From: Wietse Venema Date: Fri, 19 Oct 2012 05:00:00 +0000 (-0500) Subject: postfix-2.10-20121019 X-Git-Tag: v2.10.0-RC1~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d067f766c12a5e64679380714967fb95f2a34868;p=thirdparty%2Fpostfix.git postfix-2.10-20121019 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index e9dff859d..9a523a5cd 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -18012,3 +18012,49 @@ Apologies for any names omitted. Bugfix: the postscreen_access_list feature was case-sensitive in the first character of permit, reject, etc. Reported by Francis Picabia. File: global/server_acl.c. + +20121009 + + Documentation: interaction between delay_warning_time, + notify_classes and delay_notice_recipient. File: + proto/postconf.proto. + +20101009 + + Human factors: log a warning that the postcat option -m + without -h or -b has no effect. File: postcat/postcat.c. + +20121010 + + Bugfix (introduced: Postfix 2.5): memory leak in program + initialization. Reported by Coverity. File: tls/tls_misc.c. + + Bugfix (introduced: Postfix 2.3): memory leak in the unused + oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c. + +20121011 + + Documentation: how to enable /etc/hosts multi-record lookups + with main.cf settings. File: proto/LINUX_README.html. + + Documentation: clarified the postscreen-tlsproxy interface. + File: tlsproxy/tlsproxy.c. + +20121012 + + Documentation: a simpler null-client example. File: + proto/STANDARD_CONFIGURATION_README.html + +20120113 + + Cleanup: to compute the LDAP connection cache lookup key, + join the numeric fields with null, just like string fields. + Viktor Dukhovni. File: global/dict_ldap.c. + +20121015 + + Documentation: added section on regular-expression tables + to the aliases(5) manpage. File: proto/aliases. + + Documentation: why "smtp_address_preference = any" is the + preferred setting. File: proto/postconf.proto. diff --git a/postfix/README_FILES/LINUX_README b/postfix/README_FILES/LINUX_README index dd9a81373..a8569c7bb 100644 --- a/postfix/README_FILES/LINUX_README +++ b/postfix/README_FILES/LINUX_README @@ -16,6 +16,12 @@ addresses: multi on ... +Alternatively, specify the RESOLV_MULTI environment variable in main.cf: + + /etc/postfix/main.cf: + import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY + DISPLAY LANG=C RESOLV_MULTI=on + BBeerrkkeelleeyy DDBB iissssuueess If you can't compile Postfix because the file "db.h" isn't found, then you MUST diff --git a/postfix/README_FILES/STANDARD_CONFIGURATION_README b/postfix/README_FILES/STANDARD_CONFIGURATION_README index ee823aaaf..ceb18fce8 100644 --- a/postfix/README_FILES/STANDARD_CONFIGURATION_README +++ b/postfix/README_FILES/STANDARD_CONFIGURATION_README @@ -63,32 +63,38 @@ the network, and it does not deliver any mail locally. A null client typically uses POP, IMAP or NFS for mailbox access. In this example we assume that the Internet domain name is "example.com" and -that the machine is named "nullclient.example.com". As usual, the examples show +that the machine is named "hostname.example.com". As usual, the examples show only parameters that are not left at their default settings. 