From: Wietse Venema Date: Tue, 1 Jul 2014 23:59:13 +0000 (+1000) Subject: postfix-2.12-20140701 X-Git-Tag: v3.0.0-RC1~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=849a69e8f3205d625e25670c1d92bbe9f25914af;p=thirdparty%2Fpostfix.git postfix-2.12-20140701 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index d0eb957a5..d49bc716a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -20077,3 +20077,20 @@ Apologies for any names omitted. Cleanup: use ${mail_version} as the MAIL_VERSION-unexpanded form. Viktor Dukhovni. Files: makedefs, postfix-install, conf/postfix-files. + +20140630 + + Cleanup: the pipeline and random lookup tables are now + called pipemap and randmap, respectively. These names are + more specific. The old names remain available, at least + temporarily. Files: util/dict_pipe.[hc], util/dict_random.[hc], + postconf/postconf.c, mantools/postlink, proto/DATABASE_README.html. + + Feature: smtpd_policy_service_request_limit to limit the + number of requests per Postfix SMTP server policy connection. + This is a workaround to avoid error-recovery delays with + policy servers that cannot maintain a persistent connection. + Based on code by Markus Benning. Files: global/mail_params.h, + mantools/postlink, proto/SMTPD_POLICY_README.html, + proto/postconf.proto, smtpd/smtpd.c, smtpd/smtpd_check.c, + util/attr_clnt.[hc]. diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README index 708d845a3..bb361307e 100644 --- a/postfix/README_FILES/DATABASE_README +++ b/postfix/README_FILES/DATABASE_README @@ -242,13 +242,13 @@ To find out what database types your Postfix system supports, use the "ppooss A lookup table based on Perl Compatible Regular Expressions. The file format is described in pcre_table(5). The lookup table name as used in "pcre:table" is the name of the regular expression file. - ppiippeelliinnee (read-only) - A pipeline of lookup tables. Example: "ppiippeelliinnee::!type_1:name_1! ... - !type_n:name_n". Each "pipeline:" query is given to the first table. - Each lookup result becomes the query for the next table in the - pipeline, and the last table produces the final result. When any table - lookup produces no result, the pipeline produces no result. The ASCII - character after "pipeline:" will be used as the separator between the + ppiippeemmaapp (read-only) + A pipeline of lookup tables. Example: "ppiippeemmaapp::!type1:name1! ... + !typen:namen". Each "pipemap:" query is given to the first table. Each + lookup result becomes the query for the next table in the pipeline, and + the last table produces the final result. When any table lookup + produces no result, the pipeline produces no result. The first ASCII + character after "pipemap:" will be used as the separator between the lookup tables that follow (do not use space, ",", ":" or non-ASCII). ppggssqqll (read-only) PostgreSQL database client. Configuration details are given in @@ -256,11 +256,11 @@ To find out what database types your Postfix system supports, use the "ppooss pprrooxxyy Postfix proxymap(8) client for shared access to Postfix databases. The lookup table name syntax is "proxy:type:table". - rraannddoomm (read-only) - An in-memory table that performs random selection. Example: "rraannddoomm:: - !result_1! ... !result_n". Each table query returns a random choice - from the specified results. The ASCII character after "random:" will be - used as the separator between the results that follow (do not use + rraannddmmaapp (read-only) + An in-memory table that performs random selection. Example: "rraannddmmaapp:: + !result1! ... !resultn". Each table query returns a random choice from + the specified results. The first ASCII character after "randmap:" will + be used as the separator between the results that follow (do not use space, ",", ":" or non-ASCII). rreeggeexxpp (read-only) A lookup table based on regular expressions. The file format is diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index 17d816f43..6a6e867a4 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -196,6 +196,7 @@ use something like this: 9 check_policy_service unix:private/policy 10 ... 11 policy_time_limit = 3600 + 12 # smtpd_policy_service_request_limit = 1 NOTES: @@ -227,6 +228,9 @@ NOTES: (in the above example, "policy") and a built-in suffix (in the above example: "_time_limit"). + * Line 12: specify smtpd_policy_service_request_limit to avoid error-recovery + delays with policy servers that cannot maintain a persistent connection. + * With Solaris < 9, or Postfix < 2.10 on any Solaris version, use TCP sockets instead of UNIX-domain sockets: @@ -241,9 +245,10 @@ NOTES: 9 check_policy_service inet:127.0.0.1:9998 10 ... 11 127.0.0.1:9998_time_limit = 3600 + 12 # smtpd_policy_service_request_limit = 1 -Other configuration parameters that control the client side of the policy -delegation protocol: +Configuration parameters that control the client side of the policy delegation +protocol: * smtpd_policy_service_max_idle (default: 300s): The amount of time before the Postfix SMTP server closes an unused policy client connection. @@ -254,6 +259,17 @@ delegation protocol: * smtpd_policy_service_timeout (default: 100s): The time limit to connect to, send to or receive from a policy server. + * smtpd_policy_service_request_limit (default: 0): The maximal number of + requests per policy connection, or zero (no limit). + +Configuration parameters that control the server side of the policy delegation +protocol: + + * transport_time_limit ($command_time_limit): The maximal amount of time the + policy daemon is allowed to run before it is terminated. The transport is + the service name of the master.cf entry for the policy daemon service. In + the above examples, the service name is "policy" or "127.0.0.1:9998". + EExxaammppllee:: ggrreeyylliisstt ppoolliiccyy sseerrvveerr Greylisting is a defense against junk email that is described at http:// @@ -309,6 +325,7 @@ socket that is accessible by Postfix processes only: 9 reject_unauth_destination 10 check_policy_service unix:private/greylist 11 ... + 12 # smtpd_policy_service_request_limit = 1 Notes: @@ -340,6 +357,9 @@ Notes: service name (in the above example, "greylist") and a built-in suffix (in the above example: "_time_limit"). + * Line 12: specify smtpd_policy_service_request_limit to avoid error-recovery + delays with policy servers that cannot maintain a persistent connection. + With Solaris < 9, or Postfix < 2.10 on any Solaris version, use inet: style sockets instead of unix: style, as detailed in the "Policy client/server configuration" section above. @@ -355,6 +375,7 @@ configuration" section above. 9 reject_unauth_destination 10 check_policy_service inet:127.0.0.1:9998 11 ... + 12 # smtpd_policy_service_request_limit = 1 GGrreeyylliissttiinngg mmaaiill ffrroomm ffrreeqquueennttllyy ffoorrggeedd ddoommaaiinnss diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index e50d7d3c9..6c5db23ec 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -41,6 +41,13 @@ Maintainers may also benefit from the makedefs documentation (mantools/srctoman - makedefs | nroff -man | less) with information about build options that are not described in the INSTALL instructions. +Incompatible changes with snapshot 20140701 +=========================================== + +For clarity, the pipeline and random lookup tables are now called +pipemap and randmap, respectively. The 20140618 text below has been +updated accordingly. The old names remain supported for a while. + Incompatible changes with snapshot 20140625 =========================================== @@ -70,10 +77,10 @@ Major changes with snapshot 20140618 This introduces several lookup tables with unusual properties. -random table +randmap table ------------ -The "random" lookup table performs random selection. This may be +The "randmap" lookup table performs random selection. This may be used to implement load balancing, for example: /etc/postfix/transport: @@ -86,48 +93,48 @@ used to implement load balancing, for example: # Deliver my own domain as usual. hash:/etc/postfix/transport # Deliver other domains via randomly-selected relayhosts - random:!smtp:smtp0.example.com!smtp:smtp1.example.com + randmap:!smtp:smtp0.example.com!smtp:smtp1.example.com A variant of this can randomly select SMTP clients with different smtp_bind_address settings. -The ASCII character after "random:" will be used as the separator -between the results that follow (do not use space, ",", ":" or -non-ASCII). +The first ASCII character after "randmap:" will be used as the +separator between the results that follow (do not use space, ",", +":" or non-ASCII). -Some future version may support the form random:/path/to/file, +Some future version may support the form randmap:/path/to/file, to load the list of random values, one per line, from a textfile. To implement different weights, specify lookup results multiple times. For example, to choose smtp:smtp1.example.com twice as often as smtp:smtp0.example.com, specify smtp:smtp1.example.com twice. -pipeline table +pipemap table -------------- -As the name suggests, the "pipeline" table implements a pipeline +As the name suggests, the "pipemap" table implements a pipeline of lookup tables. The name of the table specifies the pipeline as a sequence of tables. For example, the following prevents SMTP mail to system accounts that have "nologin" as their login shell: /etc/postfix/main.cf: local_recipient_maps = - pipeline:!unix:passwd.byname!pcre:/etc/postfix/no-nologin.pcre + pipemap:!unix:passwd.byname!pcre:/etc/postfix/no-nologin.pcre alias_maps /etc/postfix/no-nologin.pcre: !/nologin/ whatever -The ASCII character after "pipeline:" will be used as the separator -between the lookup tables that follow (do not use space, ",", ":" -or non-ASCII). +The first ASCII character after "pipemap:" will be used as the +separator between the lookup tables that follow (do not use space, +",", ":" or non-ASCII). -Each "pipeline:" query is given to the first table. Each table +Each "pipemap:" query is given to the first table. Each table lookup result becomes the query for the next table in the pipeline, and the last table produces the final result. When any table lookup produces no result, the entire pipeline produces no result. -Some future version may support the form pipeline:/path/to/file, +Some future version may support the form pipemap:/path/to/file, to load the list of lookup tables, one per line, from a textfile. Incompatible changes with snapshot 20140530 diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html index 06e909430..3f0d9ec4e 100644 --- a/postfix/html/DATABASE_README.html +++ b/postfix/html/DATABASE_README.html @@ -362,16 +362,17 @@ The file format is described in pcre_table(5). T name as used in "pcre:table" is the name of the regular expression file. -
pipeline (read-only)
+
pipemap (read-only)
A pipeline of lookup tables. Example: -"pipeline:!type_1:name_1! ... !type_n:name_n". Each -"pipeline:" query is given to the first table. Each lookup result -becomes the query for the next table in the pipeline, and the last -table produces the final result. When any table lookup produces -no result, the pipeline produces no result. The ASCII character -after "pipeline:" will be used as the separator between the lookup -tables that follow (do not use space, ",", ":" or non-ASCII).
+"pipemap:!type1:name1! ... +!typen:namen". Each "pipemap:" query is +given to the first table. Each lookup result becomes the query for +the next table in the pipeline, and the last table produces the +final result. When any table lookup produces no result, the pipeline +produces no result. The first ASCII character after "pipemap:" +will be used as the separator between the lookup tables that follow +(do not use space, ",", ":" or non-ASCII).
pgsql (read-only)
@@ -384,14 +385,14 @@ in pgsql_table(5). databases. The lookup table name syntax is "proxy:type:table". -
random (read-only)
+
randmap (read-only)
An in-memory table that performs random selection. Example: -"random:!result_1! ... !result_n". Each table query -returns a random choice from the specified results. The ASCII -character after "random:" will be used as the separator between the -results that follow (do not use space, ",", ":" or non-ASCII). -
+"randmap:!result1! ... !resultn". +Each table query returns a random choice from the specified results. +The first ASCII character after "randmap:" will be used as the +separator between the results that follow (do not use space, ",", +":" or non-ASCII).
regexp (read-only)
diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index aaccc22f5..3c404154c 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -266,6 +266,7 @@ daemon, you would use something like this:

9 check_policy_service unix:private/policy 10 ... 11 policy_time_limit = 3600 +12 # smtpd_policy_service_request_limit = 1 @@ -305,6 +306,10 @@ of a master.cf service name (in the above example, " built-in suffix (in the above example: "_time_limit").

+

  • Line 12: specify smtpd_policy_service_request_limit to +avoid error-recovery delays with policy servers that cannot +maintain a persistent connection.

    +

  • With Solaris < 9, or Postfix < 2.10 on any Solaris version, use TCP sockets instead of UNIX-domain sockets:

    @@ -323,11 +328,12 @@ version, use TCP sockets instead of UNIX-domain sockets:

    9 check_policy_service inet:127.0.0.1:9998 10 ... 11 127.0.0.1:9998_time_limit = 3600 +12 # smtpd_policy_service_request_limit = 1 -

    Other configuration parameters that control the client side of -the policy delegation protocol:

    +

    Configuration parameters that control the client side of the +policy delegation protocol:

    + +

    Configuration parameters that control the server side of the +policy delegation protocol:

    + +

    Example: greylist policy server

    @@ -415,6 +437,7 @@ processes only:

    9 reject_unauth_destination 10 check_policy_service unix:private/greylist 11 ... +12 # smtpd_policy_service_request_limit = 1 @@ -453,6 +476,10 @@ of a master.cf service name (in the above example, " a built-in suffix (in the above example: "_time_limit").

    +

  • Line 12: specify smtpd_policy_service_request_limit to +avoid error-recovery delays with policy servers that cannot +maintain a persistent connection.

    +

    With Solaris < 9, or Postfix < 2.10 on any Solaris @@ -473,6 +500,7 @@ client/server configuration" section above.

    9 reject_unauth_destination 10 check_policy_service inet:127.0.0.1:9998 11 ... +12 # smtpd_policy_service_request_limit = 1 diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html index f5969b753..bf2ddd9eb 100644 --- a/postfix/html/postconf.1.html +++ b/postfix/html/postconf.1.html @@ -253,46 +253,47 @@ POSTCONF(1) POSTCONF(1) PostgreSQL database client. This is described in pgsql_table(5). - pipeline (read-only) - A pipeline of lookup tables. Example: "pipe- - line:!type_1:name_1! ... !type_n:name_n". Each "pipe- - line:" query is given to the first table. Each lookup - result becomes the query for the next table in the pipe- - line, and the last table produces the final result. When - any table lookup produces no result, the pipeline pro- - duces no result. The ASCII character after "pipeline:" - will be used as the separator between the lookup tables - that follow (do not use space, ",", ":" or non-ASCII). - - proxy Postfix proxymap(8) client for shared access to Postfix + pipemap (read-only) + A pipeline of lookup tables. Example: + "pipemap:!type_1:name_1! ... !type_n:name_n". Each + "pipemap:" query is given to the first table. Each + lookup result becomes the query for the next table in the + pipeline, and the last table produces the final result. + When any table lookup produces no result, the pipeline + produces no result. The first ASCII character after + "pipemap:" will be used as the separator between the + lookup tables that follow (do not use space, ",", ":" or + non-ASCII). + + proxy Postfix proxymap(8) client for shared access to Postfix databases. The table name syntax is type:name. - random (read-only) - An in-memory table that performs random selection. Exam- - ple: "random:!result_1! ... !result_n". Each table query - returns a random choice from the specified results. The - ASCII character after "random:" will be used as the sepa- - rator between the results that follow (do not use space, - ",", ":" or non-ASCII). + randmap (read-only) + An in-memory table that performs random selection. Exam- + ple: "randmap:!result_1! ... !result_n". Each table query + returns a random choice from the specified results. The + first ASCII character after "randmap:" will be used as + the separator between the results that follow (do not use + space, ",", ":" or non-ASCII). regexp (read-only) - A lookup table based on regular expressions. The file + A lookup table based on regular expressions. The file format is described in regexp_table(5). sdbm An indexed file type based on hashing. Available on sys- tems with support for SDBM databases. socketmap (read-only) - Sendmail-style socketmap client. The table name is - inet:host:port:name for a TCP/IP server, or unix:path- - name:name for a UNIX-domain server. This is described in + Sendmail-style socketmap client. The table name is + inet:host:port:name for a TCP/IP server, or unix:path- + name:name for a UNIX-domain server. This is described in socketmap_table(5). sqlite (read-only) SQLite database. This is described in sqlite_table(5). static (read-only) - A table that always returns its name as lookup result. + A table that always returns its name as lookup result. For example, static:foobar always returns the string foo- bar as lookup result. @@ -300,48 +301,48 @@ POSTCONF(1) POSTCONF(1) TCP/IP client. The protocol is described in tcp_table(5). texthash (read-only) - Produces similar results as hash: files, except that you - don't need to run the postmap(1) command before you can - use the file, and that it does not detect changes after + Produces similar results as hash: files, except that you + don't need to run the postmap(1) command before you can + use the file, and that it does not detect changes after the file is read. unix (read-only) - A limited view of the UNIX authentication database. The + A limited view of the UNIX authentication database. The following tables are implemented: unix:passwd.byname - The table is the UNIX password database. The key - is a login name. The result is a password file + The table is the UNIX password database. The key + is a login name. The result is a password file entry in passwd(5) format. unix:group.byname The table is the UNIX group database. The key is a - group name. The result is a group file entry in + group name. The result is a group file entry in group(5) format. - Other table types may exist depending on how Postfix was built. + Other table types may exist depending on how Postfix was built. - -M Show master.cf file contents instead of main.cf file contents. + -M Show master.cf file contents instead of main.cf file contents. Specify -Mf to fold long lines for human readability. Specify zero or more arguments, each with a service-name or ser- - vice-name/service-type pair, where service-name is the first - field of a master.cf entry and service-type is one of (inet, + vice-name/service-type pair, where service-name is the first + field of a master.cf entry and service-type is one of (inet, unix, fifo, or pass). - If service-name or service-name/service-type is specified, only - the matching master.cf entries will be output. For example, - "postconf -Mf smtp" will output all services named "smtp", and - "postconf -Mf smtp/inet" will output only the smtp service that - listens on the network. Trailing service type fields that are + If service-name or service-name/service-type is specified, only + the matching master.cf entries will be output. For example, + "postconf -Mf smtp" will output all services named "smtp", and + "postconf -Mf smtp/inet" will output only the smtp service that + listens on the network. Trailing service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.9 and later. The syntax - was changed from "name.type" to "name/type", and "*" wildcard + was changed from "name.type" to "name/type", and "*" wildcard support was added with Postfix 2.11. -n Show only configuration parameters that have explicit name=value - settings in main.cf. Specify -nf to fold long lines for human + settings in main.cf. Specify -nf to fold long lines for human readability (Postfix 2.9 and later). -o name=value @@ -353,50 +354,50 @@ POSTCONF(1) POSTCONF(1) This feature is available with Postfix 2.11 and later. - -P Show master.cf service parameter settings (by default all ser- + -P Show master.cf service parameter settings (by default all ser- vices and all parameters). formatted as one "ser- - vice/type/parameter=value" per line. Specify -Pf to fold long + vice/type/parameter=value" per line. Specify -Pf to fold long lines. - Specify one or more "service/type/parameter" instances on the - postconf(1) command line to limit the output to parameters of - interest. Trailing parameter name or service type fields that + Specify one or more "service/type/parameter" instances on the + postconf(1) command line to limit the output to parameters of + interest. Trailing parameter name or service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.11 and later. -t [template_file] - Display the templates for text that appears at the beginning of - delivery status notification (DSN) messages, without expanding + Display the templates for text that appears at the beginning of + delivery status notification (DSN) messages, without expanding $name expressions. To override the built-in templates, specify a template file name - at the end of the postconf(1) command line, or specify a file + at the end of the postconf(1) command line, or specify a file name in main.cf with the bounce_template_file parameter. - To force selection of the built-in templates, specify an empty - template file name on the postconf(1) command line (in shell + To force selection of the built-in templates, specify an empty + template file name on the postconf(1) command line (in shell language: ""). This feature is available with Postfix 2.3 and later. - -v Enable verbose logging for debugging purposes. Multiple -v + -v Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose. - -x Expand $name in main.cf or master.cf parameter values. The + -x Expand $name in main.cf or master.cf parameter values. The expansion is recursive. This feature is available with Postfix 2.10 and later. - -X Edit the main.cf configuration file, and remove the parameters + -X Edit the main.cf configuration file, and remove the parameters named on the postconf(1) command line. Specify a list of param- eter names, not "name=value" pairs. - With -M, edit the master.cf configuration file, and remove one - or more service entries as specified with "service/type" on the + With -M, edit the master.cf configuration file, and remove one + or more service entries as specified with "service/type" on the postconf(1) command line. - With -P, edit the master.cf configuration file, and remove one + With -P, edit the master.cf configuration file, and remove one or more service parameter settings (-o parameter=value settings) as specied with "service/type/parameter" on the postconf(1) com- mand line. @@ -405,10 +406,10 @@ POSTCONF(1) POSTCONF(1) into place. Specify quotes to protect special characters on the postconf(1) command line. - There is no postconf(1) command to perform the reverse opera- + There is no postconf(1) command to perform the reverse opera- tion. - This feature is available with Postfix 2.10 and later. Support + This feature is available with Postfix 2.10 and later. Support for -M and -P was added with Postfix 2.11. -# Edit the main.cf configuration file, and comment out the parame- @@ -416,18 +417,18 @@ POSTCONF(1) POSTCONF(1) eters revert to their default values. Specify a list of parame- ter names, not "name=value" pairs. - With -M, edit the master.cf configuration file, and comment out - one or more service entries as specified with "service/type" on + With -M, edit the master.cf configuration file, and comment out + one or more service entries as specified with "service/type" on the postconf(1) command line. In all cases the file is copied to a temporary file then renamed into place. Specify quotes to protect special characters on the postconf(1) command line. - There is no postconf(1) command to perform the reverse opera- + There is no postconf(1) command to perform the reverse opera- tion. - This feature is available with Postfix 2.6 and later. Support + This feature is available with Postfix 2.6 and later. Support for -M was added with Postfix 2.11. DIAGNOSTICS @@ -438,18 +439,18 @@ POSTCONF(1) POSTCONF(1) Directory with Postfix configuration files. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- + The following main.cf parameters are especially relevant to this pro- gram. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. bounce_template_file (empty) - Pathname of a configuration file with bounce message templates. + Pathname of a configuration file with bounce message templates. FILES /etc/postfix/main.cf, Postfix configuration parameters diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 5c3873c3c..832cfb1d0 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -14113,6 +14113,25 @@ This feature is available in Postfix 2.1 and later.

    + + +
    smtpd_policy_service_request_limit +(default: 0)
    + +

    +The maximal number of requests per Postfix SMTP server policy +connection, or zero (no limit). Once a connection reaches this +limit, the connection is closed and the next request will be sent +over a new connection. This is a workaround to avoid error-recovery +delays with policy servers that cannot maintain a persistent +connection. +

    + +

    +This feature is available in Postfix 2.12 and later. +

    + +
    smtpd_policy_service_timeout diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 84e91653b..641f28471 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -862,15 +862,21 @@ SMTPD(8) SMTPD(8) The time limit for connecting to, writing to or receiving from a delegated SMTPD policy server. + Available in Postfix version 2.12 and later: + + smtpd_policy_service_request_limit (0) + The maximal number of requests per Postfix SMTP server policy + connection, or zero (no limit). + ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to all the SMTP + The SMTPD_ACCESS_README document gives an introduction to all the SMTP server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating + Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions, or wait until the ETRN command - before evaluating $smtpd_client_restrictions and + before evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. parent_domain_matches_subdomains (see 'postconf -d' output) @@ -878,45 +884,45 @@ SMTPD(8) SMTPD(8) cally, instead of requiring an explicit ".domain.tld" pattern. smtpd_client_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client connection request. smtpd_helo_required (no) - Require that a remote SMTP client introduces itself with the - HELO or EHLO command before sending the MAIL command or other + Require that a remote SMTP client introduces itself with the + HELO or EHLO command before sending the MAIL command or other commands that require EHLO negotiation. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client MAIL FROM command. smtpd_recipient_restrictions (see 'postconf -d' output) - Optional restrictions that the Postfix SMTP server applies in - the context of a client RCPT TO command, after + Optional restrictions that the Postfix SMTP server applies in + the context of a client RCPT TO command, after smtpd_relay_restrictions. smtpd_etrn_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client ETRN command. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients to destina- + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destina- tions matching $relay_domains. smtpd_restriction_classes (empty) User-defined aliases for groups of access restrictions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables instead of + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) - Restrict the use of the permit_mx_backup SMTP access feature to + Restrict the use of the permit_mx_backup SMTP access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: @@ -926,19 +932,19 @@ SMTPD(8) SMTPD(8) applies in the context of the SMTP DATA command. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of RBL reply + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail from unknown - sender addresses, even when no explicit reject_unlisted_sender + Request that the Postfix SMTP server rejects mail from unknown + sender addresses, even when no explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail for unknown - recipient addresses, even when no explicit + Request that the Postfix SMTP server rejects mail for unknown + recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. Available in Postfix version 2.2 and later: @@ -952,17 +958,17 @@ SMTPD(8) SMTPD(8) smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination) Access restrictions for mail relay control that the Postfix SMTP - server applies in the context of the RCPT TO command, before + server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient address verifica- + Postfix version 2.1 introduces sender and recipient address verifica- tion. This feature is implemented by sending probe email messages that are not actually delivered. This feature is requested via the - reject_unverified_sender and reject_unverified_recipient access - restrictions. The status of verification probes is maintained by the - verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- - mation about how to configure and operate the Postfix sender/recipient + reject_unverified_sender and reject_unverified_recipient access + restrictions. The status of verification probes is maintained by the + verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- + mation about how to configure and operate the Postfix sender/recipient address verification service. address_verify_poll_count (normal: 3, overload: 1) @@ -974,7 +980,7 @@ SMTPD(8) SMTPD(8) fication request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification probes; prior + The sender address to use in address verification probes; prior to Postfix 2.5 the default was "postmaster". unverified_sender_reject_code (450) @@ -982,18 +988,18 @@ SMTPD(8) SMTPD(8) address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a recipient - address is rejected by the reject_unverified_recipient restric- + The numerical Postfix SMTP server response when a recipient + address is rejected by the reject_unverified_recipient restric- tion. Available in Postfix version 2.6 and later: unverified_sender_defer_code (450) - The numerical Postfix SMTP server response code when a sender + The numerical Postfix SMTP server response code when a sender address probe fails due to a temporary error condition. unverified_recipient_defer_code (450) - The numerical Postfix SMTP server response when a recipient + The numerical Postfix SMTP server response when a recipient address probe fails due to a temporary error condition. unverified_sender_reject_reason (empty) @@ -1005,17 +1011,17 @@ SMTPD(8) SMTPD(8) reject_unverified_recipient. unverified_sender_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_sender + The Postfix SMTP server's action when reject_unverified_sender fails due to a temporary error condition. unverified_recipient_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_recipi- + The Postfix SMTP server's action when reject_unverified_recipi- ent fails due to a temporary error condition. Available with Postfix 2.9 and later: address_verify_sender_ttl (0s) - The time between changes in the time-dependent portion of + The time between changes in the time-dependent portion of address verification probe sender addresses. ACCESS CONTROL RESPONSES @@ -1027,63 +1033,63 @@ SMTPD(8) SMTPD(8) map "reject" action. defer_code (450) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code when the client - HELO or EHLO command parameter is rejected by the + The numerical Postfix SMTP server response code when the client + HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_rbl_client, + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or reject_rhsbl_recipient restriction. non_fqdn_reject_code (504) - The numerical Postfix SMTP server reply code when a client - request is rejected by the reject_non_fqdn_helo_hostname, + The numerical Postfix SMTP server reply code when a client + request is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code when a request + The numerical Postfix SMTP server response code when a request is rejected by the reject_plaintext_session restriction. reject_code (554) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code when a client - request is rejected by the reject_unauth_destination recipient + The numerical Postfix SMTP server response code when a client + request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) The numerical Postfix SMTP server response code when a sender or - recipient address is rejected by the - reject_unknown_sender_domain or reject_unknown_recipient_domain + recipient address is rejected by the + reject_unknown_sender_domain or reject_unknown_recipient_domain restriction. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code when a client - without valid address <=> name mapping is rejected by the + The numerical Postfix SMTP server response code when a client + without valid address <=> name mapping is rejected by the reject_unknown_client_hostname restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code when the host- - name specified with the HELO or EHLO command is rejected by the + The numerical Postfix SMTP server response code when the host- + name specified with the HELO or EHLO command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default Postfix SMTP server response template for a request + The default Postfix SMTP server response template for a request that is rejected by an RBL-based restriction. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_multi_recipi- + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_multi_recipi- ent_bounce restriction. rbl_reply_maps (empty) @@ -1093,52 +1099,52 @@ SMTPD(8) SMTPD(8) access_map_defer_code (450) The numerical Postfix SMTP server response code for an access(5) - map "defer" action, including "defer_if_permit" or + map "defer" action, including "defer_if_permit" or "defer_if_reject". reject_tempfail_action (defer_if_permit) - The Postfix SMTP server's action when a reject-type restriction + The Postfix SMTP server's action when a reject-type restriction fails due to a temporary error condition. unknown_helo_hostname_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unknown_helo_host- + The Postfix SMTP server's action when reject_unknown_helo_host- name fails due to an temporary error condition. unknown_address_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when - reject_unknown_sender_domain or reject_unknown_recipient_domain + The Postfix SMTP server's action when + reject_unknown_sender_domain or reject_unknown_recipient_domain fail due to a temporary error condition. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) The location of all postfix administrative commands. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that are gener- + The sender address of postmaster notifications that are gener- ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. mail_name (Postfix) - The mail system name that is displayed in Received: headers, in + The mail system name that is displayed in Received: headers, in the SMTP greeting banner, and in bounced mail. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1149,11 +1155,11 @@ SMTPD(8) SMTPD(8) The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" remote SMTP clients that have more privi- + The list of "trusted" remote SMTP clients that have more privi- leges than "strangers". myorigin ($myhostname) - The domain name that locally-posted mail appears to come from, + The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. process_id (read-only) @@ -1166,26 +1172,26 @@ SMTPD(8) SMTPD(8) The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name from its - extension (example: user+foo), or a .forward file name from its + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its extension (example: .forward+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the SMTP greeting + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT, GET, POST) - List of commands that cause the Postfix SMTP server to immedi- + List of commands that cause the Postfix SMTP server to immedi- ately terminate the session with a 221 code. Available in Postfix version 2.5 and later: diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1 index ec7d2db2c..68f9bab24 100644 --- a/postfix/man/man1/postconf.1 +++ b/postfix/man/man1/postconf.1 @@ -273,24 +273,24 @@ The file format is described in \fBpcre_table\fR(5). .IP "\fBpgsql\fR (read-only)" PostgreSQL database client. This is described in \fBpgsql_table\fR(5). -.IP "\fBpipeline\fR (read-only)" +.IP "\fBpipemap\fR (read-only)" A pipeline of lookup tables. Example: -"\fBpipeline:\fI!type_1:name_1! ... !type_n:name_n\fR". -Each "pipeline:" query is given to the first table. Each +"\fBpipemap:\fI!type_1:name_1! ... !type_n:name_n\fR". +Each "pipemap:" query is given to the first table. Each lookup result becomes the query for the next table in the pipeline, and the last table produces the final result. When any table lookup produces no result, the pipeline -produces no result. The ASCII character after "pipeline:" +produces no result. The first ASCII character after "pipemap:" will be used as the separator between the lookup tables that follow (do not use space, ",", ":" or non-ASCII). .IP "\fBproxy\fR" Postfix \fBproxymap\fR(8) client for shared access to Postfix databases. The table name syntax is \fItype\fB:\fIname\fR. -.IP "\fBrandom\fR (read-only)" +.IP "\fBrandmap\fR (read-only)" An in-memory table that performs random selection. Example: -"\fBrandom:\fI!result_1! ... !result_n\fR". Each table query -returns a random choice from the specified results. The -ASCII character after "random:" will be used as the separator +"\fBrandmap:\fI!result_1! ... !result_n\fR". Each table query +returns a random choice from the specified results. The first +ASCII character after "randmap:" will be used as the separator between the results that follow (do not use space, ",", ":" or non-ASCII). .IP "\fBregexp\fR (read-only)" diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index d74aab7e2..7fdda2a1a 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -9370,6 +9370,15 @@ The time after which an active SMTPD policy service connection is closed. .PP This feature is available in Postfix 2.1 and later. +.SH smtpd_policy_service_request_limit (default: 0) +The maximal number of requests per Postfix SMTP server policy +connection, or zero (no limit). Once a connection reaches this +limit, the connection is closed and the next request will be sent +over a new connection. This is a workaround to avoid error-recovery +delays with policy servers that cannot maintain a persistent +connection. +.PP +This feature is available in Postfix 2.12 and later. .SH smtpd_policy_service_timeout (default: 100s) The time limit for connecting to, writing to or receiving from a delegated SMTPD policy server. diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 563ec475d..3cea206f9 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -768,6 +768,11 @@ closed. .IP "\fBsmtpd_policy_service_timeout (100s)\fR" The time limit for connecting to, writing to or receiving from a delegated SMTPD policy server. +.PP +Available in Postfix version 2.12 and later: +.IP "\fBsmtpd_policy_service_request_limit (0)\fR" +The maximal number of requests per Postfix SMTP server policy +connection, or zero (no limit). .SH "ACCESS CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index fdf078c48..79c89a319 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -545,6 +545,7 @@ while (<>) { s;\bsmtpd_policy_service_max_idle\b;$&;g; s;\bsmtpd_policy_service_max_ttl\b;$&;g; s;\bsmtpd_policy_service_timeout\b;$&;g; + s;\bsmtpd_policy_service_request_limit\b;$&;g; s;\bsmtpd_proxy_ehlo\b;$&;g; s;\bsmtpd_proxy_filter\b;$&;g; s;\bsmtpd_proxy_timeout\b;$&;g; @@ -1114,9 +1115,9 @@ while (<>) { s/\b(nisplus):/$1<\/a>:/g; s/\b(pcre):/$1<\/a>:/g; s/\b(pgsql):/$1<\/a>:/g; - s;\b(pipe[-]*\n*[ ]*line):;$1<\/a>:;g; + s;\b(pipe[-]*\n*[ ]*map):;$1<\/a>:;g; s/\b(proxy):/$1<\/a>:/g; - s/\b(random):/$1<\/a>:/g; + s/\b(randmap):/$1<\/a>:/g; s/\b(regexp):/$1<\/a>:/g; s/\b(sdbm):/$1<\/a>:/g; s/\b(socketmap):/$1<\/a>:/g; diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html index c21396db3..3ac27ec3d 100644 --- a/postfix/proto/DATABASE_README.html +++ b/postfix/proto/DATABASE_README.html @@ -362,16 +362,17 @@ The file format is described in pcre_table(5). The lookup table name as used in "pcre:table" is the name of the regular expression file. -
    pipeline (read-only)
    +
    pipemap (read-only)
    A pipeline of lookup tables. Example: -"pipeline:!type_1:name_1! ... !type_n:name_n". Each -"pipeline:" query is given to the first table. Each lookup result -becomes the query for the next table in the pipeline, and the last -table produces the final result. When any table lookup produces -no result, the pipeline produces no result. The ASCII character -after "pipeline:" will be used as the separator between the lookup -tables that follow (do not use space, ",", ":" or non-ASCII).
    +"pipemap:!type1:name1! ... +!typen:namen". Each "pipemap:" query is +given to the first table. Each lookup result becomes the query for +the next table in the pipeline, and the last table produces the +final result. When any table lookup produces no result, the pipeline +produces no result. The first ASCII character after "pipemap:" +will be used as the separator between the lookup tables that follow +(do not use space, ",", ":" or non-ASCII).
    pgsql (read-only)
    @@ -384,14 +385,14 @@ in pgsql_table(5). databases. The lookup table name syntax is "proxy:type:table". -
    random (read-only)
    +
    randmap (read-only)
    An in-memory table that performs random selection. Example: -"random:!result_1! ... !result_n". Each table query -returns a random choice from the specified results. The ASCII -character after "random:" will be used as the separator between the -results that follow (do not use space, ",", ":" or non-ASCII). -
    +"randmap:!result1! ... !resultn". +Each table query returns a random choice from the specified results. +The first ASCII character after "randmap:" will be used as the +separator between the results that follow (do not use space, ",", +":" or non-ASCII).
    regexp (read-only)
    diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html index 37e8cc02b..7d59b09a9 100644 --- a/postfix/proto/SMTPD_POLICY_README.html +++ b/postfix/proto/SMTPD_POLICY_README.html @@ -266,6 +266,7 @@ daemon, you would use something like this:

    9 check_policy_service unix:private/policy 10 ... 11 policy_time_limit = 3600 +12 # smtpd_policy_service_request_limit = 1 @@ -305,6 +306,10 @@ of a master.cf service name (in the above example, "policy") and a built-in suffix (in the above example: "_time_limit").

    +

  • Line 12: specify smtpd_policy_service_request_limit to +avoid error-recovery delays with policy servers that cannot +maintain a persistent connection.

    +

  • With Solaris < 9, or Postfix < 2.10 on any Solaris version, use TCP sockets instead of UNIX-domain sockets:

    @@ -323,11 +328,12 @@ version, use TCP sockets instead of UNIX-domain sockets:

    9 check_policy_service inet:127.0.0.1:9998 10 ... 11 127.0.0.1:9998_time_limit = 3600 +12 # smtpd_policy_service_request_limit = 1 -

    Other configuration parameters that control the client side of -the policy delegation protocol:

    +

    Configuration parameters that control the client side of the +policy delegation protocol:

      @@ -342,6 +348,22 @@ client connection.

    • smtpd_policy_service_timeout (default: 100s): The time limit to connect to, send to or receive from a policy server.

      +

    • smtpd_policy_service_request_limit (default: 0): The maximal +number of requests per policy connection, or zero (no limit).

      + +
    + +

    Configuration parameters that control the server side of the +policy delegation protocol:

    + +
      + +

    • transport_time_limit ($command_time_limit): The +maximal amount of time the policy daemon is allowed to run before +it is terminated. The transport is the service name of the +master.cf entry for the policy daemon service. In the above +examples, the service name is "policy" or "127.0.0.1:9998".

      +

    Example: greylist policy server

    @@ -415,6 +437,7 @@ processes only:

    9 reject_unauth_destination 10 check_policy_service unix:private/greylist 11 ... +12 # smtpd_policy_service_request_limit = 1 @@ -453,6 +476,10 @@ of a master.cf service name (in the above example, "greylist") and a built-in suffix (in the above example: "_time_limit").

    +

  • Line 12: specify smtpd_policy_service_request_limit to +avoid error-recovery delays with policy servers that cannot +maintain a persistent connection.

    +

    With Solaris < 9, or Postfix < 2.10 on any Solaris @@ -473,6 +500,7 @@ client/server configuration" section above.

    9 reject_unauth_destination 10 check_policy_service inet:127.0.0.1:9998 11 ... +12 # smtpd_policy_service_request_limit = 1 diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 2af63381b..4b9d531bc 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -8343,6 +8343,21 @@ delegated SMTPD policy server. This feature is available in Postfix 2.1 and later.

    +%PARAM smtpd_policy_service_request_limit 0 + +

    +The maximal number of requests per Postfix SMTP server policy +connection, or zero (no limit). Once a connection reaches this +limit, the connection is closed and the next request will be sent +over a new connection. This is a workaround to avoid error-recovery +delays with policy servers that cannot maintain a persistent +connection. +

    + +

    +This feature is available in Postfix 2.12 and later. +

    + %PARAM smtpd_reject_unlisted_recipient yes

    diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 9e345d80a..e96d165a5 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2884,6 +2884,10 @@ extern char *var_smtpd_input_transp; #define DEF_SMTPD_POLICY_TMOUT "100s" extern int var_smtpd_policy_tmout; +#define VAR_SMTPD_POLICY_REQ_LIMIT "smtpd_policy_service_request_limit" +#define DEF_SMTPD_POLICY_REQ_LIMIT 0 +extern int var_smtpd_policy_req_limit; + #define VAR_SMTPD_POLICY_IDLE "smtpd_policy_service_max_idle" #define DEF_SMTPD_POLICY_IDLE "300s" extern int var_smtpd_policy_idle; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 497be7128..66222c83a 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20140629" +#define MAIL_RELEASE_DATE "20140701" #define MAIL_VERSION_NUMBER "2.12" #ifdef SNAPSHOT diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c index 127de63e1..c5251b8fc 100644 --- a/postfix/src/postconf/postconf.c +++ b/postfix/src/postconf/postconf.c @@ -267,24 +267,24 @@ /* .IP "\fBpgsql\fR (read-only)" /* PostgreSQL database client. This is described in /* \fBpgsql_table\fR(5). -/* .IP "\fBpipeline\fR (read-only)" +/* .IP "\fBpipemap\fR (read-only)" /* A pipeline of lookup tables. Example: -/* "\fBpipeline:\fI!type_1:name_1! ... !type_n:name_n\fR". -/* Each "pipeline:" query is given to the first table. Each +/* "\fBpipemap:\fI!type_1:name_1! ... !type_n:name_n\fR". +/* Each "pipemap:" query is given to the first table. Each /* lookup result becomes the query for the next table in the /* pipeline, and the last table produces the final result. /* When any table lookup produces no result, the pipeline -/* produces no result. The ASCII character after "pipeline:" +/* produces no result. The first ASCII character after "pipemap:" /* will be used as the separator between the lookup tables /* that follow (do not use space, ",", ":" or non-ASCII). /* .IP "\fBproxy\fR" /* Postfix \fBproxymap\fR(8) client for shared access to Postfix /* databases. The table name syntax is \fItype\fB:\fIname\fR. -/* .IP "\fBrandom\fR (read-only)" +/* .IP "\fBrandmap\fR (read-only)" /* An in-memory table that performs random selection. Example: -/* "\fBrandom:\fI!result_1! ... !result_n\fR". Each table query -/* returns a random choice from the specified results. The -/* ASCII character after "random:" will be used as the separator +/* "\fBrandmap:\fI!result_1! ... !result_n\fR". Each table query +/* returns a random choice from the specified results. The first +/* ASCII character after "randmap:" will be used as the separator /* between the results that follow (do not use space, ",", ":" /* or non-ASCII). /* .IP "\fBregexp\fR (read-only)" diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index d19bbde91..4b8a6ba2b 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -720,6 +720,11 @@ /* .IP "\fBsmtpd_policy_service_timeout (100s)\fR" /* The time limit for connecting to, writing to or receiving from a /* delegated SMTPD policy server. +/* .PP +/* Available in Postfix version 2.12 and later: +/* .IP "\fBsmtpd_policy_service_request_limit (0)\fR" +/* The maximal number of requests per Postfix SMTP server policy +/* connection, or zero (no limit). /* ACCESS CONTROLS /* .ad /* .fi @@ -1224,6 +1229,7 @@ char *var_smtpd_proxy_ehlo; char *var_smtpd_proxy_opts; char *var_input_transp; int var_smtpd_policy_tmout; +int var_smtpd_policy_req_limit; int var_smtpd_policy_idle; int var_smtpd_policy_ttl; char *var_xclient_hosts; @@ -5320,6 +5326,7 @@ int main(int argc, char **argv) #ifdef USE_TLS VAR_SMTPD_TLS_CCERT_VD, DEF_SMTPD_TLS_CCERT_VD, &var_smtpd_tls_ccert_vd, 0, 0, #endif + VAR_SMTPD_POLICY_REQ_LIMIT, DEF_SMTPD_POLICY_REQ_LIMIT, &var_smtpd_policy_req_limit, 0, 0, 0, }; static const CONFIG_TIME_TABLE time_table[] = { diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 8ba92cbc3..2774650a0 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -456,15 +456,20 @@ double smtpd_space_multf = 1.5; static void policy_client_register(const char *name) { + ATTR_CLNT *client; + if (policy_clnt_table == 0) policy_clnt_table = htable_create(1); - if (htable_find(policy_clnt_table, name) == 0) - htable_enter(policy_clnt_table, name, - (char *) attr_clnt_create(name, - var_smtpd_policy_tmout, - var_smtpd_policy_idle, - var_smtpd_policy_ttl)); + if (htable_find(policy_clnt_table, name) == 0) { + client = attr_clnt_create(name, + var_smtpd_policy_tmout, + var_smtpd_policy_idle, + var_smtpd_policy_ttl); + attr_clnt_control(client, ATTR_CLNT_CTL_REQ_LIMIT, + var_smtpd_policy_req_limit, ATTR_CLNT_CTL_END); + htable_enter(policy_clnt_table, name, (char *) client); + } } /* smtpd_check_parse - pre-parse restrictions */ diff --git a/postfix/src/util/attr_clnt.c b/postfix/src/util/attr_clnt.c index 62b225bbf..ed8dddcd9 100644 --- a/postfix/src/util/attr_clnt.c +++ b/postfix/src/util/attr_clnt.c @@ -54,6 +54,9 @@ /* .IP "ATTR_CLNT_CTL_PROTO(ATTR_CLNT_PRINT_FN, ATTR_CLNT_SCAN_FN)" /* Specifies alternatives for the attr_plain_print() and /* attr_plain_scan() functions. +/* .IP "ATTR_CLNT_CTL_REQ_LIMIT(int)" +/* The maximal number of requests per connection. To enable +/* the limit, specify a value greater than zero. /* DIAGNOSTICS /* Warnings: communication failure. /* SEE ALSO @@ -95,6 +98,8 @@ struct ATTR_CLNT { AUTO_CLNT *auto_clnt; ATTR_CLNT_PRINT_FN print; ATTR_CLNT_SCAN_FN scan; + int req_limit; + int req_count; }; /* attr_clnt_free - destroy attribute client */ @@ -116,6 +121,8 @@ ATTR_CLNT *attr_clnt_create(const char *service, int timeout, client->auto_clnt = auto_clnt_create(service, timeout, max_idle, max_ttl); client->scan = attr_vscan_plain; client->print = attr_vprint_plain; + client->req_limit = 0; + client->req_count = 0; return (client); } @@ -188,8 +195,14 @@ int attr_clnt_request(ATTR_CLNT *client, int send_flags,...) ret = client->scan(stream, recv_flags, ap); va_end(ap); /* Finalize argument lists before returning. */ - if (ret > 0) + if (ret > 0) { + if (client->req_limit > 0 + && (client->req_count += 1) >= client->req_limit) { + auto_clnt_recover(client->auto_clnt); + client->req_count = 0; + } break; + } } } if (++count >= 2 @@ -204,6 +217,7 @@ int attr_clnt_request(ATTR_CLNT *client, int send_flags,...) } sleep(1); /* XXX make configurable */ auto_clnt_recover(client->auto_clnt); + client->req_count = 0; } /* Finalize argument lists before returning. */ va_end(saved_ap); @@ -223,6 +237,11 @@ void attr_clnt_control(ATTR_CLNT *client, int name,...) client->print = va_arg(ap, ATTR_CLNT_PRINT_FN); client->scan = va_arg(ap, ATTR_CLNT_SCAN_FN); break; + case ATTR_CLNT_CTL_REQ_LIMIT: + client->req_limit = va_arg(ap, int); + if (msg_verbose) + msg_info("%s: new request limit %d", myname, client->req_limit); + break; default: msg_panic("%s: bad name %d", myname, name); } diff --git a/postfix/src/util/attr_clnt.h b/postfix/src/util/attr_clnt.h index 0a752094e..fac4a5b0f 100644 --- a/postfix/src/util/attr_clnt.h +++ b/postfix/src/util/attr_clnt.h @@ -35,6 +35,7 @@ extern void attr_clnt_control(ATTR_CLNT *, int, ...); #define ATTR_CLNT_CTL_END 0 #define ATTR_CLNT_CTL_PROTO 1 +#define ATTR_CLNT_CTL_REQ_LIMIT 2 /* LICENSE /* .ad diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c index d5ed9ce2f..48ae556d8 100644 --- a/postfix/src/util/dict_open.c +++ b/postfix/src/util/dict_open.c @@ -343,7 +343,13 @@ static const DICT_OPEN_INFO dict_open_info[] = { DICT_TYPE_SOCKMAP, dict_sockmap_open, DICT_TYPE_FAIL, dict_fail_open, DICT_TYPE_PIPE, dict_pipe_open, +#ifdef DICT_TYPE_PIPE_LEGACY + DICT_TYPE_PIPE_LEGACY, dict_pipe_open, +#endif DICT_TYPE_RANDOM, dict_random_open, +#ifdef DICT_TYPE_RANDOM_LEGACY + DICT_TYPE_RANDOM_LEGACY, dict_random_open, +#endif #ifndef USE_DYNAMIC_MAPS #ifdef HAS_PCRE DICT_TYPE_PCRE, dict_pcre_open, diff --git a/postfix/src/util/dict_pipe.c b/postfix/src/util/dict_pipe.c index de8f086d8..37c4f37b0 100644 --- a/postfix/src/util/dict_pipe.c +++ b/postfix/src/util/dict_pipe.c @@ -12,15 +12,15 @@ /* int dict_flags; /* DESCRIPTION /* dict_pipe_open() opens a pipeline of one or more tables. -/* Example: "\fBpipeline:\fI!type_1:name_1! ... !type_n:name_n\fR". +/* Example: "\fBpipemap:\fI!type_1:name_1! ... !type_n:name_n\fR". /* -/* Each "pipeline:" query is given to the first table. Each +/* Each "pipemap:" query is given to the first table. Each /* lookup result becomes the query for the next table in the /* pipeline, and the last table produces the final result. /* When any table lookup produces no result, the pipeline /* produces no result. /* -/* The ASCII character after "pipeline:" will be used as the +/* The ASCII character after "pipemap:" will be used as the /* separator between the lookup tables that follow (do not use /* space, ",", ":" or non-ASCII). /* @@ -116,6 +116,11 @@ DICT *dict_pipe_open(const char *name, int open_flags, int dict_flags) struct DICT_OWNER aggr_owner; char delim[2]; +#ifdef DICT_TYPE_PIPE_LEGACY + msg_warn("obsolete dictionary type: \"%s\"; use \"%s\" instead", + DICT_TYPE_PIPE_LEGACY, DICT_TYPE_PIPE); +#endif + /* * Clarity first. Let the optimizer worry about redundant code. */ diff --git a/postfix/src/util/dict_pipe.h b/postfix/src/util/dict_pipe.h index 442fd4a84..fb0578e1f 100644 --- a/postfix/src/util/dict_pipe.h +++ b/postfix/src/util/dict_pipe.h @@ -19,7 +19,11 @@ /* * External interface. */ -#define DICT_TYPE_PIPE "pipeline" +#define DICT_TYPE_PIPE "pipemap" + +#ifdef SNAPSHOT +#define DICT_TYPE_PIPE_LEGACY "pipeline" +#endif extern DICT *dict_pipe_open(const char *, int, int); diff --git a/postfix/src/util/dict_random.c b/postfix/src/util/dict_random.c index e085b2005..0f1f07a29 100644 --- a/postfix/src/util/dict_random.c +++ b/postfix/src/util/dict_random.c @@ -12,12 +12,12 @@ /* int dict_flags; /* DESCRIPTION /* dict_random_open() opens an in-memory, read-only, table. -/* Example: "\fBrandom:\fI!result_1! ... !result_n\fR". +/* Example: "\fBrandmap:\fI!result_1! ... !result_n\fR". /* /* Each table query returns a random choice from the specified /* results. Other table access methods are not supported. /* -/* The ASCII character after "random:" will be used as the +/* The ASCII character after "randmap:" will be used as the /* separator between the results that follow (do not use space, /* ",", ":" or non-ASCII). /* SEE ALSO @@ -82,6 +82,11 @@ DICT *dict_random_open(const char *name, int open_flags, int dict_flags) char *saved_name = 0; char delim[2]; +#ifdef DICT_TYPE_RANDOM_LEGACY + msg_warn("obsolete dictionary type: \"%s\"; use \"%s\" instead", + DICT_TYPE_RANDOM_LEGACY, DICT_TYPE_RANDOM); +#endif + /* * Clarity first. Let the optimizer worry about redundant code. */ diff --git a/postfix/src/util/dict_random.h b/postfix/src/util/dict_random.h index 374f8537e..fd16e9570 100644 --- a/postfix/src/util/dict_random.h +++ b/postfix/src/util/dict_random.h @@ -19,7 +19,11 @@ /* * External interface. */ -#define DICT_TYPE_RANDOM "random" +#define DICT_TYPE_RANDOM "randmap" + +#ifdef SNAPSHOT +#define DICT_TYPE_RANDOM_LEGACY "random" +#endif extern DICT *dict_random_open(const char *, int, int);