From: Wietse Venema Date: Thu, 7 Feb 2019 05:00:00 +0000 (-0500) Subject: postfix-3.4-20190207-nonprod X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ee45730615782f1828a4568daa0c00edd4e72b9;p=thirdparty%2Fpostfix.git postfix-3.4-20190207-nonprod --- diff --git a/postfix/.indent.pro b/postfix/.indent.pro index 7e977406b..4ed7d00e2 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -20,6 +20,7 @@ -TBH_TABLE -TBINATTR -TBINATTR_INFO +-Tbind_props -TBINHASH -TBINHASH_INFO -TBIO @@ -36,9 +37,10 @@ -TBOUNCE_TIME_PARAMETER -TCFG_PARSER -TCIDR_MATCH +-Tcipher_probe_t -TCLEANUP_REGION --TCLEANUP_STATE -TCLEANUP_STAT_DETAIL +-TCLEANUP_STATE -TCLIENT_LIST -TCLNT_STREAM -TCONFIG_BOOL_FN_TABLE @@ -62,9 +64,11 @@ -TCRYPTO_EX_DATA -TCTABLE -TCTABLE_ENTRY +-Td2i_X509_t +-Tdane_digest -TDB_COMMON_CTX --TDELIVERED_HDR_INFO -TDELIVER_ATTR +-TDELIVERED_HDR_INFO -TDELIVER_REQUEST -TDELTA_TIME -TDICT @@ -145,7 +149,9 @@ -TEVP_PKEY -TEXPAND_ATTR -TFILE +-Tfilter_ctx -TFORWARD_INFO +-Tgeneral_name_stack_t -THBC_ACTION_CALL_BACKS -THBC_CALL_BACKS -THBC_CHECKS @@ -157,17 +163,18 @@ -THOST -THTABLE -THTABLE_INFO +-Tiana_digest -TINET_ADDR_LIST -TINET_PROTO_INFO -TINSTANCE -TINST_SELECTION -TINT32_TYPE --TINTV -TINT_TABLE +-TINTV -TJMP_BUF_WRAPPER -TLDAP --TLDAPMessage -TLDAP_CONN +-TLDAPMessage -TLIB_DP -TLIB_FN -TLMTP_ATTR @@ -182,13 +189,13 @@ -TMAC_EXP_OP_INFO -TMAC_HEAD -TMAC_PARSE +-TMAI_HOSTADDR_STR +-TMAI_HOSTNAME_STR -TMAIL_ADDR_MAP_TEST -TMAIL_PRINT -TMAIL_SCAN -TMAIL_STREAM -TMAIL_VERSION --TMAI_HOSTADDR_STR --TMAI_HOSTNAME_STR -TMAI_SERVNAME_STR -TMAI_SERVPORT_STR -TMAPS @@ -206,9 +213,9 @@ -TMDB_val -TMILTER -TMILTER8 --TMILTERS -TMILTER_MACROS -TMILTER_MSG_CONTEXT +-TMILTERS -TMIME_ENCODING -TMIME_INFO -TMIME_STACK @@ -233,6 +240,7 @@ -TNAME_CODE -TNAME_MASK -TNBBIO +-Toff_t -TOPTIONS -TPCF_DBMS_INFO -TPCF_EVAL_CTX @@ -246,6 +254,7 @@ -TPCF_SERVICE_PATTERN -TPCF_STRING_NV -TPEER_NAME +-Tpem_load_state_t -TPGSQL_NAME -TPICKUP_INFO -TPIPE_ATTR @@ -253,9 +262,9 @@ -TPIPE_STATE -TPLMYSQL -TPLPGSQL --TPOSTMAP_KEY_STATE -TPOST_MAIL_FCLOSE_STATE -TPOST_MAIL_STATE +-TPOSTMAP_KEY_STATE -TPRIVATE_STR_TABLE -TPSC_CALL_BACK_ENTRY -TPSC_CLIENT_INFO @@ -283,11 +292,15 @@ -TRECIPIENT -TRECIPIENT_LIST -TREC_TYPE_NAME +-Tregex_t +-Tregmatch_t +-TRES_CONTEXT -TRESOLVE_REPLY -TRESPONSE -TREST_TABLE --TRES_CONTEXT -TRWR_CONTEXT +-Tsasl_conn_t +-Tsasl_secret_t -TSCACHE -TSCACHE_CLNT -TSCACHE_MULTI @@ -302,12 +315,18 @@ -TSCAN_INFO -TSCAN_OBJ -TSESSION +-Tsfsistat -TSHARED_PATH +-Tsigset_t -TSINGLE_SERVER -TSINK_COMMAND -TSINK_STATE +-Tsize_t -TSLMDB -TSMFICTX +-TSM_STATE +-TSMTP_ADDR +-TSMTP_CMD -TSMTPD_CMD -TSMTPD_DEFER -TSMTPD_ENDPT_LOOKUP_INFO @@ -319,8 +338,6 @@ -TSMTPD_STATE -TSMTPD_TOKEN -TSMTPD_XFORWARD_ATTR --TSMTP_ADDR --TSMTP_CMD -TSMTP_ITERATOR -TSMTP_RESP -TSMTP_SASL_AUTH_CACHE @@ -329,26 +346,33 @@ -TSMTP_TLS_POLICY -TSMTP_TLS_SESS -TSMTP_TLS_SITE_POLICY --TSM_STATE +-Tsockaddr -TSOCKADDR_SIZE -TSPAWN_ATTR +-Tssize_t -TSSL +-Tssl_cipher_stack_t +-Tssl_comp_stack_t -TSSL_CTX -TSSL_SESSION -TSTATE -TSTRING_LIST -TSTRING_TABLE -TSYS_EXITS_DETAIL --TTLSMGR_SCACHE --TTLSP_STATE +-Ttime_t +-Ttlsa_filter -TTLS_APPL_STATE -TTLS_CERTS -TTLS_CLIENT_INIT_PROPS -TTLS_CLIENT_START_PROPS +-TTLScontext_t -TTLS_DANE +-TTLSMGR_SCACHE +-TTLS_PARAMS -TTLS_PKEYS -TTLS_PRNG_SEED_INFO -TTLS_PRNG_SRC +-TTLSP_STATE -TTLS_ROLE -TTLS_SCACHE -TTLS_SCACHE_ENTRY @@ -359,7 +383,6 @@ -TTLS_TLSA -TTLS_USAGE -TTLS_VINFO --TTLScontext_t -TTOK822 -TTRANSPORT_INFO -TTRIGGER_SERVER @@ -372,10 +395,11 @@ -TWATCHDOG -TWATCH_FD -TX509 --TX509V3_CTX -TX509_EXTENSION -TX509_NAME +-Tx509_stack_t -TX509_STORE_CTX +-TX509V3_CTX -TXSASL_CLIENT -TXSASL_CLIENT_CREATE_ARGS -TXSASL_CLIENT_IMPL @@ -392,26 +416,3 @@ -TXSASL_SERVER_CREATE_ARGS -TXSASL_SERVER_IMPL -TXSASL_SERVER_IMPL_INFO --Tbind_props --Tcipher_probe_t --Td2i_X509_t --Tdane_digest --Tfilter_ctx --Tgeneral_name_stack_t --Tiana_digest --Toff_t --Tpem_load_state_t --Tregex_t --Tregmatch_t --Tsasl_conn_t --Tsasl_secret_t --Tsfsistat --Tsigset_t --Tsize_t --Tsockaddr --Tssize_t --Tssl_cipher_stack_t --Tssl_comp_stack_t --Ttime_t --Ttlsa_filter --Tx509_stack_t diff --git a/postfix/README_FILES/AAAREADME b/postfix/README_FILES/AAAREADME index 7d72787cb..07bd21ea1 100644 --- a/postfix/README_FILES/AAAREADME +++ b/postfix/README_FILES/AAAREADME @@ -13,6 +13,7 @@ GGeenneerraall ccoonnffiigguurraattiioonn * FORWARD_SECRECY_README: TLS Forward Secrecy * IPV6_README: IP Version 6 Support * SMTPUTF8_README: SMTPUTF8 Support + * MAILLOG_README: Postfix logging to file or stdout * COMPATIBILITY_README: Backwards-Compatibility Safety Net * INSTALL: Installation from source code diff --git a/postfix/README_FILES/DEBUG_README b/postfix/README_FILES/DEBUG_README index 589036fa0..a277d9663 100644 --- a/postfix/README_FILES/DEBUG_README +++ b/postfix/README_FILES/DEBUG_README @@ -33,9 +33,15 @@ follows: LLooookk ffoorr oobbvviioouuss ssiiggnnss ooff ttrroouubbllee -Postfix logs all failed and successful deliveries to a logfile. The file is -usually called /var/log/maillog or /var/log/mail; the exact pathname is defined -in the /etc/syslog.conf file. +Postfix logs all failed and successful deliveries to a logfile. + + * When Postfix uses syslog logging (the default), the file is usually called + /var/log/maillog, /var/log/mail, or something similar; the exact pathname + is configured in a file called /etc/syslog.conf, /etc/rsyslog.conf, or + something similar. + + * When Postfix uses its own logging system (see MAILLOG_README), the location + of the logfile is configured with the Postfix maillog_file parameter. When Postfix does not receive or deliver mail, the first order of business is to look for errors that prevent Postfix from working properly: diff --git a/postfix/README_FILES/MAILLOG_README b/postfix/README_FILES/MAILLOG_README new file mode 100644 index 000000000..518442535 --- /dev/null +++ b/postfix/README_FILES/MAILLOG_README @@ -0,0 +1,113 @@ +PPoossttffiixx llooggggiinngg ttoo ffiillee oorr ssttddoouutt + +------------------------------------------------------------------------------- + +OOvveerrvviieeww + +Postfix supports it own logging system as an alternative to syslog (which +remains the default). This is available with Postfix version 3.4 or later. + +Topics covered in this document: + + * Configuring logging to file + * Configuring logging to stdout + * Rotating logs + * Limitations + +CCoonnffiigguurriinngg llooggggiinngg ttoo ffiillee + +Logging to file solves a usability problem for MacOS, and eliminates multiple +problems for systemd-based systems. + + 1. Add the following line to master.cf if not already present (note: there + must be no whitespace at the start of the line): + + postlog unix-dgram n - n - 1 postlogd + + Note: the service type "uunniixx--ddggrraamm" was introduced with Postfix 3.4. Remove + the above line before backing out to an older Postfix version. + + 2. Configure Postfix to write logging, to, for example, /var/log/postfix.log. + See also the "Logfile rotation" section below for logfile management. + + # postfix stop + # postconf maillog_file=/var/log/postfix.log + # postfix start + + By default, the logfile name must start with "/var" or "/dev/stdout" (the + list of allowed prefixes is configured with the maillog_file_prefixes + parameter). This safety mechanism limits the damage from a single + configuration mistake. + +CCoonnffiigguurriinngg llooggggiinngg ttoo ssttddoouutt + +Logging to stdout is useful when Postfix runs in a container, as it eliminates +a syslogd dependency. + + 1. Add the following line to master.cf if not already present (note: there + must be no whitespace at the start of the line): + + postlog unix-dgram n - n - 1 postlogd + + Note: the service type "uunniixx--ddggrraamm" was introduced with Postfix 3.4. Remove + the above line before backing out to an older Postfix version. + + 2. Configure main.cf with "maillog_file = /dev/stdout". + + 3. Start Postfix with "ppoossttffiixx ssttaarrtt--ffgg". + +RRoottaattiinngg llooggss + +The command "ppoossttffiixx llooggrroottaattee" may be run by hand or by a cronjob. It logs all +errors, and reports errors to stderr if run from a terminal. This command +implements the following steps: + + * Rename the current logfile by appending a suffix that contains the date and + time. This suffix is configured with the maillog_file_rotate_suffix + parameter (default: %Y%M%d-%H%M%S). + + * Reload Postfix so that postlogd(8) immediately closes the old logfile. + + * After a brief pause, compress the old logfile. The compression program is + configured with the maillog_file_compressor parameter (default: gzip). + +Notes: + + * This command will not rotate a logfile with pathname under the /dev + directory, such as /dev/stdout. + + * This command does not (yet) remove old logfiles. + +LLiimmiittaattiioonnss + +Background: + + * Postfix consists of a number of daemon programs, and non-daemon programs + some of which are used for local mail submission, and some for Postfix + management. + + * Logging to Postfix logfile or stdout requires the Postfix postlogd(8) + service. This ensures that simultaneous logging from different programs + will not get mixed up. + + * All Postfix programs can log to syslog, but not all programs have + sufficient privileges to use the Postfix logging service, and many non- + daemon programs must not log to stdout as that would corrupt their output. + +Limitations: + + * Non-daemon Postfix programs will log errors to syslogd(8) before they have + processed command-line options and main.cf parameters. + + * If Postfix is down, the non-daemon programs postfix(1), postsuper(1), + postmulti(1), and postlog(1), will log directly to $maillog_file. These + programs expect to run with root privileges, for example during Postfix + start-up, reload, or shutdown. + + * Other non-daemon Postfix programs will never write directly to + $maillog_file (also, logging to stdout would interfere with the operation + of some of these programs). These programs can log to postlogd(8) if they + are run by the super-user, or if their executable file has set-gid + permission. Do not set this permission on programs other than postdrop(1) + and postqueue(1). + diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index f73ddcb9b..5037b316f 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -28,16 +28,15 @@ comfortable with the IPL can continue with that license. Incompatible changes with snapshot 20190126-nonprod ==================================================== -This introduces a new master.cf service type 'unix-dgram' that is -used by the new postlogd(8) daemon. This type is not supported by -older Postfix versions. Before backing out to an older version, -edit the master.cf file and remove the postlog entry. +This introduces a new master.cf service 'postlog' with type +'unix-dgram' that is used by the new postlogd(8) daemon. The +'unix-dgram' service type is not supported by older Postfix versions. +Before backing out to an older version, edit the master.cf file and +remove the postlog entry. Major changes with snapshot 20190126-nonprod ============================================ -[TODO: move most of this text to MAILLOG_README file] - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and @@ -46,69 +45,7 @@ Support for logging to file or stdout, instead of using syslog. - Logging to stdout is useful when Postfix runs in a container, as it eliminates a syslogd dependency. -To enable Postfix logging to file or stdout: --------------------------------------------- - -Add the following line to master.cf if not already present (note: -there must be no whitespace at the start of the line): - postlog unix-dgram n - n - 1 postlogd - -To write logs to Postfix logfile (see below for logfile rotation): - # postfix stop - # postconf maillog_file=/var/log/postfix.log - # postfix start - -To write logs to stdout, typically while Postfix runs in a container: - # postconf maillog_file=/dev/stdout - # postfix start-fg - -The maillog_file parameter must contain one of the prefixes that -are specified with the maillog_file_prefixes parameter (default: -/var, /dev/stdout). This limits the damage from a single configuration -mistake. - -To rotate a Postfix logfile with a daily cronjob: -------------------------------------------------- - -The command "postfix logrotate" renames the logfile by appending a -suffix that contains the date and time, reloads Postfix so that it -closes the old logfile, and after a brief pause compresses the old -logfile. This command will not rotate the log if it specifies a -pathname under the /dev directory, such as /dev/stdout. - -The command "postfix logrotate" does not (yet) remove old logfiles. - -Configuration parameters: -- maillog_file_compressor (gzip) -- maillog_file_rotate_suffix (%Y%M%d-%H%M%S) - -See the postconf(5) manpage for detailed descriptions. - -Limitations of logging to Postfix logfile or stdout: ----------------------------------------------------- - -Background: - -- Logging to Postfix logfile or stdout requires the Postfix postlogd(8) - service. This program ensures that simultaneous logging from - different programs will not get mixed up. - -Limitations: - -- Non-daemon Postfix programs may log to syslogd(8) before they - have processed command-line options and main.cf parameters. - -- If Postfix is down, the non-daemon programs postfix(1), postsuper(1), - postmulti(1), and postlog(1), will log directly to $maillog_file. - These programs expect to run with root privileges, for example - during Postfix start-up, reload, or shutdown. - -- Other non-daemon Postfix programs will never write directly to - $maillog_file (also, logging to stdout would interfere with the - operation of some of these programs). These programs can log to - postlogd(8) if they are run by the super-user, or if their - executable file has set-gid permission. Do not set this permision - on programs other than postdrop(1) and postqueue(1). +See MAILLOG_README for configuration examples and logfile rotation. Incompatible changes with snapshot 20190106 =========================================== @@ -120,14 +57,24 @@ Major changes with snapshot 20190106 ==================================== SNI support in the Postfix SMTP server, the Postfix SMTP client, -and in the tlsproxy daemon (both server and client roles). +and in the tlsproxy daemon (both server and client roles). See the +postconf(5) documentation for the new tls_server_sni_maps and +smtp_tls_servername parameters. -Support for files that combine multiple (key, certificate, trust +Support for files that contain multiple (key, certificate, trust chain) instances. This was required to implement server-side SNI table lookups, but it also eliminates the need for separate cert/key files for RSA, DSA, Elliptic Curve, and so on. The file format is -documented in TLS_README sections [TODO] and in the postconf -documentation for parameters [TODO]. +documented in the TLS_README sections "Server-side certificate and +private key configuration" and "Client-side certificate and private +key configuration", and in the postconf(5) documentation for the +parameters smtp_tls_chain_files, smtpd_tls_chain_files, +tlsproxy_client_chain_files, and tlsproxy_tls_chain_files. + +Note: the command "postfix tls" does not yet support the new +consolidated certificate chain format. If you switch to the new +format, you'll need to manage your keys and certificates directly, +rather than via postfix-tls(1). Major changes with snapshot 20180826 ==================================== diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 8d486fab0..a8a3f1e33 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,6 +1,11 @@ Wish list: - Add maillog_file to postfix(1) exports? + In tlsproxy, include parameter names in the diffs between + expected and client properties. This requires a function + tls_proxy_client_init_with_names_to_string(). + + make tls_pre_jail_init() safe by design for use in programs + that implement both clients and servers. postfix rotate-log command: mv postfix.log postfix.log.$(date +%Y%M%d-%H%M%S) to avoid data loss if called repeatedly. diff --git a/postfix/html/DEBUG_README.html b/postfix/html/DEBUG_README.html index 30a06285a..f0dea38d0 100644 --- a/postfix/html/DEBUG_README.html +++ b/postfix/html/DEBUG_README.html @@ -71,9 +71,20 @@ debugger

Look for obvious signs of trouble

-

Postfix logs all failed and successful deliveries to a logfile. -The file is usually called /var/log/maillog or /var/log/mail; the -exact pathname is defined in the /etc/syslog.conf file.

+

Postfix logs all failed and successful deliveries to a logfile.

+ +

When Postfix does not receive or deliver mail, the first order of business is to look for errors that prevent Postfix from working diff --git a/postfix/html/MAILLOG_README.html b/postfix/html/MAILLOG_README.html new file mode 100644 index 000000000..b1f97022d --- /dev/null +++ b/postfix/html/MAILLOG_README.html @@ -0,0 +1,183 @@ + + + + + + +Postfix logging to file or stdout + + + + + + + +

Postfix +logging to file or stdout

+ +
+ +

Overview

+ +

Postfix supports it own logging system as an alternative to +syslog (which remains the default). This is available with Postfix +version 3.4 or later.

+ +

Topics covered in this document:

+ + + +

Configuring logging to file

+ +

Logging to file solves a usability problem for MacOS, and +eliminates multiple problems for systemd-based systems.

+ +
    + +

  1. Add the following line to master.cf if not already present +(note: there must be no whitespace at the start of the line):

    + +
    +
    +postlog   unix-dgram n  -       n       -       1       postlogd
+
    +
    + +

    Note: the service type "unix-dgram" was introduced with +Postfix 3.4. Remove the above line before backing out to an older +Postfix version.

    + +

  2. Configure Postfix to write logging, to, for example, +/var/log/postfix.log. See also the "Logfile +rotation" section below for logfile management.

    + +
    +
    +# postfix stop
+# postconf maillog_file=/var/log/postfix.log
+# postfix start
+
    +
    + +

    By default, the logfile name must start with "/var" or "/dev/stdout" +(the list of allowed prefixes is configured with the maillog_file_prefixes +parameter). This safety mechanism limits the damage from a single +configuration mistake.

    + +
+ +

Configuring logging to stdout

+ +

Logging to stdout is useful when Postfix runs in a container, +as it eliminates a syslogd dependency.

+ +
    + +

  1. Add the following line to master.cf if not already present (note: +there must be no whitespace at the start of the line):

    + +
    +
    +postlog   unix-dgram n  -       n       -       1       postlogd
+
    +
    + +

    Note: the service type "unix-dgram" was introduced with +Postfix 3.4. Remove the above line before backing out to an older +Postfix version.

