parameters have by default the same values as the regular +parameters. For more detail see the ADDRESS_VERIFICATION_README file. + Major changes with Postfix snapshot 2.0.11-20030606 =================================================== @@ -29,7 +42,8 @@ Complete rewrite of the queue file record reading loops in the pickup, cleanup and in the queue manager daemons. This code had deteriorated over time. The new code eliminates an old problem where the queue manager had to read most queue file records twice -in the case of very large alias/include file expansions. +in the case of an alias/include file expansion with more than +qmgr_message_recipient_limit recipients. Incompatible changes with Postfix snapshot 2.0.8-20030417 ========================================================= diff --git a/postfix/conf/sample-verify.cf b/postfix/conf/sample-verify.cf index 75094bf06..0d20eac2a 100644 --- a/postfix/conf/sample-verify.cf +++ b/postfix/conf/sample-verify.cf @@ -79,3 +79,51 @@ address_verify_negative_expire_time = 3d # Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). # address_verify_negative_refresh_time = 2h + +# +# ADDRESS PROBE DELIVERY +# +# Normally, address verification probe messages are sent along the +# same path as regular mail. This usually produces the most accurate +# result. However, some sites have a more complex infrastructure. +# +# The parameters below allow you to override specific aspects of +# Postfix mail delivery routing. Typically, one would override +# relayhost, default_transport and/or transport_maps and leave +# everything else alone. +# + +# The address_verify_transport_maps configuration parameter overrides +# the transport_maps parameter setting for address verification +# probes. +# +address_verify_transport_maps = $transport_maps + +# The address_verify_relayhost configuration parameter overrides the +# relayhost parameter setting for address verification probes. +# +address_verify_relayhost = $relayhost + +# The address_verify_default_transport configuration parameter +# overrides the default_transport parameter setting for address +# verification probes. +# +address_verify_default_transport = $default_transport + +# The address_verify_relay_transport configuration parameter +# overrides the relay_transport parameter setting for address +# verification probes. +# +address_verify_relay_transport = $relay_transport + +# The address_verify_virtual_transport configuration parameter +# overrides the virtual_transport parameter setting for address +# verification probes. +# +address_verify_virtual_transport = $virtual_transport + +# The address_verify_local_transport configuration parameter +# overrides the local_transport parameter setting for address +# verification probes. +# +address_verify_local_transport = $local_transport diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index bc7f10c99..6d6f272f6 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -9,7 +9,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) trivial-rewrite [generic Postfix daemon options] DESCRIPTION - The trivial-rewrite daemon processes two types of client + The trivial-rewrite daemon processes three types of client service requests: rewrite @@ -37,62 +37,65 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) The envelope recipient address that is passed on to nexthop. + verify Resolve an address for address verification pur- + poses. + DEFAULT DELIVERY METHODS - By default, Postfix uses one of the following delivery - methods. This may be overruled with the optional trans- + By default, Postfix uses one of the following delivery + methods. This may be overruled with the optional trans- port(5) table. The default delivery method is selected by - matching the recipient address domain against one of the + matching the recipient address domain against one of the following: $mydestination $inet_interfaces - The transport and optional nexthop are specified - with $local_transport. The default nexthop is the + The transport and optional nexthop are specified + with $local_transport. The default nexthop is the recipient domain. $virtual_alias_domains - The recipient address is undeliverable (user - unknown). By definition, all known addresses in a - virtual alias domain are aliased to other + The recipient address is undeliverable (user + unknown). By definition, all known addresses in a + virtual alias domain are aliased to other addresses. $virtual_mailbox_domains - The transport and optional nexthop are specified - with $virtual_transport. The default nexthop is + The transport and optional nexthop are specified + with $virtual_transport. The default nexthop is the recipient domain. $relay_domains - The transport and optional nexthop are specified - with $relay_transport. This overrides the optional - nexthop information that is specified with $relay- + The transport and optional nexthop are specified + with $relay_transport. This overrides the optional + nexthop information that is specified with $relay- host. The default nexthop is the recipient domain. none of the above - The transport and optional nexthop are specified - with $default_transport. This overrides the + The transport and optional nexthop are specified + with $default_transport. This overrides the optional nexthop information that is specified with - $relayhost. The default nexthop is the recipient + $relayhost. The default nexthop is the recipient domain. SERVER PROCESS MANAGEMENT The trivial-rewrite servers run under control by the Post- fix master server. Each server can handle multiple simul- - taneous connections. When all servers are busy while a - client connects, the master creates a new server process, - provided that the trivial-rewrite server process limit is + taneous connections. When all servers are busy while a + client connects, the master creates a new server process, + provided that the trivial-rewrite server process limit is not exceeded. Each trivial-rewrite server terminates after serving at least $max_use clients of after $max_idle seconds of idle time. STANDARDS - None. The command does not interact with the outside + None. The command does not interact with the outside world. SECURITY - The trivial-rewrite daemon is not security sensitive. By - default, this daemon does not talk to remote or local - users. It can run at a fixed low privilege in a chrooted + The trivial-rewrite daemon is not security sensitive. By + default, this daemon does not talk to remote or local + users. It can run at a fixed low privilege in a chrooted environment. DIAGNOSTICS @@ -100,21 +103,21 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) BUGS CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + The following main.cf parameters are especially relevant + to this program. See the Postfix main.cf file for syntax + details and for default values. Use the postfix reload command after a configuration change. Miscellaneous empty_address_recipient - The recipient that is substituted for the null + The recipient that is substituted for the null address. inet_interfaces - The network interfaces that this mail system - receives mail on. This information is used to - determine if user@[net.work.addr.ess] is local or - remote. Mail for local users is given to the + The network interfaces that this mail system + receives mail on. This information is used to + determine if user@[net.work.addr.ess] is local or + remote. Mail for local users is given to the $local_transport. mydestination @@ -122,8 +125,8 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) port. virtual_alias_domains - List of simulated virtual domains (domains with all - recipients aliased to some other local or remote + List of virtual alias domains (domains with all + recipients aliased to some other local or remote domain). virtual_mailbox_domains @@ -136,10 +139,10 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) resolve_unquoted_address When resolving an address, do not quote the address - localpart as per RFC 822, so that additional @, % - or ! characters remain visible. This is techni- + localpart as per RFC 822, so that additional @, % + or ! characters remain visible. This is techni- cally incorrect, but allows us to stop relay - attacks when forwarding mail to a Sendmail primary + attacks when forwarding mail to a Sendmail primary MX host. relocated_maps @@ -165,52 +168,61 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) Routing local_transport - Where to deliver mail for destinations that match - $mydestination or $inet_interfaces. The default + Where to deliver mail for destinations that match + $mydestination or $inet_interfaces. The default transport is local:$myhostname. - Syntax is transport:nexthop; see transport(5) for + Syntax is transport:nexthop; see transport(5) for details. The :nexthop part is optional. virtual_transport - Where to deliver mail for non-local domains that + Where to deliver mail for non-local domains that match $virtual_mailbox_domains. The default trans- port is virtual. - Syntax is transport:nexthop; see transport(5) for + Syntax is transport:nexthop; see transport(5) for details. The :nexthop part is optional. relay_transport - Where to deliver mail for non-local domains that - match $relay_domains. The default transport is + Where to deliver mail for non-local domains that + match $relay_domains. The default transport is relay (which normally is a clone of the smtp trans- port). - Syntax is transport:nexthop; see transport(5) for + Syntax is transport:nexthop; see transport(5) for details. The :nexthop part is optional. default_transport - Where to deliver all other non-local mail. The + Where to deliver all other non-local mail. The default transport is smtp. - Syntax is transport:nexthop; see transport(5) for + Syntax is transport:nexthop; see transport(5) for details. The :nexthop part is optional. parent_domain_matches_subdomains - List of Postfix features that use domain.tld pat- - terns to match sub.domain.tld (as opposed to + List of Postfix features that use domain.tld pat- + terns to match sub.domain.tld (as opposed to requiring .domain.tld patterns). relayhost - The default host to send non-local mail to when no - host is specified with $relay_transport or - $default_transport, and when the recipient address + The default host to send non-local mail to when no + host is specified with $relay_transport or + $default_transport, and when the recipient address does not match the optional the transport(5) table. transport_maps - List of tables with recipient or domain to (trans- + List of tables with recipient or domain to (trans- port, nexthop) mappings. +Address verification + By default, address verification probes use the same route + as regular mail. To override specific aspects of message + routing for address verification probes, specify one or + more of the following: address_verify_local_transport, + address_verify_virtual_transport, address_ver- + ify_relay_transport, address_verify_default_transport, + address_verify_relayhost, address_verify_transport_maps. + SEE ALSO master(8) process manager syslogd(8) system logging @@ -218,7 +230,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) relocated(5) format of the "user has moved" table LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/verify.8.html b/postfix/html/verify.8.html index b0f67a1f2..b0e2982c3 100644 --- a/postfix/html/verify.8.html +++ b/postfix/html/verify.8.html @@ -93,6 +93,7 @@ VERIFY(8) VERIFY(8) default values. Use the postfix reload command after a configuration change. +Cache control address_verify_map Optional table for persistent recipient status storage. The file is opened before the process @@ -135,8 +136,31 @@ VERIFY(8) VERIFY(8) probe is sent to verify that a known to be bad address is still bad. +Probe message routing + By default, probe messages are delivered via the same + route as regular messages. The following parameters can + be used to override specific message routing mechanisms. + + address_verify_relayhost + Overrides the relayhost setting. + + address_verify_transport_maps + Overrides the transport_maps