From: Wietse Venema Date: Thu, 31 Jul 2014 05:00:00 +0000 (-0500) Subject: postfix-2.12-20140731 X-Git-Tag: v3.0.0-RC1~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a37d74084fe97a014d8fadf25b35659393621d7a;p=thirdparty%2Fpostfix.git postfix-2.12-20140731 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 00297dba2..bbd440f0a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -20276,3 +20276,42 @@ Apologies for any names omitted. Feature: when expanding myhostname or mydomain in bounce template messages, and smtputf8_enable=yes, convert ACE (xn--mumble) labels into UTF-8. bounce/bounce_template.c. + +20140720 + + Cleanup: charset selection and content-transfer encoding + in bounce messages (work in progress). The proper solution + requires separate handling of the returned-message MIME + properties and of the (boiler-plate text, delivery status) + MIME properties. File: bounce/bounce_notify_util.c. + +20140722 + + Documentation: the TLS_README example for creating a + self-signed certificate was incomplete. Also, added + "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1" settings + to cookbook recipes, so that TLS handshake results will be + logged. Viktor Dukhovni. File: proto/TLS_README.html. + + Documentation: update Perl MIME::Base64 example. File: + proto/SASL_README.html. + + Documentation: update pointer to Bennett Todd's SMTP proxy. + File: proto/SMTPD_PROXY_README.html. + +20140725 + + Documentation: describe what features are controlled by + parent_domain_matches_subdomains, both in the description + of the controlled feature, and in the description of + parent_domain_matches_subdomains. File: proto/postconf.proto. + + Cleanup: smtpd_client_event_limit_exceptions is now controlled + with parent_domain_matches_subdomains, with backwards-compatible + default (specify .example.com in order to match subdomains + of example.com). Files: smtpd/smtpd.c. + + Documentation: SMTPUTF8_README, an updated version of text + that was originally part of the RELEASE_NOTES file. Files: + proto/SMTPUTF8_README.html, proto/Makefile.in, html/index.html. + diff --git a/postfix/README_FILES/AAAREADME b/postfix/README_FILES/AAAREADME index ad05cfe13..7e7ba4854 100644 --- a/postfix/README_FILES/AAAREADME +++ b/postfix/README_FILES/AAAREADME @@ -12,7 +12,8 @@ GGeenneerraall ccoonnffiigguurraattiioonn * TLS_README: TLS Encryption and authentication * FORWARD_SECRECY_README: TLS Forward Secrecy * IPV6_README: IP Version 6 Support - * MULTI_INSTANCE_README: Multiple-instance management + * IPV6_README: IP Version 6 Support + * SMTPUTF8_README: SMTPUTF8 support * INSTALL: Installation from source code PPrroobblleemm ssoollvviinngg diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index dc0ab41e0..7031101e0 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -975,12 +975,12 @@ authentication information: The mmmmeennccooddee command is part of the metamail software. - * Using Perl MMIIMMEE::::BBaassee6644: + * Using Perl MMIIMMEE::::BBaassee6644 (from http://www.cpan.org/): % ppeerrll --MMMMIIMMEE::::BBaassee6644 --ee \\ ''pprriinntt eennccooddee__bbaassee6644((""\\00uusseerrnnaammee\\00ppaasssswwoorrdd""));;'' - MIME::Base64 is available from http://www.cpan.org/. + If the username or password contain "@", you must specify "\@". * Using the ggeenn--aauutthh script: diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README index c26b5a850..f2cd530d4 100644 --- a/postfix/README_FILES/SMTPD_PROXY_README +++ b/postfix/README_FILES/SMTPD_PROXY_README @@ -102,8 +102,8 @@ From then on mail is processed as usual. The content filter itself is not described here. You can use any filter that is SMTP enabled. For non-SMTP capable content filtering software, Bennett Todd's -SMTP proxy implements a nice PERL/SMTP content filtering framework. See: http:/ -/bent.latency.net/smtpprox/. +SMTP proxy implements a nice Perl-based framework. See: http:// +bent.latency.net/smtpprox/ or https://github.com/jnorell/smtpprox. Postfix Postfix filter on SMTP server Postfix Postfix diff --git a/postfix/README_FILES/SMTPUTF8_README b/postfix/README_FILES/SMTPUTF8_README new file mode 100644 index 000000000..7206e71b8 --- /dev/null +++ b/postfix/README_FILES/SMTPUTF8_README @@ -0,0 +1,216 @@ + PPoossttffiixx SSMMTTPPUUTTFF88 ssuuppppoorrtt + +------------------------------------------------------------------------------- + +OOvveerrvviieeww + +This document describes Postfix support for Email Address Internationalization +(EAI) as defined in RFC 6531 (SMTPUTF8 extension), RFC 6532 (Internationalized +email headers) and RFC 6533 (Internationalized delivery status notifications). +Introduced with Postfix version 2.12, this fully supports UTF-8 email addresses +and UTF-8 message header values. + +Topics covered in this document: + + * Enabling Postfix SMTPUTF8 support + * Using Postfix SMTPUTF8 support + * SMTPUTF8 autodetection + * Limitations of the current implementation + * Compatibility with pre-SMTPUTF8 environments + * Building with/without SMTPUTF8 support + * Credits + +EEnnaabblliinngg PPoossttffiixx SSMMTTPPUUTTFF88 ssuuppppoorrtt + +By default, Postfix SMTPUTF8 support is disabled. Thus, Postfix should work +exactly as it has worked before SMTPUTF8 support was implemented. + +Before turning on SMTPUTF8 support in Postfix, you need to verify that the rest +of your email infrastructure can handle UTF-8 email addresses and message +header values, including SMTPUTF8 protocol support in SMTP-based content +filters (Amavisd), LMTP servers (Dovecot), and down-stream SMTP servers. + +SMTPUTF8 support is enabled by setting the smtputf8_enable parameter in +main.cf: + + # postconf "smtputf8_enable = yes" + # postfix reload + +With SMTPUTF8 support enabled, Postfix changes behavior as follows: + + * UTF-8 is permitted in the myorigin parameter value. However, the myhostname + and mydomain parameters must specify ASCII-only domain names. This + limitation may be removed later. + + * The Postfix SMTP server announces SMTPUTF8 support in the EHLO response. + + 220 server.example.com ESMTP Postfix + EHLO client.example.com + 250-server.example.com + 250-PIPELINING + 250-SIZE 10240000 + 250-VRFY + 250-ETRN + 250-STARTTLS + 250-AUTH PLAIN LOGIN + 250-ENHANCEDSTATUSCODES + 250-8BITMIME + 250-DSN + 250 SMTPUTF8 + + * The Postfix SMTP server accepts the SMTPUTF8 request in MAIL FROM and VRFY + commands. + + MAIL FROM:
SMTPUTF8 ... + + VRFY address SMTPUTF8 + + * The Postfix SMTP client may issue the SMTPUTF8 request in MAIL FROM + commands. + + * Postfix already permitted UTF-8 in message header values and in address + localparts. This does not change. + + * The Postfix SMTP server accepts UTF-8 in email address domains, but only + after the remote SMTP client client issues the SMTPUTF8 request in MAIL + FROM or VRFY commands. + +UUssiinngg PPoossttffiixx SSMMTTPPUUTTFF88 ssuuppppoorrtt + +After Postfix SMTPUTF8 support is turned on, Postfix behavior will depend on 1) +whether a remote SMTP client requests SMTPUTF8 support, 2) the presence of UTF- +8 content in the message envelope and headers, and 3) whether a down-stream +SMTP (or LMTP) server announces SMTPUTF8 support. + + * When the Postfix SMTP server receives a message WITHOUT the SMTPUTF8 + request, Postfix handles the message as it has always done (at least that + is the default, see autodetection below). Specifically, the Postfix SMTP + server does not accept UTF-8 in the envelope sender domain name or envelope + recipient domain name, and the Postfix SMTP client does not issue the + SMTPUTF8 request when delivering that message an SMTP or LMTP server that + announces SMTPUTF8 support (again, that is the default). Postfix will + accept UTF-8 in message header values and in the localpart of envelope + sender and recipient addresses, because it has always done that. + + * When the Postfix SMTP server receives a message WITH the SMTPUTF8 request, + Postfix will issue the SMTPUTF8 request when delivering that message to an + SMTP or LMTP server that announces SMTPUTF8 support. This is not + configurable. + + * When a message is received with the SMTPUTF8 request, Postfix will deliver + the message to a non-SMTPUTF8 SMTP or LMTP server ONLY if: + + o No message header value contains UTF-8. + + o The envelope sender address contains no UTF-8, + + o No envelope recipient address for that specific SMTP/LMTP delivery + transaction contains UTF-8. + + NOTE: Recipients in other email delivery transactions for that same + message may still contain UTF-8. + + Otherwise, Postfix will return the recipient(s) for that email delivery + transaction as undeliverable. The delivery status notification message will + be an SMTPUTF8 message. It will therefore be subject to the same + restrictions as email that is received with the SMTPUTF8 request. + + * When the Postfix SMTP server receives a message with the SMTPUTF8 request, + that request also applies after the message is forwarded via a virtual or + local alias, or $HOME/.forward file. + +SSMMTTPPUUTTFF88 aauuttooddeetteeccttiioonn + +This section applies only to systems that have SMTPUTF8 support turned on +(smtputf8_enable = yes). + +For compatibility with pre-SMTPUTF8 environments, Postfix does not +automatically set the "SMTPUTF8 requested" flag on messages from non-SMTPUTF8 +clients that contain an UTF-8 header value or UTF-8 address localpart. This +would make such messages undeliverable to non-SMTPUTF8 servers, and could be a +barrier to SMTPUTF8 adoption. + +By default, Postfix sets the "SMTPUTF8 requested" flag only on address +verification probes and on Postfix sendmail submissions that contain UTF-8 in +the sender address, UTF-8 in a recipient address, or UTF-8 in a message header +value. + + /etc/postfix/main.cf: + smtputf8_autodetect_classes = sendmail, verify + +However, if you have a non-ASCII myorigin or mydomain setting, or if you have a +configuration that introduces UTF-8 addresses with virtual aliases, canonical +mappings, or BCC mappings, then you may have to apply SMTPUTF8 autodetection to +all email: + + /etc/postfix/main.cf: + smtputf8_autodetect_classes = all + +This will, of course, also flag email that was received without SMTPUTF8 +request, but that contains UTF-8 in a sender address localpart, receiver +address localpart, or message header value. Such email was not standards- +compliant, but Postfix would have delivered it if SMTPUTF8 support was +disabled. + +LLiimmiittaattiioonnss ooff tthhee ccuurrrreenntt iimmpplleemmeennttaattiioonn + +"Internationalized" domain names can appear in two forms: the UTF-8 form, and +the ASCII (xn--mumble) form. + +NNoo cchhaarraacctteerrsseett ccaannoonniiccaalliizzaattiioonn ffoorr nnoonn--AASSCCIIII ddoommaaiinn nnaammeess.. + +Postfix currently does not translate domain names from UTF-8 into ASCII (or +ASCII into UTF-8) before looking up the domain name in mydestination, +relay_domains, access tables, etc., before logging the domain name, or before +using the domain name in a policy daemon or Milter request. You will have to +configure both UTF-8 and ASCII forms in Postfix configuration files; and both +forms will have to be handled by logfile tools, policy daemons and Milters. + +NNoo ccaassee ccaannoonniiccaalliizzaattiioonn ffoorr nnoonn--AASSCCIIII cchhaarraacctteerrss.. + +Postfix currently does not case-fold non-ASCII characters when looking up an +"Internationalized" domain name in mydestination, relay_domains, access maps, +etc. Some non-ASCII scripts do not distinguish between upper and lower case, +some have different numbers of upper and lower case characters. + +CCoommppaattiibbiilliittyy wwiitthh pprree--SSMMTTPPUUTTFF88 eennvviirroonnmmeennttss + +MMaaiilliinngg lliissttss wwiitthh UUTTFF--88 aanndd nnoonn--UUTTFF--88 ssuubbssccrriibbeerrss + +With Postfix, there is no need to split mailing lists into UTF-8 and non-UTF- +8 members. Postfix will try to deliver the non-UTF8 subscribers over +"traditional" non-SMTPUTF8 sessions, as long as the message has an ASCII +envelope sender address and all-ASCII header values. The mailing list manager +will have to apply RFC 2047 encoding to satisfy that last condition. + +PPrree--eexxiissttiinngg nnoonn--AASSCCIIII eemmaaiill fflloowwss + +In pre-SMTPUTF8 environments, email with UTF-8 in address localparts (and in +headers) works just fine because the vast majority of email software including +Postfix is perfectly capable of handling such email, even if pre-SMTPUTF8 +standards do not support this. + +Therefore, when Postfix SMTPUTF8 support is turned on, Postfix must not +suddenly start to break pre-existing email flows with UTF-8 in addres +localparts (and in headers). + +Thus, Postfix continues to permit UTF-8 in address localparts (and in headers) +in email from and to pre-SMTPUTF8 systems. At least, that is the default (see +autodetection above). + +BBuuiillddiinngg wwiitthh//wwiitthhoouutt SSMMTTPPUUTTFF88 ssuuppppoorrtt + +Postfix SMTPUTF8 support requires the ICU library. Postfix automatically builds +with SMTPUTF8 support when the library and its header files are installed. To +force Postfix to build without SMTPUTF8, specify: + + $ make makefiles -DNO_EAI ... + +CCrreeddiittss + + * Arnt Gulbrandsen posted his patch for Unicode email support on May 15, + 2014. This work was sponsored by CNNIC. + + * Wietse integrated Arnt Gulbrandsen's code and released Postfix with + SMTPUTF8 support on July 15, 2014. + diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index c743fa2be..adca4c825 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -2028,7 +2028,24 @@ This requires super-user privileges. -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert}" && postconf -e \ "smtpd_tls_cert_file = ${cert}" \ - "smtpd_tls_key_file = ${key}" + "smtpd_tls_key_file = ${key}" \ + 'smtpd_tls_security_level = may' \ + 'smtpd_tls_received_header = yes' \ + 'smtpd_tls_loglevel = 1' \ + 'smtp_tls_security_level = may' \ + 'smtp_tls_loglevel = 1' \ + 'smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache' + \ + 'tls_random_source = dev:/dev/urandom' + +Note: the last command requires both single (') and double (") quotes. + +The postconf(1) command above enables opportunistic TLS for receiving and +sending mail. It also enables logging of TLS connections and recording of TLS +use in the "Received" header. TLS session caching is also enabled in the +Postfix SMTP client. With Postfix >= 2.10, the SMTP server does not need an +explicit session cache since session reuse is better handled via RFC 5077 TLS +session tickets. PPrriivvaattee CCeerrttiiffiiccaattee AAuutthhoorriittyy @@ -2132,6 +2149,7 @@ PPrriivvaattee CCeerrttiiffiiccaattee AAuutthhoorriitt smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache smtp_tls_security_level = may + smtp_tls_loglevel = 1 smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/foo-cert.pem smtpd_tls_key_file = /etc/postfix/foo-key.pem @@ -2140,6 +2158,7 @@ PPrriivvaattee CCeerrttiiffiiccaattee AAuutthhoorriitt btree:/var/lib/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom smtpd_tls_security_level = may + smtpd_tls_loglevel = 1 BBuuiillddiinngg PPoossttffiixx wwiitthh TTLLSS ssuuppppoorrtt diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 6bb54ce32..e8adebce9 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -53,192 +53,13 @@ unexpected attributes. Major changes with snapshot 20140715 ==================================== -Support for Internationalized Email, also known as EAI or SMTPUTF8, -defined in RFC 6531..6533. This supports UTF-8 in SMTP/LMTP sender -addresses, recipient addresses, and message header values. The -implementation is based on initial work by Arnt Gulbrandsen that -was funded by CNNIC. +Support for Email Address Internationalization (EAI) as defined in +RFC 6531..6533. This supports UTF-8 in SMTP/LMTP sender addresses, +recipient addresses, and message header values. The implementation +is based on initial work by Arnt Gulbrandsen that was funded by +CNNIC. -This text describes: -- Compatibility with pre-SMTPUTF8 environments, -- How to enable SMTPUTF8 support, -- How to use SMTPUTF8 support, -- SMTPUTF8 autodetection, -- Limitations of the current implementation. - -Compatibility with pre-SMTPUTF8 environments --------------------------------------------- - -Mailing lists with UTF-8 and non-UTF-8 subscribers - -With Postfix, there is no need to split mailing lists into UTF-8 and -non-UTF-8 members. Postfix will try to deliver the non-UTF8 subscribers -over "traditional" non-SMTPUTF8 sessions, as long as the message -has an ASCII envelope sender address and all-ASCII header values. -The mailing list manager will have to apply RFC 2047 encoding to -satisfy that last condition. - -Pre-existing non-ASCII mail flows - -In pre-SMTPUTF8 environments, mail with UTF-8 in address localparts -(and in headers) works just fine because the vast majority of mail -software including Postfix is perfectly capable of handling such -mail, even if pre-SMTPUTF8 standards do not support this. - -Therefore, when Postfix SMTPUTF8 support is turned on, Postfix must -not suddenly start to break pre-existing mail flows with UTF-8 in -addres localparts (and in headers). - -Thus, Postfix continues to permit UTF-8 in address localparts (and -in headers) in mail from and to pre-SMTPUTF8 systems. At least, -that is the default. - -Enabling Postfix SMTPUTF8 support ---------------------------------- - -By default, SMTPUTF8 support is disabled, and Postfix should work -exactly as it has worked before. - -SMTPUTF8 support is enabled by setting in main.cf: - - smtputf8_enable = yes - -and by issuing the "postfix reload" command. - -With SMTPUTF8 support enabled, Postfix changes behavior as follows: - -- UTF-8 is permitted in the myorigin parameter value. However, the - myhostname and mydomain parameters must specify ASCII-only domain - names. This limitation may be removed later. - -- The Postfix SMTP server announces SMTPUTF8 support in the EHLO - response. - - 250-hostname.example.com - 250-PIPELINING - 250-SIZE 10240000 - 250-VRFY - 250-ETRN - 250-STARTTLS - 250-AUTH PLAIN LOGIN - 250-ENHANCEDSTATUSCODES - 250-8BITMIME - 250-DSN - 250 SMTPUTF8 - -- The Postfix SMTP server accepts the SMTPUTF8 request in MAIL FROM - and VRFY commands. - - MAIL FROM:
SMTPUTF8 - VRFY address SMTPUTF8 - -- The Postfix SMTP client may issue the SMTPUTF8 request in MAIL FROM - commands. - -- UTF-8 is supported anywhere in an email address, not just silently - permitted in the localpart, but only after the client issues MAIL - FROM or VRFY as shown above. - -- UTF-8 was already silently permitted in message header values. - -SMTP-based content filters (Amavisd) and LMTP servers (Dovecot) -will need to be updated to support SMTPUTF8. A notice has been -sent to the respective maintainers. - -Using Postfix SMTPUTF8 support ------------------------------- - -- When the Postfix SMTP server receives a message WITHOUT the - SMTPUTF8 request, Postfix handles the message as it has always - done (at least that is the default, see autodetection below). - Specifically, the Postfix SMTP server does not accept UTF-8 in the - envelope sender domain name or envelope recipient domain name, - and the Postfix SMTP client does not issue the SMTPUTF8 request - when delivering that message an SMTP or LMTP server that announces - SMTPUTF8 support (again, that is the default). - -- When the Postfix SMTP server receives a message WITH the SMTPUTF8 - request, Postfix will issue the SMTPUTF8 request when delivering - that message to an SMTP or LMTP server that announces SMTPUTF8 - support. This is not configurable. - -- When a message is received with the SMTPUTF8 request, Postfix - will deliver the message to a non-SMTPUTF8 server ONLY if: - - - No message header value contains UTF-8. - - - The envelope sender address contains no UTF-8, - - - No envelope recipient address for that specific SMTP/LMTP - delivery transaction contains UTF-8. - - NOTE: Recipients in other mail delivery transactions for - that same message may still contain UTF-8. - - Otherwise, Postfix will return the recipient(s) for that mail - delivery transaction as undeliverable. The delivery status - notification message will be subject to the same restrictions - as mail that is received with the SMTPUTF8 request. - -- When the Postfix SMTP server receives a message with the SMTPUTF8 - request, that request also applies after the message is forwarded - via a virtual or local alias, or $HOME/.forward file. - -SMTPUTF8 autodetection ----------------------- - -By default, Postfix sets the "SMTPUTF8 requested" bit on address -verification probes and on Postfix sendmail submissions that contain -UTF-8 in the sender address, UTF-8 in a recipient address, or UTF-8 -in a message header value. - - smtputf8_autodetect_classes = sendmail, verify - -This will suffice for the vast majority of sites. It minimizes the -chances of accidentally setting the "SMTPUTF8 requested" bit on a -message from a non-SMTPUTF8 client, thereby making that message -undeliverable to a non-SMTPUTF8 server as discussed above. Remember, -once a message is flagged as "SMTPUTF8 requested", the Postfix SMTP -client may not be able to deliver it to a non-SMTPUTF8 server. - -However, if you have a non-ASCII myorigin or mydomain setting, or -if you have virtual aliases, canonical mappings, or BCC mappings -that introduce UTF-8 addresses, then you may have to apply SMTPUTF8 -autodetection to all mail: - - smtputf8_autodetect_classes = all - -This will, of course, also flag mail that was received without -SMTPUTF8 request, but that contains UTF-8 in a sender address -localpart, receiver address localpart, or message header value. -Such mail was not standards-compliant, but Postfix would have -delivered it if SMTPUTF8 support was disabled. - -Limitations of Postfix SMTPUTF8 support ---------------------------------------- - -"Internationalized" domain names can appear in two forms: the UTF-8 -form, and the ASCII (xn--mumble) form. - -No characterset canonicalization for non-ASCII domain names. - -Postfix currently does not translate domain names from UTF-8 into -ASCII (or ASCII into UTF-8) before looking up the domain name in -mydestination, relay_domains, access tables, etc., before logging -the domain name, or before using the domain name in a policy daemon -or Milter request. You will have to configure both UTF-8 and ASCII -forms in Postfix configuration files; and both forms will have to -be handled by logfile tools, policy daemons and Milters. - -No case canonicalization for non-ASCII characters. - -Postfix currently does not case-fold non-ASCII characters when -looking up an "Internationalized" domain name in mydestination, -relay_domains, access maps, etc. Some non-ASCII scripts do not -distinguish between upper and lower case, some have different numbers -of upper and lower case characters, and reportedly some even have -title case in addition to upper and lower case (at this time it -is unclear if those will ever be used in email addresses, though). +See SMTPUTF8_README for a description of Postfix SMTPUTF8 support. Major changes with snapshot 20140703 ==================================== diff --git a/postfix/WISHLIST b/postfix/WISHLIST index dffb68ea2..ecde9e3e7 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -13,6 +13,11 @@ Wish list: Table-driven case folding and case-insensitive string comparison specifically for UTF-8. + The postfix-mumble@postfix.org list manager sends list mail + with ORCPT=rfc822;postfix-mumble-outgoing. The local + delivery agent drops the ORCPT when the alias has an + owner-alias, so what is going on here? + When downgrading message/global to 7bit, is quoted-printable the appropriate encoding? Should it be base64? diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html index 37b374740..1e135ba2d 100644 --- a/postfix/html/SASL_README.html +++ b/postfix/html/SASL_README.html @@ -34,7 +34,7 @@ mail to remote destinations when the client's IP address is in the