1 /etc/postfix/main.cf: - 2 myorigin = $mydomain - 3 relayhost = $mydomain - 4 inet_interfaces = loopback-only - 5 local_transport = error:local delivery is disabled - 6 - 7 /etc/postfix/master.cf: - 8 Comment out the local delivery agent entry + 2 myhostname = hostname.example.com + 3 myorigin = $mydomain + 4 relayhost = $mydomain + 5 inet_interfaces = loopback-only + 6 mydestination = Translation: - * Line 2: Send mail as "user@example.com" (instead of - "user@nullclient.example.com"), so that nothing ever has a reason to send - mail to "user@nullclient.example.com". + * Line 2: Set myhostname to hostname.example.com, in case the machine name + isn't set to a fully-qualified domain name (use the command "postconf - + d myhostname" to find out what the machine name is). + + * Line 2: The myhostname value also provides the default value for the + mydomain parameter (here, "mydomain = example.com"). + + * Line 3: Send mail as "user@example.com" (instead of + "user@hostname.example.com"), so that nothing ever has a reason to send + mail to "user@hostname.example.com". - * Line 3: Forward all mail to the mail server that is responsible for the + * Line 4: Forward all mail to the mail server that is responsible for the "example.com" domain. This prevents mail from getting stuck on the null client if it is turned off while some remote destination is unreachable. + Specify a real hostname here if your "example.com" domain has no MX record. - * Line 4: Do not accept mail from the network. + * Line 5: Do not accept mail from the network. - * Lines 5-8: Disable local mail delivery. All mail goes to the mail server as - specified in line 3. + * Line 6: Disable local mail delivery. All mail goes to the mail server as + specified in line 4. PPoossttffiixx oonn aa llooccaall nneettwwoorrkk diff --git a/postfix/conf/aliases b/postfix/conf/aliases index 8a19f8e5a..52183e231 100644 --- a/postfix/conf/aliases +++ b/postfix/conf/aliases @@ -56,9 +56,15 @@ decode: root # newaliases in order to rebuild the indexed file after # changing the Postfix alias database. # -# The input and output file formats are expected to be com- -# patible with Sendmail version 8, and are expected to be -# suitable for the use as NIS maps. +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary +# indexed files. +# +# Alternatively, the table can be provided as a regular- +# expression map where patterns are given as regular expres- +# sions. In this case, the lookups are done in a slightly +# different way as described below under "REGULAR EXPRESSION +# TABLES". # # Users can control delivery of their own mail by setting up # .forward files in their home directory. Lines in per-user @@ -143,6 +149,25 @@ decode: root # The local(8) delivery agent always folds the search string # to lowercase before database lookup. # +# REGULAR EXPRESSION TABLES +# This section describes how the table lookups change when +# the table is given in the form of regular expressions. For +# a description of regular expression lookup table syntax, +# see regexp_table(5) or pcre_table(5). NOTE: these formats +# do not use ":" at the end of a pattern. +# +# Each regular expression is applied to the entire search +# string. Thus, a search string user+foo is not broken up +# into user and foo. +# +# Regular expressions are applied in the order as specified +# in the table, until a regular expression is found that +# matches the search string. +# +# Lookup results are the same as with indexed file lookups. +# For security reasons there is no support for $1, $2 etc. +# substring interpolation. +# # SECURITY # The local(8) delivery agent disallows regular expression # substitution of $1 etc. in alias_maps, because that would diff --git a/postfix/html/LINUX_README.html b/postfix/html/LINUX_README.html index f6f7bbef6..f06c1b4b3 100644 --- a/postfix/html/LINUX_README.html +++ b/postfix/html/LINUX_README.html @@ -35,6 +35,16 @@ addresses. To fix, turn on support for multiple IP addresses:

+

Alternatively, specify the RESOLV_MULTI environment variable +in main.cf:

+ +
+
+/etc/postfix/main.cf:
+    import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C RESOLV_MULTI=on
+
+
+

Berkeley DB issues

If you can't compile Postfix because the file "db.h" diff --git a/postfix/html/STANDARD_CONFIGURATION_README.html b/postfix/html/STANDARD_CONFIGURATION_README.html index 304df649d..660feac37 100644 --- a/postfix/html/STANDARD_CONFIGURATION_README.html +++ b/postfix/html/STANDARD_CONFIGURATION_README.html @@ -102,20 +102,18 @@ mail from the network, and it does not deliver any mail locally. A null client typically uses POP, IMAP or NFS for mailbox access.

In this example we assume that the Internet domain name is -"example.com" and that the machine is named "nullclient.example.com". +"example.com" and that the machine is named "hostname.example.com". As usual, the examples show only parameters that are not left at their default settings. 

 1 /etc/postfix/main.cf:
-2     myorigin = $mydomain
-3     relayhost = $mydomain
-4     inet_interfaces = loopback-only
-5     local_transport = error:local delivery is disabled
-6 
-7 /etc/postfix/master.cf:
-8     Comment out the local delivery agent entry
+2     myhostname = hostname.example.com
+3     myorigin = $mydomain
+4     relayhost = $mydomain
+5     inet_interfaces = loopback-only
+6     mydestination =
@@ -123,19 +121,29 @@ their default settings.

diff --git a/postfix/html/aliases.5.html b/postfix/html/aliases.5.html index 6ed4b8bb3..aa1b053e0 100644 --- a/postfix/html/aliases.5.html +++ b/postfix/html/aliases.5.html @@ -24,9 +24,15 @@ ALIASES(5) ALIASES(5) newaliases in order to rebuild the indexed file after changing the Postfix alias database. - The input and output file formats are expected to be com- - patible with Sendmail version 8, and are expected to be - suitable for the use as NIS maps. + When the table is provided via other means such as NIS, + LDAP or SQL, the same lookups are done as for ordinary + indexed files. + + Alternatively, the table can be provided as a regular- + expression map where patterns are given as regular expres- + sions. In this case, the lookups are done in a slightly + different way as described below under "REGULAR EXPRESSION + TABLES". Users can control delivery of their own mail by setting up .forward files in their home directory. Lines in per-user @@ -111,6 +117,25 @@ ALIASES(5) ALIASES(5) The local(8) delivery agent always folds the search string to lowercase before database lookup. +REGULAR EXPRESSION TABLES + This section describes how the table lookups change when + the table is given in the form of regular expressions. For + a description of regular expression lookup table syntax, + see regexp_table(5) or pcre_table(5). NOTE: these formats + do not use ":" at the end of a pattern. + + Each regular expression is applied to the entire search + string. Thus, a search string user+foo is not broken up + into user and foo. + + Regular expressions are applied in the order as specified + in the table, until a regular expression is found that + matches the search string. + + Lookup results are the same as with indexed file lookups. + For security reasons there is no support for $1, $2 etc. + substring interpolation. + SECURITY The local(8) delivery agent disallows regular expression substitution of $1 etc. in alias_maps, because that would diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index 1071b1efa..b12dd0f1c 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -438,8 +438,8 @@ CLEANUP(8) CLEANUP(8) point when logging sub-second delay values. delay_warning_time (0h) - The time after which the sender receives the mes- - sage headers of mail that is still queued. + The time after which the sender receives a copy of + the message headers of mail that is still queued. ipc_timeout (3600s) The time limit for sending or receiving information diff --git a/postfix/html/mailq.1.html b/postfix/html/mailq.1.html index 3fa1ae37f..d463d2a64 100644 --- a/postfix/html/mailq.1.html +++ b/postfix/html/mailq.1.html @@ -443,8 +443,8 @@ SENDMAIL(1) SENDMAIL(1) postalias(1) and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives the mes- - sage headers of mail that is still queued. + The time after which the sender receives a copy of + the message headers of mail that is still queued. enable_errors_to (no) Report mail delivery errors to the address speci- diff --git a/postfix/html/newaliases.1.html b/postfix/html/newaliases.1.html index 3fa1ae37f..d463d2a64 100644 --- a/postfix/html/newaliases.1.html +++ b/postfix/html/newaliases.1.html @@ -443,8 +443,8 @@ SENDMAIL(1) SENDMAIL(1) postalias(1) and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives the mes- - sage headers of mail that is still queued. + The time after which the sender receives a copy of + the message headers of mail that is still queued. enable_errors_to (no) Report mail delivery errors to the address speci- diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 62b7fe703..fc06380f3 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -2516,7 +2516,7 @@ of mail that cannot be delivered within $delay_warning_time parameter. +See also: delay_warning_time, notify_classes.