    + +

  2. Configure main.cf with "maillog_file = /dev/stdout".

    + +

  3. Start Postfix with "postfix start-fg".

    + +
+ +

Rotating logs

+ +

The command "postfix logrotate" may be run by hand or +by a cronjob. It logs all errors, and reports errors to stderr if +run from a terminal. This command implements the following steps: +

+ + + +

Notes:

+ + + +

Limitations

+ +

Background:

+ + + +

Limitations:

+ + + + + + diff --git a/postfix/html/anvil.8.html b/postfix/html/anvil.8.html index d7092449d..c4cdc4caa 100644 --- a/postfix/html/anvil.8.html +++ b/postfix/html/anvil.8.html @@ -134,7 +134,7 @@ ANVIL(8) ANVIL(8) is kept. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). Upon exit, and every anvil_status_update_time seconds, the server logs the maximal count and rate values measured, together with (service, diff --git a/postfix/html/bounce.8.html b/postfix/html/bounce.8.html index 9f6a7a8b4..67801211a 100644 --- a/postfix/html/bounce.8.html +++ b/postfix/html/bounce.8.html @@ -51,7 +51,7 @@ BOUNCE(8) BOUNCE(8) RFC 6533 (Internationalized Delivery Status Notifications) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). CONFIGURATION PARAMETERS Changes to main.cf are picked up automatically, as bounce(8) processes @@ -164,6 +164,7 @@ BOUNCE(8) BOUNCE(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index 8d766b26e..866fe890b 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -61,7 +61,7 @@ CLEANUP(8) CLEANUP(8) RFC 5322 (Internet Message Format) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS Table-driven rewriting rules make it hard to express if then else and @@ -310,7 +310,7 @@ CLEANUP(8) CLEANUP(8) masquerade_exceptions (empty) Optional list of user names that are not subjected to address - masquerading, even when their address matches $masquer- + masquerading, even when their addresses match $masquer- ade_domains. propagate_unmatched_extensions (canonical, virtual) @@ -503,6 +503,7 @@ CLEANUP(8) CLEANUP(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/defer.8.html b/postfix/html/defer.8.html index 9f6a7a8b4..67801211a 100644 --- a/postfix/html/defer.8.html +++ b/postfix/html/defer.8.html @@ -51,7 +51,7 @@ BOUNCE(8) BOUNCE(8) RFC 6533 (Internationalized Delivery Status Notifications) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). CONFIGURATION PARAMETERS Changes to main.cf are picked up automatically, as bounce(8) processes @@ -164,6 +164,7 @@ BOUNCE(8) BOUNCE(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/discard.8.html b/postfix/html/discard.8.html index 340ca46c7..8523adc4a 100644 --- a/postfix/html/discard.8.html +++ b/postfix/html/discard.8.html @@ -36,7 +36,7 @@ DISCARD(8) DISCARD(8) RFC 3463 (Enhanced Status Codes) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces and of other trouble. @@ -105,6 +105,7 @@ DISCARD(8) DISCARD(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/dnsblog.8.html b/postfix/html/dnsblog.8.html index dbc155f47..a2710dc1e 100644 --- a/postfix/html/dnsblog.8.html +++ b/postfix/html/dnsblog.8.html @@ -29,7 +29,7 @@ DNSBLOG(8) DNSBLOG(8) server closes the connection. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). CONFIGURATION PARAMETERS Changes to main.cf are picked up automatically, as dnsblog(8) processes @@ -79,7 +79,8 @@ DNSBLOG(8) DNSBLOG(8) SEE ALSO smtpd(8), Postfix SMTP server postconf(5), configuration parameters - syslogd(5), system logging + postlogd(8), Postfix logging + syslogd(8), system logging LICENSE The Secure Mailer license must be distributed with this software. diff --git a/postfix/html/error.8.html b/postfix/html/error.8.html index 233246cb8..a2096fe2f 100644 --- a/postfix/html/error.8.html +++ b/postfix/html/error.8.html @@ -37,7 +37,7 @@ ERROR(8) ERROR(8) RFC 3463 (Enhanced Status Codes) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces and of other trouble. @@ -118,6 +118,7 @@ ERROR(8) ERROR(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/flush.8.html b/postfix/html/flush.8.html index cd9fe43e2..a14f81867 100644 --- a/postfix/html/flush.8.html +++ b/postfix/html/flush.8.html @@ -61,7 +61,7 @@ FLUSH(8) FLUSH(8) can run chrooted at fixed low privilege. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS Fast flush logfiles are truncated only after a "send" request, not when @@ -152,6 +152,7 @@ FLUSH(8) FLUSH(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/index.html b/postfix/html/index.html index 2989177a6..983ae42e9 100644 --- a/postfix/html/index.html +++ b/postfix/html/index.html @@ -48,6 +48,8 @@ configuration examples
  • SMTPUTF8 Support +
  • Postfix logging to file or stdout +
  • Backwards-Compatibility Safety Net
  • Installation from source code diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 4bba215ad..ee724df51 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -112,9 +112,9 @@ SMTP(8) SMTP(8) RFC 7672 (SMTP security via opportunistic DANE TLS) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). Corrupted message - files are marked so that the queue manager can move them to the corrupt - queue for further inspection. + Problems and transactions are logged to syslogd(8) or postlogd(8). + Corrupted message files are marked so that the queue manager can move + them to the corrupt queue for further inspection. Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces, protocol problems, and of other trouble. @@ -913,6 +913,7 @@ SMTP(8) SMTP(8) master(5), generic daemon options master(8), process manager tlsmgr(8), TLS session and PRNG management + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index 973514e72..0a2bc44eb 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -283,9 +283,9 @@ LOCAL(8) LOCAL(8) RFC 3463 (Enhanced status codes) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). Corrupted message - files are marked so that the queue manager can move them to the corrupt - queue afterwards. + Problems and transactions are logged to syslogd(8) or postlogd(8). + Corrupted message files are marked so that the queue manager can move + them to the corrupt queue afterwards. Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces and of other trouble. @@ -589,6 +589,7 @@ LOCAL(8) LOCAL(8) aliases(5), format of alias database postconf(5), configuration parameters master(5), generic daemon options + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/mailq.1.html b/postfix/html/mailq.1.html index 0d416c931..02f20fe89 100644 --- a/postfix/html/mailq.1.html +++ b/postfix/html/mailq.1.html @@ -285,7 +285,8 @@ SENDMAIL(1) SENDMAIL(1) precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard error stream. + Problems are logged to syslogd(8) or postlogd(8), and to the standard + error stream. ENVIRONMENT MAIL_CONFIG @@ -298,12 +299,12 @@ SENDMAIL(1) SENDMAIL(1) Enable debugging with an external command, as specified with the debugger_command configuration parameter. - NAME The sender full name. This is used only with messages that have + NAME The sender full name. This is used only with messages that have no From: message header. See also the -F option above. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. COMPATIBILITY CONTROLS @@ -314,7 +315,7 @@ SENDMAIL(1) SENDMAIL(1) line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to troubleshoot a Postfix + The DEBUG_README file gives examples of how to troubleshoot a Postfix system. debugger_command (empty) @@ -322,11 +323,11 @@ SENDMAIL(1) SENDMAIL(1) invoked with the -D option. debug_peer_level (2) - The increment in verbose logging level when a remote client or + The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname or network + Optional list of remote client or server hostname or network address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. @@ -340,13 +341,13 @@ SENDMAIL(1) SENDMAIL(1) List of users who are authorized to view the queue. authorized_submit_users (static:anyone) - List of users who are authorized to submit mail with the send- + List of users who are authorized to submit mail with the send- mail(1) command (and with the privileged postdrop(1) helper com- mand). RESOURCE AND RATE CONTROLS bounce_size_limit (50000) - The maximal amount of original message text that is sent in a + The maximal amount of original message text that is sent in a non-delivery notification. fork_attempts (5) @@ -360,11 +361,11 @@ SENDMAIL(1) SENDMAIL(1) in the primary message headers. queue_run_delay (300s) - The time between deferred queue scans by the queue manager; + The time between deferred queue scans by the queue manager; prior to Postfix 2.4 the default value was 1000s. FAST FLUSH CONTROLS - The ETRN_README file describes configuration and operation details for + The ETRN_README file describes configuration and operation details for the Postfix "fast flush" service. fast_flush_domains ($relay_domains) @@ -372,26 +373,26 @@ SENDMAIL(1) SENDMAIL(1) tion logfiles with mail that is queued to those destinations. VERP CONTROLS - The VERP_README file describes configuration and operation details of + The VERP_README file describes configuration and operation details of Postfix support for variable envelope return path addresses. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter characters on + The characters Postfix accepts as VERP delimiter characters on the Postfix sendmail(1) command line and in SMTP commands. MISCELLANEOUS CONTROLS alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are updated with + The alias databases for local(8) delivery that are updated with "newaliases" or with "sendmail -bi". command_directory (see 'postconf -d' output) The location of all postfix administrative commands. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_directory (see 'postconf -d' output) @@ -402,46 +403,46 @@ SENDMAIL(1) SENDMAIL(1) and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives a copy of the message + The time after which the sender receives a copy of the message headers of mail that is still queued. import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. queue_directory (see 'postconf -d' output) The location of the Postfix top-level queue directory. remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients at all when - this parameter is empty; otherwise, rewrite message headers and + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and append the specified domain name to incomplete addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Postfix 3.2 and later: alternate_config_directories (empty) A list of non-default Postfix configuration directories that may - be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with the "-C" option), or via the + be specified with "-c config_directory" on the command line (in + the case of sendmail(1), with the "-C" option), or via the MAIL_CONFIG environment parameter. multi_instance_directories (empty) - An optional list of non-default Postfix configuration directo- - ries; these directories belong to additional Postfix instances - that share the Postfix executable files and documentation with - the default Postfix instance, and that are started, stopped, + An optional list of non-default Postfix configuration directo- + ries; these directories belong to additional Postfix instances + that share the Postfix executable files and documentation with + the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. FILES @@ -458,10 +459,11 @@ SENDMAIL(1) SENDMAIL(1) postdrop(1), mail posting utility postfix(1), mail system control postqueue(1), mail queue control + postlogd(8), Postfix logging syslogd(8), system logging README_FILES - Use "postconf readme_directory" or "postconf html_directory" to locate + Use "postconf readme_directory" or "postconf html_directory" to locate this information. DEBUG_README, Postfix debugging howto ETRN_README, Postfix ETRN howto diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index d00472d72..e06802898 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -92,9 +92,9 @@ MASTER(8) MASTER(8) running processes to finish what they are doing. DIAGNOSTICS - Problems are reported to syslogd(8). The exit status is non-zero in - case of problems, including problems while initializing as a master - daemon process in the background. + Problems are reported to syslogd(8) or postlogd(8). The exit status is + non-zero in case of problems, including problems while initializing as + a master daemon process in the background. ENVIRONMENT MAIL_DEBUG @@ -198,6 +198,7 @@ MASTER(8) MASTER(8) verify(8), address verification master(5), master.cf configuration file syntax postconf(5), main.cf configuration file syntax + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/newaliases.1.html b/postfix/html/newaliases.1.html index 0d416c931..02f20fe89 100644 --- a/postfix/html/newaliases.1.html +++ b/postfix/html/newaliases.1.html @@ -285,7 +285,8 @@ SENDMAIL(1) SENDMAIL(1) precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard error stream. + Problems are logged to syslogd(8) or postlogd(8), and to the standard + error stream. ENVIRONMENT MAIL_CONFIG @@ -298,12 +299,12 @@ SENDMAIL(1) SENDMAIL(1) Enable debugging with an external command, as specified with the debugger_command configuration parameter. - NAME The sender full name. This is used only with messages that have + NAME The sender full name. This is used only with messages that have no From: message header. See also the -F option above. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. COMPATIBILITY CONTROLS @@ -314,7 +315,7 @@ SENDMAIL(1) SENDMAIL(1) line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to troubleshoot a Postfix + The DEBUG_README file gives examples of how to troubleshoot a Postfix system. debugger_command (empty) @@ -322,11 +323,11 @@ SENDMAIL(1) SENDMAIL(1) invoked with the -D option. debug_peer_level (2) - The increment in verbose logging level when a remote client or + The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname or network + Optional list of remote client or server hostname or network address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. @@ -340,13 +341,13 @@ SENDMAIL(1) SENDMAIL(1) List of users who are authorized to view the queue. authorized_submit_users (static:anyone) - List of users who are authorized to submit mail with the send- + List of users who are authorized to submit mail with the send- mail(1) command (and with the privileged postdrop(1) helper com- mand). RESOURCE AND RATE CONTROLS bounce_size_limit (50000) - The maximal amount of original message text that is sent in a + The maximal amount of original message text that is sent in a non-delivery notification. fork_attempts (5) @@ -360,11 +361,11 @@ SENDMAIL(1) SENDMAIL(1) in the primary message headers. queue_run_delay (300s) - The time between deferred queue scans by the queue manager; + The time between deferred queue scans by the queue manager; prior to Postfix 2.4 the default value was 1000s. FAST FLUSH CONTROLS - The ETRN_README file describes configuration and operation details for + The ETRN_README file describes configuration and operation details for the Postfix "fast flush" service. fast_flush_domains ($relay_domains) @@ -372,26 +373,26 @@ SENDMAIL(1) SENDMAIL(1) tion logfiles with mail that is queued to those destinations. VERP CONTROLS - The VERP_README file describes configuration and operation details of + The VERP_README file describes configuration and operation details of Postfix support for variable envelope return path addresses. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter characters on + The characters Postfix accepts as VERP delimiter characters on the Postfix sendmail(1) command line and in SMTP commands. MISCELLANEOUS CONTROLS alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are updated with + The alias databases for local(8) delivery that are updated with "newaliases" or with "sendmail -bi". command_directory (see 'postconf -d' output) The location of all postfix administrative commands. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_directory (see 'postconf -d' output) @@ -402,46 +403,46 @@ SENDMAIL(1) SENDMAIL(1) and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives a copy of the message + The time after which the sender receives a copy of the message headers of mail that is still queued. import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. queue_directory (see 'postconf -d' output) The location of the Postfix top-level queue directory. remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients at all when - this parameter is empty; otherwise, rewrite message headers and + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and append the specified domain name to incomplete addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Postfix 3.2 and later: alternate_config_directories (empty) A list of non-default Postfix configuration directories that may - be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with the "-C" option), or via the + be specified with "-c config_directory" on the command line (in + the case of sendmail(1), with the "-C" option), or via the MAIL_CONFIG environment parameter. multi_instance_directories (empty) - An optional list of non-default Postfix configuration directo- - ries; these directories belong to additional Postfix instances - that share the Postfix executable files and documentation with - the default Postfix instance, and that are started, stopped, + An optional list of non-default Postfix configuration directo- + ries; these directories belong to additional Postfix instances + that share the Postfix executable files and documentation with + the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. FILES @@ -458,10 +459,11 @@ SENDMAIL(1) SENDMAIL(1) postdrop(1), mail posting utility postfix(1), mail system control postqueue(1), mail queue control + postlogd(8), Postfix logging syslogd(8), system logging README_FILES - Use "postconf readme_directory" or "postconf html_directory" to locate + Use "postconf readme_directory" or "postconf html_directory" to locate this information. DEBUG_README, Postfix debugging howto ETRN_README, Postfix ETRN howto diff --git a/postfix/html/oqmgr.8.html b/postfix/html/oqmgr.8.html index cb98749f3..b921cc53b 100644 --- a/postfix/html/oqmgr.8.html +++ b/postfix/html/oqmgr.8.html @@ -144,9 +144,9 @@ OQMGR(8) OQMGR(8) environment. DIAGNOSTICS - Problems and transactions are logged to the syslog(8) daemon. Cor- - rupted message files are saved to the corrupt queue for further inspec- - tion. + Problems and transactions are logged to the syslogd(8) or postlogd(8) + daemon. Corrupted message files are saved to the corrupt queue for + further inspection. Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces and of other trouble. @@ -300,32 +300,31 @@ OQMGR(8) OQMGR(8) default_destination_rate_delay (0s) The default amount of delay that is inserted between individual - deliveries to the same destination; the resulting behavior - depends on the value of the corresponding per-destination recip- - ient limit. + message deliveries to the same destination and over the same + message delivery transport. transport_destination_rate_delay ($default_destination_rate_delay) A transport-specific override for the default_destina- - tion_rate_delay parameter value, where transport is the mas- + tion_rate_delay parameter value, where transport is the mas- ter.cf name of the message delivery transport. Available in Postfix version 3.1 and later: default_transport_rate_delay (0s) - The default amount of delay that is inserted between individual - deliveries over the same message delivery transport, regardless - of destination. + The default amount of delay that is inserted between individual + message deliveries over the same message delivery transport, + regardless of destination. transport_transport_rate_delay ($default_transport_rate_delay) - A transport-specific override for the default_trans- - port_rate_delay parameter value, where the initial transport in + A transport-specific override for the default_trans- + port_rate_delay parameter value, where the initial transport in the parameter name is the master.cf name of the message delivery transport. SAFETY CONTROLS qmgr_daemon_timeout (1000s) How much time a Postfix queue manager process may take to handle - a request before it is terminated by a built-in watchdog timer. + a request before it is terminated by a built-in watchdog timer. qmgr_ipc_timeout (60s) The time limit for the queue manager to send or receive informa- @@ -334,12 +333,12 @@ OQMGR(8) OQMGR(8) Available in Postfix version 3.1 and later: address_verify_pending_request_limit (see 'postconf -d' output) - A safety limit that prevents address verification requests from + A safety limit that prevents address verification requests from overwhelming the Postfix queue. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. defer_transports (empty) @@ -347,11 +346,11 @@ OQMGR(8) OQMGR(8) mail unless someone issues "sendmail -q" or equivalent. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging sub-second delay values. helpful_warnings (yes) - Log warnings about problematic configuration settings, and pro- + Log warnings about problematic configuration settings, and pro- vide helpful suggestions. process_id (read-only) @@ -367,13 +366,13 @@ OQMGR(8) OQMGR(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix version 3.0 and later: confirm_delay_cleared (no) - After sending a "your message is delayed" notification, inform + After sending a "your message is delayed" notification, inform the sender when the delay clears up. Available in Postfix 3.3 and later: @@ -395,6 +394,7 @@ OQMGR(8) OQMGR(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/pickup.8.html b/postfix/html/pickup.8.html index 7173796e8..cc6eaf080 100644 --- a/postfix/html/pickup.8.html +++ b/postfix/html/pickup.8.html @@ -30,7 +30,7 @@ PICKUP(8) PICKUP(8) public service endpoint. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS The pickup(8) daemon copies mail from file to the cleanup(8) daemon. @@ -104,6 +104,7 @@ PICKUP(8) PICKUP(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index d58775b0c..174bf0a0e 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -361,9 +361,9 @@ PIPE(8) PIPE(8) fications (Postfix 3.0 and later). This command output is not examined for the presence of an enhanced status code. - Problems and transactions are logged to syslogd(8). Corrupted message - files are marked so that the queue manager can move them to the corrupt - queue for further inspection. + Problems and transactions are logged to syslogd(8) or postlogd(8). + Corrupted message files are marked so that the queue manager can move + them to the corrupt queue for further inspection. SECURITY This program needs a dual personality 1) to access the private Postfix @@ -477,6 +477,7 @@ PIPE(8) PIPE(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index c8bcf419e..b029057d1 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -149,9 +149,9 @@ POSTALIAS(1) POSTALIAS(1) base. DIAGNOSTICS - Problems are logged to the standard error stream and to syslogd(8). No - output means that no problems were detected. Duplicate entries are - skipped and are flagged with a warning. + Problems are logged to the standard error stream and to syslogd(8) or + postlogd(8). No output means that no problems were detected. Duplicate + entries are skipped and are flagged with a warning. postalias(1) terminates with zero exit status in case of success (including successful "postalias -q" lookup) and terminates with @@ -217,6 +217,7 @@ POSTALIAS(1) POSTALIAS(1) postconf(5), configuration parameters postmap(1), create/update/query lookup tables newaliases(1), Sendmail compatibility interface. + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 7cb118e33..77249e445 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -6241,9 +6241,10 @@ substitutions in regular expression maps.

    (default: empty)

    The name of an optional logfile that is written by the Postfix -postlogd(8) service. A non-empty value disables logging to syslogd(8). -Specify "/dev/stdout" for logging to standard output. Stdout logging -requires that Postfix is started with "postfix start-fg".

    +postlogd(8) service. A non-empty value selects logging to syslogd(8). +Specify "/dev/stdout" to select logging to standard output. Stdout +logging requires that Postfix is started with "postfix start-fg". +

    Note 1: The maillog_file parameter value must contain a prefix that is specified with the maillog_file_prefixes parameter.

    @@ -6261,8 +6262,8 @@ parameters and command-line options.

    (default: gzip)

    The program to run after rotating $maillog_file with "postfix -logrotate". The command is run with the rotated file as its first -argument.

    +logrotate". The command is run with the rotated logfile name as its +first argument.