SMTP clients outside the SMTP server's network need a different way to get "same network" privileges. To address this need, Postfix -supports SASL authentication (RFC 4954, formerly RFC 2554). With +supports SASL authentication (RFC 4954, formerly RFC 2554). With this a remote SMTP client can authenticate to the Postfix SMTP server, and the Postfix SMTP client can authenticate to a remote SMTP server. Once a client is authenticated, a server can give it @@ -1564,7 +1564,7 @@ encoded authentication information:

The mmencode command is part of the metamail software.

-

  • Using Perl MIME::Base64:

    +

  • Using Perl MIME::Base64 (from http://www.cpan.org/): 

    @@ -1573,7 +1573,7 @@ software.
    -

    MIME::Base64 is available from http://www.cpan.org/.

    +

    If the username or password contain "@", you must specify "\@".

  • Using the gen-auth script:

    diff --git a/postfix/html/SMTPD_PROXY_README.html b/postfix/html/SMTPD_PROXY_README.html index 06bfcaa29..17dc7c2b6 100644 --- a/postfix/html/SMTPD_PROXY_README.html +++ b/postfix/html/SMTPD_PROXY_README.html @@ -199,8 +199,8 @@ usual.

    The content filter itself is not described here. You can use any filter that is SMTP enabled. For non-SMTP capable content filtering software, Bennett Todd's SMTP proxy implements a nice -PERL/SMTP content filtering framework. See: -http://bent.latency.net/smtpprox/.

    +Perl-based framework. See: http://bent.latency.net/smtpprox/ or +https://github.com/jnorell/smtpprox.

    diff --git a/postfix/html/SMTPUTF8_README.html b/postfix/html/SMTPUTF8_README.html new file mode 100644 index 000000000..74f48a42c --- /dev/null +++ b/postfix/html/SMTPUTF8_README.html @@ -0,0 +1,303 @@ + + + + + + +Postfix SMTPUTF8 support + + + + + + + +

    +Postfix SMTPUTF8 support +

    + +
    + +

    Overview

    + +

    This document describes Postfix support for Email Address +Internationalization (EAI) as defined in RFC 6531 (SMTPUTF8 extension), +RFC 6532 (Internationalized email headers) and RFC 6533 (Internationalized +delivery status notifications). Introduced with Postfix version +2.12, this fully supports UTF-8 email addresses and UTF-8 message +header values.

    + +

    Topics covered in this document:

    + + + +

    Enabling Postfix SMTPUTF8 support

    + +

    By default, Postfix SMTPUTF8 support is disabled. Thus, Postfix +should work exactly as it has worked before SMTPUTF8 support was +implemented.

    + +

    Before turning on SMTPUTF8 support in Postfix, you need to +verify that the rest of your email infrastructure can handle UTF-8 +email addresses and message header values, including SMTPUTF8 +protocol support in SMTP-based content filters (Amavisd), LMTP +servers (Dovecot), and down-stream SMTP servers.

    + +

    SMTPUTF8 support is enabled by setting the smtputf8_enable +parameter in main.cf:

    + +
    +
    +# postconf "smtputf8_enable = yes"
+# postfix reload
+
    +
    + +

    With SMTPUTF8 support enabled, Postfix changes behavior as follows:

    + +
      + +

    • UTF-8 is permitted in the myorigin parameter value. However, +the myhostname and mydomain parameters must specify ASCII-only +domain names. This limitation may be removed later.

      + +

    • The Postfix SMTP server announces SMTPUTF8 support in the +EHLO response.

      + +
      +220 server.example.com ESMTP Postfix
+EHLO client.example.com
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-VRFY
+250-ETRN
+250-STARTTLS
+250-AUTH PLAIN LOGIN
+250-ENHANCEDSTATUSCODES
+250-8BITMIME
+250-DSN
+250 SMTPUTF8
+
      + +

    • The Postfix SMTP server accepts the SMTPUTF8 request in +MAIL FROM and VRFY commands.

      + +
      +MAIL FROM:<address> SMTPUTF8 ...
+
+VRFY address SMTPUTF8
+
      + +

    • The Postfix SMTP client may issue the SMTPUTF8 request in +MAIL FROM commands.

      + +

    • Postfix already permitted UTF-8 in message header values +and in address localparts. This does not change.

      + +

    • The Postfix SMTP server accepts UTF-8 in email address +domains, but only after the remote SMTP client client issues the +SMTPUTF8 request in MAIL FROM or VRFY commands.

      + +
    + +

    Using Postfix SMTPUTF8 support

    + +

    After Postfix SMTPUTF8 support is turned on, Postfix behavior +will depend on 1) whether a remote SMTP client requests SMTPUTF8 +support, 2) the presence of UTF-8 content in the message envelope +and headers, and 3) whether a down-stream SMTP (or LMTP) server +announces SMTPUTF8 support.

    + +
      + +

    • When the Postfix SMTP server receives a message WITHOUT +the SMTPUTF8 request, Postfix handles the message as it has always +done (at least that is the default, see autodetection below). +Specifically, the Postfix SMTP server does not accept UTF-8 in the +envelope sender domain name or envelope recipient domain name, and +the Postfix SMTP client does not issue the SMTPUTF8 request when +delivering that message an SMTP or LMTP server that announces +SMTPUTF8 support (again, that is the default). Postfix will accept +UTF-8 in message header values and in the localpart of envelope +sender and recipient addresses, because it has always done that. +

      + +

    • When the Postfix SMTP server receives a message WITH the +SMTPUTF8 request, Postfix will issue the SMTPUTF8 request when +delivering that message to an SMTP or LMTP server that announces +SMTPUTF8 support. This is not configurable.

      + +

    • When a message is received with the SMTPUTF8 request, +Postfix will deliver the message to a non-SMTPUTF8 SMTP or LMTP +server ONLY if:

      + +
        + +

      • No message header value contains UTF-8.

        + +

      • The envelope sender address contains no UTF-8,

        + +

      • No envelope recipient address for that specific + SMTP/LMTP delivery transaction contains UTF-8.

        + +

        NOTE: Recipients in other email delivery + transactions for that same message may still contain UTF-8. +

        + +
      + +

      Otherwise, Postfix will return the recipient(s) for that + email delivery transaction as undeliverable. The delivery status + notification message will be an SMTPUTF8 message. It will therefore + be subject to the same restrictions as email that is received + with the SMTPUTF8 request.

      + +

    • When the Postfix SMTP server receives a message with the +SMTPUTF8 request, that request also applies after the message is +forwarded via a virtual or local alias, or $HOME/.forward file. +

      + +
    + +

    SMTPUTF8 autodetection

    + +

    This section applies only to systems that have SMTPUTF8 support +turned on (smtputf8_enable = yes).

    + +

    For compatibility with pre-SMTPUTF8 environments, Postfix does +not automatically set the "SMTPUTF8 requested" flag on messages +from non-SMTPUTF8 clients that contain an UTF-8 header value or +UTF-8 address localpart. This would make such messages undeliverable +to non-SMTPUTF8 servers, and could be a barrier to SMTPUTF8 adoption. +

    + +

    By default, Postfix sets the "SMTPUTF8 requested" flag only on +address verification probes and on Postfix sendmail submissions +that contain UTF-8 in the sender address, UTF-8 in a recipient +address, or UTF-8 in a message header value.

    + +
    +
    +/etc/postfix/main.cf:
+    smtputf8_autodetect_classes = sendmail, verify
+
    +
    + +

    However, if you have a non-ASCII myorigin or mydomain setting, +or if you have a configuration that introduces UTF-8 addresses with +virtual aliases, canonical mappings, or BCC mappings, then you may +have to apply SMTPUTF8 autodetection to all email:

    + +
    +
    +/etc/postfix/main.cf:
+    smtputf8_autodetect_classes = all
+
    +
    + +

    This will, of course, also flag email that was received without +SMTPUTF8 request, but that contains UTF-8 in a sender address +localpart, receiver address localpart, or message header value. +Such email was not standards-compliant, but Postfix would have +delivered it if SMTPUTF8 support was disabled.

    + +

    Limitations of the current implementation +

    + +

    "Internationalized" domain names can appear in two forms: the +UTF-8 form, and the ASCII (xn--mumble) form.

    + +

    No characterset canonicalization for non-ASCII domain names. +

    + +

    Postfix currently does not translate domain names from UTF-8 +into ASCII (or ASCII into UTF-8) before looking up the domain name +in mydestination, relay_domains, access tables, etc., before logging +the domain name, or before using the domain name in a policy daemon +or Milter request. You will have to configure both UTF-8 and ASCII +forms in Postfix configuration files; and both forms will have to +be handled by logfile tools, policy daemons and Milters.

    + +

    No case canonicalization for non-ASCII characters.

    + +

    Postfix currently does not case-fold non-ASCII characters when +looking up an "Internationalized" domain name in mydestination, +relay_domains, access maps, etc. Some non-ASCII scripts do not +distinguish between upper and lower case, some have different numbers +of upper and lower case characters.

    + +

    Compatibility with pre-SMTPUTF8 +environments

    + +

    Mailing lists with UTF-8 and non-UTF-8 subscribers

    + +

    With Postfix, there is no need to split mailing lists into UTF-8 and +non-UTF-8 members. Postfix will try to deliver the non-UTF8 subscribers +over "traditional" non-SMTPUTF8 sessions, as long as the message +has an ASCII envelope sender address and all-ASCII header values. +The mailing list manager will have to apply RFC 2047 encoding to +satisfy that last condition.

    + +

    Pre-existing non-ASCII email flows

    + +

    In pre-SMTPUTF8 environments, email with UTF-8 in address +localparts (and in headers) works just fine because the vast majority +of email software including Postfix is perfectly capable of handling +such email, even if pre-SMTPUTF8 standards do not support this.

    + +

    Therefore, when Postfix SMTPUTF8 support is turned on, Postfix +must not suddenly start to break pre-existing email flows with UTF-8 +in addres localparts (and in headers).

    + +

    Thus, Postfix continues to permit UTF-8 in address localparts +(and in headers) in email from and to pre-SMTPUTF8 systems. At +least, that is the default (see autodetection above).

    + +

    Building with/without SMTPUTF8 support +

    + +

    Postfix SMTPUTF8 support requires the ICU library. Postfix +automatically builds with SMTPUTF8 support when the library and +its header files are installed. To force Postfix to build without +SMTPUTF8, specify:

    + +
    +
    +$ make makefiles -DNO_EAI ...
+
    +
    + +

    Credits

    + +
      + +

    • Arnt Gulbrandsen posted his patch for Unicode email support +on May 15, 2014. This work was sponsored by CNNIC.

      + +

    • Wietse integrated Arnt Gulbrandsen's code and released +Postfix with SMTPUTF8 support on July 15, 2014.

      + +
    + + + + + diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 0a9d6699b..2548b9f57 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -2658,10 +2658,28 @@ the local Postfix system. This requires super-user privileges.

    -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert}" && postconf -e \ "smtpd_tls_cert_file = ${cert}" \ - "smtpd_tls_key_file = ${key}" + "smtpd_tls_key_file = ${key}" \ + 'smtpd_tls_security_level = may' \ + 'smtpd_tls_received_header = yes' \ + 'smtpd_tls_loglevel = 1' \ + 'smtp_tls_security_level = may' \ + 'smtp_tls_loglevel = 1' \ + 'smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache' \ + 'tls_random_source = dev:/dev/urandom'
    +

    Note: the last command requires both single (') and double (") +quotes.

    + +

    The postconf(1) command above enables opportunistic TLS for +receiving and sending mail. It also enables logging of TLS connections +and recording of TLS use in the "Received" header. TLS session +caching is also enabled in the Postfix SMTP client. With Postfix +≥ 2.10, the SMTP server does not need an explicit session cache +since session reuse is better handled via RFC 5077 TLS session +tickets.

    +

    Private Certificate Authority

      @@ -2785,6 +2803,7 @@ but don't require them from all clients.

      smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache smtp_tls_security_level = may + smtp_tls_loglevel = 1 smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/foo-cert.pem smtpd_tls_key_file = /etc/postfix/foo-key.pem @@ -2793,6 +2812,7 @@ but don't require them from all clients.

      btree:/var/lib/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom smtpd_tls_security_level = may + smtpd_tls_loglevel = 1 diff --git a/postfix/html/flush.8.html b/postfix/html/flush.8.html index be939188f..2921c0263 100644 --- a/postfix/html/flush.8.html +++ b/postfix/html/flush.8.html @@ -20,12 +20,12 @@ FLUSH(8) FLUSH(8) process manager. The record is implemented as a per-destination logfile with as contents - the queue IDs of deferred mail. A logfile is append-only, and is trun- + the queue IDs of deferred mail. A logfile is append-only, and is trun‐ cated when delivery is requested for the corresponding destination. A destination is the part on the right-hand side of the right-most @ in an email address. - Per-destination logfiles of deferred mail are maintained only for eli- + Per-destination logfiles of deferred mail are maintained only for eli‐ gible destinations. The list of eligible destinations is specified with the fast_flush_domains configuration parameter, which defaults to $relay_domains. @@ -37,7 +37,7 @@ FLUSH(8) FLUSH(8) queue ID is queued for the specified destination. send_site sitename - Request delivery of mail that is queued for the specified desti- + Request delivery of mail that is queued for the specified desti‐ nation. send_file queueid @@ -67,7 +67,7 @@ FLUSH(8) FLUSH(8) Fast flush logfiles are truncated only after a "send" request, not when mail is actually delivered, and therefore can accumulate outdated or redundant data. In order to maintain sanity, "refresh" must be executed - periodically. This can be automated with a suitable wakeup timer set- + periodically. This can be automated with a suitable wakeup timer set‐ ting in the master.cf configuration file. Upon receipt of a request to deliver mail for an eligible destination, @@ -86,7 +86,7 @@ FLUSH(8) FLUSH(8) more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con‐ figuration files. daemon_timeout (18000s) @@ -94,7 +94,7 @@ FLUSH(8) FLUSH(8) request before it is terminated by a built-in watchdog timer. fast_flush_domains ($relay_domains) - Optional list of destinations that are eligible for per-destina- + Optional list of destinations that are eligible for per-destina‐ tion logfiles with mail that is queued to those destinations. fast_flush_refresh_time (12h) @@ -102,7 +102,7 @@ FLUSH(8) FLUSH(8) "fast flush" logfile needs to be refreshed. fast_flush_purge_time (7d) - The time after which an empty per-destination "fast flush" log- + The time after which an empty per-destination "fast flush" log‐ file is deleted. ipc_timeout (3600s) @@ -118,8 +118,9 @@ FLUSH(8) FLUSH(8) process will service before terminating voluntarily. parent_domain_matches_subdomains (see 'postconf -d' output) - What Postfix features match subdomains of "domain.tld" automati- - cally, instead of requiring an explicit ".domain.tld" pattern. + A list of Postfix features where the pattern "example.com" also + matches subdomains of example.com, instead of requiring an + explicit ".example.com" pattern. process_id (read-only) The process ID of a Postfix command or daemon process. @@ -134,8 +135,8 @@ FLUSH(8) FLUSH(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post‐ fix/smtpd". FILES diff --git a/postfix/html/index.html b/postfix/html/index.html index f758afdb3..892f06a78 100644 --- a/postfix/html/index.html +++ b/postfix/html/index.html @@ -46,7 +46,9 @@ configuration examples
    • IP Version 6 Support -
    • Multiple-instance management +
    • IP Version 6 Support + +
    • SMTPUTF8 support
    • Installation from source code diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 8af0a3cce..9a714e7b1 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -1721,8 +1721,9 @@ by the amount specified in $debug_pee patterns or "type:table" lookup tables. The right-hand side result from "type:table" lookups is ignored.

      -

      Pattern matching of domain names is controlled by the -parent_domain_matches_subdomains parameter.

      +

      Pattern matching of domain names is controlled by the presence +or absence of "debug_peer_list" in the parent_domain_matches_subdomains +parameter value.

      Examples: @@ -3214,6 +3215,10 @@ Continue long lines by starting the next line with whitespace. A lookup table is matched when the domain or its parent domain appears as lookup key.

      +

      Pattern matching of domain names is controlled by the presence +or absence of "fast_flush_domains" in the parent_domain_matches_subdomains +parameter value.

      +

      Specify "fast_flush_domains =" (i.e., empty) to disable the feature altogether. @@ -6815,7 +6820,11 @@ first match. Specify "!pattern" to exclude an address or network block from the list. The form "!/file/name" is supported only in Postfix version 2.4 and later.

      -

      Note: IP version 6 address information must be specified inside +

      Note 1: Pattern matching of domain names is controlled by the +or absence of "mynetworks" in the parent_domain_matches_subdomains +parameter value.

      + +

      Note 2: IP version 6 address information must be specified inside [] in the mynetworks value, and in files specified with "/file/name". IP version 6 addresses contain the ":" character, and would otherwise be confused with a "type:table" pattern.

      @@ -7051,13 +7060,50 @@ mailing lists. (default: see "postconf -d" output)

      -What Postfix features match subdomains of "domain.tld" automatically, -instead of requiring an explicit ".domain.tld" pattern. This is +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. This is planned backwards compatibility: eventually, all Postfix features -are expected to require explicit ".domain.tld" style patterns when +are expected to require explicit ".example.com" style patterns when you really want to match subdomains.

      +

      The following Postfix feature names are supported.

      + +
      + +
      Postfix version 1.0 and later
      + +
      +debug_peer_list, +fast_flush_domains, +mynetworks, +permit_mx_backup_networks, +relay_domains, +transport_maps +
      + +
      Postfix version 1.1 and later
      + +
      +qmqpd_authorized_clients, +smtpd_access_maps, +
      + +
      Postfix version 2.8 and later
      + +
      +postscreen_access_list +
      + +
      Postfix version 2.12 and later
      + +
      +smtpd_client_event_limit_exceptions +
      + +
      +
      @@ -7070,6 +7116,10 @@ only domains whose primary MX hosts match the listed networks. The parameter value syntax is the same as with the mynetworks parameter; note, however, that the default value is empty.

      +

      Pattern matching of domain names is controlled by the presence +or absence of "permit_mx_backup_networks" in the +parent_domain_matches_subdomains parameter value.

      + @@ -7165,7 +7215,9 @@ upon the first command that fires for the client IP address.

      terminate the search if the client IP address matches $mynetworks. Do not subject the client to any before/after 220 greeting tests. Pass the connection immediately to a Postfix SMTP server process. - +
      Pattern matching of domain names is controlled by the presence +or absence of "postscreen_access_list" in the +parent_domain_matches_subdomains parameter value.
      type:table
      Query the specified lookup table. Each table lookup result is an access list, except that @@ -8405,6 +8457,10 @@ exclamation point (!). The form "!/file/name" is supported only in Postfix version 2.4 and later.

      +

      Pattern matching of domain names is controlled by the presence +or absence of "qmqpd_authorized_clients" in the +parent_domain_matches_subdomains parameter value.

      +

      Example:

      @@ -8915,8 +8971,7 @@ into concurrency per recipient.

      (default: $mydestination)

      What destination domains (and subdomains thereof) this system -will relay mail to. Subdomain matching is controlled with the -parent_domain_matches_subdomains parameter. For details about how +will relay mail to. For details about how the relay_domains value is used, see the description of the permit_auth_destination and reject_unauth_destination SMTP recipient restrictions.

      @@ -8940,6 +8995,10 @@ key. Specify "!pattern" to exclude a domain from the list. The form "!/file/name" is supported only in Postfix version 2.4 and later.

      +

      Pattern matching of domain names is controlled by the presence +or absence of "relay_domains" in the parent_domain_matches_subdomains +parameter value.

      +
      @@ -12846,6 +12905,11 @@ in files specified with "/file/name". IP version 6 addresses contain the ":" character, and would otherwise be confused with a "type:table" pattern.