@@ -2526,8 +2526,8 @@ This feature is enabled with the de (default: 0h)

-The time after which the sender receives the message headers of -mail that is still queued. +The time after which the sender receives a copy of the message +headers of mail that is still queued.

@@ -2541,6 +2541,10 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is h (hours).

+

+See also: delay_notice_recipient, notify_classes. +

+
@@ -6734,7 +6738,8 @@ is available in Postfix 2.9 and later.
delay
-
Send the postmaster copies of the headers of delayed mail. The +
Send the postmaster copies of the headers of delayed mail (see +delay_warning_time). The notification is sent to the address specified with the delay_notice_recipient configuration parameter (default: postmaster).
@@ -9209,6 +9214,21 @@ addresses with equal MX preference. This feature has no effect unless the inet_protocols setting enables both IPv4 and IPv6. With Postfix 2.8 the default is "ipv6".

+

Notes for mail delivery between sites that have both IPv4 and +IPv6 connectivity:

+ + +

This feature is available in Postfix 2.8 and later.

diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index 3fa1ae37f..d463d2a64 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -443,8 +443,8 @@ SENDMAIL(1) SENDMAIL(1) postalias(1) and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives the mes- - sage headers of mail that is still queued. + The time after which the sender receives a copy of + the message headers of mail that is still queued. enable_errors_to (no) Report mail delivery errors to the address speci- diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html index cc3c999ea..1cb0f03e8 100644 --- a/postfix/html/tlsproxy.8.html +++ b/postfix/html/tlsproxy.8.html @@ -15,23 +15,25 @@ TLSPROXY(8) TLSPROXY(8) DESCRIPTION The tlsproxy(8) server implements a server-side TLS proxy. It is used by postscreen(8) to talk SMTP-over-TLS with - remote SMTP clients whose whitelist status has expired, - but it should also work for non-SMTP protocols. + remote SMTP clients that are not whitelisted (including + clients whose whitelist status has expired), but it should + also work for non-SMTP protocols. - Although one tlsproxy(8) process can serve multiple ses- - sions at the same time, it is a good idea to allow the - number of processes to increase with load, so that the + Although one tlsproxy(8) process can serve multiple ses- + sions at the same time, it is a good idea to allow the + number of processes to increase with load, so that the service remains responsive. PROTOCOL EXAMPLE - The example below concerns postscreen(8). However, the - tlsproxy(8) server is agnostic of the application proto- - col, and the example is easily adapted to other applica- + The example below concerns postscreen(8). However, the + tlsproxy(8) server is agnostic of the application proto- + col, and the example is easily adapted to other applica- tions. - The postscreen(8) server sends the remote SMTP client end- - point string, the requested role (server), and the - requested timeout to tlsproxy(8). postscreen(8) then + After receiving a valid remote SMTP client STARTTLS com- + mand, the postscreen(8) server sends the remote SMTP + client endpoint string, the requested role (server), and + the requested timeout to tlsproxy(8). postscreen(8) then receives a "TLS available" indication from tlsproxy(8). If the TLS service is available, postscreen(8) sends the remote SMTP client file descriptor to tlsproxy(8), and diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index f7ad3116a..8d6e461e1 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -386,8 +386,8 @@ The directory with Postfix support programs and daemon programs. The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) and \fBpostmap\fR(1) commands. .IP "\fBdelay_warning_time (0h)\fR" -The time after which the sender receives the message headers of -mail that is still queued. +The time after which the sender receives a copy of the message +headers of mail that is still queued. .IP "\fBenable_errors_to (no)\fR" Report mail delivery errors to the address specified with the non-standard Errors-To: message header, instead of the envelope diff --git a/postfix/man/man5/aliases.5 b/postfix/man/man5/aliases.5 index 5ad9928f4..431708e07 100644 --- a/postfix/man/man5/aliases.5 +++ b/postfix/man/man5/aliases.5 @@ -24,9 +24,13 @@ used for fast lookup by the mail system. Execute the command \fBnewaliases\fR in order to rebuild the indexed file after changing the Postfix alias database. -The input and output file formats are expected to be compatible -with Sendmail version 8, and are expected to be suitable for the -use as NIS maps. +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, the table can be provided as a regular-expression +map where patterns are given as regular expressions. In +this case, the lookups are done in a slightly different way +as described below under "REGULAR EXPRESSION TABLES". Users can control delivery of their own mail by setting up \fB.forward\fR files in their home directory. @@ -107,6 +111,28 @@ propagated to the result of table lookup. .fi The