From: Wietse Venema Date: Sun, 12 Jan 2003 05:00:00 +0000 (-0500) Subject: postfix-2.0.1 X-Git-Tag: v2.0.1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5841307d62d87b6b0aa164d57f551ea43ad145f;p=thirdparty%2Fpostfix.git postfix-2.0.1 --- diff --git a/postfix/.indent.pro b/postfix/.indent.pro index e66ba4755..39b5f2fcd 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -46,6 +46,7 @@ -TDICT_PCRE_PRESCAN_CONTEXT -TDICT_PCRE_REGEXP -TDICT_PCRE_RULE +-TDICT_PROXY -TDICT_REGEXP -TDICT_REGEXP_EXPAND_CONTEXT -TDICT_REGEXP_IF_RULE diff --git a/postfix/HISTORY b/postfix/HISTORY index 91d0f73ac..e139cdbff 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -7451,7 +7451,6 @@ Apologies for any names omitted. properly quoted just like the null address. File: global/quote_82[12]_local.c. - 20021217 Cleanup: more work on the trivial-rewrite address rewriting @@ -7502,6 +7501,51 @@ Apologies for any names omitted. virtual alias class (error:User unknown) result. File: trivial-rewrite/transport.c. +20030101 + + Documentation update: new-style virtual domains broke the + advanced content filtering example. Files: FILTER_README, + RELEASE_NOTES. + +20030104 + + Cleanup: avoid warnings about flag mismatches when the same + lookup table is listed under both virtual_alias_maps and + virtual_mailbox_maps. Files: global/virtual8.h, virtual/virtual.c. + + Bugfix: an obscure memory leak that puzzled me for more + than a year until I found out how to reproduce it. File: + util/vstream.c. + +20030106 + + Robustness: the master no longer aborts with "address + already in use" when inet_interfaces specifies the same IP + address multiple times, or when a TCP service in master.cf + specifies a hostname for which the same IP address is listed + multiple times. File: master/master_ent.c. + +20030107 + + Robustness: check that FILTER actions in SMTPD access maps + or cleanup header/body_checks have plausible syntax. Files: + smtpd/smtpd_check.c, cleanup/cleanup_message.c. + +20030110 + + Cleanup: the virtual_mailbox_maps parameter is now optional + even when virtual_mailbox_domains is specified. This makes + virtual mailbox domains more like relay domains and the + local domain. + + Portability: the makedefs script now uses the pcre-config + utility to find out where things are installed. + + Bugfix: the SMTP server did not recognize the local built-in + double bounce address as local. Reported by Matthias Andree. + For safety sake, threw in the local postmaster address as + well. File: smtpd/smtpd_check.c. + Open problems: Low: after successful delivery, per-queue window += 1/window, diff --git a/postfix/Makefile.in b/postfix/Makefile.in index 7395b3a25..6c9b6b787 100644 --- a/postfix/Makefile.in +++ b/postfix/Makefile.in @@ -6,7 +6,8 @@ DIRS = src/util src/global src/dns src/master src/postfix src/smtpstone \ src/lmtp src/trivial-rewrite src/qmgr src/smtp src/bounce src/pipe \ src/showq src/postalias src/postcat src/postconf src/postdrop \ src/postkick src/postlock src/postlog src/postmap src/postqueue \ - src/postsuper src/nqmgr src/qmqpd src/spawn src/flush src/virtual + src/postsuper src/nqmgr src/qmqpd src/spawn src/flush src/virtual \ + src/proxymap MANDIRS = proto man html default: update diff --git a/postfix/README_FILES/ADDRESS_CLASS_README b/postfix/README_FILES/ADDRESS_CLASS_README index 91cba34cc..8a77dae12 100644 --- a/postfix/README_FILES/ADDRESS_CLASS_README +++ b/postfix/README_FILES/ADDRESS_CLASS_README @@ -47,16 +47,18 @@ alias domains is $virtual_alias_maps for Postfix 1.1 compatibility) virtual For hosted domains with their own mailboxes -mailbox Known recipients are listed in $virtual_mailbox_maps +mailbox Known recipients are listed in $virtual_mailbox_maps (if + this parameter is empty, the Postfix SMTP server accepts + all recipients for domains listed in $virtual_mailbox_domains) Domain names are listed in $virtual_mailbox_domains (default is $virtual_mailbox_maps for Postfix 1.1 compatibility) Default delivery agent: virtual relay For remote destinations that list your system as MX host Domain names are listed in $relay_domains - Known recipients are listed in $relay_recipient_maps (default - is empty; if $relay_recipient_maps is empty, the Postfix - SMTP server accepts all recipients) + Known recipients are listed in $relay_recipient_maps (if + this parameter is empty, the Postfix SMTP server accepts + all recipients for domains listed in $relay_domains) Default delivery agent: relay (clone of default smtp agent) other Restricted to mail from authorized clients diff --git a/postfix/README_FILES/FILTER_README b/postfix/README_FILES/FILTER_README