      +

      Pattern matching of domain names is controlled by the presence +or absence of "smtpd_client_event_limit_exceptions" in the +parent_domain_matches_subdomains parameter value (postfix 2.12 and +later).

      +

      This feature is available in Postfix 2.2 and later.

      @@ -18026,6 +18090,10 @@ until a match is found. If you use this feature with local files, run "postmap /etc/postfix/transport" after making a change.

      +

      Pattern matching of domain names is controlled by the presence +or absence of "transport_maps" in the parent_domain_matches_subdomains +parameter value.

      +

      For safety reasons, as of Postfix 2.3 this feature does not allow $number substitutions in regular expression maps.

      diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 4842b0153..522295d07 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -908,49 +908,50 @@ SMTPD(8) SMTPD(8) $smtpd_helo_restrictions. parent_domain_matches_subdomains (see 'postconf -d' output) - What Postfix features match subdomains of "domain.tld" automati‐ - cally, instead of requiring an explicit ".domain.tld" pattern. + A list of Postfix features where the pattern "example.com" also + matches subdomains of example.com, instead of requiring an + explicit ".example.com" pattern. smtpd_client_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client connection request. smtpd_helo_required (no) - Require that a remote SMTP client introduces itself with the - HELO or EHLO command before sending the MAIL command or other + Require that a remote SMTP client introduces itself with the + HELO or EHLO command before sending the MAIL command or other commands that require EHLO negotiation. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client MAIL FROM command. smtpd_recipient_restrictions (see 'postconf -d' output) - Optional restrictions that the Postfix SMTP server applies in - the context of a client RCPT TO command, after + Optional restrictions that the Postfix SMTP server applies in + the context of a client RCPT TO command, after smtpd_relay_restrictions. smtpd_etrn_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client ETRN command. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients to destina‐ + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destina‐ tions matching $relay_domains. smtpd_restriction_classes (empty) User-defined aliases for groups of access restrictions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables instead of + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) - Restrict the use of the permit_mx_backup SMTP access feature to + Restrict the use of the permit_mx_backup SMTP access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: @@ -960,19 +961,19 @@ SMTPD(8) SMTPD(8) applies in the context of the SMTP DATA command. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of RBL reply + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail from unknown - sender addresses, even when no explicit reject_unlisted_sender + Request that the Postfix SMTP server rejects mail from unknown + sender addresses, even when no explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail for unknown - recipient addresses, even when no explicit + Request that the Postfix SMTP server rejects mail for unknown + recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. Available in Postfix version 2.2 and later: @@ -986,17 +987,17 @@ SMTPD(8) SMTPD(8) smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination) Access restrictions for mail relay control that the Postfix SMTP - server applies in the context of the RCPT TO command, before + server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient address verifica‐ + Postfix version 2.1 introduces sender and recipient address verifica‐ tion. This feature is implemented by sending probe email messages that are not actually delivered. This feature is requested via the - reject_unverified_sender and reject_unverified_recipient access - restrictions. The status of verification probes is maintained by the - verify(8) server. See the file ADDRESS_VERIFICATION_README for infor‐ - mation about how to configure and operate the Postfix sender/recipient + reject_unverified_sender and reject_unverified_recipient access + restrictions. The status of verification probes is maintained by the + verify(8) server. See the file ADDRESS_VERIFICATION_README for infor‐ + mation about how to configure and operate the Postfix sender/recipient address verification service. address_verify_poll_count (normal: 3, overload: 1) @@ -1008,7 +1009,7 @@ SMTPD(8) SMTPD(8) fication request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification probes; prior + The sender address to use in address verification probes; prior to Postfix 2.5 the default was "postmaster". unverified_sender_reject_code (450) @@ -1016,18 +1017,18 @@ SMTPD(8) SMTPD(8) address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a recipient - address is rejected by the reject_unverified_recipient restric‐ + The numerical Postfix SMTP server response when a recipient + address is rejected by the reject_unverified_recipient restric‐ tion. Available in Postfix version 2.6 and later: unverified_sender_defer_code (450) - The numerical Postfix SMTP server response code when a sender + The numerical Postfix SMTP server response code when a sender address probe fails due to a temporary error condition. unverified_recipient_defer_code (450) - The numerical Postfix SMTP server response when a recipient + The numerical Postfix SMTP server response when a recipient address probe fails due to a temporary error condition. unverified_sender_reject_reason (empty) @@ -1039,17 +1040,17 @@ SMTPD(8) SMTPD(8) reject_unverified_recipient. unverified_sender_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_sender + The Postfix SMTP server's action when reject_unverified_sender fails due to a temporary error condition. unverified_recipient_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_recipi‐ + The Postfix SMTP server's action when reject_unverified_recipi‐ ent fails due to a temporary error condition. Available with Postfix 2.9 and later: address_verify_sender_ttl (0s) - The time between changes in the time-dependent portion of + The time between changes in the time-dependent portion of address verification probe sender addresses. ACCESS CONTROL RESPONSES @@ -1061,63 +1062,63 @@ SMTPD(8) SMTPD(8) map "reject" action. defer_code (450) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code when the client - HELO or EHLO command parameter is rejected by the + The numerical Postfix SMTP server response code when the client + HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_rbl_client, + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or reject_rhsbl_recipient restriction. non_fqdn_reject_code (504) - The numerical Postfix SMTP server reply code when a client - request is rejected by the reject_non_fqdn_helo_hostname, + The numerical Postfix SMTP server reply code when a client + request is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code when a request + The numerical Postfix SMTP server response code when a request is rejected by the reject_plaintext_session restriction. reject_code (554) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code when a client - request is rejected by the reject_unauth_destination recipient + The numerical Postfix SMTP server response code when a client + request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) The numerical Postfix SMTP server response code when a sender or - recipient address is rejected by the - reject_unknown_sender_domain or reject_unknown_recipient_domain + recipient address is rejected by the + reject_unknown_sender_domain or reject_unknown_recipient_domain restriction. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code when a client - without valid address <=> name mapping is rejected by the + The numerical Postfix SMTP server response code when a client + without valid address <=> name mapping is rejected by the reject_unknown_client_hostname restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code when the host‐ - name specified with the HELO or EHLO command is rejected by the + The numerical Postfix SMTP server response code when the host‐ + name specified with the HELO or EHLO command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default Postfix SMTP server response template for a request + The default Postfix SMTP server response template for a request that is rejected by an RBL-based restriction. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_multi_recipi‐ + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_multi_recipi‐ ent_bounce restriction. rbl_reply_maps (empty) @@ -1127,52 +1128,52 @@ SMTPD(8) SMTPD(8) access_map_defer_code (450) The numerical Postfix SMTP server response code for an access(5) - map "defer" action, including "defer_if_permit" or + map "defer" action, including "defer_if_permit" or "defer_if_reject". reject_tempfail_action (defer_if_permit) - The Postfix SMTP server's action when a reject-type restriction + The Postfix SMTP server's action when a reject-type restriction fails due to a temporary error condition. unknown_helo_hostname_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unknown_helo_host‐ + The Postfix SMTP server's action when reject_unknown_helo_host‐ name fails due to an temporary error condition. unknown_address_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when - reject_unknown_sender_domain or reject_unknown_recipient_domain + The Postfix SMTP server's action when + reject_unknown_sender_domain or reject_unknown_recipient_domain fail due to a temporary error condition. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con‐ + The default location of the Postfix main.cf and master.cf con‐ figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) The location of all postfix administrative commands. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that are gener‐ + The sender address of postmaster notifications that are gener‐ ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. mail_name (Postfix) - The mail system name that is displayed in Received: headers, in + The mail system name that is displayed in Received: headers, in the SMTP greeting banner, and in bounced mail. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1183,11 +1184,11 @@ SMTPD(8) SMTPD(8) The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" remote SMTP clients that have more privi‐ + The list of "trusted" remote SMTP clients that have more privi‐ leges than "strangers". myorigin ($myhostname) - The domain name that locally-posted mail appears to come from, + The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. process_id (read-only) @@ -1200,26 +1201,26 @@ SMTPD(8) SMTPD(8) The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name from its - extension (example: user+foo), or a .forward file name from its + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its extension (example: .forward+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the SMTP greeting + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post‐ + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post‐ fix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT, GET, POST) - List of commands that cause the Postfix SMTP server to immedi‐ + List of commands that cause the Postfix SMTP server to immedi‐ ately terminate the session with a 221 code. Available in Postfix version 2.5 and later: diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index 23a7e52fb..5503f3ecd 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -26,9 +26,9 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) strip source routed addresses (@site,@site:user@domain) to user@domain form. - remote Append the domain name specified with $remote_header_re- - write_domain to incomplete addresses. Otherwise the - result is identical to that of the local address rewrit- + remote Append the domain name specified with $remote_header_re‐‐ + write_domain to incomplete addresses. Otherwise the + result is identical to that of the local address rewrit‐ ing context. This prevents Postfix from appending the local domain to spam from poorly written remote clients. @@ -41,11 +41,11 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) entry in the master.cf file. nexthop - The host to send to and optional delivery method informa- + The host to send to and optional delivery method informa‐ tion. recipient - The envelope recipient address that is passed on to nex- + The envelope recipient address that is passed on to nex‐ thop. flags The address class, whether the address requires relaying, @@ -160,107 +160,108 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) default_transport (smtp) The default mail delivery transport and next-hop destination for destinations that do not match $mydestination, $inet_interfaces, - $proxy_interfaces, $virtual_alias_domains, $virtual_mail- - box_domains, or $relay_domains. + $proxy_interfaces, $virtual_alias_domains, $virtual_mail‐ + box_domains, or $relay_domains. parent_domain_matches_subdomains (see 'postconf -d' output) - What Postfix features match subdomains of "domain.tld" automati- - cally, instead of requiring an explicit ".domain.tld" pattern. + A list of Postfix features where the pattern "example.com" also + matches subdomains of example.com, instead of requiring an + explicit ".example.com" pattern. relayhost (empty) - The next-hop destination of non-local mail; overrides non-local + The next-hop destination of non-local mail; overrides non-local domains in recipient addresses. transport_maps (empty) - Optional lookup tables with mappings from recipient address to + Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). Available in Postfix version 2.3 and later: sender_dependent_relayhost_maps (empty) - A sender-dependent override for the global relayhost parameter + A sender-dependent override for the global relayhost parameter setting. Available in Postfix version 2.5 and later: empty_address_relayhost_maps_lookup_key (<>) - The sender_dependent_relayhost_maps search string that will be + The sender_dependent_relayhost_maps search string that will be used instead of the null sender address. Available in Postfix version 2.7 and later: empty_address_default_transport_maps_lookup_key (<>) - The sender_dependent_default_transport_maps search string that + The sender_dependent_default_transport_maps search string that will be used instead of the null sender address. sender_dependent_default_transport_maps (empty) - A sender-dependent override for the global default_transport + A sender-dependent override for the global default_transport parameter setting. ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient address verifica- + Postfix version 2.1 introduces sender and recipient address verifica‐ tion. This feature is implemented by sending probe email messages that - are not actually delivered. By default, address verification probes - use the same route as regular mail. To override specific aspects of + are not actually delivered. By default, address verification probes + use the same route as regular mail. To override specific aspects of message routing for address verification probes, specify one or more of the following: address_verify_local_transport ($local_transport) - Overrides the local_transport parameter setting for address ver- + Overrides the local_transport parameter setting for address ver‐ ification probes. address_verify_virtual_transport ($virtual_transport) - Overrides the virtual_transport parameter setting for address + Overrides the virtual_transport parameter setting for address verification probes. address_verify_relay_transport ($relay_transport) - Overrides the relay_transport parameter setting for address ver- + Overrides the relay_transport parameter setting for address ver‐ ification probes. address_verify_default_transport ($default_transport) - Overrides the default_transport parameter setting for address + Overrides the default_transport parameter setting for address verification probes. address_verify_relayhost ($relayhost) - Overrides the relayhost parameter setting for address verifica- + Overrides the relayhost parameter setting for address verifica‐ tion probes. address_verify_transport_maps ($transport_maps) - Overrides the transport_maps parameter setting for address veri- + Overrides the transport_maps parameter setting for address veri‐ fication probes. Available in Postfix version 2.3 and later: - address_verify_sender_dependent_relayhost_maps ($sender_depen- - dent_relayhost_maps) - Overrides the sender_dependent_relayhost_maps parameter setting + address_verify_sender_dependent_relayhost_maps ($sender_depen‐‐ + dent_relayhost_maps) + Overrides the sender_dependent_relayhost_maps parameter setting for address verification probes. Available in Postfix version 2.7 and later: - address_verify_sender_dependent_default_transport_maps ($sender_depen- - dent_default_transport_maps) - Overrides the sender_dependent_default_transport_maps parameter + address_verify_sender_dependent_default_transport_maps ($sender_depen‐‐ + dent_default_transport_maps) + Overrides the sender_dependent_default_transport_maps parameter setting for address verification probes. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con‐ figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. empty_address_recipient (MAILER-DAEMON) The recipient of mail addressed to the null address. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -281,21 +282,21 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) The location of the Postfix top-level queue directory. show_user_unknown_table_name (yes) - Display the name of the recipient table in the "User unknown" + Display the name of the recipient table in the "User unknown" responses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post‐ fix/smtpd". Available in Postfix version 2.0 and later: helpful_warnings (yes) - Log warnings about problematic configuration settings, and pro- + Log warnings about problematic configuration settings, and pro‐ vide helpful suggestions. SEE ALSO diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 50471fc47..73ba99ed2 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -994,8 +994,9 @@ Specify domain names, network/netmask patterns, "/file/name" patterns or "type:table" lookup tables. The right-hand side result from "type:table" lookups is ignored. .PP -Pattern matching of domain names is controlled by the -parent_domain_matches_subdomains parameter. +Pattern matching of domain names is controlled by the presence +or absence of "debug_peer_list" in the parent_domain_matches_subdomains +parameter value. .PP Examples: .PP @@ -1959,6 +1960,10 @@ Continue long lines by starting the next line with whitespace. A lookup table is matched when the domain or its parent domain appears as lookup key. .PP +Pattern matching of domain names is controlled by the presence +or absence of "fast_flush_domains" in the parent_domain_matches_subdomains +parameter value. +.PP Specify "fast_flush_domains =" (i.e., empty) to disable the feature altogether. .SH fast_flush_purge_time (default: 7d) @@ -4071,7 +4076,11 @@ first match. Specify "!pattern" to exclude an address or network block from the list. The form "!/file/name" is supported only in Postfix version 2.4 and later. .PP -Note: IP version 6 address information must be specified inside +Note 1: Pattern matching of domain names is controlled by the +or absence of "mynetworks" in the parent_domain_matches_subdomains +parameter value. +.PP +Note 2: IP version 6 address information must be specified inside [] in the mynetworks value, and in files specified with "/file/name". IP version 6 addresses contain the ":" character, and would otherwise be confused with a "type:table" pattern. @@ -4227,16 +4236,42 @@ address localparts: don't split such addresses when the recipient_delimiter is set to "-". This feature is useful for mailing lists. .SH parent_domain_matches_subdomains (default: see "postconf -d" output) -What Postfix features match subdomains of "domain.tld" automatically, -instead of requiring an explicit ".domain.tld" pattern. This is +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. This is planned backwards compatibility: eventually, all Postfix features -are expected to require explicit ".domain.tld" style patterns when +are expected to require explicit ".example.com" style patterns when you really want to match subdomains. +.PP +The following Postfix feature names are supported. +.IP "Postfix version 1.0 and later" +debug_peer_list, +fast_flush_domains, +mynetworks, +permit_mx_backup_networks, +relay_domains, +transport_maps +.br +.IP "Postfix version 1.1 and later" +qmqpd_authorized_clients, +smtpd_access_maps, +.br +.IP "Postfix version 2.8 and later" +postscreen_access_list +.br +.IP "Postfix version 2.12 and later" +smtpd_client_event_limit_exceptions +.br +.br .SH permit_mx_backup_networks (default: empty) Restrict the use of the permit_mx_backup SMTP access feature to only domains whose primary MX hosts match the listed networks. The parameter value syntax is the same as with the mynetworks parameter; note, however, that the default value is empty. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "permit_mx_backup_networks" in the +parent_domain_matches_subdomains parameter value. .SH pickup_service_name (default: pickup) The name of the \fBpickup\fR(8) service. This service picks up local mail submissions from the Postfix maildrop queue. @@ -4284,6 +4319,10 @@ terminate the search if the client IP address matches $mynetworks. Do not subject the client to any before/after 220 greeting tests. Pass the connection immediately to a Postfix SMTP server process. .br +Pattern matching of domain names is controlled by the presence +or absence of "postscreen_access_list" in the +parent_domain_matches_subdomains parameter value. +.br .IP "\fB type:table \fR" Query the specified lookup table. Each table lookup result is an access list, except that @@ -5092,6 +5131,10 @@ reverse the result, precede a pattern with an exclamation point (!). The form "!/file/name" is supported only in Postfix version 2.4 and later. .PP +Pattern matching of domain names is controlled by the presence +or absence of "qmqpd_authorized_clients" in the +parent_domain_matches_subdomains parameter value. +.PP Example: .PP .nf @@ -5424,8 +5467,7 @@ into concurrency per recipient. This feature is available in Postfix 2.0 and later. .SH relay_domains (default: $mydestination) What destination domains (and subdomains thereof) this system -will relay mail to. Subdomain matching is controlled with the -parent_domain_matches_subdomains parameter. For details about how +will relay mail to. For details about how the relay_domains value is used, see the description of the permit_auth_destination and reject_unauth_destination SMTP recipient restrictions. @@ -5447,6 +5489,10 @@ Continue long lines by starting the next line with whitespace. A lookup table is matched when a (parent) domain appears as lookup key. Specify "!pattern" to exclude a domain from the list. The form "!/file/name" is supported only in Postfix version 2.4 and later. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "relay_domains" in the parent_domain_matches_subdomains +parameter value. .SH relay_domains_reject_code (default: 554) The numerical Postfix SMTP server response code when a client request is rejected by the reject_unauth_destination recipient @@ -8401,6 +8447,11 @@ in files specified with "/file/name". IP version 6 addresses contain the ":" character, and would otherwise be confused with a "type:table" pattern. .PP +Pattern matching of domain names is controlled by the presence +or absence of "smtpd_client_event_limit_exceptions" in the +parent_domain_matches_subdomains parameter value (postfix 2.12 and +later). +.PP This feature is available in Postfix 2.2 and later. .SH smtpd_client_message_rate_limit (default: 0) The maximal number of message delivery requests that any client is @@ -12300,6 +12351,10 @@ until a match is found. If you use this feature with local files, run "\fBpostmap /etc/postfix/transport\fR" after making a change. .PP +Pattern matching of domain names is controlled by the presence +or absence of "transport_maps" in the parent_domain_matches_subdomains +parameter value. +.PP For safety reasons, as of Postfix 2.3 this feature does not allow $number substitutions in regular expression maps. .PP diff --git a/postfix/man/man8/flush.8 b/postfix/man/man8/flush.8 index 7dd566390..2c33d1061 100644 --- a/postfix/man/man8/flush.8 +++ b/postfix/man/man8/flush.8 @@ -116,8 +116,9 @@ for an incoming connection before terminating voluntarily. The maximal number of incoming connections that a Postfix daemon process will service before terminating voluntarily. .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" -What Postfix features match subdomains of "domain.tld" automatically, -instead of requiring an explicit ".domain.tld" pattern. +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. .IP "\fBprocess_id (read-only)\fR" The process ID of a Postfix command or daemon process. .IP "\fBprocess_name (read-only)\fR" diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 91a3a35f0..b77072289 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -810,8 +810,9 @@ $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions, or wait until the ETRN command before evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" -What Postfix features match subdomains of "domain.tld" automatically, -instead of requiring an explicit ".domain.tld" pattern. +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. .IP "\fBsmtpd_client_restrictions (empty)\fR" Optional restrictions that the Postfix SMTP server applies in the context of a client connection request. diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index 27a7bb3f8..547d79066 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -170,8 +170,9 @@ destinations that do not match $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains. .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" -What Postfix features match subdomains of "domain.tld" automatically, -instead of requiring an explicit ".domain.tld" pattern. +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. .IP "\fBrelayhost (empty)\fR" The next-hop destination of non-local mail; overrides non-local domains in recipient addresses. diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 61b9a92f9..4d314730c 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -1064,7 +1064,7 @@ while (<>) { s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; - s/\bRFC\s*([1-9]\d*)/$&<\/a>/; + s/\bRFC\s*([1-9]\d*)/$&<\/a>/g; # Split README/RFC/parameter/restriction hyperlinks that span line breaks diff --git a/postfix/proto/Makefile.in b/postfix/proto/Makefile.in index afaa99888..c7a9f8ea9 100644 --- a/postfix/proto/Makefile.in +++ b/postfix/proto/Makefile.in @@ -38,6 +38,7 @@ HTML = ../html/ADDRESS_CLASS_README.html \ ../html/SCHEDULER_README.html ../html/SMTPD_ACCESS_README.html \ ../html/SMTPD_POLICY_README.html \ ../html/SMTPD_PROXY_README.html \ + ../html/SMTPUTF8_README.html \ ../html/SOHO_README.html \ ../html/SQLITE_README.html \ ../html/STANDARD_CONFIGURATION_README.html \ @@ -81,6 +82,7 @@ README = ../README_FILES/ADDRESS_CLASS_README \ ../README_FILES/SASL_README ../README_FILES/SCHEDULER_README \ ../README_FILES/SMTPD_ACCESS_README \ ../README_FILES/SMTPD_POLICY_README ../README_FILES/SMTPD_PROXY_README \ + ../README_FILES/SMTPUTF8_README \ ../README_FILES/SOHO_README \ ../README_FILES/SQLITE_README \ ../README_FILES/STANDARD_CONFIGURATION_README \ @@ -269,6 +271,9 @@ clobber: ../html/SMTPD_PROXY_README.html: SMTPD_PROXY_README.html $(DETAB) $? | $(POSTLINK) >$@ +../html/SMTPUTF8_README.html: SMTPUTF8_README.html + $(DETAB) $? | $(POSTLINK) >$@ + ../html/SOHO_README.html: $(MAKESOHO) $(DEPSOHO) $(MAKESOHO) | $(POSTLINK) | $(DETAB) >$@ @@ -434,6 +439,9 @@ clobber: ../README_FILES/SMTPD_PROXY_README: SMTPD_PROXY_README.html $(DETAB) $? | $(HT2READ) >$@ +../README_FILES/SMTPUTF8_README: SMTPUTF8_README.html + $(DETAB) $? | $(HT2READ) >$@ + ../README_FILES/SOHO_README: $(MAKESOHO) $(DEPSOHO) $(MAKESOHO) | $(HT2READ) | $(DETAB) >$@ diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html index d1a0a00de..e0753e312 100644 --- a/postfix/proto/SASL_README.html +++ b/postfix/proto/SASL_README.html @@ -1564,7 +1564,7 @@ encoded authentication information:

      The mmencode command is part of the metamail software.