local(8) delivery agent always folds the search string to lowercase before database lookup. +.SH "REGULAR EXPRESSION TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when the table +is given in the form of regular expressions. For a description of +regular expression lookup table syntax, see \fBregexp_table\fR(5) +or \fBpcre_table\fR(5). NOTE: these formats do not use ":" at the +end of a pattern. + +Each regular expression is applied to the entire search +string. Thus, a search string \fIuser+foo\fR is not broken +up into \fIuser\fR and \fIfoo\fR. + +Regular expressions are applied in the order as specified +in the table, until a regular expression is found that +matches the search string. + +Lookup results are the same as with indexed file lookups. +For security reasons there is no support for \fB$1\fR, +\fB$2\fR etc. substring interpolation. .SH "SECURITY" .na .nf diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 0bc50986f..94c40486d 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -1516,10 +1516,10 @@ The recipient of postmaster notifications with the message headers of mail that cannot be delivered within $delay_warning_time time units. .PP -This feature is enabled with the delay_warning_time parameter. +See also: delay_warning_time, notify_classes. .SH delay_warning_time (default: 0h) -The time after which the sender receives the message headers of -mail that is still queued. +The time after which the sender receives a copy of the message +headers of mail that is still queued. .PP To enable this feature, specify a non-zero time value (an integral value plus an optional one-letter suffix that specifies the time @@ -1527,6 +1527,8 @@ unit). .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is h (hours). +.PP +See also: delay_notice_recipient, notify_classes. .SH deliver_lock_attempts (default: 20) The maximal number of attempts to acquire an exclusive lock on a mailbox file or \fBbounce\fR(8) logfile. @@ -3989,7 +3991,8 @@ This feature is available in Postfix 2.9 and later. .br .IP "\fBdelay\fR" -Send the postmaster copies of the headers of delayed mail. The +Send the postmaster copies of the headers of delayed mail (see +delay_warning_time). The notification is sent to the address specified with the delay_notice_recipient configuration parameter (default: postmaster). .br @@ -5569,6 +5572,18 @@ addresses with equal MX preference. This feature has no effect unless the inet_protocols setting enables both IPv4 and IPv6. With Postfix 2.8 the default is "ipv6". .PP +Notes for mail delivery between sites that have both IPv4 and +IPv6 connectivity: +.IP \(bu +The setting "smtp_address_preference = ipv6" is unsafe. +It can fail to deliver mail when there is an outage that affects +IPv6, while the destination is still reachable over IPv4. +.IP \(bu +The setting "smtp_address_preference = any" is safe. With +this, mail will eventually be delivered even if there is an outage +that affects IPv6 or IPv4, as long as it does not affect both. +.br +.PP This feature is available in Postfix 2.8 and later. .SH smtp_always_send_ehlo (default: yes) Always send EHLO at the start of an SMTP session. diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index d789450c5..dfc91b954 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -355,8 +355,8 @@ request before it is terminated by a built-in watchdog timer. The maximal number of digits after the decimal point when logging sub-second delay values. .IP "\fBdelay_warning_time (0h)\fR" -The time after which the sender receives the message headers of -mail that is still queued. +The time after which the sender receives a copy of the message +headers of mail that is still queued. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. diff --git a/postfix/man/man8/tlsproxy.8 b/postfix/man/man8/tlsproxy.8 index 55b9cc30f..5440eff82 100644 --- a/postfix/man/man8/tlsproxy.8 +++ b/postfix/man/man8/tlsproxy.8 @@ -14,7 +14,8 @@ Postfix TLS proxy .fi The \fBtlsproxy\fR(8) server implements a server-side TLS proxy. It is used by \fBpostscreen\fR(8) to talk SMTP-over-TLS -with remote SMTP clients whose whitelist status has expired, +with remote SMTP clients that are not whitelisted (including +clients whose whitelist status has expired), but it should also work for non-SMTP protocols. Although one \fBtlsproxy\fR(8) process can serve multiple @@ -31,7 +32,8 @@ the \fBtlsproxy\fR(8) server is agnostic of the application protocol, and the example is easily adapted to other applications. -The \fBpostscreen\fR(8) server sends the remote SMTP client +After receiving a valid remote SMTP client STARTTLS command, +the \fBpostscreen\fR(8) server sends the remote SMTP client endpoint string, the requested role (server), and the requested timeout to \fBtlsproxy\fR(8). \fBpostscreen\fR(8) then receives a "TLS available" indication from \fBtlsproxy\fR(8). diff --git a/postfix/proto/LINUX_README.html b/postfix/proto/LINUX_README.html index a29e4f610..30f7a3083 100644 --- a/postfix/proto/LINUX_README.html +++ b/postfix/proto/LINUX_README.html @@ -35,6 +35,16 @@ addresses. To fix, turn on support for multiple IP addresses:

+

Alternatively, specify the RESOLV_MULTI environment variable +in main.cf:

+ +
+
+/etc/postfix/main.cf:
+    import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C RESOLV_MULTI=on
+
+
+

Berkeley DB issues

If you can't compile Postfix because the file "db.h" diff --git a/postfix/proto/STANDARD_CONFIGURATION_README.html b/postfix/proto/STANDARD_CONFIGURATION_README.html index e306f8d04..4fbea57f5 100644 --- a/postfix/proto/STANDARD_CONFIGURATION_README.html +++ b/postfix/proto/STANDARD_CONFIGURATION_README.html @@ -102,20 +102,18 @@ mail from the network, and it does not deliver any mail locally. A null client typically uses POP, IMAP or NFS for mailbox access.

In this example we assume that the Internet domain name is -"example.com" and that the machine is named "nullclient.example.com". +"example.com" and that the machine is named "hostname.example.com". As usual, the examples show only parameters that are not left at their default settings. 

 1 /etc/postfix/main.cf:
-2     myorigin = $mydomain
-3     relayhost = $mydomain
-4     inet_interfaces = loopback-only
-5     local_transport = error:local delivery is disabled
-6 
-7 /etc/postfix/master.cf:
-8     Comment out the local delivery agent entry
+2     myhostname = hostname.example.com
+3     myorigin = $mydomain
+4     relayhost = $mydomain
+5     inet_interfaces = loopback-only
+6     mydestination =
@@ -123,19 +121,29 @@ their default settings.

diff --git a/postfix/proto/aliases b/postfix/proto/aliases index 1e0cbf765..5af5e54a1 100644 --- a/postfix/proto/aliases +++ b/postfix/proto/aliases @@ -18,9 +18,13 @@ # \fBnewaliases\fR in order to rebuild the indexed file after # changing the Postfix alias database. # -# The input and output file formats are expected to be compatible -# with Sendmail version 8, and are expected to be suitable for the -# use as NIS maps. +# When the table is provided via other means such as NIS, LDAP +# or SQL, the same lookups are done as for ordinary indexed files. +# +# Alternatively, the table can be provided as a regular-expression +# map where patterns are given as regular expressions. In +# this case, the lookups are done in a slightly different way +# as described below under "REGULAR EXPRESSION TABLES". # # Users can control delivery of their own mail by setting # up \fB.forward\fR files in their home directory. @@ -95,8 +99,28 @@ # CASE FOLDING # .ad # .fi -# The local(8) delivery agent always folds the search string -# to lowercase before database lookup. +# The local(8) delivery agent always folds the search string +# to lowercase before database lookup. +# REGULAR EXPRESSION TABLES +# .ad +# .fi +# This section describes how the table lookups change when the table +# is given in the form of regular expressions. For a description of +# regular expression lookup table syntax, see \fBregexp_table\fR(5) +# or \fBpcre_table\fR(5). NOTE: these formats do not use ":" at the +# end of a pattern. +# +# Each regular expression is applied to the entire search +# string. Thus, a search string \fIuser+foo\fR is not broken +# up into \fIuser\fR and \fIfoo\fR. +# +# Regular expressions are applied in the order as specified +# in the table, until a regular expression is found that +# matches the search string. +# +# Lookup results are the same as with indexed file lookups. +# For security reasons there is no support for \fB$1\fR, +# \fB$2\fR etc. substring interpolation. # SECURITY # .ad # .fi diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index f03af4909..d7b5bb139 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -3083,7 +3083,8 @@ is available in Postfix 2.9 and later.
delay
-
Send the postmaster copies of the headers of delayed mail. The +
Send the postmaster copies of the headers of delayed mail (see +delay_warning_time). The notification is sent to the address specified with the delay_notice_recipient configuration parameter (default: postmaster).
@@ -7245,14 +7246,14 @@ of mail that cannot be delivered within $delay_warning_time time units.

-This feature is enabled with the delay_warning_time parameter. +See also: delay_warning_time, notify_classes.

%PARAM delay_warning_time 0h

-The time after which the sender receives the message headers of -mail that is still queued. +The time after which the sender receives a copy of the message +headers of mail that is still queued.

@@ -7266,6 +7267,10 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is h (hours).

+

+See also: delay_notice_recipient, notify_classes. +

+ %PARAM disable_dns_lookups no

@@ -13546,6 +13551,21 @@ addresses with equal MX preference. This feature has no effect unless the inet_protocols setting enables both IPv4 and IPv6. With Postfix 2.8 the default is "ipv6".

+

Notes for mail delivery between sites that have both IPv4 and +IPv6 connectivity:

+ + +

This feature is available in Postfix 2.8 and later.

%PARAM lmtp_address_preference ipv6 diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index 77916d07e..269488166 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -325,8 +325,8 @@ /* The maximal number of digits after the decimal point when logging /* sub-second delay values. /* .IP "\fBdelay_warning_time (0h)\fR" -/* The time after which the sender receives the message headers of -/* mail that is still queued. +/* The time after which the sender receives a copy of the message +/* headers of mail that is still queued. /* .IP "\fBipc_timeout (3600s)\fR" /* The time limit for sending or receiving information over an internal /* communication channel. diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c index 7038e050a..6ce691588 100644 --- a/postfix/src/global/dict_ldap.c +++ b/postfix/src/global/dict_ldap.c @@ -930,8 +930,11 @@ static void dict_ldap_conn_find(DICT_LDAP *dict_ldap) #endif LDAP_CONN *conn; + /* + * Join key fields with null characters. + */ #define ADDSTR(vp, s) vstring_memcat((vp), (s), strlen((s))+1) -#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu", (unsigned long)(i)) +#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu%c", (unsigned long)(i), 0) ADDSTR(keybuf, dict_ldap->server_host); ADDINT(keybuf, dict_ldap->server_port); diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4ec82995b..35a690494 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20121007" +#define MAIL_RELEASE_DATE "20121019" #define MAIL_VERSION_NUMBER "2.10" #ifdef SNAPSHOT diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index a773d9981..71955d4f3 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -749,7 +749,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message) if (rec_type > 0) msg_warn("%s: ignoring out-of-order DSN original recipient <%.200s>", message->queue_id, dsn_orcpt); - myfree(orig_rcpt); + myfree(dsn_orcpt); } if (orig_rcpt != 0) { if (rec_type > 0) diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index 8249d79d5..29cedbcf0 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -890,6 +890,9 @@ int main(int argc, char **argv) if ((query == 0 || strcmp(query, "-") != 0) && (postmap_flags & POSTMAP_FLAG_ANY_KEY)) msg_fatal("specify -b -h or -m only with \"-q -\""); + if ((postmap_flags & POSTMAP_FLAG_ANY_KEY) + == (postmap_flags & POSTMAP_FLAG_MIME_KEY)) + msg_warn("ignoring -m option without -b or -h"); /* * Use the map type specified by the user, or fall back to a default diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index e8c0b6ca7..83dac65af 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -358,8 +358,8 @@ /* The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) /* and \fBpostmap\fR(1) commands. /* .IP "\fBdelay_warning_time (0h)\fR" -/* The time after which the sender receives the message headers of -/* mail that is still queued. +/* The time after which the sender receives a copy of the message +/* headers of mail that is still queued. /* .IP "\fBenable_errors_to (no)\fR" /* Report mail delivery errors to the address specified with the /* non-standard Errors-To: message header, instead of the envelope diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index 8c5d0f1c3..027e6c37b 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -502,6 +502,11 @@ int tls_protocol_mask(const char *plist) int exclude = 0; int include = 0; +#define FREE_AND_RETURN(ptr, res) do { \ + myfree(ptr); \ + return (res); \ + } while (0) + save = cp = mystrdup(plist); while ((tok = mystrtok(&cp, "\t\n\r ,:")) != 0) { if (*tok == '!') @@ -511,9 +516,8 @@ int tls_protocol_mask(const char *plist) include |= code = name_code(protocol_table, NAME_CODE_FLAG_NONE, tok); if (code == TLS_PROTOCOL_INVALID) - return TLS_PROTOCOL_INVALID; + FREE_AND_RETURN(save, TLS_PROTOCOL_INVALID); } - myfree(save); /* * When the include list is empty, use only the explicit exclusions. @@ -522,7 +526,8 @@ int tls_protocol_mask(const char *plist) * we don't know about at compile time, and this is unavoidable because * the OpenSSL API works with compile-time *exclusion* bit-masks. */ - return (include ? (exclude | (TLS_KNOWN_PROTOCOLS & ~include)) : exclude); + FREE_AND_RETURN(save, + (include ? (exclude | (TLS_KNOWN_PROTOCOLS & ~include)) : exclude)); } /* tls_param_init - Load TLS related config parameters */ diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 8195f1b01..78d15a8f0 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -8,7 +8,8 @@ /* DESCRIPTION /* The \fBtlsproxy\fR(8) server implements a server-side TLS /* proxy. It is used by \fBpostscreen\fR(8) to talk SMTP-over-TLS -/* with remote SMTP clients whose whitelist status has expired, +/* with remote SMTP clients that are not whitelisted (including +/* clients whose whitelist status has expired), /* but it should also work for non-SMTP protocols. /* /* Although one \fBtlsproxy\fR(8) process can serve multiple @@ -23,7 +24,8 @@ /* protocol, and the example is easily adapted to other /* applications. /* -/* The \fBpostscreen\fR(8) server sends the remote SMTP client +/* After receiving a valid remote SMTP client STARTTLS command, +/* the \fBpostscreen\fR(8) server sends the remote SMTP client /* endpoint string, the requested role (server), and the /* requested timeout to \fBtlsproxy\fR(8). \fBpostscreen\fR(8) /* then receives a "TLS available" indication from \fBtlsproxy\fR(8). diff --git a/postfix/src/util/binhash.c b/postfix/src/util/binhash.c index 84ca87c75..ecfa2c8f5 100644 --- a/postfix/src/util/binhash.c +++ b/postfix/src/util/binhash.c @@ -60,7 +60,7 @@ /* should be used or the code will not be portable. /* /* binhash_create() creates a table of the specified size and returns a -/* pointer to the result. The lookup keys are saved with strdup(). +/* pointer to the result. The lookup keys are saved with mymemdup(). /* /* binhash_enter() stores a (key, value) pair into the specified table /* and returns a pointer to the resulting entry. The code does not