    This feature is available in Postfix 3.4 and later.

    diff --git a/postfix/html/postdrop.1.html b/postfix/html/postdrop.1.html index 9d73c335b..7155559b8 100644 --- a/postfix/html/postdrop.1.html +++ b/postfix/html/postdrop.1.html @@ -38,9 +38,9 @@ POSTDROP(1) POSTDROP(1) DIAGNOSTICS Fatal errors: malformed input, I/O error, out of memory. Problems are - logged to syslogd(8) and to the standard error stream. When the input - is incomplete, or when the process receives a HUP, INT, QUIT or TERM - signal, the queue file is deleted. + logged to syslogd(8) or postlogd(8) and to the standard error stream. + When the input is incomplete, or when the process receives a HUP, INT, + QUIT or TERM signal, the queue file is deleted. ENVIRONMENT MAIL_CONFIG @@ -100,6 +100,7 @@ POSTDROP(1) POSTDROP(1) SEE ALSO sendmail(1), compatibility interface postconf(5), configuration parameters + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/postlog.1.html b/postfix/html/postlog.1.html index 672de9f58..cacbd6a71 100644 --- a/postfix/html/postlog.1.html +++ b/postfix/html/postlog.1.html @@ -20,30 +20,31 @@ POSTLOG(1) POSTLOG(1) record. If no text is specified on the command line, postlog(1) reads from standard input and logs each input line as one record. - By default, logging is sent to syslogd(8); when the standard error - stream is connected to a terminal, logging is sent there as well. + By default, logging is sent to syslogd(8) or postlogd(8); when the + standard error stream is connected to a terminal, logging is sent there + as well. The following options are implemented: -c config_dir - Read the main.cf configuration file in the named directory + Read the main.cf configuration file in the named directory instead of the default configuration directory. -i (obsolete) - Include the process ID in the logging tag. This flag is ignored + Include the process ID in the logging tag. This flag is ignored as of Postfix 3.4, where the PID is always included. -p priority (default: info) - Specifies the logging severity: info, warn, error, fatal, or - panic. With Postfix 3.1 and later, the program will pause for 1 - second after reporting a fatal or panic condition, just like + Specifies the logging severity: info, warn, error, fatal, or + panic. With Postfix 3.1 and later, the program will pause for 1 + second after reporting a fatal or panic condition, just like other Postfix programs. - -t tag Specifies the logging tag, that is, the identifying name that - appears at the beginning of each logging record. A default tag + -t tag Specifies the logging tag, that is, the identifying name that + appears at the beginning of each logging record. A default tag is used when none is specified. - -v Enable verbose logging for debugging purposes. Multiple -v + -v Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose. ENVIRONMENT @@ -51,32 +52,32 @@ POSTLOG(1) POSTLOG(1) Directory with the main.cf file. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- + The following main.cf parameters are especially relevant to this pro- gram. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix 3.4 and later: maillog_file (empty) - The name of an optional logfile that is written by the Postfix + The name of an optional logfile that is written by the Postfix postlogd(8) service. postlog_service_name (postlog) @@ -84,8 +85,8 @@ POSTLOG(1) POSTLOG(1) SEE ALSO postconf(5), configuration parameters - syslogd(8), syslog daemon - postlogd(8), internal logging service + postlogd(8), Postfix logging + syslogd(8), system logging LICENSE The Secure Mailer license must be distributed with this software. diff --git a/postfix/html/postlogd.8.html b/postfix/html/postlogd.8.html index d41c55488..ae4a26a75 100644 --- a/postfix/html/postlogd.8.html +++ b/postfix/html/postlogd.8.html @@ -69,7 +69,12 @@ POSTLOGD(8) POSTLOGD(8) SEE ALSO postconf(5), configuration parameters - syslogd(5), system logging + syslogd(8), system logging + +README_FILES + Use "postconf readme_directory" or "postconf html_directory" to locate + this information. + MAILLOG_README, Postfix logging to file or stdout LICENSE The Secure Mailer license must be distributed with this software. diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index 5e8445472..8c2322531 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -225,9 +225,9 @@ POSTMAP(1) POSTMAP(1) base. DIAGNOSTICS - Problems are logged to the standard error stream and to syslogd(8). No - output means that no problems were detected. Duplicate entries are - skipped and are flagged with a warning. + Problems are logged to the standard error stream and to syslogd(8) or + postlogd(8). No output means that no problems were detected. Duplicate + entries are skipped and are flagged with a warning. postmap(1) terminates with zero exit status in case of success (includ- ing successful "postmap -q" lookup) and terminates with non-zero exit @@ -281,6 +281,7 @@ POSTMAP(1) POSTMAP(1) postalias(1), create/update/query alias database postconf(1), supported database types postconf(5), configuration parameters + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index 15ad7fea2..d64e6d1ec 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -148,32 +148,33 @@ POSTQUEUE(1) POSTQUEUE(1) RFC 7159 (JSON notation) DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard error stream. + Problems are logged to syslogd(8) or postlogd(8), and to the standard + error stream. ENVIRONMENT MAIL_CONFIG - Directory with the main.cf file. In order to avoid exploitation - of set-group ID privileges, a non-standard directory is allowed + Directory with the main.cf file. In order to avoid exploitation + of set-group ID privileges, a non-standard directory is allowed only if: - o The name is listed in the standard main.cf file with the + o The name is listed in the standard main.cf file with the alternate_config_directories configuration parameter. o The command is invoked by the super-user. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. alternate_config_directories (empty) A list of non-default Postfix configuration directories that may - be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with the "-C" option), or via the + be specified with "-c config_directory" on the command line (in + the case of sendmail(1), with the "-C" option), or via the MAIL_CONFIG environment parameter. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. command_directory (see 'postconf -d' output) @@ -184,8 +185,8 @@ POSTQUEUE(1) POSTQUEUE(1) tion logfiles with mail that is queued to those destinations. import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. queue_directory (see 'postconf -d' output) @@ -195,11 +196,11 @@ POSTQUEUE(1) POSTQUEUE(1) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". trigger_timeout (10s) - The time limit for sending a trigger to a Postfix daemon (for + The time limit for sending a trigger to a Postfix daemon (for example, the pickup(8) or qmgr(8) daemon). Available in Postfix version 2.2 and later: @@ -219,6 +220,8 @@ POSTQUEUE(1) POSTQUEUE(1) flush(8), fast flush service sendmail(1), Sendmail-compatible user interface postsuper(1), privileged queue operations + postlogd(8), Postfix logging + syslogd(8), system logging README FILES ETRN_README, Postfix ETRN howto diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index f1d8d5e9c..571ba2a76 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -71,7 +71,7 @@ POSTSCREEN(8) POSTSCREEN(8) RFC 5321 (SMTP protocol, including multi-line 220 banners) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS The postscreen(8) built-in SMTP protocol engine currently does not @@ -413,6 +413,7 @@ POSTSCREEN(8) POSTSCREEN(8) smtpd(8), Postfix SMTP server tlsproxy(8), Postfix TLS proxy server dnsblog(8), DNS black/whitelist logger + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html index dcafbafdd..abd540818 100644 --- a/postfix/html/postsuper.1.html +++ b/postfix/html/postsuper.1.html @@ -190,12 +190,13 @@ POSTSUPER(1) POSTSUPER(1) options make the software increasingly verbose. DIAGNOSTICS - Problems are reported to the standard error stream and to syslogd(8). + Problems are reported to the standard error stream and to syslogd(8) or + postlogd(8). postsuper(1) reports the number of messages deleted with -d, the number - of messages requeued with -r, and the number of messages whose queue - file name was fixed with -s. The report is written to the standard - error stream and to syslogd(8). + of messages requeued with -r, and the number of messages whose queue + file name was fixed with -s. The report is written to the standard + error stream and to syslogd(8) or postlogd(8). ENVIRONMENT MAIL_CONFIG @@ -206,25 +207,25 @@ POSTSUPER(1) POSTSUPER(1) cannot be placed "on hold". CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. hash_queue_depth (1) - The number of subdirectory levels for queue directories listed + The number of subdirectory levels for queue directories listed with the hash_queue_names parameter. hash_queue_names (deferred, defer) - The names of queue directories that are split across multiple + The names of queue directories that are split across multiple subdirectory levels. import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. queue_directory (see 'postconf -d' output) @@ -234,7 +235,7 @@ POSTSUPER(1) POSTSUPER(1) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix version 2.9 and later: @@ -245,6 +246,8 @@ POSTSUPER(1) POSTSUPER(1) SEE ALSO sendmail(1), Sendmail-compatible user interface postqueue(1), unprivileged queue operations + postlogd(8), Postfix logging + syslogd(8), system logging LICENSE The Secure Mailer license must be distributed with this software. diff --git a/postfix/html/proxymap.8.html b/postfix/html/proxymap.8.html index 8273e7850..649d399f5 100644 --- a/postfix/html/proxymap.8.html +++ b/postfix/html/proxymap.8.html @@ -123,7 +123,7 @@ PROXYMAP(8) PROXYMAP(8) its content. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS The proxymap(8) server provides service to multiple clients, and must diff --git a/postfix/html/qmgr.8.html b/postfix/html/qmgr.8.html index fd4be5e7b..3497b3b1d 100644 --- a/postfix/html/qmgr.8.html +++ b/postfix/html/qmgr.8.html @@ -149,10 +149,11 @@ QMGR(8) QMGR(8) environment. DIAGNOSTICS - Problems and transactions are logged to the syslog daemon. Corrupted - message files are saved to the corrupt queue for further inspection. + Problems and transactions are logged to syslogd(8) or postlogd(8). + Corrupted message files are saved to the corrupt queue for further + inspection. - Depending on the setting of the notify_classes parameter, the postmas- + Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces and of other trouble. BUGS @@ -165,7 +166,7 @@ QMGR(8) QMGR(8) sistent process. Use the "postfix reload" command after a configuration change. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. In the text below, transport is the first field in a master.cf entry. @@ -174,26 +175,26 @@ QMGR(8) QMGR(8) Available before Postfix version 2.5: allow_min_user (no) - Allow a sender or recipient address to have `-' as the first + Allow a sender or recipient address to have `-' as the first character. Available with Postfix version 2.7 and later: default_filter_nexthop (empty) - When a content_filter or FILTER request specifies no explicit - next-hop destination, use $default_filter_nexthop instead; when + When a content_filter or FILTER request specifies no explicit + next-hop destination, use $default_filter_nexthop instead; when that value is empty, use the domain in the recipient address. ACTIVE QUEUE CONTROLS qmgr_clog_warn_time (300s) - The minimal delay between warnings that a specific destination + The minimal delay between warnings that a specific destination is clogging up the Postfix active queue. qmgr_message_active_limit (20000) The maximal number of messages in the active queue. qmgr_message_recipient_limit (20000) - The maximal number of recipients held in memory by the Postfix + The maximal number of recipients held in memory by the Postfix queue manager, and the maximal size of the short-term, in-memory "dead" destination status cache. @@ -205,12 +206,12 @@ QMGR(8) QMGR(8) recipients. transport_recipient_limit ($default_recipient_limit) - A transport-specific override for the default_recipient_limit - parameter value, where transport is the master.cf name of the + A transport-specific override for the default_recipient_limit + parameter value, where transport is the master.cf name of the message delivery transport. default_extra_recipient_limit (1000) - The default value for the extra per-transport limit imposed on + The default value for the extra per-transport limit imposed on the number of in-memory recipients. transport_extra_recipient_limit ($default_extra_recipient_limit) @@ -221,12 +222,12 @@ QMGR(8) QMGR(8) Available in Postfix version 2.4 and later: default_recipient_refill_limit (100) - The default per-transport limit on the number of recipients + The default per-transport limit on the number of recipients refilled at once. transport_recipient_refill_limit ($default_recipient_refill_limit) - A transport-specific override for the default_recipi- - ent_refill_limit parameter value, where transport is the mas- + A transport-specific override for the default_recipi- + ent_refill_limit parameter value, where transport is the mas- ter.cf name of the message delivery transport. default_recipient_refill_delay (5s) @@ -234,8 +235,8 @@ QMGR(8) QMGR(8) refills. transport_recipient_refill_delay ($default_recipient_refill_delay) - A transport-specific override for the default_recipi- - ent_refill_delay parameter value, where transport is the mas- + A transport-specific override for the default_recipi- + ent_refill_delay parameter value, where transport is the mas- ter.cf name of the message delivery transport. DELIVERY CONCURRENCY CONTROLS @@ -244,12 +245,12 @@ QMGR(8) QMGR(8) delivery to the same destination. default_destination_concurrency_limit (20) - The default maximal number of parallel deliveries to the same + The default maximal number of parallel deliveries to the same destination. transport_destination_concurrency_limit ($default_destination_concur- rency_limit) - A transport-specific override for the default_destination_con- + A transport-specific override for the default_destination_con- currency_limit parameter value, where transport is the master.cf name of the message delivery transport. @@ -257,45 +258,45 @@ QMGR(8) QMGR(8) transport_initial_destination_concurrency ($initial_destination_concur- rency) - A transport-specific override for the initial_destination_con- - currency parameter value, where transport is the master.cf name + A transport-specific override for the initial_destination_con- + currency parameter value, where transport is the master.cf name of the message delivery transport. default_destination_concurrency_failed_cohort_limit (1) - How many pseudo-cohorts must suffer connection or handshake - failure before a specific destination is considered unavailable + How many pseudo-cohorts must suffer connection or handshake + failure before a specific destination is considered unavailable (and further delivery is suspended). transport_destination_concurrency_failed_cohort_limit ($default_desti- nation_concurrency_failed_cohort_limit) - A transport-specific override for the default_destination_con- + A transport-specific override for the default_destination_con- currency_failed_cohort_limit parameter value, where transport is the master.cf name of the message delivery transport. default_destination_concurrency_negative_feedback (1) - The per-destination amount of delivery concurrency negative - feedback, after a delivery completes with a connection or hand- + The per-destination amount of delivery concurrency negative + feedback, after a delivery completes with a connection or hand- shake failure. transport_destination_concurrency_negative_feedback ($default_destina- tion_concurrency_negative_feedback) - A transport-specific override for the default_destination_con- - currency_negative_feedback parameter value, where transport is + A transport-specific override for the default_destination_con- + currency_negative_feedback parameter value, where transport is the master.cf name of the message delivery transport. default_destination_concurrency_positive_feedback (1) - The per-destination amount of delivery concurrency positive + The per-destination amount of delivery concurrency positive feedback, after a delivery completes without connection or hand- shake failure. transport_destination_concurrency_positive_feedback ($default_destina- tion_concurrency_positive_feedback) - A transport-specific override for the default_destination_con- - currency_positive_feedback parameter value, where transport is + A transport-specific override for the default_destination_con- + currency_positive_feedback parameter value, where transport is the master.cf name of the message delivery transport. destination_concurrency_feedback_debug (no) - Make the queue manager's feedback algorithm verbose for perfor- + Make the queue manager's feedback algorithm verbose for perfor- mance analysis purposes. RECIPIENT SCHEDULING CONTROLS @@ -305,25 +306,25 @@ QMGR(8) QMGR(8) transport_destination_recipient_limit ($default_destination_recipi- ent_limit) A transport-specific override for the default_destination_recip- - ient_limit parameter value, where transport is the master.cf + ient_limit parameter value, where transport is the master.cf name of the message delivery transport. MESSAGE SCHEDULING CONTROLS default_delivery_slot_cost (5) - How often the Postfix queue manager's scheduler is allowed to + How often the Postfix queue manager's scheduler is allowed to preempt delivery of one message with another. transport_delivery_slot_cost ($default_delivery_slot_cost) A transport-specific override for the default_delivery_slot_cost - parameter value, where transport is the master.cf name of the + parameter value, where transport is the master.cf name of the message delivery transport. default_minimum_delivery_slots (3) - How many recipients a message must have in order to invoke the + How many recipients a message must have in order to invoke the Postfix queue manager's scheduling algorithm at all. transport_minimum_delivery_slots ($default_minimum_delivery_slots) - A transport-specific override for the default_minimum_deliv- + A transport-specific override for the default_minimum_deliv- ery_slots parameter value, where transport is the master.cf name of the message delivery transport. @@ -333,16 +334,16 @@ QMGR(8) QMGR(8) transport_delivery_slot_discount ($default_delivery_slot_discount) A transport-specific override for the default_delivery_slot_dis- - count parameter value, where transport is the master.cf name of + count parameter value, where transport is the master.cf name of the message delivery transport. default_delivery_slot_loan (3) - The default value for transport-specific _delivery_slot_loan + The default value for transport-specific _delivery_slot_loan settings. transport_delivery_slot_loan ($default_delivery_slot_loan) A transport-specific override for the default_delivery_slot_loan - parameter value, where transport is the master.cf name of the + parameter value, where transport is the master.cf name of the message delivery transport. OTHER RESOURCE AND RATE CONTROLS @@ -354,32 +355,31 @@ QMGR(8) QMGR(8) The maximal time between attempts to deliver a deferred message. maximal_queue_lifetime (5d) - Consider a message as undeliverable, when delivery fails with a + Consider a message as undeliverable, when delivery fails with a temporary error, and the time in the queue has reached the maxi- mal_queue_lifetime limit. queue_run_delay (300s) - The time between deferred queue scans by the queue manager; + The time between deferred queue scans by the queue manager; prior to Postfix 2.4 the default value was 1000s. transport_retry_time (60s) - The time between attempts by the Postfix queue manager to con- + The time between attempts by the Postfix queue manager to con- tact a malfunctioning message delivery transport. Available in Postfix version 2.1 and later: bounce_queue_lifetime (5d) - Consider a bounce message as undeliverable, when delivery fails - with a temporary error, and the time in the queue has reached + Consider a bounce message as undeliverable, when delivery fails + with a temporary error, and the time in the queue has reached the bounce_queue_lifetime limit. Available in Postfix version 2.5 and later: default_destination_rate_delay (0s) - The default amount of delay that is inserted between individual - deliveries to the same destination; the resulting behavior - depends on the value of the corresponding per-destination recip- - ient limit. + The default amount of delay that is inserted between individual + message deliveries to the same destination and over the same + message delivery transport. transport_destination_rate_delay ($default_destination_rate_delay) A transport-specific override for the default_destina- @@ -390,8 +390,8 @@ QMGR(8) QMGR(8) default_transport_rate_delay (0s) The default amount of delay that is inserted between individual - deliveries over the same message delivery transport, regardless - of destination. + message deliveries over the same message delivery transport, + regardless of destination. transport_transport_rate_delay ($default_transport_rate_delay) A transport-specific override for the default_trans- @@ -472,6 +472,7 @@ QMGR(8) QMGR(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/qmqpd.8.html b/postfix/html/qmqpd.8.html index ef4120d48..4086cec53 100644 --- a/postfix/html/qmqpd.8.html +++ b/postfix/html/qmqpd.8.html @@ -27,7 +27,7 @@ QMQPD(8) QMQPD(8) chrooted at fixed low privilege. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS The QMQP protocol provides only one server reply per message delivery. @@ -169,6 +169,7 @@ QMQPD(8) QMQPD(8) http://cr.yp.to/proto/qmqp.html, QMQP protocol cleanup(8), message canonicalization master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/scache.8.html b/postfix/html/scache.8.html index 3aa5a7471..6b2512678 100644 --- a/postfix/html/scache.8.html +++ b/postfix/html/scache.8.html @@ -73,7 +73,7 @@ SCACHE(8) SCACHE(8) store information that is security sensitive. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS The session cache cannot be shared among multiple machines. @@ -138,6 +138,7 @@ SCACHE(8) SCACHE(8) smtp(8), SMTP client postconf(5), configuration parameters master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index 0d416c931..02f20fe89 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -285,7 +285,8 @@ SENDMAIL(1) SENDMAIL(1) precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard error stream. + Problems are logged to syslogd(8) or postlogd(8), and to the standard + error stream. ENVIRONMENT MAIL_CONFIG @@ -298,12 +299,12 @@ SENDMAIL(1) SENDMAIL(1) Enable debugging with an external command, as specified with the debugger_command configuration parameter. - NAME The sender full name. This is used only with messages that have + NAME The sender full name. This is used only with messages that have no From: message header. See also the -F option above. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. COMPATIBILITY CONTROLS @@ -314,7 +315,7 @@ SENDMAIL(1) SENDMAIL(1) line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to troubleshoot a Postfix + The DEBUG_README file gives examples of how to troubleshoot a Postfix system. debugger_command (empty) @@ -322,11 +323,11 @@ SENDMAIL(1) SENDMAIL(1) invoked with the -D option. debug_peer_level (2) - The increment in verbose logging level when a remote client or + The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname or network + Optional list of remote client or server hostname or network address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. @@ -340,13 +341,13 @@ SENDMAIL(1) SENDMAIL(1) List of users who are authorized to view the queue. authorized_submit_users (static:anyone) - List of users who are authorized to submit mail with the send- + List of users who are authorized to submit mail with the send- mail(1) command (and with the privileged postdrop(1) helper com- mand). RESOURCE AND RATE CONTROLS bounce_size_limit (50000) - The maximal amount of original message text that is sent in a + The maximal amount of original message text that is sent in a non-delivery notification. fork_attempts (5) @@ -360,11 +361,11 @@ SENDMAIL(1) SENDMAIL(1) in the primary message headers. queue_run_delay (300s) - The time between deferred queue scans by the queue manager; + The time between deferred queue scans by the queue manager; prior to Postfix 2.4 the default value was 1000s. FAST FLUSH CONTROLS - The ETRN_README file describes configuration and operation details for + The ETRN_README file describes configuration and operation details for the Postfix "fast flush" service. fast_flush_domains ($relay_domains) @@ -372,26 +373,26 @@ SENDMAIL(1) SENDMAIL(1) tion logfiles with mail that is queued to those destinations. VERP CONTROLS - The VERP_README file describes configuration and operation details of + The VERP_README file describes configuration and operation details of Postfix support for variable envelope return path addresses. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter characters on + The characters Postfix accepts as VERP delimiter characters on the Postfix sendmail(1) command line and in SMTP commands. MISCELLANEOUS CONTROLS alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are updated with + The alias databases for local(8) delivery that are updated with "newaliases" or with "sendmail -bi". command_directory (see 'postconf -d' output) The location of all postfix administrative commands. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_directory (see 'postconf -d' output) @@ -402,46 +403,46 @@ SENDMAIL(1) SENDMAIL(1) and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives a copy of the message + The time after which the sender receives a copy of the message headers of mail that is still queued. import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. queue_directory (see 'postconf -d' output) The location of the Postfix top-level queue directory. remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients at all when - this parameter is empty; otherwise, rewrite message headers and + Don't rewrite message headers from remote clients at all when + this parameter is empty; otherwise, rewrite message headers and append the specified domain name to incomplete addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Postfix 3.2 and later: alternate_config_directories (empty) A list of non-default Postfix configuration directories that may - be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with the "-C" option), or via the + be specified with "-c config_directory" on the command line (in + the case of sendmail(1), with the "-C" option), or via the MAIL_CONFIG environment parameter. multi_instance_directories (empty) - An optional list of non-default Postfix configuration directo- - ries; these directories belong to additional Postfix instances - that share the Postfix executable files and documentation with - the default Postfix instance, and that are started, stopped, + An optional list of non-default Postfix configuration directo- + ries; these directories belong to additional Postfix instances + that share the Postfix executable files and documentation with + the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. FILES @@ -458,10 +459,11 @@ SENDMAIL(1) SENDMAIL(1) postdrop(1), mail posting utility postfix(1), mail system control postqueue(1), mail queue control + postlogd(8), Postfix logging syslogd(8), system logging README_FILES - Use "postconf readme_directory" or "postconf html_directory" to locate + Use "postconf readme_directory" or "postconf html_directory" to locate this information. DEBUG_README, Postfix debugging howto ETRN_README, Postfix ETRN howto diff --git a/postfix/html/showq.8.html b/postfix/html/showq.8.html index 5a5b563ea..e95ce0f32 100644 --- a/postfix/html/showq.8.html +++ b/postfix/html/showq.8.html @@ -31,7 +31,7 @@ SHOWQ(8) SHOWQ(8) None. The showq(8) daemon does not interact with the outside world. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). CONFIGURATION PARAMETERS Changes to main.cf are picked up automatically as showq(8) processes @@ -104,6 +104,7 @@ SHOWQ(8) SHOWQ(8) qmgr(8), queue manager postconf(5), configuration parameters master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 4bba215ad..ee724df51 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -112,9 +112,9 @@ SMTP(8) SMTP(8) RFC 7672 (SMTP security via opportunistic DANE TLS) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). Corrupted message - files are marked so that the queue manager can move them to the corrupt - queue for further inspection. + Problems and transactions are logged to syslogd(8) or postlogd(8). + Corrupted message files are marked so that the queue manager can move + them to the corrupt queue for further inspection. Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces, protocol problems, and of other trouble. @@ -913,6 +913,7 @@ SMTP(8) SMTP(8) master(5), generic daemon options master(8), process manager tlsmgr(8), TLS session and PRNG management + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 367e73472..d019b52e0 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -63,7 +63,7 @@ SMTPD(8) SMTPD(8) RFC 7505 ("Null MX" No Service Resource Record) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces, protocol problems, policy violations, and @@ -1317,6 +1317,7 @@ SMTPD(8) SMTPD(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/spawn.8.html b/postfix/html/spawn.8.html index 17166a9cd..51bb9045d 100644 --- a/postfix/html/spawn.8.html +++ b/postfix/html/spawn.8.html @@ -51,7 +51,7 @@ SPAWN(8) SPAWN(8) DIAGNOSTICS The spawn(8) daemon reports abnormal child exits. Problems are logged - to syslogd(8). + to syslogd(8) or postlogd(8). SECURITY This program needs root privilege in order to execute external commands @@ -129,6 +129,7 @@ SPAWN(8) SPAWN(8) SEE ALSO postconf(5), configuration parameters master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/tlsmgr.8.html b/postfix/html/tlsmgr.8.html index 1c26f4fe0..7f3ac1873 100644 --- a/postfix/html/tlsmgr.8.html +++ b/postfix/html/tlsmgr.8.html @@ -50,7 +50,7 @@ TLSMGR(8) TLSMGR(8) Postfix-owned data_directory, and a warning is logged. DIAGNOSTICS - Problems and transactions are logged to the syslog daemon. + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS There is no automatic means to limit the number of entries in the TLS @@ -160,6 +160,7 @@ TLSMGR(8) TLSMGR(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html index 38067f993..5b9e73d22 100644 --- a/postfix/html/tlsproxy.8.html +++ b/postfix/html/tlsproxy.8.html @@ -45,7 +45,7 @@ TLSPROXY(8) TLSPROXY(8) fixed low privilege. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). CONFIGURATION PARAMETERS Changes to main.cf are not picked up automatically, as tlsproxy(8) pro- @@ -296,7 +296,8 @@ TLSPROXY(8) TLSPROXY(8) postscreen(8), Postfix zombie blocker smtpd(8), Postfix SMTP server postconf(5), configuration parameters - syslogd(5), system logging + postlogd(8), Postfix logging + syslogd(8), system logging LICENSE The Secure Mailer license must be distributed with this software. diff --git a/postfix/html/trace.8.html b/postfix/html/trace.8.html index 9f6a7a8b4..67801211a 100644 --- a/postfix/html/trace.8.html +++ b/postfix/html/trace.8.html @@ -51,7 +51,7 @@ BOUNCE(8) BOUNCE(8) RFC 6533 (Internationalized Delivery Status Notifications) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). CONFIGURATION PARAMETERS Changes to main.cf are picked up automatically, as bounce(8) processes @@ -164,6 +164,7 @@ BOUNCE(8) BOUNCE(8) postconf(5), configuration parameters master(5), generic daemon options master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging LICENSE diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index fa8c34f6b..d5e2fdc1f 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -73,7 +73,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) fixed low privilege in a chrooted environment. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). CONFIGURATION PARAMETERS On busy mail systems a long time may pass before a main.cf change @@ -308,6 +308,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) transport(5), transport table format relocated(5), format of the "user has moved" table master(8), process manager + postlogd(8), Postfix logging syslogd(8), system logging README FILES diff --git a/postfix/html/verify.8.html b/postfix/html/verify.8.html index 3443f458d..f1805b01a 100644 --- a/postfix/html/verify.8.html +++ b/postfix/html/verify.8.html @@ -58,7 +58,7 @@ VERIFY(8) VERIFY(8) warning is logged. DIAGNOSTICS - Problems and transactions are logged to syslogd(8). + Problems and transactions are logged to syslogd(8) or postlogd(8). BUGS Address verification probe messages add additional traffic to the mail @@ -214,7 +214,8 @@ VERIFY(8) VERIFY(8) smtpd(8), Postfix SMTP server cleanup(8), enqueue Postfix message postconf(5), configuration parameters - syslogd(5), system logging + postlogd(8), Postfix logging + syslogd(8), system logging README FILES ADDRESS_VERIFICATION_README, address verification howto diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html index 27709b000..3373eb3b5 100644 --- a/postfix/html/virtual.8.html +++ b/postfix/html/virtual.8.html @@ -125,9 +125,9 @@ VIRTUAL(8) VIRTUAL(8) over disk quota. In all other cases, mail for an existing recipient is deferred and a warning is logged. - Problems and transactions are logged to syslogd(8). Corrupted message - files are marked so that the queue manager can move them to the corrupt - queue afterwards. + Problems and transactions are logged to syslogd(8) or postlogd(8). + Corrupted message files are marked so that the queue manager can move + them to the corrupt queue afterwards. Depending on the setting of the notify_classes parameter, the postmas- ter is notified of bounces and of other trouble. @@ -283,6 +283,7 @@ VIRTUAL(8) VIRTUAL(8) qmgr(8), queue manager bounce(8), delivery status reports postconf(5), configuration parameters + postlogd(8), Postfix logging syslogd(8), system logging README_FILES diff --git a/postfix/makedefs b/postfix/makedefs index 5b16e1fb3..e276a11ba 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -882,7 +882,7 @@ CCARGS="$CCARGS -DSNAPSHOT" # Non-production: needs thorough testing, or major changes are still # needed before the code stabilizes. -#CCARGS="$CCARGS -DNONPROD" +CCARGS="$CCARGS -DNONPROD" # Workaround: prepend Postfix include files before other include files. CCARGS="-I. -I../../include $CCARGS" diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1 index ba4c605db..0f47fe404 100644 --- a/postfix/man/man1/postalias.1 +++ b/postfix/man/man1/postalias.1 @@ -155,7 +155,7 @@ The name of the alias database source file when creating a database. .ad .fi Problems are logged to the standard error stream and to -\fBsyslogd\fR(8). No output means that +\fBsyslogd\fR(8) or \fBpostlogd\fR(8). No output means that no problems were detected. Duplicate entries are skipped and are flagged with a warning. @@ -221,6 +221,7 @@ postconf(1), supported database types postconf(5), configuration parameters postmap(1), create/update/query lookup tables newaliases(1), Sendmail compatibility interface. +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man1/postdrop.1 b/postfix/man/man1/postdrop.1 index 674b0e57c..10f638fd1 100644 --- a/postfix/man/man1/postdrop.1 +++ b/postfix/man/man1/postdrop.1 @@ -40,7 +40,8 @@ it can connect to Postfix daemon processes. .ad .fi Fatal errors: malformed input, I/O error, out of memory. Problems -are logged to \fBsyslogd\fR(8) and to the standard error stream. +are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8) and to +the standard error stream. When the input is incomplete, or when the process receives a HUP, INT, QUIT or TERM signal, the queue file is deleted. .SH "ENVIRONMENT" @@ -104,6 +105,7 @@ command (and with the privileged \fBpostdrop\fR(1) helper command). .nf sendmail(1), compatibility interface postconf(5), configuration parameters +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man1/postlog.1 b/postfix/man/man1/postlog.1 index 435c49bdc..87f537d18 100644 --- a/postfix/man/man1/postlog.1 +++ b/postfix/man/man1/postlog.1 @@ -23,7 +23,8 @@ line as one record. If no \fItext\fR is specified on the command line, \fBpostlog\fR(1) reads from standard input and logs each input line as one record. -By default, logging is sent to \fBsyslogd\fR(8); when the +By default, logging is sent to \fBsyslogd\fR(8) or +\fBpostlogd\fR(8); when the standard error stream is connected to a terminal, logging is sent there as well. @@ -87,8 +88,8 @@ The name of the \fBpostlogd\fR(8) service entry in master.cf. .na .nf postconf(5), configuration parameters -syslogd(8), syslog daemon -postlogd(8), internal logging service +postlogd(8), Postfix logging +syslogd(8), system logging .SH "LICENSE" .na .nf diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index bfb06328d..7f08fd8af 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -242,7 +242,7 @@ The name of the lookup table source file when rebuilding a database. .ad .fi Problems are logged to the standard error stream and to -\fBsyslogd\fR(8). +\fBsyslogd\fR(8) or \fBpostlogd\fR(8). No output means that no problems were detected. Duplicate entries are skipped and are flagged with a warning. @@ -297,6 +297,7 @@ records, so that, for example, "smtpd" becomes "prefix/smtpd". postalias(1), create/update/query alias database postconf(1), supported database types postconf(5), configuration parameters +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1 index 7d70dafe3..1edc75b2d 100644 --- a/postfix/man/man1/postqueue.1 +++ b/postfix/man/man1/postqueue.1 @@ -151,8 +151,8 @@ RFC 7159 (JSON notation) .SH DIAGNOSTICS .ad .fi -Problems are logged to \fBsyslogd\fR(8) and to the standard error -stream. +Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), +and to the standard error stream. .SH "ENVIRONMENT" .na .nf @@ -223,6 +223,8 @@ showq(8), list mail queue flush(8), fast flush service sendmail(1), Sendmail\-compatible user interface postsuper(1), privileged queue operations +postlogd(8), Postfix logging +syslogd(8), system logging .SH "README FILES" .na .nf diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1 index cfae09d65..e165edfdd 100644 --- a/postfix/man/man1/postsuper.1 +++ b/postfix/man/man1/postsuper.1 @@ -208,12 +208,13 @@ options make the software increasingly verbose. .ad .fi Problems are reported to the standard error stream and to -\fBsyslogd\fR(8). +\fBsyslogd\fR(8) or \fBpostlogd\fR(8). \fBpostsuper\fR(1) reports the number of messages deleted with \fB\-d\fR, the number of messages requeued with \fB\-r\fR, and the number of messages whose queue file name was fixed with \fB\-s\fR. The report -is written to the standard error stream and to \fBsyslogd\fR(8). +is written to the standard error stream and to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH "ENVIRONMENT" .na .nf @@ -264,6 +265,8 @@ Enable long, non\-repeating, queue IDs (queue file names). .nf sendmail(1), Sendmail\-compatible user interface postqueue(1), unprivileged queue operations +postlogd(8), Postfix logging +syslogd(8), system logging .SH "LICENSE" .na .nf diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index 3d5d984cc..e52861b1b 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -265,8 +265,8 @@ inputs. .SH DIAGNOSTICS .ad .fi -Problems are logged to \fBsyslogd\fR(8) and to the standard error -stream. +Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), +and to the standard error stream. .SH "ENVIRONMENT" .na .nf @@ -441,6 +441,7 @@ postalias(1), create/update/query alias database postdrop(1), mail posting utility postfix(1), mail system control postqueue(1), mail queue control +postlogd(8), Postfix logging syslogd(8), system logging .SH "README_FILES" .na diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index d4a153d0b..4a92d179c 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3750,9 +3750,9 @@ substitutions in regular expression maps. This feature is available in Postfix 2.3 and later. .SH maillog_file (default: empty) The name of an optional logfile that is written by the Postfix -\fBpostlogd\fR(8) service. A non\-empty value disables logging to \fBsyslogd\fR(8). -Specify "/dev/stdout" for logging to standard output. Stdout logging -requires that Postfix is started with "postfix start\-fg". +\fBpostlogd\fR(8) service. A non\-empty value selects logging to \fBsyslogd\fR(8). +Specify "/dev/stdout" to select logging to standard output. Stdout +logging requires that Postfix is started with "postfix start\-fg". .PP Note 1: The maillog_file parameter value must contain a prefix that is specified with the maillog_file_prefixes parameter. @@ -3764,8 +3764,8 @@ parameters and command\-line options. This feature is available in Postfix 3.4 and later. .SH maillog_file_compressor (default: gzip) The program to run after rotating $maillog_file with "postfix -logrotate". The command is run with the rotated file as its first -argument. +logrotate". The command is run with the rotated logfile name as its +first argument. .PP This feature is available in Postfix 3.4 and later. .SH maillog_file_prefixes (default: /var, /dev/stdout) diff --git a/postfix/man/man8/anvil.8 b/postfix/man/man8/anvil.8 index 61d632d0f..89ea9a6c3 100644 --- a/postfix/man/man8/anvil.8 +++ b/postfix/man/man8/anvil.8 @@ -185,7 +185,8 @@ the time unit over which state is kept. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Upon exit, and every \fBanvil_status_update_time\fR seconds, the server logs the maximal count and rate values measured, diff --git a/postfix/man/man8/bounce.8 b/postfix/man/man8/bounce.8 index 846de4ea9..a91b8a71e 100644 --- a/postfix/man/man8/bounce.8 +++ b/postfix/man/man8/bounce.8 @@ -54,7 +54,8 @@ RFC 6533 (Internationalized Delivery Status Notifications) .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH "CONFIGURATION PARAMETERS" .na .nf @@ -149,6 +150,7 @@ qmgr(8), queue manager postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index 6215c2381..d3df1f042 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -64,7 +64,8 @@ RFC 5322 (Internet Message Format) .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi @@ -286,7 +287,7 @@ Optional list of domains whose subdomain structure will be stripped off in email addresses. .IP "\fBmasquerade_exceptions (empty)\fR" Optional list of user names that are not subjected to address -masquerading, even when their address matches $masquerade_domains. +masquerading, even when their addresses match $masquerade_domains. .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" What address lookup tables copy an address extension from the lookup key to the lookup result. @@ -448,6 +449,7 @@ virtual(5), virtual alias lookup table format postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/discard.8 b/postfix/man/man8/discard.8 index 109a937a1..782389149 100644 --- a/postfix/man/man8/discard.8 +++ b/postfix/man/man8/discard.8 @@ -43,7 +43,8 @@ RFC 3463 (Enhanced Status Codes) .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Depending on the setting of the \fBnotify_classes\fR parameter, the postmaster is notified of bounces and of other trouble. @@ -103,6 +104,7 @@ error(8), Postfix error delivery agent postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/dnsblog.8 b/postfix/man/man8/dnsblog.8 index 7ad077dbf..809e4efe5 100644 --- a/postfix/man/man8/dnsblog.8 +++ b/postfix/man/man8/dnsblog.8 @@ -34,7 +34,8 @@ Finally, the \fBdnsblog\fR(8) server closes the connection. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH "CONFIGURATION PARAMETERS" .na .nf @@ -79,7 +80,8 @@ The master.cf service name of a Postfix daemon process. .nf smtpd(8), Postfix SMTP server postconf(5), configuration parameters -syslogd(5), system logging +postlogd(8), Postfix logging +syslogd(8), system logging .SH "LICENSE" .na .nf diff --git a/postfix/man/man8/error.8 b/postfix/man/man8/error.8 index 96d07e495..f0dae3be9 100644 --- a/postfix/man/man8/error.8 +++ b/postfix/man/man8/error.8 @@ -44,7 +44,8 @@ RFC 3463 (Enhanced Status Codes) .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Depending on the setting of the \fBnotify_classes\fR parameter, the postmaster is notified of bounces and of other trouble. @@ -113,6 +114,7 @@ discard(8), Postfix discard delivery agent postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/flush.8 b/postfix/man/man8/flush.8 index ac1a13db7..b1fdf05da 100644 --- a/postfix/man/man8/flush.8 +++ b/postfix/man/man8/flush.8 @@ -63,7 +63,8 @@ The fast flush server can run chrooted at fixed low privilege. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi @@ -146,6 +147,7 @@ qmgr(8), queue manager postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8 index 7290c6e1e..435109797 100644 --- a/postfix/man/man8/local.8 +++ b/postfix/man/man8/local.8 @@ -340,7 +340,8 @@ RFC 3463 (Enhanced status codes) .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Corrupted message files are marked so that the queue manager can move them to the \fBcorrupt\fR queue afterwards. @@ -620,6 +621,7 @@ postalias(1), create/update alias database aliases(5), format of alias database postconf(5), configuration parameters master(5), generic daemon options +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8 index f8d0f12fe..4517fa043 100644 --- a/postfix/man/man8/master.8 +++ b/postfix/man/man8/master.8 @@ -91,7 +91,8 @@ processes to finish what they are doing. .SH DIAGNOSTICS .ad .fi -Problems are reported to \fBsyslogd\fR(8). The exit status +Problems are reported to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). +The exit status is non\-zero in case of problems, including problems while initializing as a master daemon process in the background. .SH "ENVIRONMENT" @@ -198,6 +199,7 @@ qmgr(8), queue manager verify(8), address verification master(5), master.cf configuration file syntax postconf(5), main.cf configuration file syntax +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/oqmgr.8 b/postfix/man/man8/oqmgr.8 index 53a44e07f..6e4c1665e 100644 --- a/postfix/man/man8/oqmgr.8 +++ b/postfix/man/man8/oqmgr.8 @@ -147,7 +147,8 @@ privilege in a chrooted environment. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to the \fBsyslog\fR(8) daemon. +Problems and transactions are logged to the \fBsyslogd\fR(8) +or \fBpostlogd\fR(8) daemon. Corrupted message files are saved to the \fBcorrupt\fR queue for further inspection. @@ -301,8 +302,8 @@ bounce_queue_lifetime limit. Available in Postfix version 2.5 and later: .IP "\fBdefault_destination_rate_delay (0s)\fR" The default amount of delay that is inserted between individual -deliveries to the same destination; the resulting behavior depends -on the value of the corresponding per\-destination recipient limit. +message deliveries to the same destination and over the same message +delivery transport. .IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR" A transport\-specific override for the default_destination_rate_delay parameter value, where \fItransport\fR is the master.cf name of @@ -311,8 +312,8 @@ the message delivery transport. Available in Postfix version 3.1 and later: .IP "\fBdefault_transport_rate_delay (0s)\fR" The default amount of delay that is inserted between individual -deliveries over the same message delivery transport, regardless of -destination. +message deliveries over the same message delivery transport, +regardless of destination. .IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR" A transport\-specific override for the default_transport_rate_delay parameter value, where the initial \fItransport\fR in the parameter @@ -387,6 +388,7 @@ bounce(8), delivery status reports postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/pickup.8 b/postfix/man/man8/pickup.8 index 26aeb7814..d94a6a92d 100644 --- a/postfix/man/man8/pickup.8 +++ b/postfix/man/man8/pickup.8 @@ -39,7 +39,8 @@ that is sent to its public service endpoint. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi @@ -113,6 +114,7 @@ postdrop(1), mail posting agent postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index 9a83d42c1..9c7bfb089 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -345,7 +345,8 @@ delivery status notifications (Postfix 3.0 and later). This command output is not examined for the presence of an enhanced status code. -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Corrupted message files are marked so that the queue manager can move them to the \fBcorrupt\fR queue for further inspection. .SH "SECURITY" @@ -456,6 +457,7 @@ bounce(8), delivery status reports postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/postlogd.8 b/postfix/man/man8/postlogd.8 index 811b7f949..6ec826cee 100644 --- a/postfix/man/man8/postlogd.8 +++ b/postfix/man/man8/postlogd.8 @@ -70,7 +70,17 @@ before it is terminated by a built\-in watchdog timer. .na .nf postconf(5), configuration parameters -syslogd(5), system logging +syslogd(8), system logging +.SH "README_FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +MAILLOG_README, Postfix logging to file or stdout .SH "LICENSE" .na .nf diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8 index 7e7a25532..1f53e4a75 100644 --- a/postfix/man/man8/postscreen.8 +++ b/postfix/man/man8/postscreen.8 @@ -79,7 +79,8 @@ RFC 5321 (SMTP protocol, including multi\-line 220 banners) .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi @@ -415,6 +416,7 @@ The master.cf service name of a Postfix daemon process. smtpd(8), Postfix SMTP server tlsproxy(8), Postfix TLS proxy server dnsblog(8), DNS black/whitelist logger +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/proxymap.8 b/postfix/man/man8/proxymap.8 index de196638c..e734a2bca 100644 --- a/postfix/man/man8/proxymap.8 +++ b/postfix/man/man8/proxymap.8 @@ -136,7 +136,8 @@ does not match the provider of its content. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi diff --git a/postfix/man/man8/qmgr.8 b/postfix/man/man8/qmgr.8 index 4b7d040e2..7f97f9bc6 100644 --- a/postfix/man/man8/qmgr.8 +++ b/postfix/man/man8/qmgr.8 @@ -151,7 +151,8 @@ privilege in a chrooted environment. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to the syslog daemon. +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Corrupted message files are saved to the \fBcorrupt\fR queue for further inspection. @@ -365,8 +366,8 @@ bounce_queue_lifetime limit. Available in Postfix version 2.5 and later: .IP "\fBdefault_destination_rate_delay (0s)\fR" The default amount of delay that is inserted between individual -deliveries to the same destination; the resulting behavior depends -on the value of the corresponding per\-destination recipient limit. +message deliveries to the same destination and over the same message +delivery transport. .IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR" A transport\-specific override for the default_destination_rate_delay parameter value, where \fItransport\fR is the master.cf name of @@ -375,8 +376,8 @@ the message delivery transport. Available in Postfix version 3.1 and later: .IP "\fBdefault_transport_rate_delay (0s)\fR" The default amount of delay that is inserted between individual -deliveries over the same message delivery transport, regardless of -destination. +message deliveries over the same message delivery transport, +regardless of destination. .IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR" A transport\-specific override for the default_transport_rate_delay parameter value, where the initial \fItransport\fR in the parameter @@ -451,6 +452,7 @@ bounce(8), delivery status reports postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/qmqpd.8 b/postfix/man/man8/qmqpd.8 index 93cdddb45..c8da141a4 100644 --- a/postfix/man/man8/qmqpd.8 +++ b/postfix/man/man8/qmqpd.8 @@ -31,7 +31,8 @@ run chrooted at fixed low privilege. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi @@ -174,6 +175,7 @@ The master.cf service name of a Postfix daemon process. http://cr.yp.to/proto/qmqp.html, QMQP protocol cleanup(8), message canonicalization master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/scache.8 b/postfix/man/man8/scache.8 index 771905b0d..7f9fe49b7 100644 --- a/postfix/man/man8/scache.8 +++ b/postfix/man/man8/scache.8 @@ -73,7 +73,8 @@ not be used to store information that is security sensitive. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi @@ -141,6 +142,7 @@ The master.cf service name of a Postfix daemon process. smtp(8), SMTP client postconf(5), configuration parameters master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/showq.8 b/postfix/man/man8/showq.8 index 380f28c0a..624ae74a4 100644 --- a/postfix/man/man8/showq.8 +++ b/postfix/man/man8/showq.8 @@ -38,7 +38,8 @@ outside world. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH "CONFIGURATION PARAMETERS" .na .nf @@ -102,6 +103,7 @@ cleanup(8), canonicalize and enqueue mail qmgr(8), queue manager postconf(5), configuration parameters master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 0b9859487..a0a0c32cc 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -116,7 +116,8 @@ RFC 7672 (SMTP security via opportunistic DANE TLS) .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Corrupted message files are marked so that the queue manager can move them to the \fBcorrupt\fR queue for further inspection. @@ -796,6 +797,7 @@ postconf(5), configuration parameters master(5), generic daemon options master(8), process manager tlsmgr(8), TLS session and PRNG management +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 23e119e6b..2505c8edd 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -70,7 +70,8 @@ RFC 7505 ("Null MX" No Service Resource Record) .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Depending on the setting of the \fBnotify_classes\fR parameter, the postmaster is notified of bounces, protocol problems, @@ -1144,6 +1145,7 @@ verify(8), address verification service postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/spawn.8 b/postfix/man/man8/spawn.8 index edbec5b09..410ec87b7 100644 --- a/postfix/man/man8/spawn.8 +++ b/postfix/man/man8/spawn.8 @@ -55,7 +55,7 @@ replaced by a more structural solution. .ad .fi The \fBspawn\fR(8) daemon reports abnormal child exits. -Problems are logged to \fBsyslogd\fR(8). +Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). .SH "SECURITY" .na .nf @@ -134,6 +134,7 @@ The master.cf service name of a Postfix daemon process. .nf postconf(5), configuration parameters master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "LICENSE" .na diff --git a/postfix/man/man8/tlsmgr.8 b/postfix/man/man8/tlsmgr.8 index fdd38a5b0..c4e594c29 100644 --- a/postfix/man/man8/tlsmgr.8 +++ b/postfix/man/man8/tlsmgr.8 @@ -59,7 +59,8 @@ is logged. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to the syslog daemon. +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi @@ -164,6 +165,7 @@ smtpd(8), Postfix SMTP server postconf(5), configuration parameters master(5), generic daemon options master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/tlsproxy.8 b/postfix/man/man8/tlsproxy.8 index 6b3b40c9b..5fc67049f 100644 --- a/postfix/man/man8/tlsproxy.8 +++ b/postfix/man/man8/tlsproxy.8 @@ -57,7 +57,8 @@ can be run chrooted at fixed low privilege. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH "CONFIGURATION PARAMETERS" .na .nf @@ -276,7 +277,8 @@ The master.cf service name of a Postfix daemon process. postscreen(8), Postfix zombie blocker smtpd(8), Postfix SMTP server postconf(5), configuration parameters -syslogd(5), system logging +postlogd(8), Postfix logging +syslogd(8), system logging .SH "LICENSE" .na .nf diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index c122d3b94..523c44c4e 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -81,7 +81,8 @@ It can run at a fixed low privilege in a chrooted environment. .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH "CONFIGURATION PARAMETERS" .na .nf @@ -292,6 +293,7 @@ postconf(5), configuration parameters transport(5), transport table format relocated(5), format of the "user has moved" table master(8), process manager +postlogd(8), Postfix logging syslogd(8), system logging .SH "README FILES" .na diff --git a/postfix/man/man8/verify.8 b/postfix/man/man8/verify.8 index b2e677223..4c1fab027 100644 --- a/postfix/man/man8/verify.8 +++ b/postfix/man/man8/verify.8 @@ -65,7 +65,8 @@ non\-Postfix directory is redirected to the Postfix\-owned .SH DIAGNOSTICS .ad .fi -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). .SH BUGS .ad .fi @@ -218,7 +219,8 @@ The master.cf service name of a Postfix daemon process. smtpd(8), Postfix SMTP server cleanup(8), enqueue Postfix message postconf(5), configuration parameters -syslogd(5), system logging +postlogd(8), Postfix logging +syslogd(8), system logging .SH "README FILES" .na .nf diff --git a/postfix/man/man8/virtual.8 b/postfix/man/man8/virtual.8 index 99520ae88..8d5f637b8 100644 --- a/postfix/man/man8/virtual.8 +++ b/postfix/man/man8/virtual.8 @@ -157,7 +157,8 @@ Mail bounces when the recipient has no mailbox or when the recipient is over disk quota. In all other cases, mail for an existing recipient is deferred and a warning is logged. -Problems and transactions are logged to \fBsyslogd\fR(8). +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). Corrupted message files are marked so that the queue manager can move them to the \fBcorrupt\fR queue afterwards. @@ -303,6 +304,7 @@ The master.cf service name of a Postfix daemon process. qmgr(8), queue manager bounce(8), delivery status reports postconf(5), configuration parameters +postlogd(8), Postfix logging syslogd(8), system logging .SH "README_FILES" .na diff --git a/postfix/proto/DEBUG_README.html b/postfix/proto/DEBUG_README.html index 4c1877c9c..2a5b012ab 100644 --- a/postfix/proto/DEBUG_README.html +++ b/postfix/proto/DEBUG_README.html @@ -71,9 +71,20 @@ debugger