index 3a8de5787..433b35aa9 100644 --- a/postfix/README_FILES/FILTER_README +++ b/postfix/README_FILES/FILTER_README @@ -1,8 +1,22 @@ +Introduction +============ + This is a very first implementation of Postfix content filtering. A Postfix content filter receives unfiltered mail from Postfix and -either bounces the mail or re-injects filtered mail back into Postfix. +does one of the following: + +- re-injects the mail back into Postfix, perhaps after changing content +- rejects the mail (by sending a suitable status code back to + Postfix) so that it is returned to sender. +- sends the mail somewhere else + +This document describes two approaches to content filtering: simple +and advanced. Both filter all the mail by default. -This document describes two approaches to content filtering. +At the end are examples that show how to filter only mail from +users, about using different filters for different domains that +you provide MX service for, and about selective filtering on the +basis of message envelope and/or header/body patterns. Simple content filtering example ================================ @@ -10,6 +24,7 @@ Simple content filtering example The first example is simple to set up. It uses a shell script that receives unfiltered mail from the Postfix pipe delivery agent, and that feeds filtered mail back into the Postfix sendmail command. + Only mail arriving via SMTP will be content filtered. .................................. @@ -24,7 +39,8 @@ Unfiltered mail----->smtpd \ /local---->Filtered mail | | +-Postfix sendmail<----filter script<--+ -The /some/where/filter program can be a simple shell script like this: +Mail is filtered by a /some/where/filter program. This can be a +simple shell script like this: #!/bin/sh @@ -51,18 +67,24 @@ The /some/where/filter program can be a simple shell script like this: exit $? The idea is to first capture the message to file and then run the -content through a third-party content filter program. If the -mail cannot be captured to file, mail delivery is deferred by -terminating with exit status 75 (EX_TEMPFAIL). If the content -filter program finds a problem, the mail is bounced by terminating -the shell script with exit status 69 (EX_UNAVAILABLE). If the -content is OK, it is given as input to Postfix sendmail, and the -exit status of the filter command is whatever exit status Postfix -sendmail produces. - -I suggest that you play with this script for a while until you are -satisfied with the results. Run it with a real message (headers+body) -as input: +content through a third-party content filter program. + +- If the mail cannot be captured to file, mail delivery is deferred + by terminating with exit status 75 (EX_TEMPFAIL). Postfix will + try again after some delay. + +- If the content filter program finds a problem, the mail is bounced + by terminating with exit status 69 (EX_UNAVAILABLE). Postfix + will return the message to the sender as undeliverable. + +- If the content is OK, it is given as input to the Postfix sendmail + command, and the exit status of the filter command is whatever + exit status the Postfix sendmail command produces. Postfix will + deliver the message as usual. + +I suggest that you run this script by hand until you are satisfied +with the results. Run it with a real message (headers+body) as +input: % /some/where/filter -f sender recipient... Your database will be searched for the user@domain address as diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index 73ebdd6d3..a3457beb4 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -185,7 +185,7 @@ exercise. It probably is not worth the trouble. Older Microsoft SMTP client software implements a non-standard version of the AUTH protocol syntax, and expects that the SMTP server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH -stuff". To accomodate such clients in addition to conformant +stuff". To accommodate such clients in addition to conformant clients, set "broken_sasl_auth_clients = yes" in the main.cf file. Testing SASL authentication in the Postfix SMTP server diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 3c95d2bf6..552f26f96 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,3 +1,14 @@ +============================================================== +NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE +============================================================== +Before upgrading from Postfix 1.1 you must stop Postfix ("postfix +stop"). Some internal protocols have changed. No mail will be +lost if you fail to stop and restart Postfix, but Postfix won't be +able to receive any new