setting. + + address_verify_local_transport + Overrides the local_transport setting. + + address_verify_virtual_transport + Overrides the virtual_transport setting. + + address_verify_relay_transport + Overrides the relay_transport setting. + + address_verify_default_transport + Overrides the default_transport setting. + SEE ALSO - verify_clnt(3) address verification client + trivial-rewrite(8) address rewriting and resolving LICENSE The Secure Mailer license must be distributed with this diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index a768b873e..cd3be7f91 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -12,7 +12,7 @@ Postfix address rewriting and resolving daemon .SH DESCRIPTION .ad .fi -The \fBtrivial-rewrite\fR daemon processes two types of client +The \fBtrivial-rewrite\fR daemon processes three types of client service requests: .IP \fBrewrite\fR Rewrite an address to standard form. The \fBtrivial-rewrite\fR @@ -32,6 +32,8 @@ The host to send to and optional delivery method information. .IP \fIrecipient\fR The envelope recipient address that is passed on to \fInexthop\fR. .RE +.IP \fBverify\fR +Resolve an address for address verification purposes. .SH DEFAULT DELIVERY METHODS .na .nf @@ -121,7 +123,7 @@ Mail for local users is given to the \fB$local_transport\fR. .IP \fBmydestination\fR List of domains that are given to the \fB$local_transport\fR. .IP \fBvirtual_alias_domains\fR -List of simulated virtual domains (domains with all recipients +List of virtual alias domains (domains with all recipients aliased to some other local or remote domain). .IP \fBvirtual_mailbox_domains\fR List of domains that are given to the \fB$virtual_transport\fR. @@ -192,6 +194,19 @@ and when the recipient address does not match the optional the .IP \fBtransport_maps\fR List of tables with \fIrecipient\fR or \fIdomain\fR to (\fItransport, nexthop\fR) mappings. +.SH Address verification +.ad +.fi +By default, address verification probes use the same route +as regular mail. To override specific aspects of message +routing for address verification probes, specify one or more +of the following: +\fBaddress_verify_local_transport\fR, +\fBaddress_verify_virtual_transport\fR, +\fBaddress_verify_relay_transport\fR, +\fBaddress_verify_default_transport\fR, +\fBaddress_verify_relayhost\fR, +\fBaddress_verify_transport_maps\fR. .SH SEE ALSO .na .nf diff --git a/postfix/man/man8/verify.8 b/postfix/man/man8/verify.8 index 2e6979947..d4d9d347b 100644 --- a/postfix/man/man8/verify.8 +++ b/postfix/man/man8/verify.8 @@ -91,6 +91,9 @@ a basic Postfix principle. See the Postfix \fBmain.cf\fR file for syntax details and for default values. Use the \fBpostfix reload\fR command after a configuration change. +.SH Cache control +.ad +.fi .IP \fBaddress_verify_map\fR Optional table for persistent recipient status storage. The file is opened before the process enters a chroot jail and before @@ -120,10 +123,28 @@ The amount of time after which a rejected address expires. .IP \fBaddress_verify_negative_refresh_time\fR The minimal amount of time after which a proactive probe is sent to verify that a known to be bad address is still bad. +.SH Probe message routing +.ad +.fi +By default, probe messages are delivered via the same route +as regular messages. The following parameters can be used to +override specific message routing mechanisms. +.IP \fBaddress_verify_relayhost\fR +Overrides the \fBrelayhost\fR setting. +.IP \fBaddress_verify_transport_maps\fR +Overrides the \fBtransport_maps\fR setting. +.IP \fBaddress_verify_local_transport\fR +Overrides the \fBlocal_transport\fR setting. +.IP \fBaddress_verify_virtual_transport\fR +Overrides the \fBvirtual_transport\fR setting. +.IP \fBaddress_verify_relay_transport\fR +Overrides the \fBrelay_transport\fR setting. +.IP \fBaddress_verify_default_transport\fR +Overrides the \fBdefault_transport\fR setting. .SH SEE ALSO .na .nf -verify_clnt(3) address verification client +trivial-rewrite(8) address rewriting and resolving .SH LICENSE .na .nf diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 3c8021d5d..f1675e2d3 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1691,6 +1691,30 @@ extern bool var_verify_neg_cache; #define DEF_VERIFY_SENDER "postmaster" extern char *var_verify_sender; +#define VAR_VRFY_LOCAL_XPORT "address_verify_local_transport" +#define DEF_VRFY_LOCAL_XPORT "$" VAR_LOCAL_TRANSPORT +extern char *var_vrfy_local_xport; + +#define VAR_VRFY_VIRT_XPORT "address_verify_virtual_transport" +#define DEF_VRFY_VIRT_XPORT "$" VAR_VIRT_TRANSPORT +extern char *var_vrfy_virt_xport; + +#define VAR_VRFY_RELAY_XPORT "address_verify_relay_transport" +#define DEF_VRFY_RELAY_XPORT "$" VAR_RELAY_TRANSPORT +extern char *var_vrfy_relay_xport; + +#define VAR_VRFY_DEF_XPORT "address_verify_default_transport" +#define DEF_VRFY_DEF_XPORT "$" VAR_DEF_TRANSPORT +extern char *var_vrfy_def_xport; + +#define VAR_VRFY_RELAYHOST "address_verify_relayhost" +#define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST +extern char *var_vrfy_relayhost; + +#define VAR_VRFY_XPORT_MAPS "address_verify_transport_maps" +#define DEF_VRFY_XPORT_MAPS "$" VAR_TRANSPORT_MAPS +extern char *var_vrfy_xport_maps; + /* * Message delivery trace service. */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index a71ab8f1b..71e87d62e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20030606" +#define MAIL_RELEASE_DATE "20030609" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION "2.0.11-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/qmgr_user.h b/postfix/src/global/qmgr_user.h index 639712997..6f98ad73e 100644 --- a/postfix/src/global/qmgr_user.h +++ b/postfix/src/global/qmgr_user.h @@ -17,6 +17,8 @@ #define QMGR_READ_FLAG_NONE 0 /* No special features */ #define QMGR_READ_FLAG_MIXED_RCPT_OTHER (1<<0) /* Mixed recipient/other */ +#define QMGR_READ_FLAG_USER (QMGR_READ_FLAG_MIXED_RCPT_OTHER) + /* * Backwards compatibility. */ diff --git a/postfix/src/global/resolve_clnt.c b/postfix/src/global/resolve_clnt.c index c6f1e2dd5..5892018d2 100644 --- a/postfix/src/global/resolve_clnt.c +++ b/postfix/src/global/resolve_clnt.c @@ -19,7 +19,11 @@ /* RESOLVE_REPLY *reply; /* /* void resolve_clnt_query(address, reply) -/* const char *address +/* const char *address; +/* RESOLVE_REPLY *reply; +/* +/* void resolve_clnt_verify(address, reply) +/* const char *address; /* RESOLVE_REPLY *reply; /* /* void resolve_clnt_free(reply) @@ -37,6 +41,9 @@ /* address. In case of communication failure the program keeps trying /* until the mail system goes down. /* +/* resolve_clnt_verify() implements an alternative version that can +/* be used for address verification. +/* /* In the resolver reply, the flags member is the bit-wise OR of /* zero or more of the following: /* .IP RESOLVE_FLAG_FINAL @@ -132,11 +139,11 @@ void resolve_clnt_init(RESOLVE_REPLY *reply) reply->flags = 0; } -/* resolve_clnt_query - resolve address to (transport, next hop, recipient) */ +/* resolve_clnt - resolve address to (transport, next hop, recipient) */ -void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply) +void resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply) { - char *myname = "resolve_clnt_query"; + char *myname = "resolve_clnt"; VSTREAM *stream; /* @@ -186,7 +193,7 @@ void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply) stream = clnt_stream_access(rewrite_clnt_stream); errno = 0; if (attr_print(stream, ATTR_FLAG_NONE, - ATTR_TYPE_STR, MAIL_ATTR_REQ, RESOLVE_ADDR, + ATTR_TYPE_STR, MAIL_ATTR_REQ, class, ATTR_TYPE_STR, MAIL_ATTR_ADDR, addr, ATTR_TYPE_END) != 0 || vstream_fflush(stream) diff --git a/postfix/src/global/resolve_clnt.h b/postfix/src/global/resolve_clnt.h index 6f7264b0b..d96ea1863 100644 --- a/postfix/src/global/resolve_clnt.h +++ b/postfix/src/global/resolve_clnt.h @@ -19,7 +19,8 @@ /* * External interface. */ -#define RESOLVE_ADDR "resolve" +#define RESOLVE_REGULAR "resolve" +#define RESOLVE_VERIFY "verify" #define RESOLVE_FLAG_FINAL (1<<0) /* final delivery */ #define RESOLVE_FLAG_ROUTED (1<<1) /* routed destination */ @@ -40,12 +41,15 @@ typedef struct RESOLVE_REPLY { VSTRING *nexthop; VSTRING *recipient; int flags; -} RESOLVE_REPLY; +} RESOLVE_REPLY; extern void resolve_clnt_init(RESOLVE_REPLY *); -extern void resolve_clnt_query(const char *, RESOLVE_REPLY *); +extern void resolve_clnt(const char *, const char *, RESOLVE_REPLY *); extern void resolve_clnt_free(RESOLVE_REPLY *); +#define resolve_clnt_query(a, r) resolve_clnt(RESOLVE_REGULAR, (a), (r)) +#define resolve_clnt_verify(a, r) resolve_clnt(RESOLVE_VERIFY, (a), (r)) + #define RESOLVE_CLNT_ASSIGN(reply, transport, nexthop, recipient) { \ (reply).transport = (transport); \ (reply).nexthop = (nexthop); \ diff --git a/postfix/src/global/sent.h b/postfix/src/global/sent.h index c552423d5..ce7d55950 100644 --- a/postfix/src/global/sent.h +++ b/postfix/src/global/sent.h @@ -42,6 +42,5 @@ extern int vsent(int, const char *, const char *, const char *, const char *, /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /*--*/ -/**INDENT** Error@17: Unmatched #endif */ #endif diff --git a/postfix/src/local/Makefile.in b/postfix/src/local/Makefile.in index 96dcf6b9e..038e81edc 100644 --- a/postfix/src/local/Makefile.in +++ b/postfix/src/local/Makefile.in @@ -468,6 +468,7 @@ token.o: ../../include/mail_params.h token.o: ../../include/bounce.h token.o: ../../include/deliver_request.h token.o: ../../include/recipient_list.h +token.o: ../../include/defer.h token.o: local.h token.o: ../../include/been_here.h token.o: ../../include/mbox_conf.h diff --git a/postfix/src/nqmgr/qmgr_message.c b/postfix/src/nqmgr/qmgr_message.c index b1771b8f2..5ac19442d 100644 --- a/postfix/src/nqmgr/qmgr_message.c +++ b/postfix/src/nqmgr/qmgr_message.c @@ -293,6 +293,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message) int rec_type; long curr_offset; long save_offset = message->rcpt_offset; /* save a flag */ + int save_unread = message->rcpt_unread; /* save a count */ char *start; int recipient_limit; const char *error_text; @@ -460,7 +461,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message) rec_type = REC_TYPE_ERROR; break; } - if (message->rflags & (~0 << 16)) { + if (message->rflags & ~QMGR_READ_FLAG_USER) { msg_warn("%s: invalid flags in size record: %.100s", message->queue_id, start); rec_type = REC_TYPE_ERROR; @@ -616,7 +617,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message) return (0); } message->rcpt_offset = save_offset; /* restore flag */ - message->rcpt_unread += message->rcpt_list.len; + message->rcpt_unread = save_unread; /* restore count */ qmgr_rcpt_list_free(&message->rcpt_list); qmgr_rcpt_list_init(&message->rcpt_list); return (-1); @@ -720,7 +721,10 @@ static void qmgr_message_sort(QMGR_MESSAGE *message) static int qmgr_resolve_one(QMGR_MESSAGE *message, QMGR_RCPT *recipient, const char *addr, RESOLVE_REPLY *reply) { - resolve_clnt_query(addr, reply); + if ((message->tflags & DEL_REQ_FLAG_VERIFY) == 0) + resolve_clnt_query(addr, reply); + else + resolve_clnt_verify(addr, reply); if (reply->flags & RESOLVE_FLAG_FAIL) { qmgr_defer_recipient(message, recipient, "address resolver failure"); return (-1); diff --git a/postfix/src/pickup/Makefile.in b/postfix/src/pickup/Makefile.in index 9a078de4f..42c8e60ff 100644 --- a/postfix/src/pickup/Makefile.in +++ b/postfix/src/pickup/Makefile.in @@ -64,7 +64,6 @@ pickup.o: ../../include/vbuf.h pickup.o: ../../include/vstream.h pickup.o: ../../include/set_ugid.h pickup.o: ../../include/safe_open.h -pickup.o: ../../include/stringops.h pickup.o: ../../include/mail_queue.h pickup.o: ../../include/mail_open_ok.h pickup.o: ../../include/mymalloc.h diff --git a/postfix/src/postdrop/Makefile.in b/postfix/src/postdrop/Makefile.in index 01cbe2893..846e70fde 100644 --- a/postfix/src/postdrop/Makefile.in +++ b/postfix/src/postdrop/Makefile.in @@ -66,6 +66,7 @@ postdrop.o: ../../include/msg_vstream.h postdrop.o: ../../include/msg_syslog.h postdrop.o: ../../include/argv.h postdrop.o: ../../include/iostuff.h +postdrop.o: ../../include/stringops.h postdrop.o: ../../include/mail_proto.h postdrop.o: ../../include/attr.h postdrop.o: ../../include/mail_queue.h diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index d72664012..b556179b7 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -426,7 +426,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message) rec_type = REC_TYPE_ERROR; break; } - if (message->rflags & (~0 << 16)) { + if (message->rflags & ~QMGR_READ_FLAG_USER) { msg_warn("%s: invalid flags in size record: %.100s", message->queue_id, start); rec_type = REC_TYPE_ERROR; @@ -677,7 +677,10 @@ static void qmgr_message_sort(QMGR_MESSAGE *message) static int qmgr_resolve_one(QMGR_MESSAGE *message, QMGR_RCPT *recipient, const char *addr, RESOLVE_REPLY *reply) { - resolve_clnt_query(addr, reply); + if ((message->tflags & DEL_REQ_FLAG_VERIFY) == 0) + resolve_clnt_query(addr, reply); + else + resolve_clnt_verify(addr, reply); if (reply->flags & RESOLVE_FLAG_FAIL) { qmgr_defer_recipient(message, recipient, "address resolver failure"); return (-1); diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in index 59772ff3a..fbb022397 100644 --- a/postfix/src/smtpd/Makefile.in +++ b/postfix/src/smtpd/Makefile.in @@ -121,11 +121,11 @@ smtpd.o: ../../include/valid_hostname.h smtpd.o: ../../include/dict.h smtpd.o: ../../include/argv.h smtpd.o: ../../include/watchdog.h +smtpd.o: ../../include/iostuff.h smtpd.o: ../../include/mail_params.h smtpd.o: ../../include/record.h smtpd.o: ../../include/rec_type.h smtpd.o: ../../include/mail_proto.h -smtpd.o: ../../include/iostuff.h smtpd.o: ../../include/attr.h smtpd.o: ../../include/cleanup_user.h smtpd.o: ../../include/mail_date.h diff --git a/postfix/src/trivial-rewrite/Makefile.in b/postfix/src/trivial-rewrite/Makefile.in index e8d9bc217..556aaf047 100644 --- a/postfix/src/trivial-rewrite/Makefile.in +++ b/postfix/src/trivial-rewrite/Makefile.in @@ -155,3 +155,4 @@ trivial-rewrite.o: ../../include/mail_addr.h trivial-rewrite.o: ../../include/mail_server.h trivial-rewrite.o: trivial-rewrite.h trivial-rewrite.o: transport.h +trivial-rewrite.o: ../../include/maps.h diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index f583778ac..8fa0ac8f2 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -8,13 +8,9 @@ /* /* void resolve_init(void) /* -/* void resolve_proto(stream) +/* void resolve_proto(context, stream) +/* RES_CONTEXT *context; /* VSTREAM *stream; -/* -/* void resolve_addr(rule, addr, result) -/* char *rule; -/* char *addr; -/* VSTRING *result; /* DESCRIPTION /* This module implements the trivial address resolving engine. /* It distinguishes between local and remote mail, and optionally @@ -28,10 +24,6 @@ /* resolve_proto() implements the client-server protocol: /* read one address in FQDN form, reply with a (transport, /* nexthop, internalized recipient) triple. -/* -/* resolve_addr() gives direct access to the address resolving -/* engine. It resolves an internalized address to a (transport, -/* nexthop, internalized recipient) triple. /* STANDARDS /* DIAGNOSTICS /* Problems and transactions are logged to the syslog daemon. @@ -138,8 +130,9 @@ static MAPS *relocated_maps; /* resolve_addr - resolve address according to rule set */ -void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, - VSTRING *nextrcpt, int *flags) +static void resolve_addr(RES_CONTEXT *rp, char *addr, + VSTRING *channel, VSTRING *nexthop, + VSTRING *nextrcpt, int *flags) { char *myname = "resolve_addr"; VSTRING *addr_buf = vstring_alloc(100); @@ -435,9 +428,9 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, rcpt_domain, VAR_VIRT_MAILBOX_DOMS, VAR_RELAY_DOMAINS); } - vstring_strcpy(channel, var_virt_transport); + vstring_strcpy(channel, RES_PARAM_VALUE(rp->virt_transport)); vstring_strcpy(nexthop, rcpt_domain); - blame = VAR_VIRT_TRANSPORT; + blame = rp->virt_transport_name; *flags |= RESOLVE_CLASS_VIRTUAL; } else if (dict_errno != 0) { msg_warn("%s lookup failure", VAR_VIRT_MAILBOX_DOMS); @@ -450,8 +443,8 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, */ if (relay_domains && domain_list_match(relay_domains, rcpt_domain)) { - vstring_strcpy(channel, var_relay_transport); - blame = VAR_RELAY_TRANSPORT; + vstring_strcpy(channel, RES_PARAM_VALUE(rp->relay_transport)); + blame = rp->relay_transport_name; *flags |= RESOLVE_CLASS_RELAY; } else if (dict_errno != 0) { msg_warn("%s lookup failure", VAR_RELAY_DOMAINS); @@ -463,16 +456,16 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, * Other off-host destination. */ else { - vstring_strcpy(channel, var_def_transport); - blame = VAR_DEF_TRANSPORT; + vstring_strcpy(channel, RES_PARAM_VALUE(rp->def_transport)); + blame = rp->def_transport_name; *flags |= RESOLVE_CLASS_DEFAULT; } /* * With off-host delivery, relayhost overrides recipient domain. */ - if (*var_relayhost) - vstring_strcpy(nexthop, var_relayhost); + if (*RES_PARAM_VALUE(rp->relayhost)) + vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost)); else vstring_strcpy(nexthop, rcpt_domain); } @@ -495,9 +488,9 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, msg_warn("do not list domain %s in BOTH %s and %s", rcpt_domain, VAR_MYDEST, VAR_VIRT_MAILBOX_DOMS); } - vstring_strcpy(channel, var_local_transport); + vstring_strcpy(channel, RES_PARAM_VALUE(rp->local_transport)); vstring_strcpy(nexthop, rcpt_domain); - blame = VAR_LOCAL_TRANSPORT; + blame = rp->local_transport_name; *flags |= RESOLVE_CLASS_LOCAL; } @@ -553,10 +546,11 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, * * XXX Don't override the virtual alias class (error:User unknown) result. */ - if (*var_transport_maps && !(*flags & RESOLVE_CLASS_ALIAS)) { - if (transport_lookup(STR(nextrcpt), rcpt_domain, channel, nexthop) == 0 + if (rp->transport_info && !