      -

    • Using Perl MIME::Base64:

      +

    • Using Perl MIME::Base64 (from http://www.cpan.org/): 

      @@ -1573,7 +1573,7 @@ software.
      -

      MIME::Base64 is available from http://www.cpan.org/.

      +

      If the username or password contain "@", you must specify "\@".

    • Using the gen-auth script:

      diff --git a/postfix/proto/SMTPD_PROXY_README.html b/postfix/proto/SMTPD_PROXY_README.html index 3fa8d216a..0b5780719 100644 --- a/postfix/proto/SMTPD_PROXY_README.html +++ b/postfix/proto/SMTPD_PROXY_README.html @@ -199,8 +199,8 @@ usual.

      The content filter itself is not described here. You can use any filter that is SMTP enabled. For non-SMTP capable content filtering software, Bennett Todd's SMTP proxy implements a nice -PERL/SMTP content filtering framework. See: -http://bent.latency.net/smtpprox/.

      +Perl-based framework. See: http://bent.latency.net/smtpprox/ or +https://github.com/jnorell/smtpprox.

      diff --git a/postfix/proto/SMTPUTF8_README.html b/postfix/proto/SMTPUTF8_README.html new file mode 100644 index 000000000..86f8c33fb --- /dev/null +++ b/postfix/proto/SMTPUTF8_README.html @@ -0,0 +1,303 @@ + + + + + + +Postfix SMTPUTF8 support + + + + + + + +

      +Postfix SMTPUTF8 support +

      + +
      + +

      Overview

      + +

      This document describes Postfix support for Email Address +Internationalization (EAI) as defined in RFC 6531 (SMTPUTF8 extension), +RFC 6532 (Internationalized email headers) and RFC 6533 (Internationalized +delivery status notifications). Introduced with Postfix version +2.12, this fully supports UTF-8 email addresses and UTF-8 message +header values.

      + +

      Topics covered in this document:

      + +       + +

      Enabling Postfix SMTPUTF8 support

      + +

      By default, Postfix SMTPUTF8 support is disabled. Thus, Postfix +should work exactly as it has worked before SMTPUTF8 support was +implemented.

      + +

      Before turning on SMTPUTF8 support in Postfix, you need to +verify that the rest of your email infrastructure can handle UTF-8 +email addresses and message header values, including SMTPUTF8 +protocol support in SMTP-based content filters (Amavisd), LMTP +servers (Dovecot), and down-stream SMTP servers.

      + +

      SMTPUTF8 support is enabled by setting the smtputf8_enable +parameter in main.cf:

      + +
      +
      +# postconf "smtputf8_enable = yes"
+# postfix reload
+
      +
      + +

      With SMTPUTF8 support enabled, Postfix changes behavior as follows:

      + +
        + +

      • UTF-8 is permitted in the myorigin parameter value. However, +the myhostname and mydomain parameters must specify ASCII-only +domain names. This limitation may be removed later.

        + +

      • The Postfix SMTP server announces SMTPUTF8 support in the +EHLO response.

        + +
        +220 server.example.com ESMTP Postfix
+EHLO client.example.com
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-VRFY
+250-ETRN
+250-STARTTLS
+250-AUTH PLAIN LOGIN
+250-ENHANCEDSTATUSCODES
+250-8BITMIME
+250-DSN
+250 SMTPUTF8
+
        + +

      • The Postfix SMTP server accepts the SMTPUTF8 request in +MAIL FROM and VRFY commands.

        + +
        +MAIL FROM:<address> SMTPUTF8 ...
+
+VRFY address SMTPUTF8
+
        + +

      • The Postfix SMTP client may issue the SMTPUTF8 request in +MAIL FROM commands.

        + +

      • Postfix already permitted UTF-8 in message header values +and in address localparts. This does not change.

        + +

      • The Postfix SMTP server accepts UTF-8 in email address +domains, but only after the remote SMTP client client issues the +SMTPUTF8 request in MAIL FROM or VRFY commands.

        + +
      + +

      Using Postfix SMTPUTF8 support

      + +

      After Postfix SMTPUTF8 support is turned on, Postfix behavior +will depend on 1) whether a remote SMTP client requests SMTPUTF8 +support, 2) the presence of UTF-8 content in the message envelope +and headers, and 3) whether a down-stream SMTP (or LMTP) server +announces SMTPUTF8 support.

      + +
        + +

      • When the Postfix SMTP server receives a message WITHOUT +the SMTPUTF8 request, Postfix handles the message as it has always +done (at least that is the default, see autodetection below). +Specifically, the Postfix SMTP server does not accept UTF-8 in the +envelope sender domain name or envelope recipient domain name, and +the Postfix SMTP client does not issue the SMTPUTF8 request when +delivering that message an SMTP or LMTP server that announces +SMTPUTF8 support (again, that is the default). Postfix will accept +UTF-8 in message header values and in the localpart of envelope +sender and recipient addresses, because it has always done that. +

        + +

      • When the Postfix SMTP server receives a message WITH the +SMTPUTF8 request, Postfix will issue the SMTPUTF8 request when +delivering that message to an SMTP or LMTP server that announces +SMTPUTF8 support. This is not configurable.

        + +

      • When a message is received with the SMTPUTF8 request, +Postfix will deliver the message to a non-SMTPUTF8 SMTP or LMTP +server ONLY if:

        + +
          + +

        • No message header value contains UTF-8.

          + +

        • The envelope sender address contains no UTF-8,

          + +

        • No envelope recipient address for that specific + SMTP/LMTP delivery transaction contains UTF-8.

          + +

          NOTE: Recipients in other email delivery + transactions for that same message may still contain UTF-8. +

          + +
        + +

        Otherwise, Postfix will return the recipient(s) for that + email delivery transaction as undeliverable. The delivery status + notification message will be an SMTPUTF8 message. It will therefore + be subject to the same restrictions as email that is received + with the SMTPUTF8 request.

        + +

      • When the Postfix SMTP server receives a message with the +SMTPUTF8 request, that request also applies after the message is +forwarded via a virtual or local alias, or $HOME/.forward file. +

        + +
      + +

      SMTPUTF8 autodetection

      + +

      This section applies only to systems that have SMTPUTF8 support +turned on (smtputf8_enable = yes).

      + +

      For compatibility with pre-SMTPUTF8 environments, Postfix does +not automatically set the "SMTPUTF8 requested" flag on messages +from non-SMTPUTF8 clients that contain an UTF-8 header value or +UTF-8 address localpart. This would make such messages undeliverable +to non-SMTPUTF8 servers, and could be a barrier to SMTPUTF8 adoption. +

      + +

      By default, Postfix sets the "SMTPUTF8 requested" flag only on +address verification probes and on Postfix sendmail submissions +that contain UTF-8 in the sender address, UTF-8 in a recipient +address, or UTF-8 in a message header value.

      + +
      +
      +/etc/postfix/main.cf:
+    smtputf8_autodetect_classes = sendmail, verify
+
      +
      + +

      However, if you have a non-ASCII myorigin or mydomain setting, +or if you have a configuration that introduces UTF-8 addresses with +virtual aliases, canonical mappings, or BCC mappings, then you may +have to apply SMTPUTF8 autodetection to all email:

      + +
      +
      +/etc/postfix/main.cf:
+    smtputf8_autodetect_classes = all
+
      +
      + +

      This will, of course, also flag email that was received without +SMTPUTF8 request, but that contains UTF-8 in a sender address +localpart, receiver address localpart, or message header value. +Such email was not standards-compliant, but Postfix would have +delivered it if SMTPUTF8 support was disabled.

      + +

      Limitations of the current implementation +

      + +

      "Internationalized" domain names can appear in two forms: the +UTF-8 form, and the ASCII (xn--mumble) form.

      + +

      No characterset canonicalization for non-ASCII domain names. +

      + +

      Postfix currently does not translate domain names from UTF-8 +into ASCII (or ASCII into UTF-8) before looking up the domain name +in mydestination, relay_domains, access tables, etc., before logging +the domain name, or before using the domain name in a policy daemon +or Milter request. You will have to configure both UTF-8 and ASCII +forms in Postfix configuration files; and both forms will have to +be handled by logfile tools, policy daemons and Milters.

      + +

      No case canonicalization for non-ASCII characters.

      + +

      Postfix currently does not case-fold non-ASCII characters when +looking up an "Internationalized" domain name in mydestination, +relay_domains, access maps, etc. Some non-ASCII scripts do not +distinguish between upper and lower case, some have different numbers +of upper and lower case characters.

      + +

      Compatibility with pre-SMTPUTF8 +environments

      + +

      Mailing lists with UTF-8 and non-UTF-8 subscribers

      + +

      With Postfix, there is no need to split mailing lists into UTF-8 and +non-UTF-8 members. Postfix will try to deliver the non-UTF8 subscribers +over "traditional" non-SMTPUTF8 sessions, as long as the message +has an ASCII envelope sender address and all-ASCII header values. +The mailing list manager will have to apply RFC 2047 encoding to +satisfy that last condition.

      + +

      Pre-existing non-ASCII email flows

      + +

      In pre-SMTPUTF8 environments, email with UTF-8 in address +localparts (and in headers) works just fine because the vast majority +of email software including Postfix is perfectly capable of handling +such email, even if pre-SMTPUTF8 standards do not support this.

      + +

      Therefore, when Postfix SMTPUTF8 support is turned on, Postfix +must not suddenly start to break pre-existing email flows with UTF-8 +in addres localparts (and in headers).

      + +

      Thus, Postfix continues to permit UTF-8 in address localparts +(and in headers) in email from and to pre-SMTPUTF8 systems. At +least, that is the default (see autodetection above).