mail, either. +============================================================== +NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE +============================================================== + In the text below, changes are labeled with the Postfix snapshot that introduced the change, and whether the change introduced a feature, an incompatibility, or whether the feature is obsolete. @@ -13,9 +24,45 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. -Major changes with Postfix version 2.0.0 (released 20021222) +Incompatible changes with Postfix version 2.0.1 (released 20030112) +=================================================================== + +If you upgrade from Postfix 1.1 you need to restart Postfix. + +If you upgrade from Postfix 2.0 you need to "reload" Postfix. + +Version 2.0.1 introduces the proxymap service for centralized table +lookup. The upgrade procedure adds the proxymap service to the +master.cf file. If you see errors about problems contacting the +proxymap service, then you did not properly upgrade Postfix. + +The Postfix SMTP server now by default looks up the UNIX passwd +file via the new proxymap service, in order to make chrooted +operation easier. + +The Postfix build procedure now uses the pcre-config utility (part +of PCRE version 3) to find out the pathnames of the PCRE include +file and object library, instead of probing /usr/include and/or +/usr/lib. To build with PCRE version 2 support you will have to +specify pathnames as described in PCRE_README. To build without +PCRE support, specify: make Makefiles CCARGS="-DNO_PRCE". + +Major changes with Postfix version 2.0.1 (released 20030112) ============================================================ +This release introduces the proxymap service for Postfix lookup +table access. This can be used to overcome chroot restrictions in +the Postfix SMTP server (specify proxy:unix:passwd.byname for +password file lookup through the proxymap server) and can be used +to consolidate the number of open tables by sharing one open table +among multiple processes (specify proxy:mysql:/file/name to avoid +"too many connections" conditions). The proxy_read_maps parameter +specifies what maps are approved for access via the proxy service +(only map references starting with "proxy:" are considered approved). + +Major changes with Postfix version 2.0.0 (released 20021222, 20021223) +====================================================================== + First comes the bad news - things that may break when you upgrade from Postfix 1.1. Then comes the good news - things that evolved in snapshots over the past year. @@ -75,6 +122,14 @@ is now used for address lookups only. For details, see the VIRTUAL_README file. +[Incompat 20021209] If you use the "advanced content filter" +technique, you MUST NOT override the virtual aliases and virtual +mailbox settings in the SMTP server that receives mail from the +content filter, or else mail for virtual recipients will be rejected +with "User unknown". + +For details, see the FILTER_README file. + Incompatible queue file format changes ====================================== @@ -138,7 +193,7 @@ for details. MIME headers in attachments. This is much more efficient than previous versions that recognized MIME headers via body_checks. MIME headers are now processed one multi-line header at a time, -instead of one body line at a time. To get the the old behavior, +instead of one body line at a time. To get the old behavior, specify "disable_mime_input_processing = yes". More details in conf/sample-filter.cf. @@ -252,19 +307,25 @@ appended to the previous line. More details about the syntax are given in the pcre_table(5) and regexp_table(5) manual pages. [Feature 20020717] The default timeout for establishing an SMTP -connection has been reduced to 30 seconds, because many systems -have an atrociously large default timeout value. +connection has been reduced to 30 seconds, because many system +TCP/IP stacks have an atrociously large default timeout value. [Feature 20020505] Finer control over Berkeley DB memory usage, The parameter "berkeley_db_create_buffer_size" (default: 16 MBytes) specifies the buffer size for the postmap and postalias commands. -The parameter "berkeley_db_read_buffer_size" (default: 256 kBytes) -speficies the buffer size for all other applications. Specify +The parameter "berkeley_db_read_buffer_size" (default: 128 kBytes) +specifies the buffer size for all other applications. Specify "berkeley_db_read_buffer_size = 1048576" to get the old read buffer -size. For more information, see the last paragraphs of the DB_README -file. +size. Contributed