    Look for obvious signs of trouble

    -

    Postfix logs all failed and successful deliveries to a logfile. -The file is usually called /var/log/maillog or /var/log/mail; the -exact pathname is defined in the /etc/syslog.conf file.

    +

    Postfix logs all failed and successful deliveries to a logfile.

    + +
      + +

    • When Postfix uses syslog logging (the default), the file +is usually called /var/log/maillog, /var/log/mail, or something +similar; the exact pathname is configured in a file called +/etc/syslog.conf, /etc/rsyslog.conf, or something similar.

      + +

    • When Postfix uses its own logging system (see MAILLOG_README), +the location of the logfile is configured with the Postfix maillog_file +parameter.

      + +

    When Postfix does not receive or deliver mail, the first order of business is to look for errors that prevent Postfix from working diff --git a/postfix/proto/MAILLOG_README.html b/postfix/proto/MAILLOG_README.html new file mode 100644 index 000000000..5fad103c5 --- /dev/null +++ b/postfix/proto/MAILLOG_README.html @@ -0,0 +1,183 @@ + + + + + + +Postfix logging to file or stdout + + + + + + + +

    Postfix +logging to file or stdout

    + +
    + +

    Overview

    + +

    Postfix supports it own logging system as an alternative to +syslog (which remains the default). This is available with Postfix +version 3.4 or later.

    + +

    Topics covered in this document:

    + + + +

    Configuring logging to file

    + +

    Logging to file solves a usability problem for MacOS, and +eliminates multiple problems for systemd-based systems.

    + +
      + +

    1. Add the following line to master.cf if not already present +(note: there must be no whitespace at the start of the line):

      + +
      +
      +postlog   unix-dgram n  -       n       -       1       postlogd
+
      +
      + +

      Note: the service type "unix-dgram" was introduced with +Postfix 3.4. Remove the above line before backing out to an older +Postfix version.

      + +

    2. Configure Postfix to write logging, to, for example, +/var/log/postfix.log. See also the "Logfile +rotation" section below for logfile management.

      + +
      +
      +# postfix stop
+# postconf maillog_file=/var/log/postfix.log
+# postfix start
+
      +
      + +

      By default, the logfile name must start with "/var" or "/dev/stdout" +(the list of allowed prefixes is configured with the maillog_file_prefixes +parameter). This safety mechanism limits the damage from a single +configuration mistake.

      + +
    + +

    Configuring logging to stdout

    + +

    Logging to stdout is useful when Postfix runs in a container, +as it eliminates a syslogd dependency.

    + +
      + +

    1. Add the following line to master.cf if not already present (note: +there must be no whitespace at the start of the line):

      + +
      +
      +postlog   unix-dgram n  -       n       -       1       postlogd
+
      +
      + +

      Note: the service type "unix-dgram" was introduced with +Postfix 3.4. Remove the above line before backing out to an older +Postfix version.

      + +

    2. Configure main.cf with "maillog_file = /dev/stdout".

      + +

    3. Start Postfix with "postfix start-fg".

      + +
    + +

    Rotating logs

    + +

    The command "postfix logrotate" may be run by hand or +by a cronjob. It logs all errors, and reports errors to stderr if +run from a terminal. This command implements the following steps: +

    + +
      + +

    • Rename the current logfile by appending a suffix that +contains the date and time. This suffix is configured with the +maillog_file_rotate_suffix parameter (default: %Y%M%d-%H%M%S).

      + +

    • Reload Postfix so that postlogd(8) immediately closes the +old logfile.

      + +

    • After a brief pause, compress the old logfile. The compression +program is configured with the maillog_file_compressor parameter +(default: gzip).

      + +
    + +

    Notes:

    + +
      + +

    • This command will not rotate a logfile with pathname under +the /dev directory, such as /dev/stdout.

      + +

    • This command does not (yet) remove old logfiles.

      + +
    + +

    Limitations

    + +

    Background:

    + +
      + +

    • Postfix consists of a number of daemon programs, and +non-daemon programs some of which are used for local mail submission, +and some for Postfix management. + +

    • Logging to Postfix logfile or stdout requires the Postfix +postlogd(8) service. This ensures that simultaneous logging from +different programs will not get mixed up.

      + +

    • All Postfix programs can log to syslog, but not all programs +have sufficient privileges to use the Postfix logging service, and +many non-daemon programs must not log to stdout as that would corrupt +their output.

      + +
    + +

    Limitations:

    + +
      + +

    • Non-daemon Postfix programs will log errors to syslogd(8) +before they have processed command-line options and main.cf parameters. + +

    • If Postfix is down, the non-daemon programs postfix(1), +postsuper(1), postmulti(1), and postlog(1), will log directly to +$maillog_file. These programs expect to run with root privileges, +for example during Postfix start-up, reload, or shutdown. + +

    • Other non-daemon Postfix programs will never write directly +to $maillog_file (also, logging to stdout would interfere with the +operation of some of these programs). These programs can log to +postlogd(8) if they are run by the super-user, or if their executable +file has set-gid permission. Do not set this permission on programs +other than postdrop(1) and postqueue(1). + +

    + + + + diff --git a/postfix/proto/Makefile.in b/postfix/proto/Makefile.in index a9cc15287..d60c318dc 100644 --- a/postfix/proto/Makefile.in +++ b/postfix/proto/Makefile.in @@ -25,6 +25,7 @@ HTML = ../html/ADDRESS_CLASS_README.html \ ../html/LDAP_README.html \ ../html/LINUX_README.html \ ../html/LOCAL_RECIPIENT_README.html ../html/MAILDROP_README.html \ + ../html/MAILLOG_README.html \ ../html/LMDB_README.html \ ../html/MEMCACHE_README.html \ ../html/MILTER_README.html \ @@ -70,6 +71,7 @@ README = ../README_FILES/ADDRESS_CLASS_README \ ../README_FILES/LDAP_README \ ../README_FILES/LINUX_README \ ../README_FILES/LOCAL_RECIPIENT_README ../README_FILES/MAILDROP_README \ + ../README_FILES/MAILLOG_README \ ../README_FILES/LMDB_README \ ../README_FILES/MEMCACHE_README \ ../README_FILES/MILTER_README \ @@ -219,6 +221,9 @@ clobber: ../html/MAILDROP_README.html: MAILDROP_README.html $(DETAB) $? | $(POSTLINK) >$@ +../html/MAILLOG_README.html: MAILLOG_README.html + $(DETAB) $? | $(POSTLINK) >$@ + ../html/LMDB_README.html: LMDB_README.html $(DETAB) $? | $(POSTLINK) >$@ @@ -390,6 +395,9 @@ clobber: ../README_FILES/MAILDROP_README: MAILDROP_README.html $(DETAB) $? | $(HT2READ) >$@ +../README_FILES/MAILLOG_README: MAILLOG_README.html + $(DETAB) $? | $(HT2READ) >$@ + ../README_FILES/LMDB_README: LMDB_README.html $(DETAB) $? | $(HT2READ) >$@ diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index c47155732..ae1b6f4be 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -17550,9 +17550,10 @@ parameter. See there for details.

    %PARAM maillog_file

    The name of an optional logfile that is written by the Postfix -postlogd(8) service. A non-empty value disables logging to syslogd(8). -Specify "/dev/stdout" for logging to standard output. Stdout logging -requires that Postfix is started with "postfix start-fg".

    +postlogd(8) service. A non-empty value selects logging to syslogd(8). +Specify "/dev/stdout" to select logging to standard output. Stdout +logging requires that Postfix is started with "postfix start-fg". +

    Note 1: The maillog_file parameter value must contain a prefix that is specified with the maillog_file_prefixes parameter.

    @@ -17597,8 +17598,8 @@ whitespace.

    %PARAM maillog_file_compressor gzip

    The program to run after rotating $maillog_file with "postfix -logrotate". The command is run with the rotated file as its first -argument.

    +logrotate". The command is run with the rotated logfile name as its +first argument.

    This feature is available in Postfix 3.4 and later.

