From: Wietse Venema Date: Sun, 6 Feb 2005 05:00:00 +0000 (-0500) Subject: postfix-2.2-20050206 X-Git-Tag: v2.2.0-RC1~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9897d4a62889c3ddda46991d32d63f1773ce5d3f;p=thirdparty%2Fpostfix.git postfix-2.2-20050206 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index f92beeb9b..9dc7db36c 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -10268,8 +10268,28 @@ Apologies for any names omitted. command examples. Files: mantools/manlint, mantools/fixman, mantools/postconf2man. +20050206 + + Cleanup: don't count a [45]XX SMTP server greeting towards + the mx_session_limit setting. File: smtp/smtp_connect.c. + + Feature: output address rewriting in the SMTP client. The + smtp_generics_maps parameter specifies an address mapping + that happens only when mail is delivered via SMTP. This is + typically used for hosts without a valid domain name, that + use something like localdomain.local instead. This feature + can replace local mail addresses by valid Internet mail + addresses when mail needs to go across the Internet, but + not when mail is sent between accounts on the local machine. + Files: smtp/smtp_proto.c, smtp/smtp_map11.c. + + Cleanup: don't panic in mymalloc() when master can't find + any IP addresses. LaMont Jones. File: master/master_ent.c. + Open problems: + Med: document generics mapping in BASIC_CONFIGURATION_README. + Med: local and remote source port and IP address for smtpd policy hook. @@ -10319,7 +10339,9 @@ Open problems: Low: update events.c so that 1-second timer requests do not suffer from rounding errors. This is needed for 1-second - SMTP session caching time limits. + SMTP session caching time limits. A 1-second interval would + become arbitrarily short when an event is scheduled just + before the current second rolls over. Low: per-sender resolver personalities? diff --git a/postfix/README_FILES/ADDRESS_REWRITING_README b/postfix/README_FILES/ADDRESS_REWRITING_README index e686d21fd..183eb8896 100644 --- a/postfix/README_FILES/ADDRESS_REWRITING_README +++ b/postfix/README_FILES/ADDRESS_REWRITING_README @@ -50,6 +50,13 @@ Topics covered in this document: o Resolve address to destination o Mail transport switch o Relocated users table + + * Address rewriting with remote delivery + + o Generic mapping for outgoing SMTP mail + + * Address rewriting with local delivery + o Local alias database o Local per-user .forward files o Local catch-all address @@ -118,52 +125,56 @@ this document for the first time, skip forward to "Address rewriting when mail is received". Once you've finished reading the remainder of this document, the table will help you to quickly find what you need. - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - |AAddddrreessss |SSccooppee|DDaaeemmoonn |GGlloobbaall ttuurrnn--oonn |SSeelleeccttiivvee ttuurrnn--ooffff | - |mmaanniippuullaattiioonn| | |ccoonnttrrooll |ccoonnttrrooll | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Rewrite | |trivial-|append_at_myorigin, | | - |addresses to|all |rewrite |append_dot_mydomain,|none | - |standard |mail |(8) |swap_bangpath, | | - |form | | |allow_percent_hack | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Canonical |all |cleanup | | | - |address |mail |(8) |canonical_maps |receive_override_options| - |mapping | | | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Address |all |cleanup |masquerade_domains |receive_override_options| - |masquerading|mail |(8) | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Automatic |new |cleanup |always_bcc, | | - |BCC |mail |(8) |sender_bcc_maps, |receive_override_options| - |recipients | | |recipient_bcc_maps | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Virtual |all |cleanup |virtual_alias_maps |receive_override_options| - |aliasing |mail |(8) | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Resolve |all |trivial-| | | - |address to |mail |rewrite |none |none | - |destination | |(8) | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Mail |all |trivial-| | | - |transport |mail |rewrite |transport_maps |none | - |switch | |(8) | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Relocated |all |trivial-| | | - |users table |mail |rewrite |relocated_maps |none | - | | |(8) | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Local alias |all |local(8)|alias_maps |none | - |database |mail | | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Local per- | | | | | - |user |all |local(8)|forward_path |none | - |.forward |mail | | | | - |files | | | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |Local catch-|all |local(8)|luser_relay |none | - |all address |mail | | | | - |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + |AAddddrreessss |SSccooppee |DDaaeemmoonn |GGlloobbaall ttuurrnn--oonn |SSeelleeccttiivvee ttuurrnn--ooffff | + |mmaanniippuullaattiioonn| | |ccoonnttrrooll |ccoonnttrrooll | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Rewrite | |trivial-|append_at_myorigin, | | + |addresses to|all mail|rewrite |append_dot_mydomain,|none | + |standard | |(8) |swap_bangpath, | | + |form | | |allow_percent_hack | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Canonical | |cleanup | | | + |address |all mail|(8) |canonical_maps |receive_override_options| + |mapping | | | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Address |all mail|cleanup |masquerade_domains |receive_override_options| + |masquerading| |(8) | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Automatic | |cleanup |always_bcc, | | + |BCC |new mail|(8) |sender_bcc_maps, |receive_override_options| + |recipients | | |recipient_bcc_maps | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Virtual |all mail|cleanup |virtual_alias_maps |receive_override_options| + |aliasing | |(8) | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Resolve | |trivial-| | | + |address to |all mail|rewrite |none |none | + |destination | |(8) | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Mail | |trivial-| | | + |transport |all mail|rewrite |transport_maps |none | + |switch | |(8) | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Relocated | |trivial-| | | + |users table |all mail|rewrite |relocated_maps |none | + | | |(8) | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Generics |outgoing| | | | + |table |SMTP |smtp(8) |smtp_generics_maps |none | + | |mail | | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Local alias |all mail|local(8)|alias_maps |none | + |database | | | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Local per- | | | | | + |user |all mail|local(8)|forward_path |none | + |.forward | | | | | + |files | | | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |Local catch-|all mail|local(8)|luser_relay |none | + |all address | | | | | + |_ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | AAddddrreessss rreewwrriittiinngg wwhheenn mmaaiill iiss rreecceeiivveedd @@ -502,6 +513,10 @@ rules of the SMTP, LMTP, etc. protocol. When mail cannot be delivered, it is either returned to the sender or moved to the deferred queue and tried again later. +Address manipulations when mail is delivered via the smtp(8) delivery agent: + + * Generic mapping for outgoing SMTP mail + Address manipulations when mail is delivered via the local(8) delivery agent: * Local alias database @@ -585,6 +600,37 @@ server with the reason "user has moved to otheruser@elsewhere.tld". Older Postfix versions will receive the mail first, and then return it to the sender as undeliverable, with the same reason. +GGeenneerriicc mmaappppiinngg ffoorr oouuttggooiinngg SSMMTTPP mmaaiill + +Some hosts have no valid Internet domain name, and instead use a name such as +localdomain.local. This can be a problem when you want to send mail over the +Internet, because many mail servers reject mail addresses with invalid domain +names. + +With the smtp_generics_maps parameter you can specify lookup tables that +replace local mail addresses by valid Internet addresses when mail leaves the +machine via SMTP. This mapping replaces envelope and header addresses, and is +non-recursive. It does not happen when you send mail between addresses on the +local machine. + +This feature is available in Postfix version 2.2 and later. + +Example: + + /etc/postfix/main.cf: + smtp_generics_maps = hash:/etc/postfix/generics + + /etc/postfix/generics: + you@localdomain.local youraccount@yourisp.example + her@localdomain.local heraccount@herisp.example + @localdomain.local youraccount+local@yourisp.example + +When mail is sent to a remote host via SMTP, this replaces your local mail +address you@localdomain.local by your ISP mail address, replaces +her@localdomain.local by her ISP mail address, and replaces all other local +addresses by your ISP account, with an address extension of +local (this +example assumes that the ISP supports "+" style address extensions). + LLooccaall aalliiaass ddaattaabbaassee When mail is to be delivered locally, the local(8) delivery agent runs each diff --git a/postfix/README_FILES/DEBUG_README b/postfix/README_FILES/DEBUG_README index f8e1504bc..da0cb445a 100644 --- a/postfix/README_FILES/DEBUG_README +++ b/postfix/README_FILES/DEBUG_README @@ -39,7 +39,7 @@ in the /etc/syslog.conf file. When Postfix does not receive or deliver mail, the first order of business is to look for errors that prevent Postfix from working properly: - % egrep '(warning|error|fatal|panic):' /some/log/file | more + % eeggrreepp ''((wwaarrnniinngg||eerrrroorr||ffaattaall||ppaanniicc))::'' //ssoommee//lloogg//ffiillee || mmoorree Note: the most important message is near the BEGINNING of the output. Error messages that come later are less useful. @@ -74,13 +74,13 @@ Postfix can produce two types of mail delivery reports for debugging: * What-if: report what would happen, but do not actually deliver mail. This mode of operation is requested with: - $ //uussrr//ssbbiinn//sseennddmmaaiill --bbvv aaddddrreessss...... + % //uussrr//ssbbiinn//sseennddmmaaiill --bbvv aaddddrreessss...... Mail Delivery Status Report will be mailed to . * What happened: deliver mail and report successes and/or failures, including replies from remote SMTP servers. This mode of operation is requested with: - $ //uussrr//ssbbiinn//sseennddmmaaiill --vv aaddddrreessss...... + % //uussrr//ssbbiinn//sseennddmmaaiill --vv aaddddrreessss...... Mail Delivery Status Report will be mailed to . These reports contain information that is generated by Postfix delivery agents. @@ -138,7 +138,7 @@ This example uses ttccppdduummpp. In order to record a conversation you n specify a large enough buffer with the "-s" option or else you will miss some or all of the packet payload. - # tcpdump -w /file/name -s 2000 host example.com and port 25 + # ttccppdduummpp --ww //ffiillee//nnaammee --ss 22000000 hhoosstt eexxaammppllee..ccoomm aanndd ppoorrtt 2255 Run this for a while, stop with Ctrl-C when done. To view the data use a binary viewer, or eetthheerreeaall, or use my ttccppdduummppxx utility that is available from ftp:// @@ -164,15 +164,15 @@ MMaannuuaallllyy ttrraacciinngg aa PPoossttffiixx ddaae Many systems allow you to inspect a running process with a system call tracer. For example: - # trace -p process-id (SunOS 4) - # strace -p process-id (Linux and many others) - # truss -p process-id (Solaris, FreeBSD) - # ktrace -p process-id (generic 4.4BSD) + # ttrraaccee --pp pprroocceessss--iidd (SunOS 4) + # ssttrraaccee --pp pprroocceessss--iidd (Linux and many others) + # ttrruussss --pp pprroocceessss--iidd (Solaris, FreeBSD) + # kkttrraaccee --pp pprroocceessss--iidd (generic 4.4BSD) Even more informative are traces of system library calls. Examples: - # ltrace -p process-id (Linux, also ported to FreeBSD and BSD/OS) - # sotruss -p process-id (Solaris) + # llttrraaccee --pp pprroocceessss--iidd (Linux, also ported to FreeBSD and BSD/OS) + # ssoottrruussss --pp pprroocceessss--iidd (Solaris) See your system documentation for details. @@ -224,8 +224,8 @@ xxxxggddbb: Be sure that ggddbb is in the command search path, and export XXAAUUTTHHOORRIITTYY so that X access control works, for example: - % setenv XAUTHORITY ~/.Xauthority (csh syntax) - $ export XAUTHORITY=$HOME/.Xauthority (sh syntax) + % sseetteennvv XXAAUUTTHHOORRIITTYY ~~//..XXaauutthhoorriittyy (csh syntax) + $ eexxppoorrtt XXAAUUTTHHOORRIITTYY==$$HHOOMMEE//..XXaauutthhoorriittyy (sh syntax) Append a --DD option to the suspect daemon definition in /etc/postfix/master.cf, for example: @@ -299,22 +299,23 @@ if optimization makes a difference. In order to compile Postfix with optimizations turned off: - % make tidy - % make makefiles OPT= + % mmaakkee ttiiddyy + % mmaakkee mmaakkeeffiilleess OOPPTT== This produces a set of Makefiles that do not request compiler optimization. Once the makefiles are set up, build the software: - % make - % su - # make install + % mmaakkee + % ssuu + Password: + # mmaakkee iinnssttaallll If the problem goes away, then it is time to ask your vendor for help. RReeppoorrttiinngg pprroobblleemmss ttoo ppoossttffiixx--uusseerrss@@ppoossttffiixx..oorrgg -The people who participate on the postfix-users@postfix.org are very helpful, +The people who participate on postfix-users@postfix.org are very helpful, especially if YOU provide them with sufficient information. Remember, these volunteers are willing to help, but their time is limited. @@ -323,29 +324,34 @@ When reporting a problem, be sure to include the following information. * A summary of the problem. Please do not just send some logging without explanation of what YOU believe is wrong. + * Complete error messages. Please use cut-and-paste, or use attachments, + instead of reciting information from memory. + + * Postfix logging. See the text at the top of the DEBUG_README document to + find out where logging is stored. Please do not frustrate the helpers by + word wrapping the logging. + * Consider using a test email address so that you don't have to reveal email - addresses of innocent people. + addresses or passwords of innocent people. * If you can't use a test email address, please anonymize information consistently. Replace each letter by "A", each digit by "D" so that the helpers can still recognize syntactical errors. - * Complete error messages. Please use cut-and-paste, or use attachments, - instead of reciting information from memory. + * Output from "ppoossttccoonnff --nn". Please do not send your main.cf file or 400+ + lines of ppoossttccoonnff output. - * Postfix logging. See the text at the top of the DEBUG_README document to - find out where logging is stored. Please do not frustrate the helpers by - word wrapping the logging. + * Better, provide output from the ppoossttffiinnggeerr tool. This can be found at http: + //ftp.wl0.org/SOURCES/postfinger. - * Output from "postconf -n". Please do not send your main.cf file. Or better, - provide output from the "postfinger" tool. This tool is bundled with - Postfix 2.2 and later source code, and can be found at http://ftp.wl0.org/ - SOURCES/postfinger. + * If the problem is SASL related, consider including the output from the + ssaassllffiinnggeerr tool. This can be found at http://postfix.state-of-mind.de/ + patrick.koetter/saslfinger/. * If the problem is about too much mail in the queue, consider including - output from the qshape tool, as described in the QSHAPE_README file. + output from the qqsshhaappee tool, as described in the QSHAPE_README file. * If the problem is protocol related (connections time out or an SMTP server complains about syntax errors etc.) consider recording a session with - tcpdump, as described in the DEBUG_README document. + ttccppdduummpp, as described in the DEBUG_README document. diff --git a/postfix/README_FILES/IPV6_README b/postfix/README_FILES/IPV6_README index 8b2f5ee97..684026341 100644 --- a/postfix/README_FILES/IPV6_README +++ b/postfix/README_FILES/IPV6_README @@ -10,7 +10,7 @@ support older Postfix versions was available as an add-on patch. The section between these implementations. The main feature of interest is that IPv6 uses 128-bit IP addresses instead of -the 32-bit addresses used by IPv4. It can therefore accomodate a much larger +the 32-bit addresses used by IPv4. It can therefore accommodate a much larger number of hosts and networks without ugly kluges such as NAT. A side benefit of the much larger address space is that it makes network scanning unpractical. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 50668fbbd..fa9a2ba48 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -7,6 +7,35 @@ snapshot release). Patches are issued for the official release and change the patchlevel and the release date. Patches are never issued for snapshot releases. +Major changes with snapshot Postfix-2.2-20050206 +================================================ + +Support for address rewriting in outgoing SMTP mail. This is useful +for sites that have no valid Internet domain name, and that use a +domain name such as localdomain.local instead. Mail addresses that +use such domain names are often rejected by mail servers. The new +smtp_generics_maps feature allows you to replace local mail addresses +by valid Internet addresses when mail needs to be sent across the +Internet. It has no effect on mail that is sent between accounts +on the local machine. + +Example: + +/etc/postfix/main.cf: + smtp_generics_maps = hash:/etc/postfix/generics + +/etc/postfix/generics: + you@localdomain.local youraccount@yourisp.net + her@localdomain.local heraccount@herisp.net + @localdomain.local youraccount+local@yourisp.net + +When mail is sent to a remote host via SMTP, this replaces your +local mail address you@localdomain.local by your ISP mail address, +replaces her@localdomain.local by her ISP mail address, and replaces +all other local addresses by your ISP account, with an address +extension of +local (this example assumes that the ISP supports +"+" style address extensions). + Major changes with snapshot Postfix-2.2-20050205 ================================================ diff --git a/postfix/html/ADDRESS_REWRITING_README.html b/postfix/html/ADDRESS_REWRITING_README.html index 9abb142c1..d95fcb50b 100644 --- a/postfix/html/ADDRESS_REWRITING_README.html +++ b/postfix/html/ADDRESS_REWRITING_README.html @@ -94,6 +94,20 @@ as invalid
  • Relocated users table + + +
  • Address rewriting with remote delivery + + + +
  • Address rewriting with local delivery + +
      +
    • Local alias database
    • Local per-user .forward files @@ -329,6 +343,10 @@ nowrap> all mail cleanup(8) < all mail trivial-
      rewrite(8)       relocated_maps none + Generics table +outgoing SMTP mail smtp(8) smtp_generics_maps + none + Local alias database all mail local(8) alias_maps none @@ -796,8 +814,17 @@ content according to the rules of the SMTP, LMTP, etc. protocol. When mail cannot be delivered, it is either returned to the sender or moved to the deferred queue and tried again later.

      -

      Address manipulations when mail is delivered via the local(8) -delivery agent:

      +

      Address manipulations when mail is delivered +via the smtp(8) delivery agent:

      + + + +

      Address manipulations when mail is delivered +via the local(8) delivery agent:

        @@ -912,6 +939,42 @@ otheruser@elsewhere.tld". Older Postfix versions will receive the mail first, and then return it to the sender as undeliverable, with the same reason.

        +

        Generic mapping for outgoing SMTP mail

        + +

        Some hosts have no valid Internet domain name, and instead use +a name such as localdomain.local. This can be a problem when +you want to send mail over the Internet, because many mail servers +reject mail addresses with invalid domain names.

        + +

        With the smtp_generics_maps parameter you can specify lookup +tables that replace local mail addresses by valid Internet addresses +when mail leaves the machine via SMTP. This mapping replaces envelope +and header addresses, and is non-recursive. It does not happen when +you send mail between addresses on the local machine.

        + +

        This feature is available in Postfix version 2.2 and later.

        + +

        Example:

        + +
        +
        +/etc/postfix/main.cf:
+    smtp_generics_maps = hash:/etc/postfix/generics
+
+/etc/postfix/generics:
+    you@localdomain.local		youraccount@yourisp.example
+    her@localdomain.local		heraccount@herisp.example
+    @localdomain.local			youraccount+local@yourisp.example
+
        +
        + +

        When mail is sent to a remote host via SMTP, this replaces your +local mail address you@localdomain.local by your ISP mail +address, replaces her@localdomain.local by her ISP mail +address, and replaces all other local addresses by your ISP account, +with an address extension of +local (this example assumes +that the ISP supports "+" style address extensions).

        +

        Local alias database

        When mail is to be delivered locally, the local(8) delivery diff --git a/postfix/html/DEBUG_README.html b/postfix/html/DEBUG_README.html index e326699cc..71fdfd08e 100644 --- a/postfix/html/DEBUG_README.html +++ b/postfix/html/DEBUG_README.html @@ -78,7 +78,7 @@ properly: 

        -% egrep '(warning|error|fatal|panic):' /some/log/file | more
+% egrep '(warning|error|fatal|panic):' /some/log/file | more
        @@ -126,7 +126,7 @@ debugging:

        deliver mail. This mode of operation is requested with: 

        -$ /usr/sbin/sendmail -bv address...
+% /usr/sbin/sendmail -bv address...
 Mail Delivery Status Report will be mailed to <your login name>.
        @@ -135,7 +135,7 @@ failures, including replies from remote SMTP servers. This mode of operation is requested with: 

        -$ /usr/sbin/sendmail -v address...
+% /usr/sbin/sendmail -v address...
 Mail Delivery Status Report will be mailed to <your login name>.
        @@ -211,7 +211,7 @@ else you will miss some or all of the packet payload. 

        -# tcpdump -w /file/name -s 2000 host example.com and port 25
+# tcpdump -w /file/name -s 2000 host example.com and port 25
        @@ -248,10 +248,10 @@ system call tracer. For example: 

        -# trace -p process-id (SunOS 4)
-# strace -p process-id (Linux and many others)
-# truss -p process-id (Solaris, FreeBSD)
-# ktrace -p process-id (generic 4.4BSD)
+# trace -p process-id (SunOS 4)
+# strace -p process-id (Linux and many others)
+# truss -p process-id (Solaris, FreeBSD)
+# ktrace -p process-id (generic 4.4BSD)
        @@ -260,8 +260,8 @@ Examples: 

        -# ltrace -p process-id (Linux, also ported to FreeBSD and BSD/OS)
-# sotruss -p process-id (Solaris)
+# ltrace -p process-id (Linux, also ported to FreeBSD and BSD/OS)
+# sotruss -p process-id (Solaris)
        @@ -340,8 +340,8 @@ export XAUTHORITY so that X access control works, for example: 
        -% setenv XAUTHORITY ~/.Xauthority (csh syntax)
-$ export XAUTHORITY=$HOME/.Xauthority (sh syntax)
+% setenv XAUTHORITY ~/.Xauthority (csh syntax)
+$ export XAUTHORITY=$HOME/.Xauthority (sh syntax)
        @@ -446,8 +446,8 @@ makes a difference. 

        -% make tidy
-% make makefiles OPT=
+% make tidy
+% make makefiles OPT=
        @@ -458,9 +458,10 @@ optimization. 

        -% make
-% su
-# make install
+% make
+% su
+Password:
+# make install
        @@ -469,7 +470,7 @@ for help.

        Reporting problems to postfix-users@postfix.org

        -

        The people who participate on the postfix-users@postfix.org +

        The people who participate on postfix-users@postfix.org are very helpful, especially if YOU provide them with sufficient information. Remember, these volunteers are willing to help, but their time is limited.

        @@ -482,35 +483,40 @@ information.

      • A summary of the problem. Please do not just send some logging without explanation of what YOU believe is wrong.

        +

      • Complete error messages. Please use cut-and-paste, or use +attachments, instead of reciting information from memory. +

        + +

      • Postfix logging. See the text at the top of the DEBUG_README +document to find out where logging is stored. Please do not frustrate +the helpers by word wrapping the logging.

        +

      • Consider using a test email address so that you don't have -to reveal email addresses of innocent people.

        +to reveal email addresses or passwords of innocent people.

      • If you can't use a test email address, please anonymize information consistently. Replace each letter by "A", each digit by "D" so that the helpers can still recognize syntactical errors.

        -

      • Complete error messages. Please use cut-and-paste, or use -attachments, instead of reciting information from memory. -

        +

      • Output from "postconf -n". Please do not send your +main.cf file or 400+ lines of postconf output.

        -

      • Postfix logging. See the text at the top of the DEBUG_README -document to find out where logging is stored. Please do not frustrate -the helpers by word wrapping the logging.

        +

      • Better, provide output from the postfinger tool. +This can be found at http://ftp.wl0.org/SOURCES/postfinger.

        -

      • Output from "postconf -n". Please do not send your main.cf -file. Or better, provide output from the "postfinger" tool. This -tool is bundled with Postfix 2.2 and later source code, and can be -found at http://ftp.wl0.org/SOURCES/postfinger.

        +

      • If the problem is SASL related, consider including the +output from the saslfinger tool. This can be found at +http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.

      • If the problem is about too much mail in the queue, consider -including output from the qshape tool, as described in the +including output from the qshape tool, as described in the QSHAPE_README file.

      • If the problem is protocol related (connections time out or an SMTP server complains about syntax errors etc.) consider -recording a session with tcpdump, as described in the DEBUG_README -document.

      +recording a session with tcpdump, as described in the DEBUG_README document.
    diff --git a/postfix/html/IPV6_README.html b/postfix/html/IPV6_README.html index 1c97d1288..b65c5ab0a 100644 --- a/postfix/html/IPV6_README.html +++ b/postfix/html/IPV6_README.html @@ -28,7 +28,7 @@ between these implementations.

    The main feature of interest is that IPv6 uses 128-bit IP addresses instead of the 32-bit addresses used by IPv4. It can -therefore accomodate a much larger number of hosts and networks +therefore accommodate a much larger number of hosts and networks without ugly kluges such as NAT. A side benefit of the much larger address space is that it makes network scanning unpractical.

    diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 9454410d4..af926710f 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -4534,10 +4534,11 @@ to "joe.user+foo".

    Specify zero or more of canonical, virtual, alias, -forward or include. These cause address extension +forward, include or generics. These cause +address extension propagation with canonical(5), virtual(5), and aliases(5) maps, -and with local(8) .forward and :include: file lookups, respectively. -

    +with local(8) .forward and :include: file lookups, and with smtp(8) +generics maps, respectively.

    Note: enabling this feature for types other than canonical @@ -5904,6 +5905,48 @@ provide valid server certificates. Typical use is for clients that send all their email to a dedicated mailhub.

    + + +
    smtp_generics_maps +(default: empty)
    + +

    Optional lookup tables that perform address rewriting in the +SMTP client, typically to transform a locally valid address into +a globally valid address when sending mail across the Internet. +This is needed when the local machine does not have its own Internet +domain name, but uses something like localdomain.local +instead.

    + +

    The table search order is described below. The search terminates +when a match is found. In other words, the search is non-recursive. +

    + +
    + +
    user@domain.tld address
    + +

    Replace user@domain.tld by address. This +form has the highest precedence.

    + +
    user address
    + +

    Replace user@site by address when site is +equal to $myorigin, when site is listed in $mydestination, +or when it matches $inet_interfaces or $proxy_interfaces.

    +
    + +
    @domain.tld address
    + +

    Replace all other addresses in domain.tld by +address. This form has the lowest preference.

    + +
    + +

    In all cases address must specify a username and a +domain.

    This feature is available in Postfix 2.2 and later. +

    + +
    smtp_helo_name diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 862048f47..82d6801c8 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -150,11 +150,17 @@ SMTP(8) SMTP(8) will ignore in the EHLO response from a remote SMTP server. + smtp_generics_maps (empty) + Optional lookup tables that perform address rewrit- + ing in the SMTP client, typically to transform a + locally valid address into a globally valid address + when sending mail across the Internet. + MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: disable_mime_output_conversion (no) - Disable the conversion of 8BITMIME format to 7BIT + Disable the conversion of 8BITMIME format to 7BIT format. mime_boundary_length_limit (2048) @@ -169,110 +175,110 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the - Postfix SMTP server EHLO response announces XFOR- + Send the non-standard XFORWARD command when the + Postfix SMTP server EHLO response announces XFOR- WARD support. SASL AUTHENTICATION CONTROLS smtp_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP + Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional SMTP client lookup tables with one user- - name:password entry per remote hostname or domain. + Optional SMTP client lookup tables with one user- + name:password entry per remote hostname or domain. smtp_sasl_security_options (noplaintext, noanonymous) - What authentication mechanisms the Postfix SMTP + What authentication mechanisms the Postfix SMTP client is allowed to use. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the - remote SMTP server's list of offered SASL mecha- + If non-empty, a Postfix SMTP client filter for the + remote SMTP server's list of offered SASL mecha- nisms. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP - server announces STARTTLS support, otherwise send + Opportunistic mode: use TLS when a remote SMTP + server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers - use TLS encryption, and never send mail in the + Enforcement mode: require that remote SMTP servers + use TLS encryption, and never send mail in the clear. smtp_sasl_tls_security_options ($smtp_sasl_secu- rity_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read - operations during TLS startup and shutdown hand- + Time limit for Postfix SMTP client write and read + operations during TLS startup and shutdown hand- shake procedures. smtp_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP client + The file with the certificate of the certification + authority (CA) that issued the Postfix SMTP client certificate. smtp_tls_CApath (empty) - Directory with PEM format certificate authority - certificates that the Postfix SMTP client uses to + Directory with PEM format certificate authority + certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. smtp_tls_cert_file (empty) - File with the Postfix SMTP client RSA certificate + File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_cipherlist (empty) - Controls the Postfix SMTP client TLS cipher selec- + Controls the Postfix SMTP client TLS cipher selec- tion scheme. smtp_tls_dcert_file (empty) - File with the Postfix SMTP client DSA certificate + File with the Postfix SMTP client DSA certificate in PEM format. smtp_tls_dkey_file ($smtp_tls_dcert_file) - File with the Postfix SMTP client DSA private key + File with the Postfix SMTP client DSA private key in PEM format. smtp_tls_enforce_peername (yes) - When TLS encryption is enforced, require that the + When TLS encryption is enforced, require that the remote SMTP server hostname matches the information in the remote SMTP server certificate. smtp_tls_key_file ($smtp_tls_cert_file) - File with the Postfix SMTP client RSA private key + File with the Postfix SMTP client RSA private key in PEM format. smtp_tls_loglevel (0) - Enable additional Postfix SMTP client logging of + Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that - offers STARTTLS, when TLS is not already enabled + Log the hostname of a remote SMTP server that + offers STARTTLS, when TLS is not already enabled for that server. smtp_tls_per_site (empty) Optional lookup tables with the Postfix SMTP client - TLS usage policy by next-hop domain name and by + TLS usage policy by next-hop domain name and by remote SMTP server hostname. smtp_tls_scert_verifydepth (5) - The verification depth for remote SMTP server cer- + The verification depth for remote SMTP server cer- tificates. smtp_tls_session_cache_database (empty) - Name of the file containing the optional Postfix + Name of the file containing the optional Postfix SMTP client TLS session cache. smtp_tls_session_cache_timeout (3600s) @@ -280,31 +286,31 @@ SMTP(8) SMTP(8) sion cache information. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random + The number of pseudo-random bytes that an smtp(8) + or smtpd(8) process requests from the tlsmgr(8) + server in order to seed its internal pseudo random number generator (PRNG). RESOURCE AND RATE CONTROLS smtp_destination_concurrency_limit ($default_destina- tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the smtp message delivery + The maximal number of parallel deliveries to the + same destination via the smtp message delivery transport. smtp_destination_recipient_limit ($default_destina- tion_recipient_limit) - The maximal number of recipients per delivery via + The maximal number of recipients per delivery via the smtp message delivery transport. smtp_connect_timeout (30s) - The SMTP client time limit for completing a TCP + The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The SMTP client time limit for sending the HELO or - EHLO command, and for receiving the initial server + The SMTP client time limit for sending the HELO or + EHLO command, and for receiving the initial server response. smtp_xforward_timeout (300s) @@ -312,30 +318,30 @@ SMTP(8) SMTP(8) command, and for receiving the server response. smtp_mail_timeout (300s) - The SMTP client time limit for sending the MAIL - FROM command, and for receiving the server + The SMTP client time limit for sending the MAIL + FROM command, and for receiving the server response. smtp_rcpt_timeout (300s) - The SMTP client time limit for sending the SMTP - RCPT TO command, and for receiving the server + The SMTP client time limit for sending the SMTP + RCPT TO command, and for receiving the server response. smtp_data_init_timeout (120s) - The SMTP client time limit for sending the SMTP - DATA command, and for receiving the server + The SMTP client time limit for sending the SMTP + DATA command, and for receiving the server response. smtp_data_xfer_timeout (180s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP ".", and for receiving the server response. smtp_quit_timeout (300s) - The SMTP client time limit for sending the QUIT + The SMTP client time limit for sending the QUIT command, and for receiving the server response. Available in Postfix version 2.1 and later: @@ -346,77 +352,77 @@ SMTP(8) SMTP(8) lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery - request before giving up or delivering to a fall- + The maximal number of SMTP sessions per delivery + request before giving up or delivering to a fall- back relay host, or zero (no limit). smtp_rset_timeout (20s) - The SMTP client time limit for sending the RSET + The SMTP client time limit for sending the RSET command, and for receiving the server response. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. smtp_connection_cache_reuse_limit (10) When SMTP connection caching is enabled, the number - of times that an SMTP session is reused before it + of times that an SMTP session is reused before it is closed. smtp_connection_cache_time_limit (2s) When SMTP connection caching is enabled, the amount - of time that an unused SMTP client socket is kept + of time that an unused SMTP client socket is kept open before it is closed. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the + The increment in verbose logging level when a + remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified + Optional list of remote client or server hostname + or network address patterns that cause the verbose + logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, + The recipient of postmaster notifications about + mail delivery problems that are caused by policy, resource, software or protocol errors. notify_classes (resource, software) - The list of error classes that are reported to the + The list of error classes that are reported to the postmaster. MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. disable_dns_lookups (no) - Disable DNS lookups in the Postfix SMTP and LMTP + Disable DNS lookups in the Postfix SMTP and LMTP clients. fallback_relay (empty) - Optional list of relay hosts for SMTP destinations + Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. inet_interfaces (all) @@ -424,7 +430,7 @@ SMTP(8) SMTP(8) tem receives mail on. inet_protocols (ipv4) - The Internet protocols Postfix will attempt to use + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) @@ -432,54 +438,54 @@ SMTP(8) SMTP(8) over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for the next service request + The maximum amount of time that an idle Postfix + daemon process waits for the next service request before exiting. max_use (100) - The maximal number of connection requests before a + The maximal number of connection requests before a Postfix daemon process terminates. process_id (read-only) - The process ID of a Postfix command or daemon pro- + The process ID of a Postfix command or daemon pro- cess. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. proxy_interfaces (empty) The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network + tem receives mail on by way of a proxy or network address translation unit. smtp_bind_address (empty) An optional numerical network address that the SMTP - client should bind to when making an IPv4 connec- + client should bind to when making an IPv4 connec- tion. smtp_bind_address6 (empty) An optional numerical network address that the SMTP - client should bind to when making an IPv6 connec- + client should bind to when making an IPv6 connec- tion. smtp_helo_name ($myhostname) - The hostname to send in the SMTP EHLO or HELO com- + The hostname to send in the SMTP EHLO or HELO com- mand. smtp_host_lookup (dns) - What mechanisms when the SMTP client uses to look + What mechanisms when the SMTP client uses to look up a host's IP address. smtp_randomize_addresses (yes) - Randomize the order of equal-preference MX host + Randomize the order of equal-preference MX host addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the pro- + The mail system name that is prepended to the pro- cess name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". @@ -498,7 +504,7 @@ SMTP(8) SMTP(8) TLS_README, Postfix STARTTLS howto LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index c249734df..72f6b5582 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2436,9 +2436,11 @@ joe.user\fR", the address "\fIjoe+foo@domain\fR" would rewrite to "\fIjoe.user+foo\fR". .PP Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, -\fBforward\fR or \fBinclude\fR. These cause address extension +\fBforward\fR, \fBinclude\fR or \fBgenerics\fR. These cause +address extension propagation with \fBcanonical\fR(5), \fBvirtual\fR(5), and \fBaliases\fR(5) maps, -and with \fBlocal\fR(8) .forward and :include: file lookups, respectively. +with \fBlocal\fR(8) .forward and :include: file lookups, and with \fBsmtp\fR(8) +generics maps, respectively. .PP Note: enabling this feature for types other than \fBcanonical\fR and \fBvirtual\fR is likely to cause problems when mail is forwarded @@ -3236,6 +3238,30 @@ This option is useful only if you are definitely sure that you will only connect to servers that support RFC 2487 _and_ that provide valid server certificates. Typical use is for clients that send all their email to a dedicated mailhub. +.SH smtp_generics_maps (default: empty) +Optional lookup tables that perform address rewriting in the +SMTP client, typically to transform a locally valid address into +a globally valid address when sending mail across the Internet. +This is needed when the local machine does not have its own Internet +domain name, but uses something like \fIlocaldomain.local\fR +instead. +.PP +The table search order is described below. The search terminates +when a match is found. In other words, the search is non-recursive. +.IP "\fIuser@domain.tld address\fR" +Replace \fIuser@domain.tld\fR by \fIaddress\fR. This +form has the highest precedence. +.IP "\fIuser address\fR" +Replace \fIuser@site\fR by \fIaddress\fR when \fIsite\fR is +equal to $myorigin, when \fIsite\fR is listed in $mydestination, +or when it matches $inet_interfaces or $proxy_interfaces. +.IP "\fI@domain.tld address\fR" +Replace all other addresses in \fIdomain.tld\fR by +\fIaddress\fR. This form has the lowest preference. +.PP +In all cases \fIaddress\fR must specify a username and a +domain. +This feature is available in Postfix 2.2 and later. .SH smtp_helo_name (default: $myhostname) The hostname to send in the SMTP EHLO or HELO command. .PP diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index f740a1920..e28385edd 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -140,6 +140,10 @@ from a remote SMTP server. A case insensitive list of EHLO keywords (pipelining, starttls, auth, etc.) that the SMTP client will ignore in the EHLO response from a remote SMTP server. +.IP "\fBsmtp_generics_maps (empty)\fR" +Optional lookup tables that perform address rewriting in the +SMTP client, typically to transform a locally valid address into +a globally valid address when sending mail across the Internet. .SH "MIME PROCESSING CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 78675dc75..2a7798eaf 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -324,6 +324,7 @@ while (<>) { s;\bsmtp_data_init_timeout\b;$&;g; s;\bsmtp_data_xfer_timeout\b;$&;g; s;\bsmtp_defer_if_no_mx_address_found\b;$&;g; + s;\bsmtp_generics_maps\b;$&;g; s;\blmtp_destination_concurrency_limit\b;$&;g; s;\blmtp_destination_recip[-]*\n* *[]*ient_limit\b;$&;g; s;\brelay_destination_concurrency_limit\b;$&;g; diff --git a/postfix/proto/ADDRESS_REWRITING_README.html b/postfix/proto/ADDRESS_REWRITING_README.html index 3453b933d..7e8e4b6ae 100644 --- a/postfix/proto/ADDRESS_REWRITING_README.html +++ b/postfix/proto/ADDRESS_REWRITING_README.html @@ -94,6 +94,20 @@ as invalid
  • Relocated users table + + +
  • Address rewriting with remote delivery + + + +
  • Address rewriting with local delivery + +
      +
    • Local alias database
    • Local per-user .forward files @@ -329,6 +343,10 @@ transport_maps none all mail trivial-
      rewrite(8) relocated_maps none + Generics table +outgoing SMTP mail smtp(8) smtp_generics_maps + none + Local alias database all mail local(8) alias_maps none @@ -796,8 +814,17 @@ content according to the rules of the SMTP, LMTP, etc. protocol. When mail cannot be delivered, it is either returned to the sender or moved to the deferred queue and tried again later.

      -

      Address manipulations when mail is delivered via the local(8) -delivery agent:

      +

      Address manipulations when mail is delivered +via the smtp(8) delivery agent:

      + + + +

      Address manipulations when mail is delivered +via the local(8) delivery agent:

        @@ -912,6 +939,42 @@ otheruser@elsewhere.tld". Older Postfix versions will receive the mail first, and then return it to the sender as undeliverable, with the same reason.

        +

        Generic mapping for outgoing SMTP mail

        + +

        Some hosts have no valid Internet domain name, and instead use +a name such as localdomain.local. This can be a problem when +you want to send mail over the Internet, because many mail servers +reject mail addresses with invalid domain names.

        + +

        With the smtp_generics_maps parameter you can specify lookup +tables that replace local mail addresses by valid Internet addresses +when mail leaves the machine via SMTP. This mapping replaces envelope +and header addresses, and is non-recursive. It does not happen when +you send mail between addresses on the local machine.

        + +

        This feature is available in Postfix version 2.2 and later.

        + +

        Example:

        + +
        +
        +/etc/postfix/main.cf:
+    smtp_generics_maps = hash:/etc/postfix/generics
+
+/etc/postfix/generics:
+    you@localdomain.local		youraccount@yourisp.example
+    her@localdomain.local		heraccount@herisp.example
+    @localdomain.local			youraccount+local@yourisp.example
+
        +
        + +

        When mail is sent to a remote host via SMTP, this replaces your +local mail address you@localdomain.local by your ISP mail +address, replaces her@localdomain.local by her ISP mail +address, and replaces all other local addresses by your ISP account, +with an address extension of +local (this example assumes +that the ISP supports "+" style address extensions).

        +

        Local alias database

        When mail is to be delivered locally, the local(8) delivery diff --git a/postfix/proto/DEBUG_README.html b/postfix/proto/DEBUG_README.html index 84ce6db06..f663add13 100644 --- a/postfix/proto/DEBUG_README.html +++ b/postfix/proto/DEBUG_README.html @@ -78,7 +78,7 @@ properly: 

        -% egrep '(warning|error|fatal|panic):' /some/log/file | more
+% egrep '(warning|error|fatal|panic):' /some/log/file | more
        @@ -126,7 +126,7 @@ debugging:

        deliver mail. This mode of operation is requested with: 

        -$ /usr/sbin/sendmail -bv address...
+% /usr/sbin/sendmail -bv address...
 Mail Delivery Status Report will be mailed to <your login name>.
        @@ -135,7 +135,7 @@ failures, including replies from remote SMTP servers. This mode of operation is requested with: 

        -$ /usr/sbin/sendmail -v address...
+% /usr/sbin/sendmail -v address...
 Mail Delivery Status Report will be mailed to <your login name>.
        @@ -211,7 +211,7 @@ else you will miss some or all of the packet payload. 

        -# tcpdump -w /file/name -s 2000 host example.com and port 25
+# tcpdump -w /file/name -s 2000 host example.com and port 25
        @@ -248,10 +248,10 @@ system call tracer. For example: 

        -# trace -p process-id (SunOS 4)
-# strace -p process-id (Linux and many others)
-# truss -p process-id (Solaris, FreeBSD)
-# ktrace -p process-id (generic 4.4BSD)
+# trace -p process-id (SunOS 4)
+# strace -p process-id (Linux and many others)
+# truss -p process-id (Solaris, FreeBSD)
+# ktrace -p process-id (generic 4.4BSD)
        @@ -260,8 +260,8 @@ Examples: 

        -# ltrace -p process-id (Linux, also ported to FreeBSD and BSD/OS)
-# sotruss -p process-id (Solaris)
+# ltrace -p process-id (Linux, also ported to FreeBSD and BSD/OS)
+# sotruss -p process-id (Solaris)
        @@ -340,8 +340,8 @@ export XAUTHORITY so that X access control works, for example: 
        -% setenv XAUTHORITY ~/.Xauthority (csh syntax)
-$ export XAUTHORITY=$HOME/.Xauthority (sh syntax)
+% setenv XAUTHORITY ~/.Xauthority (csh syntax)
+$ export XAUTHORITY=$HOME/.Xauthority (sh syntax)
        @@ -446,8 +446,8 @@ makes a difference. 

        -% make tidy
-% make makefiles OPT=
+% make tidy
+% make makefiles OPT=
        @@ -458,9 +458,10 @@ optimization. 

        -% make
-% su
-# make install
+% make
+% su
+Password:
+# make install
        @@ -469,7 +470,7 @@ for help.

        Reporting problems to postfix-users@postfix.org

        -

        The people who participate on the postfix-users@postfix.org +

        The people who participate on postfix-users@postfix.org are very helpful, especially if YOU provide them with sufficient information. Remember, these volunteers are willing to help, but their time is limited.

        @@ -482,35 +483,40 @@ information.

      • A summary of the problem. Please do not just send some logging without explanation of what YOU believe is wrong.

        +

      • Complete error messages. Please use cut-and-paste, or use +attachments, instead of reciting information from memory. +

        + +

      • Postfix logging. See the text at the top of the DEBUG_README +document to find out where logging is stored. Please do not frustrate +the helpers by word wrapping the logging.

        +

      • Consider using a test email address so that you don't have -to reveal email addresses of innocent people.

        +to reveal email addresses or passwords of innocent people.

      • If you can't use a test email address, please anonymize information consistently. Replace each letter by "A", each digit by "D" so that the helpers can still recognize syntactical errors.

        -

      • Complete error messages. Please use cut-and-paste, or use -attachments, instead of reciting information from memory. -

        +

      • Output from "postconf -n". Please do not send your +main.cf file or 400+ lines of postconf output.

        -

      • Postfix logging. See the text at the top of the DEBUG_README -document to find out where logging is stored. Please do not frustrate -the helpers by word wrapping the logging.

        +

      • Better, provide output from the postfinger tool. +This can be found at http://ftp.wl0.org/SOURCES/postfinger.

        -

      • Output from "postconf -n". Please do not send your main.cf -file. Or better, provide output from the "postfinger" tool. This -tool is bundled with Postfix 2.2 and later source code, and can be -found at http://ftp.wl0.org/SOURCES/postfinger.

        +

      • If the problem is SASL related, consider including the +output from the saslfinger tool. This can be found at +http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.

      • If the problem is about too much mail in the queue, consider -including output from the qshape tool, as described in the +including output from the qshape tool, as described in the QSHAPE_README file.

      • If the problem is protocol related (connections time out or an SMTP server complains about syntax errors etc.) consider -recording a session with tcpdump, as described in the DEBUG_README -document.

      +recording a session with tcpdump, as described in the DEBUG_README document.
    diff --git a/postfix/proto/IPV6_README.html b/postfix/proto/IPV6_README.html index a16d581be..611183924 100644 --- a/postfix/proto/IPV6_README.html +++ b/postfix/proto/IPV6_README.html @@ -28,7 +28,7 @@ between these implementations.

    The main feature of interest is that IPv6 uses 128-bit IP addresses instead of the 32-bit addresses used by IPv4. It can -therefore accomodate a much larger number of hosts and networks +therefore accommodate a much larger number of hosts and networks without ugly kluges such as NAT. A side benefit of the much larger address space is that it makes network scanning unpractical.

    diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index e610373a9..51a8be675 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -2760,10 +2760,11 @@ to "joe.user+foo".

    Specify zero or more of canonical, virtual, alias, -forward or include. These cause address extension +forward, include or generics. These cause +address extension propagation with canonical(5), virtual(5), and aliases(5) maps, -and with local(8) .forward and :include: file lookups, respectively. -

    +with local(8) .forward and :include: file lookups, and with smtp(8) +generics maps, respectively.

    Note: enabling this feature for types other than canonical @@ -8237,3 +8238,41 @@ client uses for TLS encrypted SMTP sessions.

    The SASL authentication security options that the Postfix SMTP server uses for TLS encrypted SMTP sessions.

    + +%PARAM smtp_generics_maps empty + +

    Optional lookup tables that perform address rewriting in the +SMTP client, typically to transform a locally valid address into +a globally valid address when sending mail across the Internet. +This is needed when the local machine does not have its own Internet +domain name, but uses something like localdomain.local +instead.

    + +

    The table search order is described below. The search terminates +when a match is found. In other words, the search is non-recursive. +

    + +
    + +
    user@domain.tld address
    + +

    Replace user@domain.tld by address. This +form has the highest precedence.

    + +
    user address
    + +

    Replace user@site by address when site is +equal to $myorigin, when site is listed in $mydestination, +or when it matches $inet_interfaces or $proxy_interfaces.

    +
    + +
    @domain.tld address
    + +

    Replace all other addresses in domain.tld by +address. This form has the lowest preference.

    + +
    + +

    In all cases address must specify a username and a +domain.

    This feature is available in Postfix 2.2 and later. +

    diff --git a/postfix/proto/stop b/postfix/proto/stop index 21a33534a..ce0a2713d 100644 --- a/postfix/proto/stop +++ b/postfix/proto/stop @@ -944,3 +944,4 @@ ipnet ipv itojun netmasks +kluges diff --git a/postfix/src/dns/Makefile.in b/postfix/src/dns/Makefile.in index 3cc0fb71a..4ce89ec94 100644 --- a/postfix/src/dns/Makefile.in +++ b/postfix/src/dns/Makefile.in @@ -184,6 +184,8 @@ test_dns_lookup.o: ../../include/vbuf.h test_dns_lookup.o: ../../include/msg.h test_dns_lookup.o: ../../include/msg_vstream.h test_dns_lookup.o: ../../include/vstream.h +test_dns_lookup.o: ../../include/mymalloc.h +test_dns_lookup.o: ../../include/argv.h test_dns_lookup.o: dns.h test_dns_lookup.o: ../../include/sock_addr.h test_dns_lookup.o: ../../include/myaddrinfo.h diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index fc830a3ae..0e7ec68f9 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -704,7 +704,9 @@ hold_message.o: hold_message.h input_transp.o: input_transp.c input_transp.o: ../../include/sys_defs.h input_transp.o: ../../include/name_mask.h +input_transp.o: ../../include/msg.h input_transp.o: mail_params.h +input_transp.o: cleanup_user.h input_transp.o: input_transp.h is_header.o: is_header.c is_header.o: ../../include/sys_defs.h diff --git a/postfix/src/global/ext_prop.c b/postfix/src/global/ext_prop.c index 4d8cf3efc..fac9b6661 100644 --- a/postfix/src/global/ext_prop.c +++ b/postfix/src/global/ext_prop.c @@ -31,6 +31,9 @@ /* .IP "include (EXT_PROP_INCLUDE)" /* Propagate unmatched address extensions to the right-hand side /* of :include: file entries. +/* .IP "generics (EXT_PROP_GENERICS)" +/* Propagate unmatched address extensions to the right-hand side +/* of smtp_generics_maps entries. /* DIAGNOSTICS /* Panic: inappropriate use. /* LICENSE @@ -67,6 +70,7 @@ int ext_prop_mask(const char *param_name, const char *pattern) "alias", EXT_PROP_ALIAS, "forward", EXT_PROP_FORWARD, "include", EXT_PROP_INCLUDE, + "generics", EXT_PROP_GENERICS, 0, }; diff --git a/postfix/src/global/ext_prop.h b/postfix/src/global/ext_prop.h index 413a44b5f..4d7ef1e18 100644 --- a/postfix/src/global/ext_prop.h +++ b/postfix/src/global/ext_prop.h @@ -19,6 +19,7 @@ #define EXT_PROP_ALIAS (1<<2) #define EXT_PROP_FORWARD (1<<3) #define EXT_PROP_INCLUDE (1<<4) +#define EXT_PROP_GENERICS (1<<5) extern int ext_prop_mask(const char *, const char *); diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index bc147ae5d..5f6f9dd89 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -969,6 +969,10 @@ extern bool var_smtp_defer_mxaddr; #define DEF_SMTP_SEND_XFORWARD 0 extern bool var_smtp_send_xforward; +#define VAR_SMTP_GENERICS_MAPS "smtp_generics_maps" +#define DEF_SMTP_GENERICS_MAPS "" +extern char *var_smtp_generics_maps; + /* * SMTP server. The soft error limit determines how many errors an SMTP * client may make before we start to slow down; the hard error limit diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index d02e0211d..83f273542 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only. */ -#define MAIL_RELEASE_DATE "20050205" +#define MAIL_RELEASE_DATE "20050206" #define MAIL_VERSION_NUMBER "2.2" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/master/master_ent.c b/postfix/src/master/master_ent.c index e2871d6d1..ea6d60b81 100644 --- a/postfix/src/master/master_ent.c +++ b/postfix/src/master/master_ent.c @@ -371,6 +371,10 @@ MASTER_SERV *get_master_ent() * Listen socket(s). XXX We pre-allocate storage because the number of * sockets is frozen anyway once we build the command-line vector below. */ + if (serv->listen_fd_count == 0) { + msg_fatal("%s: line %d: no valid IP address found: %s", + VSTREAM_PATH(master_fp), master_line, name); + } serv->listen_fd = (int *) mymalloc(sizeof(int) * serv->listen_fd_count); for (n = 0; n < serv->listen_fd_count; n++) serv->listen_fd[n] = -1; diff --git a/postfix/src/smtp/Makefile.in b/postfix/src/smtp/Makefile.in index 1ae2fe089..a9ea4cf50 100644 --- a/postfix/src/smtp/Makefile.in +++ b/postfix/src/smtp/Makefile.in @@ -1,10 +1,10 @@ SHELL = /bin/sh SRCS = smtp.c smtp_connect.c smtp_proto.c smtp_chat.c smtp_session.c \ smtp_addr.c smtp_trouble.c smtp_state.c smtp_rcpt.c \ - smtp_sasl_proto.c smtp_sasl_glue.c smtp_reuse.c + smtp_sasl_proto.c smtp_sasl_glue.c smtp_reuse.c smtp_map11.c OBJS = smtp.o smtp_connect.o smtp_proto.o smtp_chat.o smtp_session.o \ smtp_addr.o smtp_trouble.o smtp_state.o smtp_rcpt.o \ - smtp_sasl_proto.o smtp_sasl_glue.o smtp_reuse.o + smtp_sasl_proto.o smtp_sasl_glue.o smtp_reuse.o smtp_map11.o HDRS = smtp.h smtp_sasl.h smtp_addr.h smtp_reuse.h TESTSRC = DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) @@ -82,9 +82,12 @@ smtp.o: ../../include/string_list.h smtp.o: ../../include/match_list.h smtp.o: ../../include/match_ops.h smtp.o: ../../include/maps.h +smtp.o: ../../include/ext_prop.h smtp.o: ../../include/mail_server.h smtp.o: smtp.h smtp.o: ../../include/htable.h +smtp.o: ../../include/tok822.h +smtp.o: ../../include/resolve_clnt.h smtp.o: ../../include/tls.h smtp.o: smtp_sasl.h smtp_addr.o: smtp_addr.c @@ -113,6 +116,8 @@ smtp_addr.o: ../../include/match_list.h smtp_addr.o: ../../include/match_ops.h smtp_addr.o: ../../include/maps.h smtp_addr.o: ../../include/dict.h +smtp_addr.o: ../../include/tok822.h +smtp_addr.o: ../../include/resolve_clnt.h smtp_addr.o: ../../include/tls.h smtp_addr.o: smtp_addr.h smtp_chat.o: smtp_chat.c @@ -142,6 +147,8 @@ smtp_chat.o: ../../include/match_list.h smtp_chat.o: ../../include/match_ops.h smtp_chat.o: ../../include/maps.h smtp_chat.o: ../../include/dict.h +smtp_chat.o: ../../include/tok822.h +smtp_chat.o: ../../include/resolve_clnt.h smtp_chat.o: ../../include/tls.h smtp_connect.o: smtp_connect.c smtp_connect.o: ../../include/sys_defs.h @@ -178,9 +185,35 @@ smtp_connect.o: ../../include/match_list.h smtp_connect.o: ../../include/match_ops.h smtp_connect.o: ../../include/maps.h smtp_connect.o: ../../include/dict.h +smtp_connect.o: ../../include/tok822.h +smtp_connect.o: ../../include/resolve_clnt.h smtp_connect.o: ../../include/tls.h smtp_connect.o: smtp_addr.h smtp_connect.o: smtp_reuse.h +smtp_map11.o: smtp_map11.c +smtp_map11.o: ../../include/sys_defs.h +smtp_map11.o: ../../include/msg.h +smtp_map11.o: ../../include/vstring.h +smtp_map11.o: ../../include/vbuf.h +smtp_map11.o: ../../include/dict.h +smtp_map11.o: ../../include/vstream.h +smtp_map11.o: ../../include/argv.h +smtp_map11.o: ../../include/tok822.h +smtp_map11.o: ../../include/resolve_clnt.h +smtp_map11.o: ../../include/valid_hostname.h +smtp_map11.o: ../../include/mail_addr_map.h +smtp_map11.o: ../../include/maps.h +smtp_map11.o: ../../include/quote_822_local.h +smtp_map11.o: ../../include/quote_flags.h +smtp_map11.o: smtp.h +smtp_map11.o: ../../include/htable.h +smtp_map11.o: ../../include/deliver_request.h +smtp_map11.o: ../../include/recipient_list.h +smtp_map11.o: ../../include/scache.h +smtp_map11.o: ../../include/string_list.h +smtp_map11.o: ../../include/match_list.h +smtp_map11.o: ../../include/match_ops.h +smtp_map11.o: ../../include/tls.h smtp_proto.o: smtp_proto.c smtp_proto.o: ../../include/sys_defs.h smtp_proto.o: ../../include/msg.h @@ -214,6 +247,11 @@ smtp_proto.o: ../../include/ehlo_mask.h smtp_proto.o: ../../include/maps.h smtp_proto.o: ../../include/dict.h smtp_proto.o: ../../include/argv.h +smtp_proto.o: ../../include/tok822.h +smtp_proto.o: ../../include/resolve_clnt.h +smtp_proto.o: ../../include/mail_addr_map.h +smtp_proto.o: ../../include/ext_prop.h +smtp_proto.o: ../../include/lex_822.h smtp_proto.o: smtp.h smtp_proto.o: ../../include/htable.h smtp_proto.o: ../../include/scache.h @@ -241,6 +279,8 @@ smtp_rcpt.o: ../../include/match_list.h smtp_rcpt.o: ../../include/match_ops.h smtp_rcpt.o: ../../include/maps.h smtp_rcpt.o: ../../include/dict.h +smtp_rcpt.o: ../../include/tok822.h +smtp_rcpt.o: ../../include/resolve_clnt.h smtp_rcpt.o: ../../include/tls.h smtp_reuse.o: smtp_reuse.c smtp_reuse.o: ../../include/sys_defs.h @@ -262,6 +302,8 @@ smtp_reuse.o: ../../include/match_list.h smtp_reuse.o: ../../include/match_ops.h smtp_reuse.o: ../../include/maps.h smtp_reuse.o: ../../include/dict.h +smtp_reuse.o: ../../include/tok822.h +smtp_reuse.o: ../../include/resolve_clnt.h smtp_reuse.o: ../../include/tls.h smtp_reuse.o: smtp_reuse.h smtp_reuse.o: ../../include/dns.h @@ -289,6 +331,8 @@ smtp_sasl_glue.o: ../../include/htable.h smtp_sasl_glue.o: ../../include/deliver_request.h smtp_sasl_glue.o: ../../include/recipient_list.h smtp_sasl_glue.o: ../../include/scache.h +smtp_sasl_glue.o: ../../include/tok822.h +smtp_sasl_glue.o: ../../include/resolve_clnt.h smtp_sasl_glue.o: ../../include/tls.h smtp_sasl_glue.o: smtp_sasl.h smtp_sasl_proto.o: smtp_sasl_proto.c @@ -311,6 +355,8 @@ smtp_sasl_proto.o: ../../include/match_list.h smtp_sasl_proto.o: ../../include/match_ops.h smtp_sasl_proto.o: ../../include/maps.h smtp_sasl_proto.o: ../../include/dict.h +smtp_sasl_proto.o: ../../include/tok822.h +smtp_sasl_proto.o: ../../include/resolve_clnt.h smtp_sasl_proto.o: ../../include/tls.h smtp_sasl_proto.o: smtp_sasl.h smtp_session.o: smtp_session.c @@ -336,6 +382,8 @@ smtp_session.o: ../../include/scache.h smtp_session.o: ../../include/string_list.h smtp_session.o: ../../include/match_list.h smtp_session.o: ../../include/match_ops.h +smtp_session.o: ../../include/tok822.h +smtp_session.o: ../../include/resolve_clnt.h smtp_session.o: ../../include/tls.h smtp_state.o: smtp_state.c smtp_state.o: ../../include/sys_defs.h @@ -355,6 +403,8 @@ smtp_state.o: ../../include/match_list.h smtp_state.o: ../../include/match_ops.h smtp_state.o: ../../include/maps.h smtp_state.o: ../../include/dict.h +smtp_state.o: ../../include/tok822.h +smtp_state.o: ../../include/resolve_clnt.h smtp_state.o: ../../include/tls.h smtp_state.o: smtp_sasl.h smtp_trouble.o: smtp_trouble.c @@ -382,6 +432,8 @@ smtp_trouble.o: ../../include/match_list.h smtp_trouble.o: ../../include/match_ops.h smtp_trouble.o: ../../include/maps.h smtp_trouble.o: ../../include/dict.h +smtp_trouble.o: ../../include/tok822.h +smtp_trouble.o: ../../include/resolve_clnt.h smtp_trouble.o: ../../include/tls.h smtp_unalias.o: smtp_unalias.c smtp_unalias.o: ../../include/sys_defs.h @@ -403,4 +455,6 @@ smtp_unalias.o: ../../include/match_list.h smtp_unalias.o: ../../include/match_ops.h smtp_unalias.o: ../../include/maps.h smtp_unalias.o: ../../include/dict.h +smtp_unalias.o: ../../include/tok822.h +smtp_unalias.o: ../../include/resolve_clnt.h smtp_unalias.o: ../../include/tls.h diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 3b76ba90c..79fc03615 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -122,6 +122,10 @@ /* A case insensitive list of EHLO keywords (pipelining, starttls, /* auth, etc.) that the SMTP client will ignore in the EHLO response /* from a remote SMTP server. +/* .IP "\fBsmtp_generics_maps (empty)\fR" +/* Optional lookup tables that perform address rewriting in the +/* SMTP client, typically to transform a locally valid address into +/* a globally valid address when sending mail across the Internet. /* MIME PROCESSING CONTROLS /* .ad /* .fi @@ -420,6 +424,7 @@ #include #include #include +#include /* Single server skeleton. */ @@ -490,6 +495,9 @@ int var_smtp_tls_scert_vd; bool var_smtp_tls_note_starttls_offer; #endif +char *var_smtp_generics_maps; +char *var_prop_extension; + /* * Global variables. smtp_errno is set by the address lookup routines and by * the connection management routines. @@ -499,6 +507,8 @@ int smtp_host_lookup_mask; STRING_LIST *smtp_cache_dest; SCACHE *smtp_scache; MAPS *smtp_ehlo_dis_maps; +MAPS *smtp_generics_maps; +int smtp_ext_prop_mask; #ifdef USE_TLS @@ -639,6 +649,7 @@ static void pre_init(char *unused_name, char **unused_argv) msg_warn("%s is true, but SASL support is not compiled in", VAR_SMTP_SASL_ENABLE); #endif + /* * Initialize the TLS data before entering the chroot jail */ @@ -669,6 +680,17 @@ static void pre_init(char *unused_name, char **unused_argv) smtp_ehlo_dis_maps = maps_create(VAR_SMTPD_EHLO_DIS_MAPS, var_smtp_ehlo_dis_maps, DICT_FLAG_LOCK); + + /* + * Generics table. + */ + if (*var_prop_extension) + smtp_ext_prop_mask = + ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); + if (*var_smtp_generics_maps) + smtp_generics_maps = + maps_create(VAR_SMTP_GENERICS_MAPS, var_smtp_generics_maps, + DICT_FLAG_LOCK); } /* pre_accept - see if tables have changed */ @@ -717,6 +739,8 @@ int main(int argc, char **argv) VAR_SMTP_EHLO_DIS_WORDS, DEF_SMTP_EHLO_DIS_WORDS, &var_smtp_ehlo_dis_words, 0, 0, VAR_SMTP_EHLO_DIS_MAPS, DEF_SMTP_EHLO_DIS_MAPS, &var_smtp_ehlo_dis_maps, 0, 0, VAR_SMTP_TLS_PER_SITE, DEF_SMTP_TLS_PER_SITE, &var_smtp_tls_per_site, 0, 0, + VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0, + VAR_SMTP_GENERICS_MAPS, DEF_SMTP_GENERICS_MAPS, &var_smtp_generics_maps, 0, 0, 0, }; static CONFIG_TIME_TABLE time_table[] = { diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index 0b08bc699..8b52009ca 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -31,6 +31,7 @@ #include #include #include +#include /* * Postfix TLS library. @@ -154,6 +155,9 @@ extern STRING_LIST *smtp_cache_dest; /* cached destinations */ extern MAPS *smtp_ehlo_dis_maps; /* ehlo keyword filter */ +extern MAPS *smtp_generics_maps; /* make internal address valid */ +extern int smtp_ext_prop_mask; /* address externsion propagation */ + #ifdef USE_TLS extern SSL_CTX *smtp_tls_ctx; /* client-side TLS engine */ @@ -314,6 +318,13 @@ extern VSTRING *smtp_unalias_addr(VSTRING *, const char *); extern SMTP_STATE *smtp_state_alloc(void); extern void smtp_state_free(SMTP_STATE *); + /* + * smtp_map11.c + */ +extern int smtp_map11_external(VSTRING *, MAPS *, int); +extern int smtp_map11_tree(TOK822 *, MAPS *, int); +extern int smtp_map11_internal(VSTRING *, MAPS *, int); + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index 7a38ada45..f712ac089 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -104,6 +104,25 @@ #define STR(x) vstring_str(x) +/* smtp_salvage - salvage the server reply before disconnecting */ + +static VSTRING *smtp_salvage(VSTREAM *stream) +{ + int len = vstream_peek(stream); + VSTRING *buf = vstring_alloc(len); + + /* + * We know the server replied with 4... or 5...; salvage whatever we have + * received in the VSTREAM buffer and sanitize any non-printable crud. + */ + vstream_fread(stream, STR(buf), len); + VSTRING_AT_OFFSET(buf, len); /* XXX not public interface */ + VSTRING_TERMINATE(buf); + translit(STR(buf), "\r\n", " "); + printable(STR(buf), '?'); + return (buf); +} + /* smtp_connect_addr - connect to explicit address */ static SMTP_SESSION *smtp_connect_addr(const char *dest, DNS_RR *addr, @@ -250,6 +269,24 @@ static SMTP_SESSION *smtp_connect_addr(const char *dest, DNS_RR *addr, return (0); } vstream_ungetc(stream, ch); + + /* + * Skip this host if it sends a 4xx or 5xx greeting. This prevents us + * from counting it towards the MX session limit. Unfortunately, this + * also means that we have to salvage the server's response ourself so + * that it can be included in logging or in non-delivery reports. It does + * not hurt if we keep the test for a 4xx or 5xx greeting in smtp_helo(). + */ + if (ch == '4' || (ch == '5' && var_smtp_skip_5xx_greeting)) { + VSTRING *salvage_buf = smtp_salvage(stream); + + vstring_sprintf(why, "connect to %s[%s]: server refused to talk to me: %s", + addr->name, hostaddr.buf, STR(salvage_buf)); + vstring_free(salvage_buf); + smtp_errno = SMTP_ERR_RETRY; + vstream_fclose(stream); + return (0); + } return (smtp_session_alloc(stream, dest, addr->name, hostaddr.buf, port, sess_flags)); } diff --git a/postfix/src/smtp/smtp_map11.c b/postfix/src/smtp/smtp_map11.c new file mode 100644 index 000000000..93932a7c1 --- /dev/null +++ b/postfix/src/smtp/smtp_map11.c @@ -0,0 +1,133 @@ +/*++ +/* NAME +/* smtp_map11 3 +/* SUMMARY +/* one-to-one address mapping +/* SYNOPSIS +/* #include +/* +/* int smtp_map11_external(addr, maps, propagate) +/* VSTRING *addr; +/* MAPS *maps; +/* int propagate; +/* +/* int smtp_map11_internal(addr, maps, propagate) +/* VSTRING *addr; +/* MAPS *maps; +/* int propagate; +/* +/* int smtp_map11_tree(tree, maps, propagate) +/* TOK822 *tree; +/* MAPS *maps; +/* int propagate; +/* DESCRIPTION +/* This module performs non-recursive one-to-one address mapping. +/* An unmatched address extension is propagated when +/* \fIpropagate\fR is non-zero. +/* +/* smtp_map11_external() looks up the RFC 822 external (quoted) string +/* form of an address in the maps specified via the \fImaps\fR argument. +/* +/* smtp_map11_internal() is a wrapper around the +/* smtp_map11_external() routine that transforms from +/* internal (quoted) string form to external form and back. +/* +/* smtp_map11_tree() is a wrapper around the +/* smtp_map11_external() routine that transforms from +/* internal parse tree form to external form and back. +/* DIAGNOSTICS +/* Table lookup errors are fatal. +/* SEE ALSO +/* mail_addr_map(3) address mappings +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include +#include + +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + +/* Utility library. */ + +#include +#include +#include +#include +#include +#include + +/* Global library. */ + +#include +#include + +/* Application-specific. */ + +#include + +#define STR vstring_str + +/* smtp_map11_external - one-to-one table lookups */ + +int smtp_map11_external(VSTRING *addr, MAPS *maps, int propagate) +{ + ARGV *new_addr; + const char *at; + + if ((new_addr = mail_addr_map(maps, STR(addr), propagate)) != 0) { + if (new_addr->argc > 1) + msg_fatal("multi-valued %s entry for %s", maps->title, STR(addr)); + if ((at = strrchr(STR(addr), '@')) == 0 + || !valid_hostname(at + 1, DO_GRIPE)) + msg_fatal("invalid domain information in %s entry for %s", + maps->title, STR(addr)); + vstring_strcpy(addr, new_addr->argv[0]); + argv_free(new_addr); + return (1); + } else { + if (dict_errno != 0) + msg_fatal("%s map lookup problem for %s", maps->title, STR(addr)); + return (0); + } +} + +/* smtp_map11_tree - rewrite address node */ + +int smtp_map11_tree(TOK822 *tree, MAPS *maps, int propagate) +{ + VSTRING *temp = vstring_alloc(100); + int ret; + + tok822_externalize(temp, tree->head, TOK822_STR_DEFL); + ret = smtp_map11_external(temp, maps, propagate); + tok822_free_tree(tree->head); + tree->head = tok822_scan(STR(temp), &tree->tail); + vstring_free(temp); + return (ret); +} + +/* smtp_map11_internal - rewrite address internal form */ + +int smtp_map11_internal(VSTRING *addr, MAPS *maps, int propagate) +{ + VSTRING *temp = vstring_alloc(100); + int ret; + + quote_822_local(temp, STR(addr)); + ret = smtp_map11_external(temp, maps, propagate); + unquote_822_local(addr, STR(temp)); + vstring_free(temp); + return (ret); +} diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 184906e71..30ad1c1fb 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -131,6 +131,10 @@ #include #include #include +#include +#include +#include +#include /* Application-specific. */ @@ -684,6 +688,23 @@ static void smtp_text_out(void *context, int rec_type, } while (data_left > 0); } +/* smtp_format_out - output one header/body record */ + +static void PRINTFLIKE(3, 4) smtp_format_out(void *, int, const char *,...); + +static void smtp_format_out(void *context, int rec_type, const char *fmt,...) +{ + static VSTRING *vp; + va_list ap; + + if (vp == 0) + vp = vstring_alloc(100); + va_start(ap, fmt); + vstring_vsprintf(vp, fmt, ap); + va_end(ap); + smtp_text_out(context, rec_type, vstring_str(vp), VSTRING_LEN(vp), 0); +} + /* smtp_header_out - output one message header */ static void smtp_header_out(void *context, int unused_header_class, @@ -694,6 +715,10 @@ static void smtp_header_out(void *context, int unused_header_class, char *line; char *next_line; + /* + * This code destroys the header. We could try to avoid clobbering it, + * but we're not going to use the data any further. + */ for (line = start; line; line = next_line) { next_line = split_at(line, '\n'); smtp_text_out(context, REC_TYPE_NORM, line, next_line ? @@ -701,6 +726,89 @@ static void smtp_header_out(void *context, int unused_header_class, } } +/* smtp_header_rewrite - rewrite message header before output */ + +static void smtp_header_rewrite(void *context, int header_class, + HEADER_OPTS *header_info, VSTRING *buf, + off_t offset) +{ + SMTP_STATE *state = (SMTP_STATE *) context; + int did_rewrite = 0; + char *line; + char *start; + char *next_line; + char *end_line; + + /* + * Rewrite primary header addresses that match the smtp_generics_table. + * The cleanup server already enforces that all headers have proper + * lengths and that all addresses are in proper form, so we don't have to + * repeat that. + */ + if (header_info && header_class == MIME_HDR_PRIMARY + && (header_info->flags & (HDR_OPT_SENDER | HDR_OPT_RECIP)) != 0) { + TOK822 *tree; + TOK822 **addr_list; + TOK822 **tpp; + + tree = tok822_parse(vstring_str(buf) + + strlen(header_info->name) + 1); + addr_list = tok822_grep(tree, TOK822_ADDR); + for (tpp = addr_list; *tpp; tpp++) + did_rewrite |= smtp_map11_tree(tpp[0], smtp_generics_maps, + smtp_ext_prop_mask & EXT_PROP_GENERICS); + if (did_rewrite) { + vstring_sprintf(buf, "%s: ", header_info->name); + tok822_externalize(buf, tree, TOK822_STR_HEAD); + } + myfree((char *) addr_list); + tok822_free_tree(tree); + } + + /* + * Pass through unmodified headers without reconstruction. + */ + if (did_rewrite == 0) { + smtp_header_out(context, header_class, header_info, buf, offset); + return; + } + + /* + * A rewritten address list contains one address per line. The code below + * replaces newlines by spaces, to fit as many addresses on a line as + * possible (without rearranging the order of addresses). Prepending + * white space to the beginning of lines is delegated to the output + * routine. + */ + for (line = start = vstring_str(buf); line != 0; line = next_line) { + end_line = line + strcspn(line, "\n"); + if (line > start) { + if (end_line - start < 70) { /* TAB counts as one */ + line[-1] = ' '; + } else { + start = line; + } + } + next_line = *end_line ? end_line + 1 : 0; + } + + /* + * Prepend a tab to continued header lines that went through the address + * rewriting machinery. Just like smtp_header_out(), this code destroys + * the header. We could try to avoid clobbering it, but we're not going + * to use the data any further. + */ + for (line = start = vstring_str(buf); line != 0; line = next_line) { + next_line = split_at(line, '\n'); + if (line == start || IS_SPACE_TAB(*line)) { + smtp_text_out(state, REC_TYPE_NORM, line, next_line ? + next_line - line - 1 : strlen(line), offset); + } else { + smtp_format_out(state, REC_TYPE_NORM, "\t%s", line); + } + } +} + /* smtp_loop - exercise the SMTP protocol engine */ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, @@ -728,13 +836,11 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, /* * Macros for readability. */ -#define REWRITE_ADDRESS(dst, mid, src) do { \ - if (*(src) && var_smtp_quote_821_env) { \ - quote_821_local(mid, src); \ - smtp_unalias_addr(dst, vstring_str(mid)); \ - } else { \ - vstring_strcpy(dst, src); \ - } \ +#define REWRITE_ADDRESS(dst, src) do { \ + vstring_strcpy(dst, src); \ + if (*(src) && smtp_generics_maps) \ + smtp_map11_internal(dst, smtp_generics_maps, \ + smtp_ext_prop_mask & EXT_PROP_GENERICS); \ } while (0) #define QUOTE_ADDRESS(dst, src) do { \ @@ -897,7 +1003,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, * Build the MAIL FROM command. */ case SMTP_STATE_MAIL: - QUOTE_ADDRESS(session->scratch, request->sender); + REWRITE_ADDRESS(session->scratch2, request->sender); + QUOTE_ADDRESS(session->scratch, vstring_str(session->scratch2)); vstring_sprintf(next_command, "MAIL FROM:<%s>", vstring_str(session->scratch)); if (session->features & SMTP_FEATURE_SIZE) /* RFC 1870 */ @@ -930,7 +1037,8 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, */ case SMTP_STATE_RCPT: rcpt = request->rcpt_list.info + send_rcpt; - QUOTE_ADDRESS(session->scratch, rcpt->address); + REWRITE_ADDRESS(session->scratch2, rcpt->address); + QUOTE_ADDRESS(session->scratch, vstring_str(session->scratch2)); vstring_sprintf(next_command, "RCPT TO:<%s>", vstring_str(session->scratch)); if ((next_rcpt = send_rcpt + 1) == SMTP_RCPT_LEFT(state)) @@ -1241,9 +1349,11 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, (var_disable_mime_oconv == 0 && (session->features & SMTP_FEATURE_8BITMIME) == 0 && strcmp(request->encoding, MAIL_ATTR_ENC_7BIT) != 0); - if (downgrading) + if (downgrading || smtp_generics_maps) session->mime_state = mime_state_alloc(MIME_OPT_DOWNGRADE | MIME_OPT_REPORT_NESTING, + smtp_generics_maps ? + smtp_header_rewrite : smtp_header_out, (MIME_STATE_ANY_END) 0, smtp_text_out, @@ -1263,7 +1373,7 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, while ((rec_type = rec_get(state->src, session->scratch, 0)) > 0) { if (rec_type != REC_TYPE_NORM && rec_type != REC_TYPE_CONT) break; - if (downgrading == 0) { + if (session->mime_state == 0) { smtp_text_out((void *) state, rec_type, vstring_str(session->scratch), VSTRING_LEN(session->scratch), diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index 591b6f8fe..37aa5a5dc 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -25,7 +25,7 @@ MAKES = all: $(LIB) Makefile: Makefile.in - (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@ + (echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@ test: $(TESTPROG) diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 87d89da5b..f27c6d2f8 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -1473,6 +1473,12 @@ unix_trigger.o: trigger.h unsafe.o: unsafe.c unsafe.o: sys_defs.h unsafe.o: safe.h +upass_listen.o: upass_listen.c +upass_listen.o: sys_defs.h +upass_listen.o: msg.h +upass_listen.o: sane_accept.h +upass_listen.o: listen.h +upass_listen.o: iostuff.h uppercase.o: uppercase.c uppercase.o: sys_defs.h uppercase.o: stringops.h