by Victor Duchovni. For more information, see +the last paragraphs of the DB_README file. -Improved compatibitity +[Incompat 20021211] The default process limit is doubled from 50 +to 100. The default limits on the number of active queue files or +recipients are doubled from 10000 to 20000. The default concurrency +for parallel delivery to the same destination is doubled from 10 +to 20. + +Improved compatibility ====================== [Feature 20020527] The Postfix SMTP client will now convert 8BITMIME @@ -622,7 +683,7 @@ for details. MIME headers in attachments. This is much more efficient than previous versions that recognized MIME headers via body_checks. MIME headers are now processed one multi-line header at a time, -instead of one body line at a time. To get the the old behavior, +instead of one body line at a time. To get the old behavior, specify "disable_mime_input_processing = yes". More details in conf/sample-filter.cf. @@ -683,6 +744,11 @@ Assorted changes the original recipient address in the X-Original-To: message header. This header can also be emitted by the pipe(8) delivery agent. +[Incompat 20021028] With "domain in one mailbox", one message with +multiple recipients is no longer delivered only once. It is now +delivered as one copy for each original recipient, with the original +recipient address listed in the X-Original-To: message header. + [Feature 20021024] New proxy_interfaces parameter, for sites behind a network address translation gateway or other type of proxy. You should specify all the proxy network addresses here, to avoid avoid @@ -793,7 +859,7 @@ Berkeley DB related changes The parameter "berkeley_db_create_buffer_size" (default: 16 MBytes) specifies the buffer size for the postmap and postalias commands. The parameter "berkeley_db_read_buffer_size" (default: 256 kBytes) -speficies the buffer size for all other applications. Specify +specifies the buffer size for all other applications. Specify "berkeley_db_read_buffer_size = 1048576" to get the old read buffer size. For more information, see the last paragraphs of the DB_README file. diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index b2c9bfc70..11a99cc36 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -172,21 +172,23 @@ mail_owner = postfix # # - You define $mydestination domain recipients in files other than # /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. -# For example, you define $mydestination domain recipients in +# For example, you define $mydestination domain recipients in # the $virtual_mailbox_maps files. # -# - You redefined the local delivery agent in master.cf. +# - You redefine the local delivery agent in master.cf. # -# - You redefined the "local_transport" setting in main.cf. +# - You redefine the "local_transport" setting in main.cf. # # - You use the "luser_relay", "mailbox_transport", or "fallback_transport" # feature of the Postfix local delivery agent (see sample-local.cf). # # Beware: if the Postfix SMTP server runs chrooted, you probably have -# to copy the passwd (not shadow) database into the jail, and perhaps -# other files. This is system dependent. +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. # #local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps #local_recipient_maps = # The unknown_local_recipient_reject_code specifies the SMTP server diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 82983792d..f800ed961 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -67,7 +67,7 @@ # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (50) +# (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #628 inet n - n - - qmqpd @@ -79,6 +79,7 @@ rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 diff --git a/postfix/conf/post-install b/postfix/conf/post-install index 626177fad..4e1d23de9 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -535,6 +535,15 @@ EOF $POSTCONF -e "$unknown_local = 450" || exit 1 fi + # Add missing proxymap service to master.cf. + + grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || { + echo Editing $config_directory/master.cf, adding missing entry for proxymap service + cat >>$config_directory/master.cf <$@ +proxymap.8.html: ../src/proxymap/proxymap.c + PATH=../mantools:$$PATH; \ + srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ + qmgr.8.html: ../src/qmgr/qmgr.c PATH=../mantools:$$PATH; \ srctoman $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ diff --git a/postfix/html/backstage.html b/postfix/html/backstage.html index 5ee7aeef8..c269efab8 100644 --- a/postfix/html/backstage.html +++ b/postfix/html/backstage.html @@ -66,6 +66,14 @@ destinations.