    diff --git a/postfix/src/anvil/anvil.c b/postfix/src/anvil/anvil.c index 4625f28ba..d0a5b2a18 100644 --- a/postfix/src/anvil/anvil.c +++ b/postfix/src/anvil/anvil.c @@ -165,7 +165,8 @@ /* from many remote clients. To reduce memory usage, reduce /* the time unit over which state is kept. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* /* Upon exit, and every \fBanvil_status_update_time\fR /* seconds, the server logs the maximal count and rate values measured, diff --git a/postfix/src/bounce/bounce.c b/postfix/src/bounce/bounce.c index 462fe0a8c..afbeb6304 100644 --- a/postfix/src/bounce/bounce.c +++ b/postfix/src/bounce/bounce.c @@ -44,7 +44,8 @@ /* RFC 6532 (Internationalized Message Format) /* RFC 6533 (Internationalized Delivery Status Notifications) /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* CONFIGURATION PARAMETERS /* .ad /* .fi @@ -133,6 +134,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index a019c3b0e..e93479440 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -54,7 +54,8 @@ /* RFC 3464 (Delivery status notifications) /* RFC 5322 (Internet Message Format) /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* Table-driven rewriting rules make it hard to express \fBif then /* else\fR and other logical relationships. @@ -260,7 +261,7 @@ /* off in email addresses. /* .IP "\fBmasquerade_exceptions (empty)\fR" /* Optional list of user names that are not subjected to address -/* masquerading, even when their address matches $masquerade_domains. +/* masquerading, even when their addresses match $masquerade_domains. /* .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" /* What address lookup tables copy an address extension from the lookup /* key to the lookup result. @@ -412,6 +413,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/cleanup/cleanup_api.c b/postfix/src/cleanup/cleanup_api.c index a39fb75fd..4fc5e2eac 100644 --- a/postfix/src/cleanup/cleanup_api.c +++ b/postfix/src/cleanup/cleanup_api.c @@ -81,7 +81,8 @@ /* Autodetection: request SMTPUTF8 support if the message /* contains an UTF8 message header, sender, or recipient. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* SEE ALSO /* cleanup(8) cleanup service description. /* cleanup_init(8) cleanup callable interface, initialization @@ -94,6 +95,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/cleanup/cleanup_init.c b/postfix/src/cleanup/cleanup_init.c index fbfb928c0..e411992d6 100644 --- a/postfix/src/cleanup/cleanup_init.c +++ b/postfix/src/cleanup/cleanup_init.c @@ -59,7 +59,8 @@ /* cleanup_sig() must be called in case of SIGTERM, in order /* to remove an incomplete queue file. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* SEE ALSO /* cleanup_api(3) cleanup callable interface, message processing /* LICENSE diff --git a/postfix/src/discard/discard.c b/postfix/src/discard/discard.c index 2ceb4793e..331f96fbd 100644 --- a/postfix/src/discard/discard.c +++ b/postfix/src/discard/discard.c @@ -31,7 +31,8 @@ /* STANDARDS /* RFC 3463 (Enhanced Status Codes) /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* /* Depending on the setting of the \fBnotify_classes\fR parameter, /* the postmaster is notified of bounces and of other trouble. @@ -87,6 +88,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/dnsblog/dnsblog.c b/postfix/src/dnsblog/dnsblog.c index 8e7caaba5..021be255c 100644 --- a/postfix/src/dnsblog/dnsblog.c +++ b/postfix/src/dnsblog/dnsblog.c @@ -24,7 +24,8 @@ /* is no reply, or a negative reply that contains no SOA record. /* Finally, the \fBdnsblog\fR(8) server closes the connection. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* CONFIGURATION PARAMETERS /* .ad /* .fi @@ -65,7 +66,8 @@ /* SEE ALSO /* smtpd(8), Postfix SMTP server /* postconf(5), configuration parameters -/* syslogd(5), system logging +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi diff --git a/postfix/src/error/error.c b/postfix/src/error/error.c index 0e65fc8e8..61e805b0d 100644 --- a/postfix/src/error/error.c +++ b/postfix/src/error/error.c @@ -32,7 +32,8 @@ /* STANDARDS /* RFC 3463 (Enhanced Status Codes) /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* /* Depending on the setting of the \fBnotify_classes\fR parameter, /* the postmaster is notified of bounces and of other trouble. @@ -97,6 +98,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/flush/flush.c b/postfix/src/flush/flush.c index 820a53e2d..2e261bc32 100644 --- a/postfix/src/flush/flush.c +++ b/postfix/src/flush/flush.c @@ -53,7 +53,8 @@ /* talk to the network, and it does not talk to local users. /* The fast flush server can run chrooted at fixed low privilege. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* Fast flush logfiles are truncated only after a "send" /* request, not when mail is actually delivered, and therefore can @@ -128,6 +129,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index cac8002d5..575a5b07e 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2706,6 +2706,7 @@ extern int var_fault_inj_code; #ifndef DEF_OPENSSL_PATH #define DEF_OPENSSL_PATH "openssl" #endif +extern char *var_openssl_path; #define VAR_MANPAGE_DIR "manpage_directory" #ifndef DEF_MANPAGE_DIR diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index ade3ae960..513dc766f 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190202" +#define MAIL_RELEASE_DATE "20190207" #define MAIL_VERSION_NUMBER "3.4" #ifdef SNAPSHOT diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index 75d7866f1..5b478d45a 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -314,7 +314,8 @@ /* RFC 822 (ARPA Internet Text Messages) /* RFC 3463 (Enhanced status codes) /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* Corrupted message files are marked so that the queue /* manager can move them to the \fBcorrupt\fR queue afterwards. /* @@ -572,6 +573,7 @@ /* aliases(5), format of alias database /* postconf(5), configuration parameters /* master(5), generic daemon options +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/master/dgram_server.c b/postfix/src/master/dgram_server.c index c9b3ea63f..2ef3a5ae0 100644 --- a/postfix/src/master/dgram_server.c +++ b/postfix/src/master/dgram_server.c @@ -137,10 +137,12 @@ /* This value is taken from the global \fBmain.cf\fR configuration /* file. Setting \fBvar_use_limit\fR to zero disables the idle limit. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* SEE ALSO /* master(8), master process -/* syslogd(8) system logging +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi diff --git a/postfix/src/master/event_server.c b/postfix/src/master/event_server.c index b7b9a4ff6..0e750c0d9 100644 --- a/postfix/src/master/event_server.c +++ b/postfix/src/master/event_server.c @@ -168,10 +168,12 @@ /* configuration file. Setting \fBvar_idle_limit\fR to zero /* disables the idle limit. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* SEE ALSO /* master(8), master process -/* syslogd(8) system logging +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index 1a4173b8c..d9017789b 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -83,7 +83,8 @@ /* terminate only the master ("\fBpostfix stop\fR") and allow running /* processes to finish what they are doing. /* DIAGNOSTICS -/* Problems are reported to \fBsyslogd\fR(8). The exit status +/* Problems are reported to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). +/* The exit status /* is non-zero in case of problems, including problems while /* initializing as a master daemon process in the background. /* ENVIRONMENT @@ -178,6 +179,7 @@ /* verify(8), address verification /* master(5), master.cf configuration file syntax /* postconf(5), main.cf configuration file syntax +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad @@ -327,7 +329,7 @@ int main(int argc, char **argv) /* * Initialize logging and exit handler. */ - maillog_client_init(mail_task(var_procname), + maillog_client_init(mail_task(var_procname), MAILLOG_CLIENT_FLAG_LOGWRITER_FALLBACK); /* @@ -367,7 +369,7 @@ int main(int argc, char **argv) keep_stdout = 1; break; case 'D': - debug_me = 1; + debug_me = 1; break; case 's': keep_stdout = 1; @@ -415,6 +417,7 @@ int main(int argc, char **argv) /* * If started from a terminal, get rid of any tty association. This also * means that all errors and warnings must go to the syslog daemon. + * Some new world has no terminals and prefers logging to stdout. */ if (master_detach) for (fd = 0; fd < 3; fd++) { @@ -538,7 +541,7 @@ int main(int argc, char **argv) master_config(); master_sigsetup(); master_flow_init(); - maillog_client_init(mail_task(var_procname), + maillog_client_init(mail_task(var_procname), MAILLOG_CLIENT_FLAG_LOGWRITER_FALLBACK); msg_info("daemon started -- version %s, configuration %s", var_mail_version, var_config_dir); @@ -578,7 +581,7 @@ int main(int argc, char **argv) master_gotsighup = 0; /* this first */ master_vars_init(); /* then this */ master_refresh(); /* then this */ - maillog_client_init(mail_task(var_procname), + maillog_client_init(mail_task(var_procname), MAILLOG_CLIENT_FLAG_LOGWRITER_FALLBACK); } if (master_gotsigchld) { diff --git a/postfix/src/master/multi_server.c b/postfix/src/master/multi_server.c index 273a07da8..465a9e26f 100644 --- a/postfix/src/master/multi_server.c +++ b/postfix/src/master/multi_server.c @@ -151,10 +151,12 @@ /* This value is taken from the global \fBmain.cf\fR configuration /* file. Setting \fBvar_idle_limit\fR to zero disables the idle limit. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* SEE ALSO /* master(8), master process -/* syslogd(8) system logging +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi diff --git a/postfix/src/master/single_server.c b/postfix/src/master/single_server.c index a3176734f..f834d8b5d 100644 --- a/postfix/src/master/single_server.c +++ b/postfix/src/master/single_server.c @@ -138,11 +138,13 @@ /* This value is taken from the global \fBmain.cf\fR configuration /* file. Setting \fBvar_idle_limit\fR to zero disables the idle limit. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* SEE ALSO /* master(8), master process -/* syslogd(8) system logging +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi diff --git a/postfix/src/master/trigger_server.c b/postfix/src/master/trigger_server.c index efa73d126..fa6114b87 100644 --- a/postfix/src/master/trigger_server.c +++ b/postfix/src/master/trigger_server.c @@ -140,12 +140,14 @@ /* This value is taken from the global \fBmain.cf\fR configuration /* file. Setting \fBvar_use_limit\fR to zero disables the idle limit. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* Works with FIFO-based services only. /* SEE ALSO /* master(8), master process -/* syslogd(8) system logging +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi diff --git a/postfix/src/oqmgr/qmgr.c b/postfix/src/oqmgr/qmgr.c index ac713c147..2b6b2ad83 100644 --- a/postfix/src/oqmgr/qmgr.c +++ b/postfix/src/oqmgr/qmgr.c @@ -127,7 +127,8 @@ /* does not talk to the outside world, and it can be run at fixed low /* privilege in a chrooted environment. /* DIAGNOSTICS -/* Problems and transactions are logged to the \fBsyslog\fR(8) daemon. +/* Problems and transactions are logged to the \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8) daemon. /* Corrupted message files are saved to the \fBcorrupt\fR queue /* for further inspection. /* @@ -267,8 +268,8 @@ /* Available in Postfix version 2.5 and later: /* .IP "\fBdefault_destination_rate_delay (0s)\fR" /* The default amount of delay that is inserted between individual -/* deliveries to the same destination; the resulting behavior depends -/* on the value of the corresponding per-destination recipient limit. +/* message deliveries to the same destination and over the same message +/* delivery transport. /* .IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR" /* A transport-specific override for the default_destination_rate_delay /* parameter value, where \fItransport\fR is the master.cf name of @@ -277,8 +278,8 @@ /* Available in Postfix version 3.1 and later: /* .IP "\fBdefault_transport_rate_delay (0s)\fR" /* The default amount of delay that is inserted between individual -/* deliveries over the same message delivery transport, regardless of -/* destination. +/* message deliveries over the same message delivery transport, +/* regardless of destination. /* .IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR" /* A transport-specific override for the default_transport_rate_delay /* parameter value, where the initial \fItransport\fR in the parameter @@ -345,6 +346,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c index 02832a545..ebbe504d8 100644 --- a/postfix/src/pickup/pickup.c +++ b/postfix/src/pickup/pickup.c @@ -27,7 +27,8 @@ /* what files it opens for reading, and does not actually touch any data /* that is sent to its public service endpoint. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* The \fBpickup\fR(8) daemon copies mail from file to the \fBcleanup\fR(8) /* daemon. It could avoid message copying overhead by sending a file @@ -91,6 +92,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index 7167d9511..79d415909 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -331,7 +331,8 @@ /* This command output is not examined for the presence of an /* enhanced status code. /* -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* Corrupted message files are marked so that the queue manager /* can move them to the \fBcorrupt\fR queue for further inspection. /* SECURITY @@ -432,6 +433,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index 0cebc677f..c48751591 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -147,7 +147,7 @@ /* The name of the alias database source file when creating a database. /* DIAGNOSTICS /* Problems are logged to the standard error stream and to -/* \fBsyslogd\fR(8). No output means that +/* \fBsyslogd\fR(8) or \fBpostlogd\fR(8). No output means that /* no problems were detected. Duplicate entries are skipped and are /* flagged with a warning. /* @@ -205,6 +205,7 @@ /* postconf(5), configuration parameters /* postmap(1), create/update/query lookup tables /* newaliases(1), Sendmail compatibility interface. +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c index 47b2e88b2..5e35d1ddd 100644 --- a/postfix/src/postdrop/postdrop.c +++ b/postfix/src/postdrop/postdrop.c @@ -30,7 +30,8 @@ /* it can connect to Postfix daemon processes. /* DIAGNOSTICS /* Fatal errors: malformed input, I/O error, out of memory. Problems -/* are logged to \fBsyslogd\fR(8) and to the standard error stream. +/* are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8) and to +/* the standard error stream. /* When the input is incomplete, or when the process receives a HUP, /* INT, QUIT or TERM signal, the queue file is deleted. /* ENVIRONMENT @@ -86,6 +87,7 @@ /* SEE ALSO /* sendmail(1), compatibility interface /* postconf(5), configuration parameters +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/postlog/postlog.c b/postfix/src/postlog/postlog.c index e7bb9b41e..0ad22b65f 100644 --- a/postfix/src/postlog/postlog.c +++ b/postfix/src/postlog/postlog.c @@ -17,7 +17,8 @@ /* line, \fBpostlog\fR(1) reads from standard input and logs each input /* line as one record. /* -/* By default, logging is sent to \fBsyslogd\fR(8); when the +/* By default, logging is sent to \fBsyslogd\fR(8) or +/* \fBpostlogd\fR(8); when the /* standard error stream is connected to a terminal, logging /* is sent there as well. /* @@ -75,8 +76,8 @@ /* The name of the \fBpostlogd\fR(8) service entry in master.cf. /* SEE ALSO /* postconf(5), configuration parameters -/* syslogd(8), syslog daemon -/* postlogd(8), internal logging service +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi diff --git a/postfix/src/postlogd/postlogd.c b/postfix/src/postlogd/postlogd.c index 047307f7c..0d615147a 100644 --- a/postfix/src/postlogd/postlogd.c +++ b/postfix/src/postlogd/postlogd.c @@ -58,7 +58,15 @@ /* before it is terminated by a built-in watchdog timer. /* SEE ALSO /* postconf(5), configuration parameters -/* syslogd(5), system logging +/* syslogd(8), system logging +/* README_FILES +/* .ad +/* .fi +/* Use "\fBpostconf readme_directory\fR" or +/* "\fBpostconf html_directory\fR" to locate this information. +/* .na +/* .nf +/* MAILLOG_README, Postfix logging to file or stdout /* LICENSE /* .ad /* .fi diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index 3b520e3bf..247242e44 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -230,7 +230,7 @@ /* The name of the lookup table source file when rebuilding a database. /* DIAGNOSTICS /* Problems are logged to the standard error stream and to -/* \fBsyslogd\fR(8). +/* \fBsyslogd\fR(8) or \fBpostlogd\fR(8). /* No output means that no problems were detected. Duplicate entries are /* skipped and are flagged with a warning. /* @@ -279,6 +279,7 @@ /* postalias(1), create/update/query alias database /* postconf(1), supported database types /* postconf(5), configuration parameters +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c index 68d5b7342..d838808f1 100644 --- a/postfix/src/postqueue/postqueue.c +++ b/postfix/src/postqueue/postqueue.c @@ -137,8 +137,8 @@ /* STANDARDS /* RFC 7159 (JSON notation) /* DIAGNOSTICS -/* Problems are logged to \fBsyslogd\fR(8) and to the standard error -/* stream. +/* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), +/* and to the standard error stream. /* ENVIRONMENT /* .ad /* .fi @@ -201,6 +201,8 @@ /* flush(8), fast flush service /* sendmail(1), Sendmail-compatible user interface /* postsuper(1), privileged queue operations +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* README FILES /* .ad /* .fi diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index 60dc7155a..7abf737a8 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -67,7 +67,8 @@ /* RFC 3463 (Enhanced Status Codes) /* RFC 5321 (SMTP protocol, including multi-line 220 banners) /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* The \fBpostscreen\fR(8) built-in SMTP protocol engine /* currently does not announce support for AUTH, XCLIENT or @@ -373,6 +374,7 @@ /* smtpd(8), Postfix SMTP server /* tlsproxy(8), Postfix TLS proxy server /* dnsblog(8), DNS black/whitelist logger +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c index 3d356412e..957cf8f76 100644 --- a/postfix/src/postsuper/postsuper.c +++ b/postfix/src/postsuper/postsuper.c @@ -200,12 +200,13 @@ /* options make the software increasingly verbose. /* DIAGNOSTICS /* Problems are reported to the standard error stream and to -/* \fBsyslogd\fR(8). +/* \fBsyslogd\fR(8) or \fBpostlogd\fR(8). /* /* \fBpostsuper\fR(1) reports the number of messages deleted with \fB-d\fR, /* the number of messages requeued with \fB-r\fR, and the number of /* messages whose queue file name was fixed with \fB-s\fR. The report -/* is written to the standard error stream and to \fBsyslogd\fR(8). +/* is written to the standard error stream and to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* ENVIRONMENT /* .ad /* .fi @@ -248,6 +249,8 @@ /* SEE ALSO /* sendmail(1), Sendmail-compatible user interface /* postqueue(1), unprivileged queue operations +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c index da825fd16..3c5b87546 100644 --- a/postfix/src/posttls-finger/posttls-finger.c +++ b/postfix/src/posttls-finger/posttls-finger.c @@ -779,6 +779,7 @@ static int starttls(STATE *state) ADD_EXCLUDE(cipher_exclusions, "eNULL"); if (state->tlsproxy_mode) { + TLS_PARAMS tls_params; /* * Send all our wishes in one big request. @@ -828,9 +829,10 @@ static int starttls(STATE *state) vstring_sprintf(port_buf, "%d", ntohs(state->port)); tlsproxy = tls_proxy_open(DEF_TLSPROXY_SERVICE /* TODO */ , PROXY_OPEN_FLAGS, - state->stream, state->paddr, - STR(port_buf), smtp_tmout, smtp_tmout, - state->addrport, &init_props, &start_props); + state->stream, state->paddr, STR(port_buf), + smtp_tmout, smtp_tmout, state->addrport, + tls_proxy_params_from_config(&tls_params), + &init_props, &start_props); vstring_free(port_buf); if (fchdir(cwd_fd) < 0) msg_fatal("fchdir: %m"); diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c index 28d6c507d..f405257cd 100644 --- a/postfix/src/proxymap/proxymap.c +++ b/postfix/src/proxymap/proxymap.c @@ -124,7 +124,8 @@ /* type of security hole where ownership of a file or directory /* does not match the provider of its content. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* The \fBproxymap\fR(8) server provides service to multiple clients, /* and must therefore not be used for tables that have high-latency diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c index 6c64cd648..a48043e0b 100644 --- a/postfix/src/qmgr/qmgr.c +++ b/postfix/src/qmgr/qmgr.c @@ -131,7 +131,8 @@ /* does not talk to the outside world, and it can be run at fixed low /* privilege in a chrooted environment. /* DIAGNOSTICS -/* Problems and transactions are logged to the syslog daemon. +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* Corrupted message files are saved to the \fBcorrupt\fR queue /* for further inspection. /* @@ -329,8 +330,8 @@ /* Available in Postfix version 2.5 and later: /* .IP "\fBdefault_destination_rate_delay (0s)\fR" /* The default amount of delay that is inserted between individual -/* deliveries to the same destination; the resulting behavior depends -/* on the value of the corresponding per-destination recipient limit. +/* message deliveries to the same destination and over the same message +/* delivery transport. /* .IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR" /* A transport-specific override for the default_destination_rate_delay /* parameter value, where \fItransport\fR is the master.cf name of @@ -339,8 +340,8 @@ /* Available in Postfix version 3.1 and later: /* .IP "\fBdefault_transport_rate_delay (0s)\fR" /* The default amount of delay that is inserted between individual -/* deliveries over the same message delivery transport, regardless of -/* destination. +/* message deliveries over the same message delivery transport, +/* regardless of destination. /* .IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR" /* A transport-specific override for the default_transport_rate_delay /* parameter value, where the initial \fItransport\fR in the parameter @@ -407,6 +408,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c index 8cbd20986..2be6d7b8d 100644 --- a/postfix/src/qmqpd/qmqpd.c +++ b/postfix/src/qmqpd/qmqpd.c @@ -21,7 +21,8 @@ /* clients and to DNS servers on the network. The QMQP server can be /* run chrooted at fixed low privilege. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* The QMQP protocol provides only one server reply per message /* delivery. It is therefore not possible to reject individual @@ -146,6 +147,7 @@ /* http://cr.yp.to/proto/qmqp.html, QMQP protocol /* cleanup(8), message canonicalization /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/scache/scache.c b/postfix/src/scache/scache.c index ca2c30a2d..d06cfcad1 100644 --- a/postfix/src/scache/scache.c +++ b/postfix/src/scache/scache.c @@ -63,7 +63,8 @@ /* The \fBscache\fR(8) server is not a trusted process. It must /* not be used to store information that is security sensitive. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* The session cache cannot be shared among multiple machines. /* @@ -121,6 +122,7 @@ /* smtp(8), SMTP client /* postconf(5), configuration parameters /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index f4f9d8df6..facdb1d81 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -255,8 +255,8 @@ /* Thus, the usual precautions need to be taken against malicious /* inputs. /* DIAGNOSTICS -/* Problems are logged to \fBsyslogd\fR(8) and to the standard error -/* stream. +/* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), +/* and to the standard error stream. /* ENVIRONMENT /* .ad /* .fi @@ -409,6 +409,7 @@ /* postdrop(1), mail posting utility /* postfix(1), mail system control /* postqueue(1), mail queue control +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README_FILES /* .ad diff --git a/postfix/src/showq/showq.c b/postfix/src/showq/showq.c index 285801acb..95d6abf84 100644 --- a/postfix/src/showq/showq.c +++ b/postfix/src/showq/showq.c @@ -26,7 +26,8 @@ /* None. The \fBshowq\fR(8) daemon does not interact with the /* outside world. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* CONFIGURATION PARAMETERS /* .ad /* .fi @@ -84,6 +85,7 @@ /* qmgr(8), queue manager /* postconf(5), configuration parameters /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 1b355ada3..f2dd52008 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -100,7 +100,8 @@ /* RFC 6533 (Internationalized Delivery Status Notifications) /* RFC 7672 (SMTP security via opportunistic DANE TLS) /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* Corrupted message files are marked so that the queue manager can /* move them to the \fBcorrupt\fR queue for further inspection. /* @@ -754,6 +755,7 @@ /* master(5), generic daemon options /* master(8), process manager /* tlsmgr(8), TLS session and PRNG management +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index e9374778b..42e60f66c 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -904,6 +904,7 @@ static int smtp_start_tls(SMTP_STATE *state) | SMTP_KEY_FLAG_ADDR); if (state->tls->conn_reuse) { + TLS_PARAMS tls_params; /* * Send all our wishes in one big request. @@ -969,6 +970,7 @@ static int smtp_start_tls(SMTP_STATE *state) session->stream, STR(iter->addr), STR(port_buf), var_smtp_starttls_tmout, var_smtp_data2_tmout, state->service, + tls_proxy_params_from_config(&tls_params), &init_props, &start_props); vstring_free(port_buf); diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 664cc2884..cf6bac428 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -58,7 +58,8 @@ /* RFC 6533 (Internationalized Delivery Status Notifications) /* RFC 7505 ("Null MX" No Service Resource Record) /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* /* Depending on the setting of the \fBnotify_classes\fR parameter, /* the postmaster is notified of bounces, protocol problems, @@ -1084,6 +1085,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/spawn/spawn.c b/postfix/src/spawn/spawn.c index 725612c68..c9f5ae047 100644 --- a/postfix/src/spawn/spawn.c +++ b/postfix/src/spawn/spawn.c @@ -43,7 +43,7 @@ /* replaced by a more structural solution. /* DIAGNOSTICS /* The \fBspawn\fR(8) daemon reports abnormal child exits. -/* Problems are logged to \fBsyslogd\fR(8). +/* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). /* SECURITY /* .fi /* .ad @@ -112,6 +112,7 @@ /* SEE ALSO /* postconf(5), configuration parameters /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* LICENSE /* .ad diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index 9f4a8f144..1a43fdfb3 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -8,7 +8,8 @@ SRCS = tls_prng_dev.c tls_prng_egd.c tls_prng_file.c tls_fprint.c \ tls_proxy_client_init_print.c tls_proxy_client_init_scan.c \ tls_proxy_server_init_print.c tls_proxy_server_init_scan.c \ tls_proxy_client_start_print.c tls_proxy_client_start_scan.c \ - tls_proxy_server_start_print.c tls_proxy_server_start_scan.c + tls_proxy_server_start_print.c tls_proxy_server_start_scan.c \ + tls_proxy_params_print.c tls_proxy_params_scan.c tls_proxy_params.c OBJS = tls_prng_dev.o tls_prng_egd.o tls_prng_file.o tls_fprint.o \ tls_prng_exch.o tls_stream.o tls_bio_ops.o tls_misc.o tls_dh.o \ tls_rsa.o tls_verify.o tls_dane.o tls_certkey.o tls_session.o \ @@ -16,7 +17,8 @@ OBJS = tls_prng_dev.o tls_prng_egd.o tls_prng_file.o tls_fprint.o \ tls_level.o \ tls_proxy_clnt.o tls_proxy_context_print.o tls_proxy_context_scan.o \ tls_proxy_client_print.o tls_proxy_client_scan.o \ - tls_proxy_server_print.o tls_proxy_server_scan.o + tls_proxy_server_print.o tls_proxy_server_scan.o \ + tls_proxy_params_print.o tls_proxy_params_scan.o tls_proxy_params.o HDRS = tls.h tls_prng.h tls_scache.h tls_mgr.h tls_proxy.h TESTSRC = DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) @@ -429,6 +431,67 @@ tls_proxy_context_scan.o: ../../include/vstring.h tls_proxy_context_scan.o: tls.h tls_proxy_context_scan.o: tls_proxy.h tls_proxy_context_scan.o: tls_proxy_context_scan.c +tls_proxy_params.o: ../../include/argv.h +tls_proxy_params.o: ../../include/attr.h +tls_proxy_params.o: ../../include/check_arg.h +tls_proxy_params.o: ../../include/dns.h +tls_proxy_params.o: ../../include/htable.h +tls_proxy_params.o: ../../include/mail_params.h +tls_proxy_params.o: ../../include/msg.h +tls_proxy_params.o: ../../include/myaddrinfo.h +tls_proxy_params.o: ../../include/mymalloc.h +tls_proxy_params.o: ../../include/name_code.h +tls_proxy_params.o: ../../include/name_mask.h +tls_proxy_params.o: ../../include/nvtable.h +tls_proxy_params.o: ../../include/sock_addr.h +tls_proxy_params.o: ../../include/sys_defs.h +tls_proxy_params.o: ../../include/vbuf.h +tls_proxy_params.o: ../../include/vstream.h +tls_proxy_params.o: ../../include/vstring.h +tls_proxy_params.o: tls.h +tls_proxy_params.o: tls_proxy.h +tls_proxy_params.o: tls_proxy_params.c +tls_proxy_params_print.o: ../../include/argv.h +tls_proxy_params_print.o: ../../include/attr.h +tls_proxy_params_print.o: ../../include/check_arg.h +tls_proxy_params_print.o: ../../include/dns.h +tls_proxy_params_print.o: ../../include/htable.h +tls_proxy_params_print.o: ../../include/mail_params.h +tls_proxy_params_print.o: ../../include/msg.h +tls_proxy_params_print.o: ../../include/myaddrinfo.h +tls_proxy_params_print.o: ../../include/mymalloc.h +tls_proxy_params_print.o: ../../include/name_code.h +tls_proxy_params_print.o: ../../include/name_mask.h +tls_proxy_params_print.o: ../../include/nvtable.h +tls_proxy_params_print.o: ../../include/sock_addr.h +tls_proxy_params_print.o: ../../include/sys_defs.h +tls_proxy_params_print.o: ../../include/vbuf.h +tls_proxy_params_print.o: ../../include/vstream.h +tls_proxy_params_print.o: ../../include/vstring.h +tls_proxy_params_print.o: tls.h +tls_proxy_params_print.o: tls_proxy.h +tls_proxy_params_print.o: tls_proxy_params_print.c +tls_proxy_params_scan.o: ../../include/argv.h +tls_proxy_params_scan.o: ../../include/argv_attr.h +tls_proxy_params_scan.o: ../../include/attr.h +tls_proxy_params_scan.o: ../../include/check_arg.h +tls_proxy_params_scan.o: ../../include/dns.h +tls_proxy_params_scan.o: ../../include/htable.h +tls_proxy_params_scan.o: ../../include/mail_params.h +tls_proxy_params_scan.o: ../../include/msg.h +tls_proxy_params_scan.o: ../../include/myaddrinfo.h +tls_proxy_params_scan.o: ../../include/mymalloc.h +tls_proxy_params_scan.o: ../../include/name_code.h +tls_proxy_params_scan.o: ../../include/name_mask.h +tls_proxy_params_scan.o: ../../include/nvtable.h +tls_proxy_params_scan.o: ../../include/sock_addr.h +tls_proxy_params_scan.o: ../../include/sys_defs.h +tls_proxy_params_scan.o: ../../include/vbuf.h +tls_proxy_params_scan.o: ../../include/vstream.h +tls_proxy_params_scan.o: ../../include/vstring.h +tls_proxy_params_scan.o: tls.h +tls_proxy_params_scan.o: tls_proxy.h +tls_proxy_params_scan.o: tls_proxy_params_scan.c tls_proxy_server_print.o: ../../include/argv.h tls_proxy_server_print.o: ../../include/attr.h tls_proxy_server_print.o: ../../include/check_arg.h diff --git a/postfix/src/tls/tls_proxy.h b/postfix/src/tls/tls_proxy.h index b60d2f71d..412d58dd7 100644 --- a/postfix/src/tls/tls_proxy.h +++ b/postfix/src/tls/tls_proxy.h @@ -31,21 +31,81 @@ #ifdef USE_TLS + /* + * TLS_PARAMS structure. If this changes, update all functions in + * tls_proxy_params.c, tls_proxy_params_print.c, and + * tls_proxy_params_scan.c. + * + * In the serialization these attributes are identified by their configuration + * parameter names. + * + * TODO: add VAR_TLS_SERVER_SNI_MAPS, maybe as part of a server-only table. + */ +typedef struct TLS_PARAMS { + char *tls_high_clist; + char *tls_medium_clist; + char *tls_low_clist; + char *tls_export_clist; + char *tls_null_clist; + char *tls_eecdh_auto; + char *tls_eecdh_strong; + char *tls_eecdh_ultra; + char *tls_bug_tweaks; + char *tls_ssl_options; + char *tls_dane_agility; + char *tls_dane_digests; + char *tls_mgr_service; + char *tls_tkt_cipher; + char *openssl_path; + int tls_daemon_rand_bytes; + int tls_append_def_CA; + int tls_bc_pkey_fprint; + int tls_dane_taa_dgst; + int tls_preempt_clist; + int tls_multi_wildcard; +} TLS_PARAMS; + +#define TLS_PROXY_PARAMS(params, a1, a2, a3, a4, a5, a6, a7, a8, \ + a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20, a21) \ + (((params)->a1), ((params)->a2), ((params)->a3), \ + ((params)->a4), ((params)->a5), ((params)->a6), ((params)->a7), \ + ((params)->a8), ((params)->a9), ((params)->a10), ((params)->a11), \ + ((params)->a12), ((params)->a13), ((params)->a14), ((params)->a15), \ + ((params)->a16), ((params)->a17), ((params)->a18), ((params)->a19), \ + ((params)->a20), ((params)->a21)) + + /* + * tls_proxy_params.c, tls_proxy_params_print.c, and + * tls_proxy_params_scan.c. + */ +extern TLS_PARAMS *tls_proxy_params_from_config(TLS_PARAMS *); +extern char *tls_proxy_params_to_string(VSTRING *, TLS_PARAMS *); +extern char *tls_proxy_params_with_names_to_string(VSTRING *, TLS_PARAMS *); +extern int tls_proxy_params_print(ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *); +extern void tls_proxy_params_free(TLS_PARAMS *); +extern int tls_proxy_params_scan(ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *); + + /* + * Functions that handle TLS_XXX_INIT_PROPS and TLS_XXX_START_PROPS. These + * data structures are defined elsewhere, because they are also used in + * non-proxied requests. + */ #define tls_proxy_legacy_open(service, flags, peer_stream, peer_addr, \ peer_port, timeout, serverid) \ tls_proxy_open((service), (flags), (peer_stream), (peer_addr), \ - (peer_port), (timeout), (timeout), (serverid), (void *) 0, (void *) 0) + (peer_port), (timeout), (timeout), (serverid), \ + (void *) 0, (void *) 0, (void *) 0) extern VSTREAM *tls_proxy_open(const char *, int, VSTREAM *, const char *, const char *, int, int, const char *, - void *, void *); + TLS_PARAMS *, void *, void *); #define TLS_PROXY_CLIENT_INIT_PROPS(props, a1, a2, a3, a4, a5, a6, a7, a8, \ a9, a10, a11, a12, a13, a14) \ (((props)->a1), ((props)->a2), ((props)->a3), \ ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \ ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \ - ((props)->a12), ((props)->a13), (props)->a14) + ((props)->a12), ((props)->a13), ((props)->a14)) #define TLS_PROXY_CLIENT_START_PROPS(props, a1, a2, a3, a4, a5, a6, a7, a8, \ a9, a10, a11, a12, a13, a14) \ diff --git a/postfix/src/tls/tls_proxy_clnt.c b/postfix/src/tls/tls_proxy_clnt.c index 3dd0aa364..ea02ec8f8 100644 --- a/postfix/src/tls/tls_proxy_clnt.c +++ b/postfix/src/tls/tls_proxy_clnt.c @@ -8,7 +8,7 @@ /* /* VSTREAM *tls_proxy_open(service, flags, peer_stream, peer_addr, /* peer_port, handshake_timeout, session_timeout, - serverid, init_props, start_props) +/* serverid, tls_params, init_props, start_props) /* const char *service; /* int flags; /* VSTREAM *peer_stream; @@ -17,6 +17,7 @@ /* int handshake_timeout; /* int session_timeout; /* const char *serverid; +/* TLS_PARAMS *tls_params; /* void *init_props; /* void *start_props; /* @@ -87,6 +88,8 @@ /* TLS handshake. /* .IP serverid /* Unique service identifier. +/* .IP tls_params +/* Pointer to TLS_PARAMS. /* .IP init_props /* Pointer to TLS_CLIENT_INIT_PROPS or TLS_SERVER_INIT_PROPS. /* .IP start_props @@ -150,6 +153,7 @@ VSTREAM *tls_proxy_open(const char *service, int flags, int handshake_timeout, int session_timeout, const char *serverid, + TLS_PARAMS *tls_params, void *init_props, void *start_props) { @@ -201,6 +205,7 @@ VSTREAM *tls_proxy_open(const char *service, int flags, switch (flags & (TLS_PROXY_FLAG_ROLE_CLIENT | TLS_PROXY_FLAG_ROLE_SERVER)) { case TLS_PROXY_FLAG_ROLE_CLIENT: attr_print(tlsproxy_stream, ATTR_FLAG_NONE, + SEND_ATTR_FUNC(tls_proxy_params_print, tls_params), SEND_ATTR_FUNC(tls_proxy_client_init_print, init_props), SEND_ATTR_FUNC(tls_proxy_client_start_print, start_props), ATTR_TYPE_END); @@ -208,6 +213,7 @@ VSTREAM *tls_proxy_open(const char *service, int flags, case TLS_PROXY_FLAG_ROLE_SERVER: #if 0 attr_print(tlsproxy_stream, ATTR_FLAG_NONE, + SEND_ATTR_FUNC(tls_proxy_params_print, tls_params), SEND_ATTR_FUNC(tls_proxy_server_init_print, init_props), SEND_ATTR_FUNC(tls_proxy_server_start_print, start_props), ATTR_TYPE_END); diff --git a/postfix/src/tls/tls_proxy_params.c b/postfix/src/tls/tls_proxy_params.c new file mode 100644 index 000000000..2243e9e2b --- /dev/null +++ b/postfix/src/tls/tls_proxy_params.c @@ -0,0 +1,144 @@ +/*++ +/* NAME +/* tls_proxy_params 3 +/* SUMMARY +/* TLS_PARAMS structure support +/* SYNOPSIS +/* #include +/* +/* TLS_PARAMS *tls_proxy_params_from_config(params) +/* TLS_PARAMS *params; +/* +/* char *tls_proxy_params_to_string(buf, params) +/* VSTRING *buf; +/* TLS_PARAMS *params; +/* +/* char *tls_proxy_params_with_names_to_string(buf, params) +/* VSTRING *buf; +/* TLS_PARAMS *params; +/* DESCRIPTION +/* tls_proxy_params_from_config() initializes a TLS_PARAMS +/* structure from configuration parameters and returns its +/* argument. Strings are not copied. The result must therefore +/* not be passed to tls_proxy_params_free(). +/* +/* tls_proxy_params_to_string() produces a lookup key +/* that is unique for the TLS_PARAMS member values. +/* +/* tls_proxy_params_with_names_to_string() TODO produces a +/* string with "name = value\n" for each TLS_PARAMS member. +/* This may be useful for reporting differences between +/* TLS_PARAMS instances. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/*--*/ + +#ifdef USE_TLS + +/* System library. */ + +#include + +/* Utility library */ + +#include +#include + +/* Global library. */ + +#include + +/* TLS library. */ + +#include +#include + +/* tls_proxy_params_from_config - initialize TLS_PARAMS from configuration */ + +TLS_PARAMS *tls_proxy_params_from_config(TLS_PARAMS *params) +{ + TLS_PROXY_PARAMS(params, + tls_high_clist = var_tls_high_clist, + tls_medium_clist = var_tls_medium_clist, + tls_low_clist = var_tls_low_clist, + tls_export_clist = var_tls_export_clist, + tls_null_clist = var_tls_null_clist, + tls_eecdh_auto = var_tls_eecdh_auto, + tls_eecdh_strong = var_tls_eecdh_strong, + tls_eecdh_ultra = var_tls_eecdh_ultra, + tls_bug_tweaks = var_tls_bug_tweaks, + tls_ssl_options = var_tls_ssl_options, + tls_dane_agility = var_tls_dane_agility, + tls_dane_digests = var_tls_dane_digests, + tls_mgr_service = var_tls_mgr_service, + tls_tkt_cipher = var_tls_tkt_cipher, + openssl_path = var_openssl_path, + tls_daemon_rand_bytes = var_tls_daemon_rand_bytes, + tls_append_def_CA = var_tls_append_def_CA, + tls_bc_pkey_fprint = var_tls_bc_pkey_fprint, + tls_dane_taa_dgst = var_tls_dane_taa_dgst, + tls_preempt_clist = var_tls_preempt_clist, + tls_multi_wildcard = var_tls_multi_wildcard); + return (params); +} + +/* tls_proxy_params_to_string - serialize TLS_PARAMS to string */ + +char *tls_proxy_params_to_string(VSTRING *buf, TLS_PARAMS *params) +{ + vstring_sprintf(buf, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n" + "%s\n%s\n%s\n%s\n%d\n%d\n%d\n%d\n%d\n%d\n", + params->tls_high_clist, params->tls_medium_clist, + params->tls_low_clist, params->tls_export_clist, + params->tls_null_clist, params->tls_eecdh_auto, + params->tls_eecdh_strong, params->tls_eecdh_ultra, + params->tls_bug_tweaks, params->tls_ssl_options, + params->tls_dane_agility, params->tls_dane_digests, + params->tls_mgr_service, params->tls_tkt_cipher, + params->openssl_path, params->tls_daemon_rand_bytes, + params->tls_append_def_CA, params->tls_bc_pkey_fprint, + params->tls_dane_taa_dgst, params->tls_preempt_clist, + params->tls_multi_wildcard); + return (vstring_str(buf)); +} + +/* tls_proxy_params_with_names_to_string - serialize TLS_PARAMS to string */ + +char *tls_proxy_params_with_names_to_string(VSTRING *buf, TLS_PARAMS *params) +{ + vstring_sprintf(buf, "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n" + "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n" + "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %d\n%s = %d\n" + "%s = %d\n%s = %d\n%s = %d\n%s = %d\n", + VAR_TLS_HIGH_CLIST, var_tls_high_clist, + VAR_TLS_MEDIUM_CLIST, var_tls_medium_clist, + VAR_TLS_LOW_CLIST, var_tls_low_clist, + VAR_TLS_EXPORT_CLIST, var_tls_export_clist, + VAR_TLS_NULL_CLIST, var_tls_null_clist, + VAR_TLS_EECDH_AUTO, var_tls_eecdh_auto, + VAR_TLS_EECDH_STRONG, var_tls_eecdh_strong, + VAR_TLS_EECDH_ULTRA, var_tls_eecdh_ultra, + VAR_TLS_BUG_TWEAKS, var_tls_bug_tweaks, + VAR_TLS_SSL_OPTIONS, var_tls_ssl_options, + VAR_TLS_DANE_AGILITY, var_tls_dane_agility, + VAR_TLS_DANE_DIGESTS, var_tls_dane_digests, + VAR_TLS_MGR_SERVICE, var_tls_mgr_service, + VAR_TLS_TKT_CIPHER, var_tls_tkt_cipher, + VAR_OPENSSL_PATH, var_openssl_path, + VAR_TLS_DAEMON_RAND_BYTES, var_tls_daemon_rand_bytes, + VAR_TLS_APPEND_DEF_CA, var_tls_append_def_CA, + VAR_TLS_BC_PKEY_FPRINT, var_tls_bc_pkey_fprint, + VAR_TLS_DANE_TAA_DGST, var_tls_dane_taa_dgst, + VAR_TLS_PREEMPT_CLIST, var_tls_preempt_clist, + VAR_TLS_MULTI_WILDCARD, var_tls_multi_wildcard); + return (vstring_str(buf)); +} + +#endif diff --git a/postfix/src/tls/tls_proxy_params_print.c b/postfix/src/tls/tls_proxy_params_print.c new file mode 100644 index 000000000..56f0bba33 --- /dev/null +++ b/postfix/src/tls/tls_proxy_params_print.c @@ -0,0 +1,108 @@ +/*++ +/* NAME +/* tls_proxy_params_print 3 +/* SUMMARY +/* write TLS_PARAMS structures to stream +/* SYNOPSIS +/* #include +/* +/* int tls_proxy_params_print(print_fn, stream, flags, ptr) +/* ATTR_PRINT_MASTER_FN print_fn; +/* VSTREAM *stream; +/* int flags; +/* void *ptr; +/* DESCRIPTION +/* tls_proxy_params_print() writes a TLS_PARAMS structure to +/* the named stream using the specified attribute print routine. +/* tls_proxy_params_print() is meant to be passed as a call-back to +/* attr_print(), thusly: +/* +/* SEND_ATTR_FUNC(tls_proxy_params_print, (void *) params), ... +/* DIAGNOSTICS +/* Fatal: out of memory. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/*--*/ + +#ifdef USE_TLS + +/* System library. */ + +#include + +/* Utility library */ + +#include +#include + +/* Global library. */ + +#include + +/* TLS library. */ + +#include +#include + +/* tls_proxy_params_print - send TLS_PARAMS over stream */ + +int tls_proxy_params_print(ATTR_PRINT_MASTER_FN print_fn, VSTREAM *fp, + int flags, void *ptr) +{ + TLS_PARAMS *params = (TLS_PARAMS *) ptr; + int ret; + + if (msg_verbose) + msg_info("begin tls_proxy_params_print"); + + ret = print_fn(fp, flags | ATTR_FLAG_MORE, + SEND_ATTR_STR(VAR_TLS_HIGH_CLIST, params->tls_high_clist), + SEND_ATTR_STR(VAR_TLS_MEDIUM_CLIST, + params->tls_medium_clist), + SEND_ATTR_STR(VAR_TLS_LOW_CLIST, params->tls_low_clist), + SEND_ATTR_STR(VAR_TLS_EXPORT_CLIST, + params->tls_export_clist), + SEND_ATTR_STR(VAR_TLS_NULL_CLIST, params->tls_null_clist), + SEND_ATTR_STR(VAR_TLS_EECDH_AUTO, params->tls_eecdh_auto), + SEND_ATTR_STR(VAR_TLS_EECDH_STRONG, + params->tls_eecdh_strong), + SEND_ATTR_STR(VAR_TLS_EECDH_ULTRA, + params->tls_eecdh_ultra), + SEND_ATTR_STR(VAR_TLS_BUG_TWEAKS, params->tls_bug_tweaks), + SEND_ATTR_STR(VAR_TLS_SSL_OPTIONS, + params->tls_ssl_options), + SEND_ATTR_STR(VAR_TLS_DANE_AGILITY, + params->tls_dane_agility), + SEND_ATTR_STR(VAR_TLS_DANE_DIGESTS, + params->tls_dane_digests), + SEND_ATTR_STR(VAR_TLS_MGR_SERVICE, + params->tls_mgr_service), + SEND_ATTR_STR(VAR_TLS_TKT_CIPHER, params->tls_tkt_cipher), + SEND_ATTR_STR(VAR_OPENSSL_PATH, params->openssl_path), + SEND_ATTR_INT(VAR_TLS_DAEMON_RAND_BYTES, + params->tls_daemon_rand_bytes), + SEND_ATTR_INT(VAR_TLS_APPEND_DEF_CA, + params->tls_append_def_CA), + SEND_ATTR_INT(VAR_TLS_BC_PKEY_FPRINT, + params->tls_bc_pkey_fprint), + SEND_ATTR_INT(VAR_TLS_DANE_TAA_DGST, + params->tls_dane_taa_dgst), + SEND_ATTR_INT(VAR_TLS_PREEMPT_CLIST, + params->tls_preempt_clist), + SEND_ATTR_INT(VAR_TLS_MULTI_WILDCARD, + params->tls_multi_wildcard), + ATTR_TYPE_END); + /* Do not flush the stream. */ + if (msg_verbose) + msg_info("tls_proxy_params_print ret=%d", ret); + return (ret); +} + +#endif diff --git a/postfix/src/tls/tls_proxy_params_scan.c b/postfix/src/tls/tls_proxy_params_scan.c new file mode 100644 index 000000000..eec43ec7b --- /dev/null +++ b/postfix/src/tls/tls_proxy_params_scan.c @@ -0,0 +1,180 @@ +/*++ +/* NAME +/* tls_proxy_params_scan 3 +/* SUMMARY +/* read TLS_PARAMS structure from stream +/* SYNOPSIS +/* #include +/* +/* int tls_proxy_params_scan(scan_fn, stream, flags, ptr) +/* ATTR_SCAN_MASTER_FN scan_fn; +/* VSTREAM *stream; +/* int flags; +/* void *ptr; +/* +/* void tls_proxy_params_free(params) +/* TLS_PARAMS *params; +/* DESCRIPTION +/* tls_proxy_params_scan() reads a TLS_PARAMS structure from +/* the named stream using the specified attribute scan routine. +/* tls_proxy_params_scan() is meant to be passed as a call-back +/* function to attr_scan(), as shown below. +/* +/* tls_proxy_params_free() destroys a TLS_PARAMS structure +/* that was created by tls_proxy_params_scan(). +/* +/* TLS_PARAMS *params = 0; +/* ... +/* ... RECV_ATTR_FUNC(tls_proxy_params_scan, (void *) ¶ms) +/* ... +/* if (params != 0) +/* tls_proxy_params_free(params); +/* DIAGNOSTICS +/* Fatal: out of memory. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/*--*/ + +#ifdef USE_TLS + +/* System library. */ + +#include + +/* Utility library */ + +#include +#include +#include +#include + +/* Global library. */ + +#include + +/* TLS library. */ + +#include +#include + +#define STR(x) vstring_str(x) +#define LEN(x) VSTRING_LEN(x) + +/* tls_proxy_params_free - destroy TLS_PARAMS structure */ + +void tls_proxy_params_free(TLS_PARAMS * params) +{ + myfree(params->tls_high_clist); + myfree(params->tls_medium_clist); + myfree(params->tls_low_clist); + myfree(params->tls_export_clist); + myfree(params->tls_null_clist); + myfree(params->tls_eecdh_auto); + myfree(params->tls_eecdh_strong); + myfree(params->tls_eecdh_ultra); + myfree(params->tls_bug_tweaks); + myfree(params->tls_ssl_options); + myfree(params->tls_dane_agility); + myfree(params->tls_dane_digests); + myfree(params->tls_mgr_service); + myfree(params->tls_tkt_cipher); + myfree(params->openssl_path); + myfree((void *) params); +} + +/* tls_proxy_params_scan - receive TLS_PARAMS from stream */ + +int tls_proxy_params_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM * fp, + int flags, void *ptr) +{ + TLS_PARAMS *params + = (TLS_PARAMS *) mymalloc(sizeof(*params)); + int ret; + VSTRING *tls_high_clist = vstring_alloc(25); + VSTRING *tls_medium_clist = vstring_alloc(25); + VSTRING *tls_low_clist = vstring_alloc(25); + VSTRING *tls_export_clist = vstring_alloc(25); + VSTRING *tls_null_clist = vstring_alloc(25); + VSTRING *tls_eecdh_auto = vstring_alloc(25); + VSTRING *tls_eecdh_strong = vstring_alloc(25); + VSTRING *tls_eecdh_ultra = vstring_alloc(25); + VSTRING *tls_bug_tweaks = vstring_alloc(25); + VSTRING *tls_ssl_options = vstring_alloc(25); + VSTRING *tls_dane_agility = vstring_alloc(25); + VSTRING *tls_dane_digests = vstring_alloc(25); + VSTRING *tls_mgr_service = vstring_alloc(25); + VSTRING *tls_tkt_cipher = vstring_alloc(25); + VSTRING *openssl_path = vstring_alloc(25); + + if (msg_verbose) + msg_info("begin tls_proxy_params_scan"); + + /* + * Note: memset() is not a portable way to initialize non-integer types. + */ + memset(params, 0, sizeof(*params)); + ret = scan_fn(fp, flags | ATTR_FLAG_MORE, + RECV_ATTR_STR(VAR_TLS_HIGH_CLIST, tls_high_clist), + RECV_ATTR_STR(VAR_TLS_MEDIUM_CLIST, tls_medium_clist), + RECV_ATTR_STR(VAR_TLS_LOW_CLIST, tls_low_clist), + RECV_ATTR_STR(VAR_TLS_EXPORT_CLIST, tls_export_clist), + RECV_ATTR_STR(VAR_TLS_NULL_CLIST, tls_null_clist), + RECV_ATTR_STR(VAR_TLS_EECDH_AUTO, tls_eecdh_auto), + RECV_ATTR_STR(VAR_TLS_EECDH_STRONG, tls_eecdh_strong), + RECV_ATTR_STR(VAR_TLS_EECDH_ULTRA, tls_eecdh_ultra), + RECV_ATTR_STR(VAR_TLS_BUG_TWEAKS, tls_bug_tweaks), + RECV_ATTR_STR(VAR_TLS_SSL_OPTIONS, tls_ssl_options), + RECV_ATTR_STR(VAR_TLS_DANE_AGILITY, tls_dane_agility), + RECV_ATTR_STR(VAR_TLS_DANE_DIGESTS, tls_dane_digests), + RECV_ATTR_STR(VAR_TLS_MGR_SERVICE, tls_mgr_service), + RECV_ATTR_STR(VAR_TLS_TKT_CIPHER, tls_tkt_cipher), + RECV_ATTR_STR(VAR_OPENSSL_PATH, openssl_path), + RECV_ATTR_INT(VAR_TLS_DAEMON_RAND_BYTES, + ¶ms->tls_daemon_rand_bytes), + RECV_ATTR_INT(VAR_TLS_APPEND_DEF_CA, + ¶ms->tls_append_def_CA), + RECV_ATTR_INT(VAR_TLS_BC_PKEY_FPRINT, + ¶ms->tls_bc_pkey_fprint), + RECV_ATTR_INT(VAR_TLS_DANE_TAA_DGST, + ¶ms->tls_dane_taa_dgst), + RECV_ATTR_INT(VAR_TLS_PREEMPT_CLIST, + ¶ms->tls_preempt_clist), + RECV_ATTR_INT(VAR_TLS_MULTI_WILDCARD, + ¶ms->tls_multi_wildcard), + ATTR_TYPE_END); + /* Always construct a well-formed structure. */ + params->tls_high_clist = vstring_export(tls_high_clist); + params->tls_medium_clist = vstring_export(tls_medium_clist); + params->tls_low_clist = vstring_export(tls_low_clist); + params->tls_export_clist = vstring_export(tls_export_clist); + params->tls_null_clist = vstring_export(tls_null_clist); + params->tls_eecdh_auto = vstring_export(tls_eecdh_auto); + params->tls_eecdh_strong = vstring_export(tls_eecdh_strong); + params->tls_eecdh_ultra = vstring_export(tls_eecdh_ultra); + params->tls_bug_tweaks = vstring_export(tls_bug_tweaks); + params->tls_ssl_options = vstring_export(tls_ssl_options); + params->tls_dane_agility = vstring_export(tls_dane_agility); + params->tls_dane_digests = vstring_export(tls_dane_digests); + params->tls_mgr_service = vstring_export(tls_mgr_service); + params->tls_tkt_cipher = vstring_export(tls_tkt_cipher); + params->openssl_path = vstring_export(openssl_path); + + ret = (ret == 21 ? 1 : -1); + if (ret != 1) { + tls_proxy_params_free(params); + params = 0; + } + *(TLS_PARAMS **) ptr = params; + if (msg_verbose) + msg_info("tls_proxy_params_scan ret=%d", ret); + return (ret); +} + +#endif diff --git a/postfix/src/tlsmgr/tlsmgr.c b/postfix/src/tlsmgr/tlsmgr.c index fdd3ae5f1..db48ffbc2 100644 --- a/postfix/src/tlsmgr/tlsmgr.c +++ b/postfix/src/tlsmgr/tlsmgr.c @@ -49,7 +49,8 @@ /* to the Postfix-owned \fBdata_directory\fR, and a warning /* is logged. /* DIAGNOSTICS -/* Problems and transactions are logged to the syslog daemon. +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* There is no automatic means to limit the number of entries in the /* TLS session caches and/or the size of the TLS cache files. @@ -142,6 +143,7 @@ /* postconf(5), configuration parameters /* master(5), generic daemon options /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/tlsproxy/Makefile.in b/postfix/src/tlsproxy/Makefile.in index b38d30c71..ce21c7db9 100644 --- a/postfix/src/tlsproxy/Makefile.in +++ b/postfix/src/tlsproxy/Makefile.in @@ -81,6 +81,7 @@ tlsproxy.o: ../../include/name_mask.h tlsproxy.o: ../../include/nbbio.h tlsproxy.o: ../../include/nvtable.h tlsproxy.o: ../../include/sock_addr.h +tlsproxy.o: ../../include/split_at.h tlsproxy.o: ../../include/sys_defs.h tlsproxy.o: ../../include/tls.h tlsproxy.o: ../../include/tls_proxy.h diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index c5b101d12..3e374462f 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -45,7 +45,8 @@ /* It talks to untrusted clients on the network. The process /* can be run chrooted at fixed low privilege. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* CONFIGURATION PARAMETERS /* .ad /* .fi @@ -250,7 +251,8 @@ /* postscreen(8), Postfix zombie blocker /* smtpd(8), Postfix SMTP server /* postconf(5), configuration parameters -/* syslogd(5), system logging +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* LICENSE /* .ad /* .fi @@ -289,6 +291,7 @@ #include #include #include +#include /* * Global library. @@ -431,6 +434,7 @@ static int ask_client_cert; * TLS per-client status. */ static HTABLE *tlsp_client_app_cache; +static char *tlsp_pre_jail_tls_param_key; static char *tlsp_pre_jail_client_props_key; /* @@ -449,6 +453,7 @@ static char *tlsp_pre_jail_client_props_key; * SLMs. */ #define STR(x) vstring_str(x) +#define LEN(x) VSTRING_LEN(x) /* * The code that implements the TLS engine looks simpler than expected. That @@ -1022,21 +1027,59 @@ static void tlsp_get_fd_event(int event, void *context) /* At this point, state could be a dangling pointer. */ } +/* tlsp_config_diff - report server-client config differences */ + +static void tlsp_log_config_diff(const char *server_cfg, const char *client_cfg) +{ + VSTRING *diff_summary = vstring_alloc(100); + char *saved_server = mystrdup(server_cfg); + char *saved_client = mystrdup(client_cfg); + char *server_field; + char *client_field; + char *server_next; + char *client_next; + + /* + * Not using argv_split(), because it would treat multiple consecutive + * newline characters as one. + */ + for (server_field = saved_server, client_field = saved_client; + server_field && client_field; + server_field = server_next, client_field = client_next) { + server_next = split_at(server_field, '\n'); + client_next = split_at(client_field, '\n'); + if (strcmp(server_field, client_field) != 0) { + if (LEN(diff_summary) > 0) + vstring_sprintf_append(diff_summary, "; "); + vstring_sprintf_append(diff_summary, "server '%s' != client '%s'", + server_field, client_field); + } + } + msg_warn("%s", STR(diff_summary)); + + vstring_free(diff_summary); + myfree(saved_client); + myfree(saved_server); +} + /* * Macro for readability. */ -#define TLSP_CLIENT_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \ +#define TLSP_CLIENT_INIT(params, props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \ a10, a11, a12, a13, a14) \ - tlsp_client_init(TLS_CLIENT_INIT_ARGS((props), a1, a2, a3, a4, \ + tlsp_client_init(params, TLS_CLIENT_INIT_ARGS((props), a1, a2, a3, a4, \ a5, a6, a7, a8, a9, a10, a11, a12, a13, a14)) /* tlsp_client_init - initialize a TLS client engine */ -static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_INIT_PROPS *init_props) +static TLS_APPL_STATE *tlsp_client_init(TLS_PARAMS *tls_params, + TLS_CLIENT_INIT_PROPS *init_props) { TLS_APPL_STATE *appl_state; - VSTRING *buf; - char *key; + VSTRING *param_buf; + char *param_key; + VSTRING *init_buf; + char *init_key; /* * Use one TLS_APPL_STATE object for all requests that specify the same @@ -1047,19 +1090,24 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_INIT_PROPS *init_props) * key that corresponds to the pre-jail internal request, which uses the * tlsproxy_client_* settings. */ - buf = vstring_alloc(100); - key = tls_proxy_client_init_to_string(buf, init_props); + param_buf = vstring_alloc(100); + param_key = tls_proxy_params_to_string(param_buf, tls_params); + init_buf = vstring_alloc(100); + init_key = tls_proxy_client_init_to_string(init_buf, init_props); if (tlsp_pre_jail_done == 0) { - if (tlsp_pre_jail_client_props_key != 0) + if (tlsp_pre_jail_tls_param_key != 0 + || tlsp_pre_jail_client_props_key != 0) msg_panic("tlsp_client_init: multiple pre-jail calls"); - tlsp_pre_jail_client_props_key = mystrdup(key); + tlsp_pre_jail_tls_param_key = mystrdup(param_key); + tlsp_pre_jail_client_props_key = mystrdup(init_key); } /* * Log a warning if a post-jail request differs from the tlsproxy_client_* - * settings AND the request specifies file/directory pathname arguments. - * Those are problematic after chroot (pathname resolution) and after - * dropping privileges (key files must be root read-only). + * or tls_mumble settings AND the request specifies file/directory + * pathname arguments. Pathname differences are problematic after chroot + * (pathname resolution) and after dropping privileges (key files must be + * root read-only). * * We can eliminate this complication by adding code that opens a cert/key * lookup table at pre-jail time, and by reading cert/key info on-the-fly @@ -1067,27 +1115,38 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_INIT_PROPS *init_props) */ #define NOT_EMPTY(x) ((x) && *(x)) - else if ((tlsp_pre_jail_client_props_key == 0 - || strcmp(tlsp_pre_jail_client_props_key, key) != 0) - && (NOT_EMPTY(init_props->chain_files) - || NOT_EMPTY(init_props->cert_file) - || NOT_EMPTY(init_props->key_file) - || NOT_EMPTY(init_props->dcert_file) - || NOT_EMPTY(init_props->dkey_file) - || NOT_EMPTY(init_props->eccert_file) - || NOT_EMPTY(init_props->eckey_file) - || NOT_EMPTY(init_props->CAfile) - || NOT_EMPTY(init_props->CApath))) { - msg_warn("tls_client_init request with chain_files='%s' key_file='%s' " - "dkey_file='%s' eckey_file='%s' differs from tlsproxy client " - "settings", init_props->chain_files, init_props->key_file, - init_props->dkey_file, init_props->eckey_file); - msg_warn("to avoid this warning, 1) identify the SMTP client that is " - "making this tls_client_init request, 2) configure a " - "custom tlsproxy service with tlsproxy_client_* settings " - "that match that SMTP client, and 3) configure that SMTP " - "client with a tlsproxy_service_name setting that resolves " - "to that custom tlsproxy service"); + else { + int log_hints = 0; + + if (tlsp_pre_jail_tls_param_key != 0 + && strcmp(tlsp_pre_jail_tls_param_key, param_key) != 0) { + msg_warn("request from Postfix client with unexpected settings"); + tlsp_log_config_diff(tlsp_pre_jail_tls_param_key, param_key); + log_hints = 1; + } + if (tlsp_pre_jail_client_props_key != 0 + && strcmp(tlsp_pre_jail_client_props_key, init_key) != 0 + && (NOT_EMPTY(init_props->chain_files) + || NOT_EMPTY(init_props->cert_file) + || NOT_EMPTY(init_props->key_file) + || NOT_EMPTY(init_props->dcert_file) + || NOT_EMPTY(init_props->dkey_file) + || NOT_EMPTY(init_props->eccert_file) + || NOT_EMPTY(init_props->eckey_file) + || NOT_EMPTY(init_props->CAfile) + || NOT_EMPTY(init_props->CApath))) { + msg_warn("request from tlsproxy client with unexpected settings"); + tlsp_log_config_diff(tlsp_pre_jail_client_props_key, init_key); + log_hints = 1; + } + if (log_hints) + msg_warn("to avoid this warning, 1) identify the tlsproxy " + "client that is making this request, 2) configure " + "a custom tlsproxy service with settings that " + "match that tlsproxy client, and 3) configure " + "that tlsproxy client with a tlsproxy_service_name " + "setting that resolves to that custom tlsproxy " + "service"); } /* @@ -1099,9 +1158,9 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_INIT_PROPS *init_props) * suggestions. */ if ((appl_state = (TLS_APPL_STATE *) - htable_find(tlsp_client_app_cache, key)) == 0 + htable_find(tlsp_client_app_cache, init_key)) == 0 && (appl_state = tls_client_init(init_props)) != 0) { - (void) htable_enter(tlsp_client_app_cache, key, (void *) appl_state); + (void) htable_enter(tlsp_client_app_cache, init_key, (void *) appl_state); /* * To maintain sanity, allow partial SSL_write() operations, and @@ -1115,7 +1174,8 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_INIT_PROPS *init_props) SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); } - vstring_free(buf); + vstring_free(init_buf); + vstring_free(param_buf); return (appl_state); } @@ -1203,16 +1263,19 @@ static void tlsp_get_request_event(int event, void *context) case TLS_PROXY_FLAG_ROLE_CLIENT: state->is_server_role = 0; if (attr_scan(plaintext_stream, ATTR_FLAG_STRICT, + RECV_ATTR_FUNC(tls_proxy_params_scan, + (void *) &state->tls_params), RECV_ATTR_FUNC(tls_proxy_client_init_scan, (void *) &state->client_init_props), RECV_ATTR_FUNC(tls_proxy_client_start_scan, (void *) &state->client_start_props), - ATTR_TYPE_END) != 2) { + ATTR_TYPE_END) != 3) { msg_warn("%s: receive client TLS settings: %m", myname); tlsp_state_free(state); return; } - state->appl_state = tlsp_client_init(state->client_init_props); + state->appl_state = tlsp_client_init(state->tls_params, + state->client_init_props); ready = state->appl_state != 0; break; case TLS_PROXY_FLAG_ROLE_SERVER: @@ -1491,7 +1554,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv) * Initialize the TLS data before entering the chroot jail. */ if (clnt_use_tls || var_tlsp_clnt_per_site[0] || var_tlsp_clnt_policy[0]) { - TLS_CLIENT_INIT_PROPS props; + TLS_PARAMS tls_params; + TLS_CLIENT_INIT_PROPS init_props; tls_pre_jail_init(TLS_ROLE_CLIENT); @@ -1503,7 +1567,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv) * feature that C does not have natively: named parameter lists. */ tlsp_client_ctx = - TLSP_CLIENT_INIT(&props, + TLSP_CLIENT_INIT(tls_proxy_params_from_config(&tls_params), + &init_props, log_param = var_tlsp_clnt_logparam, log_level = var_tlsp_clnt_loglevel, verifydepth = var_tlsp_clnt_scert_vd, diff --git a/postfix/src/tlsproxy/tlsproxy.h b/postfix/src/tlsproxy/tlsproxy.h index fe560644e..d22764047 100644 --- a/postfix/src/tlsproxy/tlsproxy.h +++ b/postfix/src/tlsproxy/tlsproxy.h @@ -39,6 +39,7 @@ typedef struct { TLS_APPL_STATE *appl_state; /* libtls state */ TLS_SESS_STATE *tls_context; /* libtls state */ int ssl_last_err; /* TLS I/O state */ + TLS_PARAMS *tls_params; /* globals not part of init_props */ TLS_SERVER_INIT_PROPS *server_init_props; TLS_SERVER_START_PROPS *server_start_props; TLS_CLIENT_INIT_PROPS *client_init_props; diff --git a/postfix/src/tlsproxy/tlsproxy_state.c b/postfix/src/tlsproxy/tlsproxy_state.c index d6b88f598..12d6a2d39 100644 --- a/postfix/src/tlsproxy/tlsproxy_state.c +++ b/postfix/src/tlsproxy/tlsproxy_state.c @@ -115,6 +115,7 @@ TLSP_STATE *tlsp_state_create(const char *service, state->remote_endpt = 0; state->server_id = 0; state->tls_context = 0; + state->tls_params = 0; state->server_init_props = 0; state->server_start_props = 0; state->client_init_props = 0; @@ -152,6 +153,8 @@ void tlsp_state_free(TLSP_STATE *state) myfree(state->server_id); if (state->tls_context) tls_free_context(state->tls_context); + if (state->tls_params) + tls_proxy_params_free(state->tls_params); if (state->server_init_props) tls_proxy_server_init_free(state->server_init_props); if (state->server_start_props) diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index 70c3fdcaa..4e9ea2a4d 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -32,7 +32,8 @@ /* nexthop, internalized recipient) triple. /* STANDARDS /* DIAGNOSTICS -/* Problems and transactions are logged to the syslog daemon. +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* SEE ALSO /* LICENSE diff --git a/postfix/src/trivial-rewrite/rewrite.c b/postfix/src/trivial-rewrite/rewrite.c index ec01f9e79..483463c50 100644 --- a/postfix/src/trivial-rewrite/rewrite.c +++ b/postfix/src/trivial-rewrite/rewrite.c @@ -43,7 +43,8 @@ /* completing incomplete address forms. /* STANDARDS /* DIAGNOSTICS -/* Problems and transactions are logged to the syslog daemon. +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* SEE ALSO /* LICENSE diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index cb49e77e2..29c55c9b3 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -67,7 +67,8 @@ /* By default, this daemon does not talk to remote or local users. /* It can run at a fixed low privilege in a chrooted environment. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* CONFIGURATION PARAMETERS /* .ad /* .fi @@ -264,6 +265,7 @@ /* transport(5), transport table format /* relocated(5), format of the "user has moved" table /* master(8), process manager +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README FILES /* .ad diff --git a/postfix/src/verify/verify.c b/postfix/src/verify/verify.c index 0fecb9097..ae185c0bf 100644 --- a/postfix/src/verify/verify.c +++ b/postfix/src/verify/verify.c @@ -55,7 +55,8 @@ /* non-Postfix directory is redirected to the Postfix-owned /* \fBdata_directory\fR, and a warning is logged. /* DIAGNOSTICS -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* BUGS /* Address verification probe messages add additional traffic /* to the mail queue. @@ -192,7 +193,8 @@ /* smtpd(8), Postfix SMTP server /* cleanup(8), enqueue Postfix message /* postconf(5), configuration parameters -/* syslogd(5), system logging +/* postlogd(8), Postfix logging +/* syslogd(8), system logging /* README FILES /* .ad /* .fi diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index d78171347..29b1b7135 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -133,7 +133,8 @@ /* recipient is over disk quota. In all other cases, mail for /* an existing recipient is deferred and a warning is logged. /* -/* Problems and transactions are logged to \fBsyslogd\fR(8). +/* Problems and transactions are logged to \fBsyslogd\fR(8) +/* or \fBpostlogd\fR(8). /* Corrupted message files are marked so that the queue /* manager can move them to the \fBcorrupt\fR queue afterwards. /* @@ -265,6 +266,7 @@ /* qmgr(8), queue manager /* bounce(8), delivery status reports /* postconf(5), configuration parameters +/* postlogd(8), Postfix logging /* syslogd(8), system logging /* README_FILES /* Use "\fBpostconf readme_directory\fR" or