(*flags & RESOLVE_CLASS_ALIAS)) { + if (transport_lookup(rp->transport_info, STR(nextrcpt), + rcpt_domain, channel, nexthop) == 0 && dict_errno != 0) { - msg_warn("%s lookup failure", VAR_TRANSPORT_MAPS); + msg_warn("%s lookup failure", rp->transport_maps_name); *flags |= RESOLVE_FLAG_FAIL; FREE_MEMORY_AND_RETURN; } @@ -602,7 +596,7 @@ static VSTRING *query; /* resolve_proto - read request and send reply */ -int resolve_proto(VSTREAM *stream) +int resolve_proto(RES_CONTEXT *context, VSTREAM *stream) { int flags; @@ -611,7 +605,8 @@ int resolve_proto(VSTREAM *stream) ATTR_TYPE_END) != 1) return (-1); - resolve_addr(STR(query), channel, nexthop, nextrcpt, &flags); + resolve_addr(context, STR(query), + channel, nexthop, nextrcpt, &flags); if (msg_verbose) msg_info("%s -> (`%s' `%s' `%s' `%d')", STR(query), STR(channel), diff --git a/postfix/src/trivial-rewrite/transport.c b/postfix/src/trivial-rewrite/transport.c index 3c0cfc8a3..3452fb84e 100644 --- a/postfix/src/trivial-rewrite/transport.c +++ b/postfix/src/trivial-rewrite/transport.c @@ -6,21 +6,33 @@ /* SYNOPSIS /* #include "transport.h" /* -/* void transport_init() +/* TRANSPORT_INFO *transport_pre_init(maps_name, maps) +/* const char *maps_name; +/* const char *maps; /* -/* int transport_lookup(address, rcpt_domain, channel, nexthop) +/* void transport_post_init(info) +/* TRANSPORT_INFO *info; +/* +/* int transport_lookup(info, address, rcpt_domain, channel, nexthop) +/* TRANSPORT_INFO *info; /* const char *address; /* const char *rcpt_domain; /* VSTRING *channel; /* VSTRING *nexthop; +/* +/* void transport_free(info); +/* TRANSPORT_INFO * info; /* DESCRIPTION /* This module implements access to the table that maps transport /* user@domain addresses to (channel, nexthop) tuples. /* -/* transport_init() performs initializations that should be +/* transport_pre_init() performs initializations that should be /* done before the process enters the chroot jail, and /* before calling transport_lookup(). /* +/* transport_post_init() can be invoked after entering the chroot +/* jail, and must be called before before calling transport_lookup(). +/* /* transport_lookup() finds the channel and nexthop for the given /* domain, and returns 1 if something was found. Otherwise, 0 /* is returned. @@ -72,23 +84,46 @@ #include "transport.h" -static MAPS *transport_path; static int transport_match_parent_style; -static VSTRING *wildcard_channel; -static VSTRING *wildcard_nexthop; -static int transport_errno; #define STR(x) vstring_str(x) -/* transport_init - pre-jail initialization */ +static void transport_wildcard_init(TRANSPORT_INFO *); + +/* transport_pre_init - pre-jail initialization */ -void transport_init(void) +TRANSPORT_INFO *transport_pre_init(const char *transport_maps_name, + const char *transport_maps) +{ + TRANSPORT_INFO *tp; + + tp = (TRANSPORT_INFO *) mymalloc(sizeof(*tp)); + tp->transport_path = maps_create(transport_maps_name, transport_maps, + DICT_FLAG_LOCK); + tp->wildcard_channel = tp->wildcard_nexthop = 0; + tp->transport_errno = 0; + return (tp); +} + +/* transport_post_init - post-jail initialization */ + +void transport_post_init(TRANSPORT_INFO *tp) { - if (transport_path) - msg_panic("transport_init: repeated call"); - transport_path = maps_create("transport", var_transport_maps, - DICT_FLAG_LOCK); transport_match_parent_style = match_parent_style(VAR_TRANSPORT_MAPS); + transport_wildcard_init(tp); +} + +/* transport_free - destroy transport info */ + +void transport_free(TRANSPORT_INFO *tp) +{ + if (tp->transport_path) + maps_free(tp->transport_path); + if (tp->wildcard_channel) + vstring_free(tp->wildcard_channel); + if (tp->wildcard_nexthop) + vstring_free(tp->wildcard_nexthop); + myfree((char *) tp); } /* update_entry - update from transport table entry */ @@ -125,8 +160,9 @@ static void update_entry(const char *new_channel, const char *new_nexthop, /* find_transport_entry - look up and parse transport table entry */ -static int find_transport_entry(const char *key, const char *rcpt_domain, - int flags, VSTRING *channel, VSTRING *nexthop) +static int find_transport_entry(TRANSPORT_INFO *tp, const char *key, + const char *rcpt_domain, int flags, + VSTRING *channel, VSTRING *nexthop) { char *saved_value; const char *host; @@ -140,15 +176,12 @@ static int find_transport_entry(const char *key, const char *rcpt_domain, #define FOUND 1 #define NOTFOUND 0 - if (transport_path == 0) - msg_panic("find_transport_entry: missing initialization"); - /* * Look up an entry with extreme prejudice. * * XXX Should report lookup failure status to caller instead of aborting. */ - if ((value = maps_find(transport_path, key, flags)) == 0) + if ((value = maps_find(tp->transport_path, key, flags)) == 0) return (NOTFOUND); /* @@ -168,9 +201,9 @@ static int find_transport_entry(const char *key, const char *rcpt_domain, } } -/* transport_wildcard_init - post-jail initialization */ +/* transport_wildcard_init - (re) initialize wild-card lookup result */ -void transport_wildcard_init(void) +static void transport_wildcard_init(TRANSPORT_INFO *tp) { VSTRING *channel = vstring_alloc(10); VSTRING *nexthop = vstring_alloc(10); @@ -189,15 +222,19 @@ void transport_wildcard_init(void) #define FULL 0 #define PARTIAL DICT_FLAG_FIXED - if (find_transport_entry(WILDCARD, "", FULL, channel, nexthop)) { - transport_errno = 0; - wildcard_channel = channel; - wildcard_nexthop = nexthop; + if (find_transport_entry(tp, WILDCARD, "", FULL, channel, nexthop)) { + tp->transport_errno = 0; + if (tp->wildcard_channel) + vstring_free(tp->wildcard_channel); + tp->wildcard_channel = channel; + if (tp->wildcard_nexthop) + vstring_free(tp->wildcard_nexthop); + tp->wildcard_nexthop = nexthop; if (msg_verbose) msg_info("wildcard_{chan:hop}={%s:%s}", - vstring_str(wildcard_channel), vstring_str(wildcard_nexthop)); + vstring_str(channel), vstring_str(nexthop)); } else { - transport_errno = dict_errno; + tp->transport_errno = dict_errno; vstring_free(channel); vstring_free(nexthop); } @@ -205,7 +242,8 @@ void transport_wildcard_init(void) /* transport_lookup - map a transport domain */ -int transport_lookup(const char *addr, const char *rcpt_domain, +int transport_lookup(TRANSPORT_INFO *tp, const char *addr, + const char *rcpt_domain, VSTRING *channel, VSTRING *nexthop) { char *full_addr; @@ -243,7 +281,7 @@ int transport_lookup(const char *addr, const char *rcpt_domain, if ((ratsign = strrchr(full_addr, '@')) == 0 || ratsign[1] == 0) msg_panic("transport_lookup: bad address: \"%s\"", full_addr); - if (find_transport_entry(full_addr, rcpt_domain, FULL, channel, nexthop)) + if (find_transport_entry(tp, full_addr, rcpt_domain, FULL, channel, nexthop)) RETURN_FREE(FOUND); if (dict_errno != 0) RETURN_FREE(NOTFOUND); @@ -255,7 +293,7 @@ int transport_lookup(const char *addr, const char *rcpt_domain, */ if ((stripped_addr = strip_addr(full_addr, DISCARD_EXTENSION, *var_rcpt_delim)) != 0) { - found = find_transport_entry(stripped_addr, rcpt_domain, PARTIAL, + found = find_transport_entry(tp, stripped_addr, rcpt_domain, PARTIAL, channel, nexthop); myfree(stripped_addr); @@ -282,7 +320,7 @@ int transport_lookup(const char *addr, const char *rcpt_domain, * with regular expressions. */ for (name = ratsign + 1; /* void */ ; name = next) { - if (find_transport_entry(name, rcpt_domain, PARTIAL, channel, nexthop)) + if (find_transport_entry(tp, name, rcpt_domain, PARTIAL, channel, nexthop)) RETURN_FREE(FOUND); if (dict_errno != 0) RETURN_FREE(NOTFOUND); @@ -295,13 +333,13 @@ int transport_lookup(const char *addr, const char *rcpt_domain, /* * Fall back to the wild-card entry. */ - if (transport_errno) - transport_wildcard_init(); - if (transport_errno) { - dict_errno = transport_errno; + if (tp->transport_errno) + transport_wildcard_init(tp); + if (tp->transport_errno) { + dict_errno = tp->transport_errno; RETURN_FREE(NOTFOUND); - } else if (wildcard_channel) { - update_entry(STR(wildcard_channel), STR(wildcard_nexthop), + } else if (tp->wildcard_channel) { + update_entry(STR(tp->wildcard_channel), STR(tp->wildcard_nexthop), rcpt_domain, channel, nexthop); RETURN_FREE(FOUND); } diff --git a/postfix/src/trivial-rewrite/transport.h b/postfix/src/trivial-rewrite/transport.h index 0884eb291..27912d821 100644 --- a/postfix/src/trivial-rewrite/transport.h +++ b/postfix/src/trivial-rewrite/transport.h @@ -13,12 +13,25 @@ */ #include + /* + * Global library. + */ +#include + /* * External interface. */ -extern void transport_init(void); -extern void transport_wildcard_init(void); -extern int transport_lookup(const char *, const char *, VSTRING *, VSTRING *); +typedef struct TRANSPORT_INFO { + MAPS *transport_path; + VSTRING *wildcard_channel; + VSTRING *wildcard_nexthop; + int transport_errno; +} TRANSPORT_INFO; + +extern TRANSPORT_INFO *transport_pre_init(const char *, const char *); +extern void transport_post_init(TRANSPORT_INFO *); +extern int transport_lookup(TRANSPORT_INFO *, const char *, const char *, VSTRING *, VSTRING *); +extern void transport_free(TRANSPORT_INFO *); /* LICENSE /* .ad diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index 3b80db5dc..b43249cda 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -6,7 +6,7 @@ /* SYNOPSIS /* \fBtrivial-rewrite\fR [generic Postfix daemon options] /* DESCRIPTION -/* The \fBtrivial-rewrite\fR daemon processes two types of client +/* The \fBtrivial-rewrite\fR daemon processes three types of client /* service requests: /* .IP \fBrewrite\fR /* Rewrite an address to standard form. The \fBtrivial-rewrite\fR @@ -26,6 +26,8 @@ /* .IP \fIrecipient\fR /* The envelope recipient address that is passed on to \fInexthop\fR. /* .RE +/* .IP \fBverify\fR +/* Resolve an address for address verification purposes. /* DEFAULT DELIVERY METHODS /* .ad /* .fi @@ -101,7 +103,7 @@ /* .IP \fBmydestination\fR /* List of domains that are given to the \fB$local_transport\fR. /* .IP \fBvirtual_alias_domains\fR -/* List of simulated virtual domains (domains with all recipients +/* List of virtual alias domains (domains with all recipients /* aliased to some other local or remote domain). /* .IP \fBvirtual_mailbox_domains\fR /* List of domains that are given to the \fB$virtual_transport\fR. @@ -172,6 +174,19 @@ /* .IP \fBtransport_maps\fR /* List of tables with \fIrecipient\fR or \fIdomain\fR to /* (\fItransport, nexthop\fR) mappings. +/* .SH Address verification +/* .ad +/* .fi +/* By default, address verification probes use the same route +/* as regular mail. To override specific aspects of message +/* routing for address verification probes, specify one or more +/* of the following: +/* \fBaddress_verify_local_transport\fR, +/* \fBaddress_verify_virtual_transport\fR, +/* \fBaddress_verify_relay_transport\fR, +/* \fBaddress_verify_default_transport\fR, +/* \fBaddress_verify_relayhost\fR, +/* \fBaddress_verify_transport_maps\fR. /* SEE ALSO /* master(8) process manager /* syslogd(8) system logging @@ -248,6 +263,37 @@ char *var_def_transport; char *var_empty_addr; int var_show_unk_rcpt_table; + /* + * Shadow personality for address verification. + */ +char *var_vrfy_xport_maps; +char *var_vrfy_local_xport; +char *var_vrfy_virt_xport; +char *var_vrfy_relay_xport; +char *var_vrfy_def_xport; +char *var_vrfy_relayhost; + + /* + * Different resolver personalities depending on the kind of request. + */ +RES_CONTEXT resolve_regular = { + VAR_LOCAL_TRANSPORT, &var_local_transport, + VAR_VIRT_TRANSPORT, &var_virt_transport, + VAR_RELAY_TRANSPORT, &var_relay_transport, + VAR_DEF_TRANSPORT, &var_def_transport, + VAR_RELAYHOST, &var_relayhost, + VAR_TRANSPORT_MAPS, &var_transport_maps, 0 +}; + +RES_CONTEXT resolve_verify = { + VAR_VRFY_LOCAL_XPORT, &var_vrfy_local_xport, + VAR_VRFY_VIRT_XPORT, &var_vrfy_virt_xport, + VAR_VRFY_RELAY_XPORT, &var_vrfy_relay_xport, + VAR_VRFY_DEF_XPORT, &var_vrfy_def_xport, + VAR_VRFY_RELAYHOST, &var_vrfy_relayhost, + VAR_VRFY_XPORT_MAPS, &var_vrfy_xport_maps, 0 +}; + /* rewrite_service - read request and send reply */ static void rewrite_service(VSTREAM *stream, char *unused_service, char **argv) @@ -270,8 +316,10 @@ static void rewrite_service(VSTREAM *stream, char *unused_service, char **argv) ATTR_TYPE_END) == 1) { if (strcmp(vstring_str(command), REWRITE_ADDR) == 0) { status = rewrite_proto(stream); - } else if (strcmp(vstring_str(command), RESOLVE_ADDR) == 0) { - status = resolve_proto(stream); + } else if (strcmp(vstring_str(command), RESOLVE_REGULAR) == 0) { + status = resolve_proto(&resolve_regular, stream); + } else if (strcmp(vstring_str(command), RESOLVE_VERIFY) == 0) { + status = resolve_proto(&resolve_verify, stream); } else { msg_warn("bad command %.30s", printable(vstring_str(command), '?')); } @@ -285,7 +333,7 @@ static void rewrite_service(VSTREAM *stream, char *unused_service, char **argv) static void pre_accept(char *unused_name, char **unused_argv) { const char *table; - + if ((table = dict_changed_name()) != 0) { msg_info("table %s has changed -- restarting", table); exit(0); @@ -299,12 +347,24 @@ static void pre_jail_init(char *unused_name, char **unused_argv) command = vstring_alloc(100); rewrite_init(); resolve_init(); - transport_init(); + if (*RES_PARAM_VALUE(resolve_regular.transport_maps)) + resolve_regular.transport_info = + transport_pre_init(resolve_regular.transport_maps_name, + RES_PARAM_VALUE(resolve_regular.transport_maps)); + if (*RES_PARAM_VALUE(resolve_verify.transport_maps)) + resolve_verify.transport_info = + transport_pre_init(resolve_verify.transport_maps_name, + RES_PARAM_VALUE(resolve_verify.transport_maps)); } +/* post_jail_init - initialize after entering chroot jail */ + static void post_jail_init(char *unused_name, char **unused_argv) { - transport_wildcard_init(); + if (resolve_regular.transport_info) + transport_post_init(resolve_regular.transport_info); + if (resolve_verify.transport_info) + transport_post_init(resolve_verify.transport_info); } /* main - pass control to the multi-threaded skeleton code */ @@ -316,15 +376,19 @@ int main(int argc, char **argv) VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 1, 0, VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0, VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0, + VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 1, 0, VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0, VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0, VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0, VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0, - VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 1, 0, - VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0, - VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0, VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0, VAR_EMPTY_ADDR, DEF_EMPTY_ADDR, &var_empty_addr, 1, 0, + VAR_VRFY_XPORT_MAPS, DEF_VRFY_XPORT_MAPS, &var_vrfy_xport_maps, 0, 0, + VAR_VRFY_LOCAL_XPORT, DEF_VRFY_LOCAL_XPORT, &var_vrfy_local_xport, 1, 0, + VAR_VRFY_VIRT_XPORT, DEF_VRFY_VIRT_XPORT, &var_vrfy_virt_xport, 1, 0, + VAR_VRFY_RELAY_XPORT, DEF_VRFY_RELAY_XPORT, &var_vrfy_relay_xport, 1, 0, + VAR_VRFY_DEF_XPORT, DEF_VRFY_DEF_XPORT, &var_vrfy_def_xport, 1, 0, + VAR_VRFY_RELAYHOST, DEF_VRFY_RELAYHOST, &var_vrfy_relayhost, 0, 0, 0, }; static CONFIG_BOOL_TABLE bool_table[] = { diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.h b/postfix/src/trivial-rewrite/trivial-rewrite.h index 2a13de62f..c3816ab40 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.h +++ b/postfix/src/trivial-rewrite/trivial-rewrite.h @@ -30,9 +30,26 @@ extern void rewrite_tree(char *, TOK822 *); /* * resolve.c */ +typedef struct { + const char *local_transport_name; /* name of variable */ + char **local_transport; /* local transport:nexthop */ + const char *virt_transport_name; /* name of variable */ + char **virt_transport; /* virtual mailbox transport:nexthop */ + const char *relay_transport_name; /* name of variable */ + char **relay_transport; /* relay transport:nexthop */ + const char *def_transport_name; /* name of variable */ + char **def_transport; /* default transport:nexthop */ + const char *relayhost_name; /* name of variable */ + char **relayhost; /* for relay and default transport */ + const char *transport_maps_name; /* name of variable */ + char **transport_maps; /* maptype:mapname */ + struct TRANSPORT_INFO *transport_info; /* handle */ +} RES_CONTEXT; + +#define RES_PARAM_VALUE(x) (*(x)) /* make it easy to do it right */ + extern void resolve_init(void); -extern int resolve_proto(VSTREAM *); -extern void resolve_addr(char *, VSTRING *, VSTRING *, VSTRING *, int *); +extern int resolve_proto(RES_CONTEXT *, VSTREAM *); /* LICENSE /* .ad diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index 20b49f9c0..9223422e1 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -261,6 +261,8 @@ extern int opterr; #define LOCAL_CONNECT stream_connect #define LOCAL_TRIGGER stream_trigger #define HAS_VOLATILE_LOCKS +#define BROKEN_READ_SELECT_ON_BLOCKING_SOCKET + /* * Allow build environment to override paths. */ diff --git a/postfix/src/verify/verify.c b/postfix/src/verify/verify.c index 02d83a02c..ab2f584eb 100644 --- a/postfix/src/verify/verify.c +++ b/postfix/src/verify/verify.c @@ -77,6 +77,9 @@ /* See the Postfix \fBmain.cf\fR file for syntax details and for /* default values. Use the \fBpostfix reload\fR command after a /* configuration change. +/* .SH Cache control +/* .ad +/* .fi /* .IP \fBaddress_verify_map\fR /* Optional table for persistent recipient status storage. The file /* is opened before the process enters a chroot jail and before @@ -106,8 +109,26 @@ /* .IP \fBaddress_verify_negative_refresh_time\fR /* The minimal amount of time after which a proactive probe is sent to /* verify that a known to be bad address is still bad. +/* .SH Probe message routing +/* .ad +/* .fi +/* By default, probe messages are delivered via the same route +/* as regular messages. The following parameters can be used to +/* override specific message routing mechanisms. +/* .IP \fBaddress_verify_relayhost\fR +/* Overrides the \fBrelayhost\fR setting. +/* .IP \fBaddress_verify_transport_maps\fR +/* Overrides the \fBtransport_maps\fR setting. +/* .IP \fBaddress_verify_local_transport\fR +/* Overrides the \fBlocal_transport\fR setting. +/* .IP \fBaddress_verify_virtual_transport\fR +/* Overrides the \fBvirtual_transport\fR setting. +/* .IP \fBaddress_verify_relay_transport\fR +/* Overrides the \fBrelay_transport\fR setting. +/* .IP \fBaddress_verify_default_transport\fR +/* Overrides the \fBdefault_transport\fR setting. /* SEE ALSO -/* verify_clnt(3) address verification client +/* trivial-rewrite(8) address rewriting and resolving /* LICENSE /* .ad /* .fi