      + +

      Building with/without SMTPUTF8 support +

      + +

      Postfix SMTPUTF8 support requires the ICU library. Postfix +automatically builds with SMTPUTF8 support when the library and +its header files are installed. To force Postfix to build without +SMTPUTF8, specify:

      + +
      +
      +$ make makefiles -DNO_EAI ...
+
      +
      + +

      Credits

      + +
        + +

      • Arnt Gulbrandsen posted his patch for Unicode email support +on May 15, 2014. This work was sponsored by CNNIC.

        + +

      • Wietse integrated Arnt Gulbrandsen's code and released +Postfix with SMTPUTF8 support on July 15, 2014.

        + +
      + + + + + diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html index e62c14af9..bc492ebd5 100644 --- a/postfix/proto/TLS_README.html +++ b/postfix/proto/TLS_README.html @@ -2658,10 +2658,28 @@ the local Postfix system. This requires super-user privileges.

      -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert}" && postconf -e \ "smtpd_tls_cert_file = ${cert}" \ - "smtpd_tls_key_file = ${key}" + "smtpd_tls_key_file = ${key}" \ + 'smtpd_tls_security_level = may' \ + 'smtpd_tls_received_header = yes' \ + 'smtpd_tls_loglevel = 1' \ + 'smtp_tls_security_level = may' \ + 'smtp_tls_loglevel = 1' \ + 'smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache' \ + 'tls_random_source = dev:/dev/urandom'
      +

      Note: the last command requires both single (') and double (") +quotes.

      + +

      The postconf(1) command above enables opportunistic TLS for +receiving and sending mail. It also enables logging of TLS connections +and recording of TLS use in the "Received" header. TLS session +caching is also enabled in the Postfix SMTP client. With Postfix +≥ 2.10, the SMTP server does not need an explicit session cache +since session reuse is better handled via RFC 5077 TLS session +tickets.

      +

      Private Certificate Authority

        @@ -2785,6 +2803,7 @@ but don't require them from all clients.

        smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache smtp_tls_security_level = may + smtp_tls_loglevel = 1 smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/foo-cert.pem smtpd_tls_key_file = /etc/postfix/foo-key.pem @@ -2793,6 +2812,7 @@ but don't require them from all clients.

        btree:/var/lib/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom smtpd_tls_security_level = may + smtpd_tls_loglevel = 1 diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 908d19dbc..c26f1a5da 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -926,8 +926,9 @@ by the amount specified in $debug_peer_level.

        patterns or "type:table" lookup tables. The right-hand side result from "type:table" lookups is ignored.

        -

        Pattern matching of domain names is controlled by the -parent_domain_matches_subdomains parameter.

        +

        Pattern matching of domain names is controlled by the presence +or absence of "debug_peer_list" in the parent_domain_matches_subdomains +parameter value.

        Examples: @@ -1524,6 +1525,10 @@ Continue long lines by starting the next line with whitespace. A lookup table is matched when the domain or its parent domain appears as lookup key.

        +

        Pattern matching of domain names is controlled by the presence +or absence of "fast_flush_domains" in the parent_domain_matches_subdomains +parameter value.

        +

        Specify "fast_flush_domains =" (i.e., empty) to disable the feature altogether. @@ -3047,7 +3052,11 @@ first match. Specify "!pattern" to exclude an address or network block from the list. The form "!/file/name" is supported only in Postfix version 2.4 and later.

        -

        Note: IP version 6 address information must be specified inside +

        Note 1: Pattern matching of domain names is controlled by the +or absence of "mynetworks" in the parent_domain_matches_subdomains +parameter value.

        + +

        Note 2: IP version 6 address information must be specified inside [] in the mynetworks value, and in files specified with "/file/name". IP version 6 addresses contain the ":" character, and would otherwise be confused with a "type:table" pattern.

        @@ -3173,13 +3182,50 @@ notify_classes = 2bounce, resource, software %PARAM parent_domain_matches_subdomains see "postconf -d" output

        -What Postfix features match subdomains of "domain.tld" automatically, -instead of requiring an explicit ".domain.tld" pattern. This is +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. This is planned backwards compatibility: eventually, all Postfix features -are expected to require explicit ".domain.tld" style patterns when +are expected to require explicit ".example.com" style patterns when you really want to match subdomains.

        +

        The following Postfix feature names are supported.

        + +
        + +
        Postfix version 1.0 and later
        + +
        +debug_peer_list, +fast_flush_domains, +mynetworks, +permit_mx_backup_networks, +relay_domains, +transport_maps +
        + +
        Postfix version 1.1 and later
        + +
        +qmqpd_authorized_clients, +smtpd_access_maps, +
        + +
        Postfix version 2.8 and later
        + +
        +postscreen_access_list +
        + +
        Postfix version 2.12 and later
        + +
        +smtpd_client_event_limit_exceptions +
        + +
        + %PARAM propagate_unmatched_extensions canonical, virtual

        @@ -3290,6 +3336,10 @@ exclamation point (!). The form "!/file/name" is supported only in Postfix version 2.4 and later.

        +

        Pattern matching of domain names is controlled by the presence +or absence of "qmqpd_authorized_clients" in the +parent_domain_matches_subdomains parameter value.

        +

        Example:

        @@ -3592,8 +3642,7 @@ Do not change this unless you have a complete understanding of RFC 5321. %PARAM relay_domains $mydestination

        What destination domains (and subdomains thereof) this system -will relay mail to. Subdomain matching is controlled with the -parent_domain_matches_subdomains parameter. For details about how +will relay mail to. For details about how the relay_domains value is used, see the description of the permit_auth_destination and reject_unauth_destination SMTP recipient restrictions.

        @@ -3617,6 +3666,10 @@ key. Specify "!pattern" to exclude a domain from the list. The form "!/file/name" is supported only in Postfix version 2.4 and later.

        +

        Pattern matching of domain names is controlled by the presence +or absence of "relay_domains" in the parent_domain_matches_subdomains +parameter value.

        + %PARAM relay_domains_reject_code 554

        @@ -4793,6 +4846,11 @@ in files specified with "/file/name". IP version 6 addresses contain the ":" character, and would otherwise be confused with a "type:table" pattern.

        +

        Pattern matching of domain names is controlled by the presence +or absence of "smtpd_client_event_limit_exceptions" in the +parent_domain_matches_subdomains parameter value (postfix 2.12 and +later).

        +

        This feature is available in Postfix 2.2 and later.

        @@ -6662,6 +6720,10 @@ until a match is found. If you use this feature with local files, run "postmap /etc/postfix/transport" after making a change.

        +

        Pattern matching of domain names is controlled by the presence +or absence of "transport_maps" in the parent_domain_matches_subdomains +parameter value.

        +

        For safety reasons, as of Postfix 2.3 this feature does not allow $number substitutions in regular expression maps.

        @@ -7917,6 +7979,10 @@ only domains whose primary MX hosts match the listed networks. The parameter value syntax is the same as with the mynetworks parameter; note, however, that the default value is empty.

        +

        Pattern matching of domain names is controlled by the presence +or absence of "permit_mx_backup_networks" in the +parent_domain_matches_subdomains parameter value.

        + %PARAM pickup_service_name pickup

        @@ -13789,7 +13855,9 @@ upon the first command that fires for the client IP address.

        terminate the search if the client IP address matches $mynetworks. Do not subject the client to any before/after 220 greeting tests. Pass the connection immediately to a Postfix SMTP server process. - +
        Pattern matching of domain names is controlled by the presence +or absence of "postscreen_access_list" in the +parent_domain_matches_subdomains parameter value.
        type:table
        Query the specified lookup table. Each table lookup result is an access list, except that diff --git a/postfix/src/flush/flush.c b/postfix/src/flush/flush.c index 2a9a7d565..0bead4d17 100644 --- a/postfix/src/flush/flush.c +++ b/postfix/src/flush/flush.c @@ -102,8 +102,9 @@ /* The maximal number of incoming connections that a Postfix daemon /* process will service before terminating voluntarily. /* .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" -/* What Postfix features match subdomains of "domain.tld" automatically, -/* instead of requiring an explicit ".domain.tld" pattern. +/* A list of Postfix features where the pattern "example.com" also +/* matches subdomains of example.com, +/* instead of requiring an explicit ".example.com" pattern. /* .IP "\fBprocess_id (read-only)\fR" /* The process ID of a Postfix command or daemon process. /* .IP "\fBprocess_name (read-only)\fR" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index e216b07af..596b58ee1 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20140720" +#define MAIL_RELEASE_DATE "20140731" #define MAIL_VERSION_NUMBER "2.12" #ifdef SNAPSHOT diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in index e2fb3f4f7..59f920f1d 100644 --- a/postfix/src/smtpd/Makefile.in +++ b/postfix/src/smtpd/Makefile.in @@ -191,6 +191,7 @@ smtpd.o: ../../include/mail_stream.h smtpd.o: ../../include/mail_version.h smtpd.o: ../../include/maps.h smtpd.o: ../../include/match_list.h +smtpd.o: ../../include/match_parent_style.h smtpd.o: ../../include/milter.h smtpd.o: ../../include/msg.h smtpd.o: ../../include/myaddrinfo.h diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index ae16d60fe..8e24768d3 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -758,8 +758,9 @@ /* $smtpd_sender_restrictions, or wait until the ETRN command before /* evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. /* .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" -/* What Postfix features match subdomains of "domain.tld" automatically, -/* instead of requiring an explicit ".domain.tld" pattern. +/* A list of Postfix features where the pattern "example.com" also +/* matches subdomains of example.com, +/* instead of requiring an explicit ".example.com" pattern. /* .IP "\fBsmtpd_client_restrictions (empty)\fR" /* Optional restrictions that the Postfix SMTP server applies in the /* context of a client connection request. @@ -1140,6 +1141,7 @@ #include #include #include +#include /* Single-threaded server skeleton. */ @@ -5146,7 +5148,9 @@ static void pre_jail_init(char *unused_name, char **unused_argv) verp_clients = namadr_list_init(MATCH_FLAG_RETURN, var_verp_clients); xclient_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xclient_hosts); xforward_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xforward_hosts); - hogger_list = namadr_list_init(MATCH_FLAG_RETURN, var_smtpd_hoggers); + hogger_list = namadr_list_init(MATCH_FLAG_RETURN + | match_parent_style(VAR_SMTPD_HOGGERS), + var_smtpd_hoggers); /* * Open maps before dropping privileges so we can read passwords etc. diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index e3889ac24..6c1fb49e5 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -148,8 +148,9 @@ /* $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, /* or $relay_domains. /* .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" -/* What Postfix features match subdomains of "domain.tld" automatically, -/* instead of requiring an explicit ".domain.tld" pattern. +/* A list of Postfix features where the pattern "example.com" also +/* matches subdomains of example.com, +/* instead of requiring an explicit ".example.com" pattern. /* .IP "\fBrelayhost (empty)\fR" /* The next-hop destination of non-local mail; overrides non-local /* domains in recipient addresses.