+

  • The proxymap daemon provides +read-only lookup service to Postfix client processes. The purpose +is to overcome chroot restrictions, and to consolidate the number +of open lookup tables by sharing one open table among multiple +processes. + +

    +

  • The spawn daemon listens on a TCP port, UNIX-domain socket or FIFO, and runs non-Postfix commands on request, with the socket or FIFO connected to the standard input, diff --git a/postfix/html/faq.html b/postfix/html/faq.html index f51db1c27..dba261f2a 100644 --- a/postfix/html/faq.html +++ b/postfix/html/faq.html @@ -80,6 +80,8 @@ domains with "relay access denied"
  • What does "warning: cannot access UNIX password database" mean? +
  • What does "Error: too many hops" mean? +
  • What does "fatal: open database /etc/aliases.db" mean?
  • What does "fatal: unknown service: smtp/tcp" mean? @@ -316,6 +318,10 @@ mailbox

    Content filtering

    +

    Other transports: UUCP, FAX, etc.

    @@ -668,7 +674,7 @@ to send mail only to user@domain.com. Specify what recipients exist (so that your queue does not fill up with undeliverable mail from spammers). - Specify local_recipient_maps = if maintaining recipient information is not practical. @@ -1275,19 +1281,66 @@ clients?

    -Your problem could be that the disk is saturated with I/O from -receiving mail, so that the Postfix queue manager gets insufficient -chance to process the requests (many SMTP server processes are -competing for disk access against one poor queue manager). +Your problem could be one of several. + +

    + +

      + +
    • You're trying to send mail to difficult to reach sites (Hotmail, +Yahoo, etc.). Solution: set up transport map entries that give special +treatment (many parallel connections, short connection timeouts): + +

      + +

      +/etc/postfix/main.cf:
+    transport_maps = hash:/etc/postfix/transport
+    deadbeats_destination_concurrency_limit = 50
+
+/etc/postfix/transport:
+    hotmail.com		deadbeats:
+    yahoo.com		deadbeats:
+
+/etc/postfix/master.cf:
+    deadbeats	  unix	-	-	n	-	-	smtp
+	-o smtp_connect_timeout=5 -o smtp_helo_timeout=5
+
      + +

      + +

    • Incoming mail, destined for a small number of inside mailhubs, +is competing with outgoing mail to the Internet. As of Postfix +version 2, this should be less of a problem. However, when a single +internal mailhub goes down, it can totally ruin the performance +because Postfix is wasting huge amounts of time on connection +timeouts. The solution is to specify shorter connection timeouts +for the inbound relay transport:

      -You solve the problem by getting faster disks. +

      +/etc/postfix/main.cf:
+    mydestination = my.own.host.name
+    relay_domains = my.corp.domain
+    relay_transport = relay
+
+/etc/postfix/master.cf:
+    relay	  unix	-	-	n	-	-	smtp
+	-o smtp_connect_timeout=2 -o smtp_helo_timeout=2
+

      -I am still solving the scheduling problem from the software side, -but don't hold your breath. +

    • The disk is saturated with I/O from +receiving mail, so that the Postfix queue manager gets insufficient +chance to process the requests (many SMTP server processes are +competing for disk access against one poor queue manager). + +

      + +You solve the problem by getting faster disks, and/or by using +different disk drives for logging, mail queue, and mailboxes.

      @@ -1322,6 +1375,8 @@ depending on the interface that it is supposed to handle. inet_interfaces = $myhostname +

    +

    Postfix responds slowly to incoming SMTP connections

     @@ -1706,6 +1761,12 @@ your nslookup test should begin with asking for the MX record. Some DNS servers are broken and produce no reply when asked for a non-existent MX record. +

  • Secondly, the nslookup test is invalid if you ran it as +a privileged user. Postfix DNS lookups are known to fail because +of incorrect permissions on system files and directories. For +example, a common beginner's mistake is to lose world read permission +for the /etc/resolv.conf file. +

  • Check out your Postfix master.cf file. If the SMTP client @@ -1954,8 +2015,8 @@ systems for performance and/or security reasons.

    -The warning message means that new mail notificiation failed because -the comsat network service is turned off. +The Postfix warning message means that new mail notification failed +because the comsat network service is turned off.

    @@ -1971,6 +2032,12 @@ specify:

    +Note: recent versions of procmail also produce biff +notifications. To silence biff completely you may also have +to update procmail configuration files. + +

    + To enable the comsat network service, uncomment the corresponding entry in the inetd.conf file, and kill -HUP the inetd process. @@ -2023,11 +2090,17 @@ you use the default Postfix local delivery agent: 

         /etc/postfix/main.cf:
-        local_recipient_maps = $alias_maps, unix:passwd.byname
+        local_recipient_maps = $alias_maps, proxy:unix:passwd.byname

    +You need the proxy: part only if master.cf specifies +that the Postfix SMTP server runs chrooted. As distributed by the +author, Postfix runs no daemons chrooted. + +

    + The local recipients tables are searched by the recipient address (user@domain) and by the recipient name (the address minus the domain). Postfix does not care what the lookup result looks like, @@ -2040,10 +2113,12 @@ To stop Postfix from rejecting local mail incorrectly: