From: Wietse Venema Date: Thu, 21 Oct 2004 05:00:00 +0000 (-0500) Subject: postfix-2.2-20041021 X-Git-Tag: v2.2.0-RC1~34 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2ffad66ca7bfd36bd394abf658e1685b1e536f6;p=thirdparty%2Fpostfix.git postfix-2.2-20041021 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 6d892e6aa..cf842ac64 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -9774,33 +9774,28 @@ Apologies for any names omitted. Portability: AIX 5.1/GCC. -20041014-19 +20041014-21 - Message header address rewriting contexts, so that spam - from badly written software won't look like it came from - a local user. + By default, Postfix no longer appends the local domain to + incomplete message header addresses from remote clients. + Thus, spam from badly written software no longer looks like + it came from a local user. - The default "local" rewriting context appends "@$myorigin" - or ".$mydomain" to incomplete message header addresses, - just like Postfix has always done. - - The new "invalid" address context appends "domain.invalid" - instead (or whatever domain name is specified with the - invalid_rewrite_context_domain parameter). - - The new "none" address rewriting context does not modify - message header addresses at all. + Instead, Postfix either does not rewrite headers from remote + clients at all, or it appends the domain name that is + specified with the new invalid_rewrite_context_domain + parameter. - Postfix uses the "local" rewriting context for mail posted - with Postfix sendmail, from clients listed with the - local_rewrite_context_clients parameter (default: $mynetworks) - and from SASL authenticated clients. + Postfix still appends $@myorigin or .$mydomain to headers + in mail from Postfix sendmail, from clients listed with + the local_rewrite_context_clients parameter (default: + permit_mynetworks, permit_sasl_authenticated). The context specified with remote_rewrite_context_name is used for all other clients. The default setting is backwards compatible to avoid surprises. - Postfix always uses the "local" rewriting context to update + Postfix still appends $@myorigin or .$mydomain when rewriting incomplete envelope addresses. 20041018 @@ -9814,6 +9809,11 @@ Apologies for any names omitted. Open problems: + High: document master(5) for generic daemon options. + + Low: reject HELO with any domain name that this MTA is + final destination for. + Low: should the Delivered-To: test in local(8) be configurable? Low: append a different domain (like, address.invalid) for diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index a49dd406e..3c8f5d415 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -672,7 +672,7 @@ The default time unit is s (seconds).

With locally submitted mail, append the string "@$myorigin" to mail addresses without domain information. With remotely submitted mail, -append the string "@$invalid_domain" instead. +append the string "@$remote_header_rewrite_domain" instead.

@@ -689,7 +689,8 @@ Postfix does not support domain-less addresses.

With locally submitted mail, append the string ".$mydomain" to addresses that have no ".domain" information. With remotely submitted -mail, append the string ".$invalid_domain" instead. +mail, append the string ".$remote_header_rewrite_domain" +instead.

@@ -2571,17 +2572,6 @@ block all mail to a site.

- - -
invalid_header_rewrite_context_domain -(default: domain.invalid)
- -

Append this domain to incomplete message header addresses from -remote clients, when $remote_header_rewrite_context_name is set to -"invalid". This is one way to avoid appending your own domain to -addresses in spam from poorly written software.

- -
invalid_hostname_reject_code @@ -3082,34 +3072,61 @@ into concurrency per domain.

-
local_header_rewrite_context_clients -(default: $mynetworks)
+
local_header_rewrite_clients +(default: see "postconf -d" output)
-

Append the domain names in $myorigin and $mydomain to incomplete -message header addresses from these clients.

+

Append the domain name in $myorigin or $mydomain to incomplete +message header addresses from these clients; append +$remote_header_rewrite_domain for all other clients.

-

Specify a list of network addresses or network/netmask patterns, -separated by comma or whitespace. Continue long lines by starting -the next line with whitespace.

+

Specify a list of zero or more of the following:

-

A network mask specifies the number of bits in the network part -of a host address. You can also specify "/file/name" or "type:table" -patterns. A "/file/name" pattern is replaced by its contents; a -"type:table" lookup table is matched when a client name or address -matches a lookup key (the lookup result is ignored).

+
-

The list is matched left to right, and the search stops on the -first match. Specify "!pattern" to exclude an address or network -block from the list.

+
permit_mynetworks
-

-Examples: -

+
Append the domain name in $myorigin or $mydomain when the +client IP address matches any network or network address listed in +$mynetworks. This is enabled by default.
+ +
permit_sasl_authenticated
+ +
Append the domain name in $myorigin or $mydomain when the +client is successfully authenticated via the RFC 2554 (AUTH) +protocol. This is enabled by default.
+ +
permit_tls_clientcerts
+ +
Append the domain name in $myorigin or $mydomain when the +client TLS certificate is successfully verified, and the client +certificate fingerprint is listed on the server. This is enabled +by default.
+ +
permit_tls_all_clientcerts
+ +
Append the domain name in $myorigin or $mydomain when the +client TLS certificate is successfully verified, regardless of +whether it is listed on the server, and regardless of the certifying +authority.
+ +
check_address_map type:table
+ +
type:table +
+ +
Append the domain name in $myorigin or $mydomain when the +client IP address matches the specified lookup table. The lookup +result is ignored, and no subnet lookup is done. This is suitable +for pop-before-smtp lookup tables.
+ +
+ +

Examples: 

-local_header_rewrite_context_clients = $mynetworks
-local_header_rewrite_context_clients = !192.168.0.1 $mynetworks
-local_header_rewrite_context_clients = static:all
+local_header_rewrite_clients = static:all
+local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
@@ -5028,37 +5045,15 @@ Examples:
-
remote_header_rewrite_context_name -(default: local)
- -

The address rewriting context that should be used for incomplete -mail header addresses from remote clients.

- -
    - -

  • local Append the domains specified with $myorigin -or $mydomain to incomplete message header addresses from remote -clients.

    +
    remote_header_rewrite_domain +(default: domain.invalid)
    -

  • invalid Append the domain specified with -$invalid_header_rewrite_context_domain to incomplete message header -addresses from remote clients. This is one way to avoid appending +

    Append this domain name to incomplete message header addresses +from remote clients; when this domain name is empty, don't rewrite +remote message headers at all. Both stop Postfix from appending your own domain to addresses in spam from poorly written software. -This is a safe choice for gateways that have no control over -address rewriting by down-stream systems.

    -

  • none Don't modify message headers from remote -clients at all. This is another way to avoid appending your own -domain to addresses in spam from poorly written software. This -is the preferred choice for purists.

    - -
- -

Note: Postfix always appends the domains specified with $myorigin -or $mydomain to incomplete envelope addresses, because those -addresses are effectively equivalent to local addresses.

-
@@ -6404,7 +6399,12 @@ least significant octets. See the access(5) manual p
permit_mynetworks
Permit the request when the client IP address matches any -network listed in $mynetworks.
+network or network address listed in $mynetworks. + +
permit_sasl_authenticated
+ +
Permit the request when the client is successfully +authenticated via the RFC 2554 (AUTH) protocol.
reject_rbl_client rbl_domain=d.d.d.d
@@ -7330,13 +7330,13 @@ the Postfix SMTP server does not use authentication.

-If a remote SMTP client is authenticated, the permit_sasl_authenticated +If a remote SMTP client is authenticated, the permit_sasl_authenticated access restriction can be used to permit relay access, like this: 

     smtpd_recipient_restrictions =
-        permit_mynetworks, permit_sasl_authenticated, ...
+        permit_mynetworks, permit_sasl_authenticated, ...

To reject all SMTP connections from unauthenticated clients, @@ -7344,7 +7344,7 @@ specify "smtpd_delay_reject = y 

-    smtpd_client_restrictions = permit_sasl_authenticated, reject
+    smtpd_client_restrictions = permit_sasl_authenticated, reject

diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index a4aee5498..2621c1efc 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -110,45 +110,39 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.2 and later: - local_header_rewrite_context_clients ($mynetworks) - Append the domain names in $myorigin and $mydomain - to incomplete message header addresses from these - clients. - - remote_header_rewrite_context_name (local) - The address rewriting context that should be used - for incomplete mail header addresses from remote - clients. - - Implemented by the trivial-rewrite(8) server: - - invalid_header_rewrite_context_domain (domain.invalid) - Append this domain to incomplete message header - addresses from remote clients, when - $remote_header_rewrite_context_name is set to - "invalid". + local_header_rewrite_clients (see 'postconf -d' output) + Append the domain name in $myorigin or $mydomain to + incomplete message header addresses from these + clients; append $remote_header_rewrite_domain for + all other clients. + + remote_header_rewrite_domain (domain.invalid) + Append this domain name to incomplete message + header addresses from remote clients; when this + domain name is empty, don't rewrite remote message + headers at all. AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS - As of version 1.0, Postfix can be configured to send new - mail to an external content filter AFTER the mail is - queued. This content filter is expected to inject mail - back into a (Postfix or other) MTA for further delivery. + As of version 1.0, Postfix can be configured to send new + mail to an external content filter AFTER the mail is + queued. This content filter is expected to inject mail + back into a (Postfix or other) MTA for further delivery. See the FILTER_README document for details. content_filter (empty) - The name of a mail delivery transport that filters + The name of a mail delivery transport that filters mail after it is queued. BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS - As of version 2.1, the Postfix SMTP server can be config- - ured to send incoming mail to a real-time SMTP-based con- + As of version 2.1, the Postfix SMTP server can be config- + ured to send incoming mail to a real-time SMTP-based con- tent filter BEFORE mail is queued. This content filter is - expected to inject mail back into Postfix. See the - SMTPD_PROXY_README document for details on how to config- + expected to inject mail back into Postfix. See the + SMTPD_PROXY_README document for details on how to config- ure and operate this feature. smtpd_proxy_filter (empty) - The hostname and TCP port of the mail filtering + The hostname and TCP port of the mail filtering proxy server. smtpd_proxy_ehlo ($myhostname) @@ -160,42 +154,42 @@ SMTPD(8) SMTPD(8) for sending or receiving information. GENERAL CONTENT INSPECTION CONTROLS - The following parameters are applicable for both built-in + The following parameters are applicable for both built-in and external content filters. Available in Postfix version 2.1 and later: receive_override_options (empty) - Enable or disable recipient validation, built-in + Enable or disable recipient validation, built-in content filtering, or address mapping. EXTERNAL CONTENT INSPECTION CONTROLS - The following parameters are applicable for both before- + The following parameters are applicable for both before- queue and after-queue content filtering. Available in Postfix version 2.1 and later: smtpd_authorized_xforward_hosts (empty) - What SMTP clients are allowed to use the XFORWARD + What SMTP clients are allowed to use the XFORWARD feature. SASL AUTHENTICATION CONTROLS - Postfix SASL support (RFC 2554) can be used to authenti- - cate remote SMTP clients to the Postfix SMTP server, and - to authenticate the Postfix SMTP client to a remote SMTP + Postfix SASL support (RFC 2554) can be used to authenti- + cate remote SMTP clients to the Postfix SMTP server, and + to authenticate the Postfix SMTP client to a remote SMTP server. See the SASL_README document for details. broken_sasl_auth_clients (no) - Enable inter-operability with SMTP clients that - implement an obsolete version of the AUTH command + Enable inter-operability with SMTP clients that + implement an obsolete version of the AUTH command (RFC 2554). smtpd_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP + Enable SASL authentication in the Postfix SMTP server. smtpd_sasl_application_name (smtpd) - The application name used for SASL server initial- + The application name used for SASL server initial- ization. smtpd_sasl_local_domain (empty) @@ -206,69 +200,69 @@ SMTPD(8) SMTPD(8) SMTP server will offer to the client. smtpd_sender_login_maps (empty) - Optional lookup table with the SASL login names + Optional lookup table with the SASL login names that own sender (MAIL FROM) addresses. Available in Postfix version 2.1 and later: smtpd_sasl_exceptions_networks (empty) - What SMTP clients Postfix will not offer AUTH sup- + What SMTP clients Postfix will not offer AUTH sup- port to. VERP SUPPORT CONTROLS - With VERP style delivery, each recipient of a message + With VERP style delivery, each recipient of a message receives a customized copy of the message with his/her own - recipient address encoded in the envelope sender address. + recipient address encoded in the envelope sender address. The VERP_README file describes configuration and operation - details of Postfix support for variable envelope return + details of Postfix support for variable envelope return path addresses. VERP style delivery is requested with the - SMTP XVERP command or with the "sendmail -V" command-line - option and is available in Postfix version 1.1 and later. + SMTP XVERP command or with the "sendmail -V" command-line + option and is available in Postfix version 1.1 and later. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line + The characters Postfix accepts as VERP delimiter + characters on the Postfix sendmail(1) command line and in SMTP commands. Available in Postfix version 1.1 and 2.0: authorized_verp_clients ($mynetworks) - What SMTP clients are allowed to specify the XVERP + What SMTP clients are allowed to specify the XVERP command. Available in Postfix version 2.1 and later: smtpd_authorized_verp_clients ($authorized_verp_clients) - What SMTP clients are allowed to specify the XVERP + What SMTP clients are allowed to specify the XVERP command. TROUBLE SHOOTING CONTROLS - The DEBUG_README document describes how to debug parts of - the Postfix mail system. The methods vary from making the - software log a lot of detail, to running some daemon pro- + The DEBUG_README document describes how to debug parts of + the Postfix mail system. The methods vary from making the + software log a lot of detail, to running some daemon pro- cesses under control of a call tracer or debugger. debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the + The increment in verbose logging level when a + remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified + Optional list of remote client or server hostname + or network address patterns that cause the verbose + logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, + The recipient of postmaster notifications about + mail delivery problems that are caused by policy, resource, software or protocol errors. notify_classes (resource, software) - The list of error classes that are reported to the + The list of error classes that are reported to the postmaster. soft_bounce (no) @@ -278,22 +272,22 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.1 and later: smtpd_authorized_xclient_hosts (empty) - What SMTP clients are allowed to use the XCLIENT + What SMTP clients are allowed to use the XCLIENT feature. KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS - As of Postfix version 2.0, the SMTP server rejects mail - for unknown recipients. This prevents the mail queue from - clogging up with undeliverable MAILER-DAEMON messages. - Additional information on this topic is in the + As of Postfix version 2.0, the SMTP server rejects mail + for unknown recipients. This prevents the mail queue from + clogging up with undeliverable MAILER-DAEMON messages. + Additional information on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. show_user_unknown_table_name (yes) - Display the name of the recipient table in the + Display the name of the recipient table in the "User unknown" responses. canonical_maps (empty) - Optional address mapping lookup tables for message + Optional address mapping lookup tables for message headers and envelopes. recipient_canonical_maps (empty) @@ -304,7 +298,7 @@ SMTPD(8) SMTPD(8) mydestination ($myhostname, localhost.$mydomain, local- host) - The list of domains that are delivered via the + The list of domains that are delivered via the $local_transport mail delivery transport. inet_interfaces (all) @@ -313,185 +307,185 @@ SMTPD(8) SMTPD(8) proxy_interfaces (empty) The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network + tem receives mail on by way of a proxy or network address translation unit. local_recipient_maps (proxy:unix:passwd.byname $alias_maps) - Lookup tables with all names or addresses of local - recipients: a recipient address is local when its - domain matches $mydestination, $inet_interfaces or + Lookup tables with all names or addresses of local + recipients: a recipient address is local when its + domain matches $mydestination, $inet_interfaces or $proxy_interfaces. unknown_local_recipient_reject_code (550) - The numerical Postfix SMTP server response code - when a recipient address is local, and - $local_recipient_maps specifies a list of lookup + The numerical Postfix SMTP server response code + when a recipient address is local, and + $local_recipient_maps specifies a list of lookup tables that does not match the recipient. - Parameters concerning known/unknown recipients of relay + Parameters concerning known/unknown recipients of relay destinations: relay_domains ($mydestination) - What destination domains (and subdomains thereof) + What destination domains (and subdomains thereof) this system will relay mail to. relay_recipient_maps (empty) - Optional lookup tables with all valid addresses in + Optional lookup tables with all valid addresses in the domains that match $relay_domains. unknown_relay_recipient_reject_code (550) The numerical Postfix SMTP server reply code when a - recipient address matches $relay_domains, and - relay_recipient_maps specifies a list of lookup + recipient address matches $relay_domains, and + relay_recipient_maps specifies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual + Parameters concerning known/unknown recipients in virtual alias domains: virtual_alias_domains ($virtual_alias_maps) Postfix is final destination for the specified list - of virtual alias domains, that is, domains for - which all addresses are aliased to addresses in + of virtual alias domains, that is, domains for + which all addresses are aliased to addresses in other local or remote domains. virtual_alias_maps ($virtual_maps) - Optional lookup tables that alias specific mail - addresses or domains to other local or remote + Optional lookup tables that alias specific mail + addresses or domains to other local or remote address. unknown_virtual_alias_reject_code (550) The SMTP server reply code when a recipient address - matches $virtual_alias_domains, and $vir- - tual_alias_maps specifies a list of lookup tables + matches $virtual_alias_domains, and $vir- + tual_alias_maps specifies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual + Parameters concerning known/unknown recipients in virtual mailbox domains: virtual_mailbox_domains ($virtual_mailbox_maps) Postfix is final destination for the specified list - of domains; mail is delivered via the $vir- + of domains; mail is delivered via the $vir- tual_transport mail delivery transport. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in + Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains. unknown_virtual_mailbox_reject_code (550) The SMTP server reply code when a recipient address - matches $virtual_mailbox_domains, and $vir- + matches $virtual_mailbox_domains, and $vir- tual_mailbox_maps specifies a list of lookup tables that does not match the recipient address. RESOURCE AND RATE CONTROLS - The following parameters limit resource usage by the SMTP + The following parameters limit resource usage by the SMTP server and/or control client request rates. line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines + Upon input, long lines are chopped up into pieces + of at most this length; upon delivery, long lines are reconstructed. queue_minfree (0) - The minimal amount of free space in bytes in the + The minimal amount of free space in bytes in the queue file system that is needed to receive mail. message_size_limit (10240000) - The maximal size in bytes of a message, including + The maximal size in bytes of a message, including envelope information. smtpd_recipient_limit (1000) - The maximal number of recipients that the Postfix + The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. smtpd_timeout (300s) - The time limit for sending a Postfix SMTP server - response and for receiving a remote SMTP client + The time limit for sending a Postfix SMTP server + response and for receiving a remote SMTP client request. smtpd_history_flush_threshold (100) - The maximal number of lines in the Postfix SMTP - server command history before it is flushed upon + The maximal number of lines in the Postfix SMTP + server command history before it is flushed upon receipt of EHLO, RSET, or end of DATA. The per SMTP client connection count and request rate lim- its are implemented in co-operation with the anvil(8) ser- - vice, and are available in Postfix version 2.2 and later. + vice, and are available in Postfix version 2.2 and later. smtpd_client_connection_count_limit (50) - How many simultaneous connections any client is + How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_rate_limit (0) The maximal number of connection attempts any - client is allowed to make to this service per time + client is allowed to make to this service per time unit. smtpd_client_message_rate_limit (0) - The maximal number of message delivery requests - that any client is allowed to make to this service + The maximal number of message delivery requests + that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. smtpd_client_recipient_rate_limit (0) - The maximal number of recipient addresses that any - client is allowed to send to this service per time + The maximal number of recipient addresses that any + client is allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. smtpd_client_event_limit_exceptions ($mynetworks) - Clients that are excluded from connection count, - connection rate, message rate or recipient rate + Clients that are excluded from connection count, + connection rate, message rate or recipient rate restrictions. TARPIT CONTROLS - When a remote SMTP client makes errors, the Postfix SMTP - server can insert delays before responding. This can help - to slow down run-away software. The behavior is con- - trolled by an error counter that counts the number of - errors within an SMTP session that a client makes without + When a remote SMTP client makes errors, the Postfix SMTP + server can insert delays before responding. This can help + to slow down run-away software. The behavior is con- + trolled by an error counter that counts the number of + errors within an SMTP session that a client makes without delivering mail. smtpd_error_sleep_time (1s) - With Postfix 2.1 and later: the SMTP server - response delay after a client has made more than - $smtpd_soft_error_limit errors, and fewer than - $smtpd_hard_error_limit errors, without delivering + With Postfix 2.1 and later: the SMTP server + response delay after a client has made more than + $smtpd_soft_error_limit errors, and fewer than + $smtpd_hard_error_limit errors, without delivering mail. smtpd_soft_error_limit (10) - The number of errors a remote SMTP client is - allowed to make without delivering mail before the + The number of errors a remote SMTP client is + allowed to make without delivering mail before the Postfix SMTP server slows down all its responses. smtpd_hard_error_limit (20) - The maximal number of errors a remote SMTP client + The maximal number of errors a remote SMTP client is allowed to make without delivering mail. smtpd_junk_command_limit (100) - The number of junk commands (NOOP, VRFY, ETRN or + The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote SMTP client can send before the - Postfix SMTP server starts to increment the error + Postfix SMTP server starts to increment the error counter with each junk command. Available in Postfix version 2.1 and later: smtpd_recipient_overshoot_limit (1000) - The number of recipients that a remote SMTP client - can send in excess of the limit specified with + The number of recipients that a remote SMTP client + can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP - server increments the per-session error count for + server increments the per-session error count for each excess recipient. ACCESS POLICY DELEGATION CONTROLS - As of version 2.1, Postfix can be configured to delegate - access policy decisions to an external server that runs - outside Postfix. See the file SMTPD_POLICY_README for + As of version 2.1, Postfix can be configured to delegate + access policy decisions to an external server that runs + outside Postfix. See the file SMTPD_POLICY_README for more information. smtpd_policy_service_max_idle (300s) - The time after which an idle SMTPD policy service + The time after which an idle SMTPD policy service connection is closed. smtpd_policy_service_max_ttl (1000s) @@ -499,154 +493,154 @@ SMTPD(8) SMTPD(8) connection is closed. smtpd_policy_service_timeout (100s) - The time limit for connecting to, writing to or + The time limit for connecting to, writing to or receiving from a delegated SMTPD policy server. ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to + The SMTPD_ACCESS_README document gives an introduction to all the SMTP server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating + Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restric- tions and $smtpd_sender_restrictions, or wait until - the ETRN command before evaluating + the ETRN command before evaluating $smtpd_client_restrictions and $smtpd_helo_restric- tions. - parent_domain_matches_subdomains (see 'postconf -d' out- + parent_domain_matches_subdomains (see 'postconf -d' out- put) What Postfix features match subdomains of "domain.tld" automatically, instead of requiring an explicit ".domain.tld" pattern. smtpd_client_restrictions (empty) - Optional SMTP server access restrictions in the + Optional SMTP server access restrictions in the context of a client SMTP connection request. smtpd_helo_required (no) Require that a remote SMTP client introduces itself - at the beginning of an SMTP session with the HELO + at the beginning of an SMTP session with the HELO or EHLO command. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server + Optional restrictions that the Postfix SMTP server applies in the context of the SMTP HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server + Optional restrictions that the Postfix SMTP server applies in the context of the MAIL FROM command. smtpd_recipient_restrictions (permit_mynetworks, reject_unauth_destination) The access restrictions that the Postfix SMTP - server applies in the context of the RCPT TO com- + server applies in the context of the RCPT TO com- mand. smtpd_etrn_restrictions (empty) - Optional SMTP server access restrictions in the + Optional SMTP server access restrictions in the context of a client ETRN request. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destinations matching $relay_domains. smtpd_restriction_classes (empty) - User-defined aliases for groups of access restric- + User-defined aliases for groups of access restric- tions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) Restrict the use of the permit_mx_backup SMTP - access feature to only domains whose primary MX + access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: smtpd_data_restrictions (empty) - Optional access restrictions that the Postfix SMTP + Optional access restrictions that the Postfix SMTP server applies in the context of the SMTP DATA com- mand. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail - from unknown sender addresses, even when no - explicit reject_unlisted_sender access restriction + Request that the Postfix SMTP server rejects mail + from unknown sender addresses, even when no + explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail + Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no - explicit reject_unlisted_recipient access restric- + explicit reject_unlisted_recipient access restric- tion is specified. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient - address verification. This feature is implemented by - sending probe email messages that are not actually deliv- - ered. This feature is requested via the reject_unveri- - fied_sender and reject_unverified_recipient access - restrictions. The status of verification probes is main- + Postfix version 2.1 introduces sender and recipient + address verification. This feature is implemented by + sending probe email messages that are not actually deliv- + ered. This feature is requested via the reject_unveri- + fied_sender and reject_unverified_recipient access + restrictions. The status of verification probes is main- tained by the verify(8) server. See the file ADDRESS_VER- - IFICATION_README for information about how to configure + IFICATION_README for information about how to configure and operate the Postfix sender/recipient address verifica- tion service. address_verify_poll_count (3) - How many times to query the verify(8) service for - the completion of an address verification request + How many times to query the verify(8) service for + the completion of an address verification request in progress. address_verify_poll_delay (3s) - The delay between queries for the completion of an + The delay between queries for the completion of an address verification request in progress. address_verify_sender (postmaster) - The sender address to use in address verification + The sender address to use in address verification probes. unverified_sender_reject_code (450) - The numerical Postfix SMTP server response code - when a recipient address is rejected by the + The numerical Postfix SMTP server response code + when a recipient address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a + The numerical Postfix SMTP server response when a recipient address is rejected by the reject_unveri- fied_recipient restriction. ACCESS CONTROL RESPONSES - The following parameters control numerical SMTP reply + The following parameters control numerical SMTP reply codes and/or text responses. access_map_reject_code (554) - The numerical Postfix SMTP server response code - when a client is rejected by an access(5) map + The numerical Postfix SMTP server response code + when a client is rejected by an access(5) map restriction. defer_code (450) - The numerical Postfix SMTP server response code - when a remote SMTP client request is rejected by + The numerical Postfix SMTP server response code + when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code - when the client HELO or EHLO command parameter is - rejected by the reject_invalid_hostname restric- + The numerical Postfix SMTP server response code + when the client HELO or EHLO command parameter is + rejected by the reject_invalid_hostname restric- tion. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code + The numerical Postfix SMTP server response code when a remote SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_sender or reject_rhsbl_recipient @@ -654,47 +648,47 @@ SMTPD(8) SMTPD(8) non_fqdn_reject_code (504) The numerical Postfix SMTP server reply code when a - client request is rejected by the + client request is rejected by the reject_non_fqdn_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. reject_code (554) - The numerical Postfix SMTP server response code - when a remote SMTP client request is rejected by + The numerical Postfix SMTP server response code + when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code - when a client request is rejected by the + The numerical Postfix SMTP server response code + when a client request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) - The numerical Postfix SMTP server response code - when a sender or recipient address is rejected by + The numerical Postfix SMTP server response code + when a sender or recipient address is rejected by the reject_unknown_sender_domain or reject_unknown_recipient_domain restriction. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code - when a client without valid address <=> name map- - ping is rejected by the reject_unknown_client + The numerical Postfix SMTP server response code + when a client without valid address <=> name map- + ping is rejected by the reject_unknown_client restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code - when the hostname specified with the HELO or EHLO - command is rejected by the reject_unknown_hostname + The numerical Postfix SMTP server response code + when the hostname specified with the HELO or EHLO + command is rejected by the reject_unknown_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default SMTP server response template for a - request that is rejected by an RBL-based restric- + The default SMTP server response template for a + request that is rejected by an RBL-based restric- tion. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code + The numerical Postfix SMTP server response code when a remote SMTP client request is blocked by the reject_multi_recipient_bounce restriction. @@ -703,16 +697,16 @@ SMTPD(8) SMTPD(8) MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) - The location of all postfix administrative com- + The location of all postfix administrative com- mands. double_bounce_sender (double-bounce) @@ -733,36 +727,36 @@ SMTPD(8) SMTPD(8) and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for the next service request + The maximum amount of time that an idle Postfix + daemon process waits for the next service request before exiting. max_use (100) - The maximal number of connection requests before a + The maximal number of connection requests before a Postfix daemon process terminates. myhostname (see 'postconf -d' output) The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" SMTP clients that have more + The list of "trusted" SMTP clients that have more privileges than "strangers". myorigin ($myhostname) The domain name that locally-posted mail appears to - come from, and that locally posted mail is deliv- + come from, and that locally posted mail is deliv- ered to. process_id (read-only) - The process ID of a Postfix command or daemon pro- + The process ID of a Postfix command or daemon pro- cess. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. recipient_delimiter (empty) @@ -770,14 +764,14 @@ SMTPD(8) SMTPD(8) sions (user+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the pro- + The mail system name that is prepended to the pro- cess name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". @@ -803,7 +797,7 @@ SMTPD(8) SMTPD(8) XFORWARD_README, Postfix XFORWARD extension LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index 36022a14a..6c295cdb2 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -32,12 +32,12 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) invalid Append the domain name specified with - $invalid_header_rewrite_context_domain to - incomplete addresses. Otherwise the result - is identical to that of the local address - rewriting context. This prevents Postfix - from appending the local domain to spam from - poorly written remote clients. + $remote_header_rewrite_domain to incomplete + addresses. Otherwise the result is identical + to that of the local address rewriting con- + text. This prevents Postfix from appending + the local domain to spam from poorly written + remote clients. resolve address Resolve an address to a (transport, nexthop, recip- @@ -135,18 +135,10 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) Available in Postfix 2.2 and later: - invalid_header_rewrite_context_domain (domain.invalid) + remote_header_rewrite_domain (domain.invalid) Append this domain to incomplete message header - addresses from remote clients, when - $remote_header_rewrite_context_name is set to - "invalid". - - Implemented by the smtpd(8) server: - - remote_header_rewrite_context_name (local) - The address rewriting context that should be used - for incomplete mail header addresses from remote - clients. + addresses from remote clients; when the domain is + empty, don't rewrite remote message headers at all. ROUTING CONTROLS The following is applicable to Postfix version 2.0 and diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index ed6453d35..74e0f7c78 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -360,14 +360,15 @@ The default time unit is s (seconds). .SH append_at_myorigin (default: yes) With locally submitted mail, append the string "@$myorigin" to mail addresses without domain information. With remotely submitted mail, -append the string "@$invalid_domain" instead. +append the string "@$remote_header_rewrite_domain" instead. .PP This feature is enabled by default and must not be turned off. Postfix does not support domain-less addresses. .SH append_dot_mydomain (default: yes) With locally submitted mail, append the string ".$mydomain" to addresses that have no ".domain" information. With remotely submitted -mail, append the string ".$invalid_domain" instead. +mail, append the string ".$remote_header_rewrite_domain" +instead. .PP This feature is enabled by default. If disabled, users will not be able to send mail to "user@partialdomainname" but will have to @@ -1308,11 +1309,6 @@ and via the pipe(8) and virtual(8) delivery agents. .PP Warning: with concurrency of 1, one bad message can be enough to block all mail to a site. -.SH invalid_header_rewrite_context_domain (default: domain.invalid) -Append this domain to incomplete message header addresses from -remote clients, when $remote_header_rewrite_context_name is set to -"invalid". This is one way to avoid appending your own domain to -addresses in spam from poorly written software. .SH invalid_hostname_reject_code (default: 501) The numerical Postfix SMTP server response code when the client HELO or EHLO command parameter is rejected by the reject_invalid_hostname @@ -1564,32 +1560,46 @@ the entry in the master.cf file. Setting this parameter to a value > 1 changes the meaning of local_destination_concurrency_limit from concurrency per recipient into concurrency per domain. -.SH local_header_rewrite_context_clients (default: $mynetworks) -Append the domain names in $myorigin and $mydomain to incomplete -message header addresses from these clients. -.PP -Specify a list of network addresses or network/netmask patterns, -separated by comma or whitespace. Continue long lines by starting -the next line with whitespace. -.PP -A network mask specifies the number of bits in the network part -of a host address. You can also specify "/file/name" or "type:table" -patterns. A "/file/name" pattern is replaced by its contents; a -"type:table" lookup table is matched when a client name or address -matches a lookup key (the lookup result is ignored). -.PP -The list is matched left to right, and the search stops on the -first match. Specify "!pattern" to exclude an address or network -block from the list. +.SH local_header_rewrite_clients (default: see "postconf -d" output) +Append the domain name in $myorigin or $mydomain to incomplete +message header addresses from these clients; append +$remote_header_rewrite_domain for all other clients. +.PP +Specify a list of zero or more of the following: +.IP "\fB permit_mynetworks \fR" +Append the domain name in $myorigin or $mydomain when the +client IP address matches any network or network address listed in +$mynetworks. This is enabled by default. +.IP "\fB permit_sasl_authenticated \fR" +Append the domain name in $myorigin or $mydomain when the +client is successfully authenticated via the RFC 2554 (AUTH) +protocol. This is enabled by default. +.IP "\fB permit_tls_clientcerts \fR" +Append the domain name in $myorigin or $mydomain when the +client TLS certificate is successfully verified, and the client +certificate fingerprint is listed on the server. This is enabled +by default. +.IP "\fB permit_tls_all_clientcerts \fR" +Append the domain name in $myorigin or $mydomain when the +client TLS certificate is successfully verified, regardless of +whether it is listed on the server, and regardless of the certifying +authority. +.IP "\fB check_address_map \fItype:table\fR \fR" +.IP "\fB \fItype:table\fR +\fR" +Append the domain name in $myorigin or $mydomain when the +client IP address matches the specified lookup table. The lookup +result is ignored, and no subnet lookup is done. This is suitable +for pop-before-smtp lookup tables. .PP Examples: .PP .nf .na .ft C -local_header_rewrite_context_clients = $mynetworks -local_header_rewrite_context_clients = !192.168.0.1 $mynetworks -local_header_rewrite_context_clients = static:all +local_header_rewrite_clients = static:all +local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated .fi .ad .ft R @@ -2666,29 +2676,11 @@ relocated_maps = hash:/etc/postfix/relocated .fi .ad .ft R -.SH remote_header_rewrite_context_name (default: local) -The address rewriting context that should be used for incomplete -mail header addresses from remote clients. -.IP \(bu -\fBlocal\fR Append the domains specified with $myorigin -or $mydomain to incomplete message header addresses from remote -clients. -.IP \(bu -\fBinvalid\fR Append the domain specified with -$invalid_header_rewrite_context_domain to incomplete message header -addresses from remote clients. This is one way to avoid appending +.SH remote_header_rewrite_domain (default: domain.invalid) +Append this domain name to incomplete message header addresses +from remote clients; when this domain name is empty, don't rewrite +remote message headers at all. Both stop Postfix from appending your own domain to addresses in spam from poorly written software. -This is a safe choice for gateways that have no control over -address rewriting by down-stream systems. -.IP \(bu -\fBnone\fR Don't modify message headers from remote -clients at all. This is another way to avoid appending your own -domain to addresses in spam from poorly written software. This -is the preferred choice for purists. -.PP -Note: Postfix always appends the domains specified with $myorigin -or $mydomain to incomplete envelope addresses, because those -addresses are effectively equivalent to local addresses. .SH require_home_directory (default: no) Whether or not a local(8) recipient's home directory must exist before mail delivery is attempted. By default this test is disabled. @@ -3403,7 +3395,10 @@ parent domains, client IP address, or networks obtained by stripping least significant octets. See the access(5) manual page for details. .IP "\fBpermit_mynetworks\fR" Permit the request when the client IP address matches any -network listed in $mynetworks. +network or network address listed in $mynetworks. +.IP "\fBpermit_sasl_authenticated\fR" +Permit the request when the client is successfully +authenticated via the RFC 2554 (AUTH) protocol. .IP "\fBreject_rbl_client \fIrbl_domain=d.d.d.d\fR\fR" Reject the request when the reversed client network address is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index df2827404..b78991467 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -112,18 +112,14 @@ Enable or disable recipient validation, built-in content filtering, or address mapping. .PP Available in Postfix version 2.2 and later: -.IP "\fBlocal_header_rewrite_context_clients ($mynetworks)\fR" -Append the domain names in $myorigin and $mydomain to incomplete -message header addresses from these clients. -.IP "\fBremote_header_rewrite_context_name (local)\fR" -The address rewriting context that should be used for incomplete -mail header addresses from remote clients. -.PP -Implemented by the trivial-rewrite(8) server: -.IP "\fBinvalid_header_rewrite_context_domain (domain.invalid)\fR" -Append this domain to incomplete message header addresses from -remote clients, when $remote_header_rewrite_context_name is set to -"invalid". +.IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR" +Append the domain name in $myorigin or $mydomain to incomplete +message header addresses from these clients; append +$remote_header_rewrite_domain for all other clients. +.IP "\fBremote_header_rewrite_domain (domain.invalid)\fR" +Append this domain name to incomplete message header addresses +from remote clients; when this domain name is empty, don't rewrite +remote message headers at all. .SH "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS" .na .nf diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index b73109e5a..79755bd30 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -27,7 +27,7 @@ strip source routed addresses (\fI@site,@site:user@domain\fR) to \fIuser@domain\fR form. .IP \fBinvalid\fR Append the domain name specified with -\fB$invalid_header_rewrite_context_domain\fR to incomplete +\fB$remote_header_rewrite_domain\fR to incomplete addresses. Otherwise the result is identical to that of the \fBlocal\fR address rewriting context. This prevents Postfix from appending the local domain to spam from poorly @@ -127,15 +127,10 @@ The separator between user names and address extensions (user+foo). Enable the rewriting of "site!user" into "user@site". .PP Available in Postfix 2.2 and later: -.IP "\fBinvalid_header_rewrite_context_domain (domain.invalid)\fR" +.IP "\fBremote_header_rewrite_domain (domain.invalid)\fR" Append this domain to incomplete message header addresses from -remote clients, when $remote_header_rewrite_context_name is set to -"invalid". -.PP -Implemented by the smtpd(8) server: -.IP "\fBremote_header_rewrite_context_name (local)\fR" -The address rewriting context that should be used for incomplete -mail header addresses from remote clients. +remote clients; when the domain is empty, don't rewrite remote message +headers at all. .SH "ROUTING CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index e09b82ada..4e1400e68 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -183,7 +183,6 @@ while (<>) { s;\binet_interfaces\b;$&;g; s;\binitial_destination_concurrency\b;$&;g; s;\binvalid_hostname_reject_code\b;$&;g; - s;\binvalid_header_rewrite_con[-]*\n* *[]*text_domain\b;$&;g; s;\bipc_idle\b;$&;g; s;\bipc_timeout\b;$&;g; s;\bipc_ttl\b;$&;g; @@ -211,7 +210,7 @@ while (<>) { s;\blocal_recip[-]*\n* *[]*ient_maps\b;$&;g; s;\blocal_transport\b;$&;g; s;\bluser_relay\b;$&;g; - s;\blocal_header_rewrite_con[-]*\n* *[]*text_clients\b;$&;g; + s;\blocal_header_rewrite_clients\b;$&;g; s;\bmail_name\b;$&;g; s;\bmail_owner\b;$&;g; s;\bmail_release_date\b;$&;g; @@ -276,7 +275,7 @@ while (<>) { s;\brbl_reply_maps\b;$&;g; s;\breadme_directory\b;$&;g; s;\breceive_override_options\b;$&;g; - s;\bremote_header_rewrite_con[-]*\n* *[]*text_name\b;$&;g; + s;\bremote_header_rewrite_domain\b;$&;g; s;\bno_unknown_recip[-]*\n* *[]*ient_checks\b;$&;g; s;\bno_address_mappings\b;$&;g; s;\bno_header_body_checks\b;$&;g; @@ -527,6 +526,7 @@ while (<>) { # Access restrictions - generic + s;\bcheck_address_map\b;$&;g; s;\bcheck_policy_service\b;$&;g; s;\bdefer_if_permit\b;$&;g; s;\bdefer_if_reject\b;$&;g; @@ -538,6 +538,9 @@ while (<>) { s;\bcheck_client_access\b;$&;g; s;\bpermit_mynetworks\b;$&;g; + s;\bpermit_sasl_authenticated\b;$&;g; + s;\bpermit_tls_clientcerts\b;$&;g; + s;\bpermit_tls_all_clientcerts\b;$&;g; s;\breject_unknown_client\b;$&;g; s;\breject_rbl_client\b;$&;g; s;\breject_rhsbl_client\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index bc3a9e116..99021200b 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -4120,7 +4120,13 @@ least significant octets. See the access(5) manual page for details.

permit_mynetworks
Permit the request when the client IP address matches any -network listed in $mynetworks.
+network or network address listed in $mynetworks. + +
permit_sasl_authenticated
+ +
Permit the request when the client is successfully +authenticated via the RFC 2554 (AUTH) protocol.
+
reject_rbl_client rbl_domain=d.d.d.d
@@ -5551,7 +5557,7 @@ and postdrop(1).

With locally submitted mail, append the string "@$myorigin" to mail addresses without domain information. With remotely submitted mail, -append the string "@$invalid_domain" instead. +append the string "@$remote_header_rewrite_domain" instead.

@@ -5564,7 +5570,8 @@ Postfix does not support domain-less addresses.

With locally submitted mail, append the string ".$mydomain" to addresses that have no ".domain" information. With remotely submitted -mail, append the string ".$invalid_domain" instead. +mail, append the string ".$remote_header_rewrite_domain" +instead.

@@ -7211,69 +7218,66 @@ is already bounded by $max_idle.

session cache hit and miss rates for logical destinations and for physical endpoints.

-%PARAM invalid_header_rewrite_context_domain domain.invalid +%PARAM remote_header_rewrite_domain domain.invalid -

Append this domain to incomplete message header addresses from -remote clients, when $remote_header_rewrite_context_name is set to -"invalid". This is one way to avoid appending your own domain to -addresses in spam from poorly written software.

+

Append this domain name to incomplete message header addresses +from remote clients; when this domain name is empty, don't rewrite +remote message headers at all. Both stop Postfix from appending +your own domain to addresses in spam from poorly written software. +

-%PARAM local_header_rewrite_context_clients $mynetworks +%PARAM local_header_rewrite_clients see "postconf -d" output -

Append the domain names in $myorigin and $mydomain to incomplete -message header addresses from these clients.

+

Append the domain name in $myorigin or $mydomain to incomplete +message header addresses from these clients; append +$remote_header_rewrite_domain for all other clients.

-

Specify a list of network addresses or network/netmask patterns, -separated by comma or whitespace. Continue long lines by starting -the next line with whitespace.

+

Specify a list of zero or more of the following:

-

A network mask specifies the number of bits in the network part -of a host address. You can also specify "/file/name" or "type:table" -patterns. A "/file/name" pattern is replaced by its contents; a -"type:table" lookup table is matched when a client name or address -matches a lookup key (the lookup result is ignored).

+
-

The list is matched left to right, and the search stops on the -first match. Specify "!pattern" to exclude an address or network -block from the list.

+
permit_mynetworks
+
Append the domain name in $myorigin or $mydomain when the +client IP address matches any network or network address listed in +$mynetworks. This is enabled by default.
-

-Examples: -

+
permit_sasl_authenticated
-
-local_header_rewrite_context_clients = $mynetworks
-local_header_rewrite_context_clients = !192.168.0.1 $mynetworks
-local_header_rewrite_context_clients = static:all
-
+
Append the domain name in $myorigin or $mydomain when the +client is successfully authenticated via the RFC 2554 (AUTH) +protocol. This is enabled by default.
-%PARAM remote_header_rewrite_context_name local +
permit_tls_clientcerts
-

The address rewriting context that should be used for incomplete -mail header addresses from remote clients.

+
Append the domain name in $myorigin or $mydomain when the +client TLS certificate is successfully verified, and the client +certificate fingerprint is listed on the server. This is enabled +by default.
-
    +
    permit_tls_all_clientcerts
    -

  • local Append the domains specified with $myorigin -or $mydomain to incomplete message header addresses from remote -clients.

    +
    Append the domain name in $myorigin or $mydomain when the +client TLS certificate is successfully verified, regardless of +whether it is listed on the server, and regardless of the certifying +authority.
    -

  • invalid Append the domain specified with -$invalid_header_rewrite_context_domain to incomplete message header -addresses from remote clients. This is one way to avoid appending -your own domain to addresses in spam from poorly written software. -This is a safe choice for gateways that have no control over -address rewriting by down-stream systems. -

    +
    check_address_map type:table
    -

  • none Don't modify message headers from remote -clients at all. This is another way to avoid appending your own -domain to addresses in spam from poorly written software. This -is the preferred choice for purists.

    +
    type:table +
    -
+
Append the domain name in $myorigin or $mydomain when the +client IP address matches the specified lookup table. The lookup +result is ignored, and no subnet lookup is done. This is suitable +for pop-before-smtp lookup tables.
-

Note: Postfix always appends the domains specified with $myorigin -or $mydomain to incomplete envelope addresses, because those -addresses are effectively equivalent to local addresses.

+
+ +

Examples:

+ +
 
+local_header_rewrite_clients = static:all
+local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated 
+
diff --git a/postfix/src/cleanup/Makefile.in b/postfix/src/cleanup/Makefile.in index ba2aea086..f540446db 100644 --- a/postfix/src/cleanup/Makefile.in +++ b/postfix/src/cleanup/Makefile.in @@ -130,6 +130,7 @@ cleanup_addr.o: ../../include/mail_addr_find.h cleanup_addr.o: ../../include/maps.h cleanup_addr.o: ../../include/dict.h cleanup_addr.o: ../../include/argv.h +cleanup_addr.o: ../../include/rewrite_clnt.h cleanup_addr.o: cleanup.h cleanup_addr.o: ../../include/nvtable.h cleanup_addr.o: ../../include/htable.h @@ -196,6 +197,7 @@ cleanup_envelope.o: ../../include/verp_sender.h cleanup_envelope.o: ../../include/mail_proto.h cleanup_envelope.o: ../../include/iostuff.h cleanup_envelope.o: ../../include/attr.h +cleanup_envelope.o: ../../include/rewrite_clnt.h cleanup_envelope.o: cleanup.h cleanup_envelope.o: ../../include/argv.h cleanup_envelope.o: ../../include/maps.h @@ -382,6 +384,7 @@ cleanup_message.o: ../../include/iostuff.h cleanup_message.o: ../../include/attr.h cleanup_message.o: ../../include/mime_state.h cleanup_message.o: ../../include/lex_822.h +cleanup_message.o: ../../include/rewrite_clnt.h cleanup_message.o: cleanup.h cleanup_message.o: ../../include/maps.h cleanup_message.o: ../../include/dict.h @@ -451,10 +454,9 @@ cleanup_rewrite.o: ../../include/vstring.h cleanup_rewrite.o: ../../include/vbuf.h cleanup_rewrite.o: ../../include/tok822.h cleanup_rewrite.o: ../../include/resolve_clnt.h +cleanup_rewrite.o: ../../include/rewrite_clnt.h cleanup_rewrite.o: ../../include/quote_822_local.h cleanup_rewrite.o: ../../include/quote_flags.h -cleanup_rewrite.o: ../../include/rewrite_clnt.h -cleanup_rewrite.o: ../../include/mail_params.h cleanup_rewrite.o: cleanup.h cleanup_rewrite.o: ../../include/vstream.h cleanup_rewrite.o: ../../include/argv.h @@ -481,6 +483,7 @@ cleanup_state.o: ../../include/been_here.h cleanup_state.o: ../../include/mail_params.h cleanup_state.o: ../../include/mime_state.h cleanup_state.o: ../../include/header_opts.h +cleanup_state.o: ../../include/rewrite_clnt.h cleanup_state.o: cleanup.h cleanup_state.o: ../../include/vstream.h cleanup_state.o: ../../include/argv.h diff --git a/postfix/src/cleanup/cleanup_addr.c b/postfix/src/cleanup/cleanup_addr.c index dab7dbf4b..ecc577812 100644 --- a/postfix/src/cleanup/cleanup_addr.c +++ b/postfix/src/cleanup/cleanup_addr.c @@ -76,6 +76,7 @@ #include #include #include +#include /* Application-specific. */ @@ -83,7 +84,6 @@ #define STR vstring_str #define IGNORE_EXTENSION (char **) 0 -#define STREQ(x,y) (strcmp((x), (y)) == 0) /* cleanup_addr_sender - process envelope sender record */ @@ -92,6 +92,14 @@ void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) VSTRING *clean_addr = vstring_alloc(100); const char *bcc; + /* + * Note: an unqualified username is for all practical purposes equivalent + * to a fully qualified local address, if only because a reply to an + * incomplete address will be sent to a local recipient. Having to + * support both forms is error prone, therefore an incomplete envelope + * address is rewritten to fully qualified form in the local domain + * context. + */ cleanup_rewrite_internal(REWRITE_LOCAL, clean_addr, buf); if (strncasecmp(STR(clean_addr), MAIL_ADDR_MAIL_DAEMON "@", sizeof(MAIL_ADDR_MAIL_DAEMON)) == 0) { @@ -131,6 +139,14 @@ void cleanup_addr_recipient(CLEANUP_STATE *state, const char *buf) VSTRING *clean_addr = vstring_alloc(100); const char *bcc; + /* + * Note: an unqualified username is for all practical purposes equivalent + * to a fully qualified local address, if only because a reply to an + * incomplete address will be sent to a local recipient. Having to + * support both forms is error prone, therefore an incomplete envelope + * address is rewritten to fully qualified form in the local domain + * context. + */ cleanup_rewrite_internal(REWRITE_LOCAL, clean_addr, *buf ? buf : var_empty_addr); if (state->flags & CLEANUP_FLAG_MAP_OK) { @@ -164,6 +180,10 @@ void cleanup_addr_bcc(CLEANUP_STATE *state, const char *bcc) { VSTRING *clean_addr = vstring_alloc(100); + /* + * Note: BCC addresses are supplied locally, andmust be rewritten in the + * local address rewriting context. + */ cleanup_rewrite_internal(REWRITE_LOCAL, clean_addr, bcc); if (state->flags & CLEANUP_FLAG_MAP_OK) { if (cleanup_rcpt_canon_maps diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c index 56d36c8eb..a86236c96 100644 --- a/postfix/src/cleanup/cleanup_envelope.c +++ b/postfix/src/cleanup/cleanup_envelope.c @@ -68,6 +68,7 @@ #include #include #include +#include /* Application-specific. */ @@ -113,7 +114,7 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, int extra_opts; NAME_CODE rewrite_context_names[] = { REWRITE_LOCAL, 1, - REWRITE_INVALID, 1, + REWRITE_REMOTE, 1, REWRITE_NONE, 1, 0, 0, }; diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index ddbc793a9..71dd5472a 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -80,6 +80,7 @@ #include #include #include +#include /* Application-specific. */ diff --git a/postfix/src/cleanup/cleanup_rewrite.c b/postfix/src/cleanup/cleanup_rewrite.c index 6bc57f0e1..9241ac8d8 100644 --- a/postfix/src/cleanup/cleanup_rewrite.c +++ b/postfix/src/cleanup/cleanup_rewrite.c @@ -69,8 +69,8 @@ /* Global library. */ #include -#include #include +#include /* Application-specific. */ diff --git a/postfix/src/cleanup/cleanup_state.c b/postfix/src/cleanup/cleanup_state.c index 161bccbe9..3ffa5945b 100644 --- a/postfix/src/cleanup/cleanup_state.c +++ b/postfix/src/cleanup/cleanup_state.c @@ -44,6 +44,7 @@ #include #include #include +#include /* Application-specific. */ diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index a281c7f2d..1dd4f6c0a 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -455,7 +455,6 @@ canon_addr.o: ../../include/vstring.h canon_addr.o: ../../include/vbuf.h canon_addr.o: ../../include/mymalloc.h canon_addr.o: rewrite_clnt.h -canon_addr.o: mail_params.h canon_addr.o: canon_addr.h cfg_parser.o: cfg_parser.c cfg_parser.o: ../../include/sys_defs.h @@ -1382,7 +1381,6 @@ tok822_rewrite.o: ../../include/vstring.h tok822_rewrite.o: ../../include/vbuf.h tok822_rewrite.o: ../../include/msg.h tok822_rewrite.o: rewrite_clnt.h -tok822_rewrite.o: mail_params.h tok822_rewrite.o: tok822.h tok822_rewrite.o: resolve_clnt.h tok822_tree.o: tok822_tree.c diff --git a/postfix/src/global/deliver_request.c b/postfix/src/global/deliver_request.c index 39c835848..b30fd0bee 100644 --- a/postfix/src/global/deliver_request.c +++ b/postfix/src/global/deliver_request.c @@ -345,6 +345,7 @@ static DELIVER_REQUEST *deliver_request_alloc(void) request->sasl_method = 0; request->sasl_username = 0; request->sasl_sender = 0; + request->rewrite_context = 0; return (request); } @@ -385,6 +386,8 @@ static void deliver_request_free(DELIVER_REQUEST *request) myfree(request->sasl_username); if (request->sasl_sender) myfree(request->sasl_sender); + if (request->rewrite_context) + myfree(request->rewrite_context); myfree((char *) request); } diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index cfc481674..ce0a8bca6 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2091,20 +2091,19 @@ extern char *var_anvil_service; /* * What domain names to assume when no valid domain context exists. */ -#define VAR_INV_RWR_DOMAIN "invalid_header_rewrite_context_domain" -#define DEF_INV_RWR_DOMAIN "domain.invalid" -extern char *var_inv_rwr_domain; +#define VAR_REM_RWR_DOMAIN "remote_header_rewrite_domain" +#define DEF_REM_RWR_DOMAIN "domain.invalid" +extern char *var_remote_rwr_domain; -#define VAR_REM_RWR_NAME "remote_header_rewrite_context_name" -#define DEF_REM_RWR_NAME REWRITE_LOCAL -extern char *var_remote_rwr_name; +#define CHECK_ADDR_MAP "check_address_map" -#define REWRITE_LOCAL "local" -#define REWRITE_INVALID "invalid" -#define REWRITE_NONE "none" - -#define VAR_LOC_RWR_CLIENTS "local_header_rewrite_context_clients" -#define DEF_LOC_RWR_CLIENTS "$" VAR_MYNETWORKS +#define VAR_LOC_RWR_CLIENTS "local_header_rewrite_clients" +#ifdef USE_TLS +#define DEF_LOC_RWR_CLIENTS PERMIT_MYNETWORKS " " PERMIT_SASL_AUTH \ + " " PERMIT_TLS_CLIENT +#else +#define DEF_LOC_RWR_CLIENTS PERMIT_MYNETWORKS " " PERMIT_SASL_AUTH +#endif extern char *var_local_rwr_clients; /* LICENSE diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index ac7e02019..82b858b60 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only. */ -#define MAIL_RELEASE_DATE "20041020" +#define MAIL_RELEASE_DATE "20041021" #define MAIL_VERSION_NUMBER "2.2" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/global/rewrite_clnt.h b/postfix/src/global/rewrite_clnt.h index 0910b812e..5611f9fd1 100644 --- a/postfix/src/global/rewrite_clnt.h +++ b/postfix/src/global/rewrite_clnt.h @@ -15,7 +15,6 @@ * Utility library. */ #include -#include /* * External interface. @@ -23,6 +22,14 @@ #define REWRITE_ADDR "rewrite" #define REWRITE_CANON REWRITE_LOCAL /* backwards compatibility */ + /* + * XXX These should be moved to mail_proto.h because they appear as + * attribute values in queue file records and delivery requests. + */ +#define REWRITE_LOCAL "local" +#define REWRITE_REMOTE "remote" +#define REWRITE_NONE "none" + extern VSTRING *rewrite_clnt(const char *, const char *, VSTRING *); extern VSTRING *rewrite_clnt_internal(const char *, const char *, VSTRING *); diff --git a/postfix/src/global/rewrite_clnt.in b/postfix/src/global/rewrite_clnt.in index 87a679610..addf66321 100644 --- a/postfix/src/global/rewrite_clnt.in +++ b/postfix/src/global/rewrite_clnt.in @@ -11,16 +11,16 @@ local a@ local a@. local a@b local a@b. -invalid ! -invalid a! -invalid !b -invalid a!b -invalid % -invalid a% -invalid %b -invalid a%b -invalid @ -invalid a@ -invalid a@. -invalid a@b -invalid a@b. +remote ! +remote a! +remote !b +remote a!b +remote % +remote a% +remote %b +remote a%b +remote @ +remote a@ +remote a@. +remote a@b +remote a@b. diff --git a/postfix/src/global/rewrite_clnt.ref b/postfix/src/global/rewrite_clnt.ref index d846a4dd7..1af736483 100644 --- a/postfix/src/global/rewrite_clnt.ref +++ b/postfix/src/global/rewrite_clnt.ref @@ -50,55 +50,55 @@ rule local address a@b. result a@b -rule invalid +rule remote address ! result ""@ -rule invalid +rule remote address a! result ""@a.domain.invalid -rule invalid +rule remote address !b result b@ -rule invalid +rule remote address a!b result b@a.domain.invalid -rule invalid +rule remote address % result ""@ -rule invalid +rule remote address a% result a@ -rule invalid +rule remote address %b result ""@b.domain.invalid -rule invalid +rule remote address a%b result a@b.domain.invalid -rule invalid +rule remote address @ result "" -rule invalid +rule remote address a@ result a@ -rule invalid +rule remote address a@. result a@. -rule invalid +rule remote address a@b result a@b.domain.invalid -rule invalid +rule remote address a@b. result a@b diff --git a/postfix/src/lmtp/lmtp_proto.c b/postfix/src/lmtp/lmtp_proto.c index b45543ed8..8c8426917 100644 --- a/postfix/src/lmtp/lmtp_proto.c +++ b/postfix/src/lmtp/lmtp_proto.c @@ -119,6 +119,7 @@ #include #include #include +#include /* Application-specific. */ diff --git a/postfix/src/local/Makefile.in b/postfix/src/local/Makefile.in index 6987e83d3..60b4c78dc 100644 --- a/postfix/src/local/Makefile.in +++ b/postfix/src/local/Makefile.in @@ -438,8 +438,8 @@ resolve.o: ../../include/iostuff.h resolve.o: ../../include/attr.h resolve.o: ../../include/resolve_clnt.h resolve.o: ../../include/rewrite_clnt.h -resolve.o: ../../include/mail_params.h resolve.o: ../../include/tok822.h +resolve.o: ../../include/mail_params.h resolve.o: ../../include/defer.h resolve.o: ../../include/bounce.h resolve.o: ../../include/deliver_request.h diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index b015d9ee6..e1be5a490 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -1119,6 +1119,8 @@ void qmgr_message_free(QMGR_MESSAGE *message) myfree(message->sasl_username); if (message->sasl_sender) myfree(message->sasl_sender); + if (message->rewrite_context) + myfree(message->rewrite_context); qmgr_rcpt_list_free(&message->rcpt_list); qmgr_message_count--; myfree((char *) message); diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index 52ddfcdb0..48052de60 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -1225,6 +1225,8 @@ void qmgr_message_free(QMGR_MESSAGE *message) myfree(message->sasl_username); if (message->sasl_sender) myfree(message->sasl_sender); + if (message->rewrite_context) + myfree(message->rewrite_context); qmgr_rcpt_list_free(&message->rcpt_list); qmgr_message_count--; myfree((char *) message); diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 4e13a1432..e4ddb557d 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -121,6 +121,7 @@ #include #include #include +#include /* Application-specific. */ diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 0f6d94535..85c9a9efe 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -94,18 +94,14 @@ /* filtering, or address mapping. /* .PP /* Available in Postfix version 2.2 and later: -/* .IP "\fBlocal_header_rewrite_context_clients ($mynetworks)\fR" -/* Append the domain names in $myorigin and $mydomain to incomplete -/* message header addresses from these clients. -/* .IP "\fBremote_header_rewrite_context_name (local)\fR" -/* The address rewriting context that should be used for incomplete -/* mail header addresses from remote clients. -/* .PP -/* Implemented by the trivial-rewrite(8) server: -/* .IP "\fBinvalid_header_rewrite_context_domain (domain.invalid)\fR" -/* Append this domain to incomplete message header addresses from -/* remote clients, when $remote_header_rewrite_context_name is set to -/* "invalid". +/* .IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR" +/* Append the domain name in $myorigin or $mydomain to incomplete +/* message header addresses from these clients; append +/* $remote_header_rewrite_domain for all other clients. +/* .IP "\fBremote_header_rewrite_domain (domain.invalid)\fR" +/* Append this domain name to incomplete message header addresses +/* from remote clients; when this domain name is empty, don't rewrite +/* remote message headers at all. /* AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS /* .ad /* .fi @@ -683,6 +679,7 @@ #include #endif #include +#include /* Single-threaded server skeleton. */ @@ -795,7 +792,7 @@ char *var_smtpd_hoggers; #endif -char *var_remote_rwr_name; +char *var_remote_rwr_domain; char *var_local_rwr_clients; /* @@ -817,11 +814,13 @@ static NAMADR_LIST *verp_clients; * its own access control. */ static NAMADR_LIST *xclient_hosts; +static int xclient_allowed; /* XXX should be SMTPD_STATE member */ /* * XFORWARD command. Access control is cached. */ static NAMADR_LIST *xforward_hosts; +static int xforward_allowed; /* XXX should be SMTPD_STATE member */ /* * Client connection and rate limiting. @@ -987,11 +986,11 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) if (namadr_list_match(verp_clients, state->name, state->addr)) smtpd_chat_reply(state, "250-%s", VERP_CMD); /* XCLIENT must not override its own access control. */ - if (state->xclient_allowed) + if (xclient_allowed) smtpd_chat_reply(state, "250-" XCLIENT_CMD " " XCLIENT_NAME " " XCLIENT_ADDR " " XCLIENT_PROTO " " XCLIENT_HELO); - if (state->xforward_allowed) + if (xforward_allowed) smtpd_chat_reply(state, "250-" XFORWARD_CMD " " XFORWARD_NAME " " XFORWARD_ADDR " " XFORWARD_PROTO " " XFORWARD_HELO @@ -1277,7 +1276,7 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) */ #ifdef SNAPSHOT if (SMTPD_STAND_ALONE(state) == 0 - && !state->xclient_allowed + && !xclient_allowed && anvil_clnt && var_smtpd_cmail_limit > 0 && !namadr_list_match(hogger_list, state->name, state->addr) @@ -1487,7 +1486,7 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) */ #ifdef SNAPSHOT if (SMTPD_STAND_ALONE(state) == 0 - && !state->xclient_allowed + && !xclient_allowed && anvil_clnt && var_smtpd_crcpt_limit > 0 && !namadr_list_match(hogger_list, state->name, state->addr) @@ -2105,7 +2104,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) XCLIENT_CMD); return (-1); } - if (!state->xclient_allowed) { + if (!xclient_allowed) { state->error_mask |= MAIL_ERROR_POLICY; smtpd_chat_reply(state, "554 Error: insufficient authorization"); return (-1); @@ -2271,7 +2270,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) XFORWARD_CMD); return (-1); } - if (!state->xforward_allowed) { + if (!xforward_allowed) { state->error_mask |= MAIL_ERROR_POLICY; smtpd_chat_reply(state, "554 Error: insufficient authorization"); return (-1); @@ -2374,7 +2373,8 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) case SMTPD_STATE_XFORWARD_DOMAIN: if (STREQ(attr_value, XFORWARD_UNAVAILABLE)) attr_value = XFORWARD_DOM_LOCAL; - context_name[1] = var_remote_rwr_name; + context_name[1] = *var_remote_rwr_domain ? + REWRITE_REMOTE : REWRITE_NONE; if ((context_code = name_code(xforward_to_context, NAME_CODE_FLAG_NONE, attr_value)) < 0) { @@ -2550,7 +2550,7 @@ static void smtpd_proto(SMTPD_STATE *state, const char *service) */ #ifdef SNAPSHOT if (SMTPD_STAND_ALONE(state) == 0 - && !state->xclient_allowed + && !xclient_allowed && anvil_clnt && !namadr_list_match(hogger_list, state->name, state->addr) && anvil_clnt_connect(anvil_clnt, service, state->addr, @@ -2651,7 +2651,7 @@ static void smtpd_proto(SMTPD_STATE *state, const char *service) */ #ifdef SNAPSHOT if (SMTPD_STAND_ALONE(state) == 0 - && !state->xclient_allowed + && !xclient_allowed && anvil_clnt && !namadr_list_match(hogger_list, state->name, state->addr)) anvil_clnt_disconnect(anvil_clnt, service, state->addr); @@ -2710,13 +2710,13 @@ static void smtpd_service(VSTREAM *stream, char *service, char **argv) /* * XCLIENT must not override its own access control. */ - state.xclient_allowed = + xclient_allowed = namadr_list_match(xclient_hosts, state.name, state.addr); /* * Overriding XFORWARD access control makes no sense, either. */ - state.xforward_allowed = + xforward_allowed = namadr_list_match(xforward_hosts, state.name, state.addr); /* @@ -2793,12 +2793,6 @@ static void pre_jail_init(char *unused_name, char **unused_argv) static void post_jail_init(char *unused_name, char **unused_argv) { - NAME_CODE rewrite_context_names[] = { - REWRITE_LOCAL, 1, - REWRITE_INVALID, 1, - REWRITE_NONE, 1, - 0, 0, - }; /* * Initialize the receive transparency options: do we want unknown @@ -2827,14 +2821,6 @@ static void post_jail_init(char *unused_name, char **unused_argv) || var_smtpd_cmail_limit || var_smtpd_crcpt_limit) anvil_clnt = anvil_clnt_create(); #endif - - /* - * Sanity check. - */ - if (name_code(rewrite_context_names, NAME_CODE_FLAG_STRICT_CASE, - var_remote_rwr_name) == 0) - msg_fatal("parameter %s: invalid value: %s", - VAR_REM_RWR_NAME, var_remote_rwr_name); } /* main - the main program */ @@ -2937,8 +2923,8 @@ int main(int argc, char **argv) #ifdef SNAPSHOT VAR_SMTPD_HOGGERS, DEF_SMTPD_HOGGERS, &var_smtpd_hoggers, 0, 0, #endif - VAR_REM_RWR_NAME, DEF_REM_RWR_NAME, &var_remote_rwr_name, 1, 0, - VAR_LOC_RWR_CLIENTS, DEF_LOC_RWR_CLIENTS, &var_local_rwr_clients, 1, 0, + VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0, + VAR_LOC_RWR_CLIENTS, DEF_LOC_RWR_CLIENTS, &var_local_rwr_clients, 0, 0, 0, }; static CONFIG_RAW_TABLE raw_table[] = { diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h index 54ae936d4..890be0b6f 100644 --- a/postfix/src/smtpd/smtpd.h +++ b/postfix/src/smtpd/smtpd.h @@ -88,8 +88,6 @@ typedef struct SMTPD_STATE { int junk_cmds; /* counter */ int rcpt_overshoot; /* counter */ char *rewrite_context_name; /* address rewriting context */ - int xclient_allowed; /* permission to use XCLIENT */ - int xforward_allowed; /* permission to use XFORWARD */ /* * SASL specific. diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 593d42cfc..077834d23 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -48,7 +48,7 @@ /* smtpd_check_addr() sanity checks an email address and returns /* non-zero in case of badness. /* -/* smtpd_check_rewrite() shuod be called before opening a queue +/* smtpd_check_rewrite() should be called before opening a queue /* file or proxy connection, in order to establish the proper /* header address rewriting context. /* @@ -276,7 +276,6 @@ static MAPS *smtpd_sender_login_maps; static DOMAIN_LIST *relay_domains; static NAMADR_LIST *mynetworks; static NAMADR_LIST *perm_mx_networks; -static NAMADR_LIST *local_rewrite_clients; /* * How to do parent domain wildcard matching, if any. @@ -296,6 +295,8 @@ static ARGV *data_restrctions; static HTABLE *smtpd_rest_classes; static HTABLE *policy_clnt_table; +static ARGV *local_rewrite_clients; + /* * Pre-parsed expansion filter. */ @@ -322,6 +323,7 @@ static int check_rcpt_maps(SMTPD_STATE *, const char *, const char *); #define SMTPD_NAME_RECIPIENT "Recipient address" #define SMTPD_NAME_ETRN "Etrn command" #define SMTPD_NAME_DATA "Data command" +#define SMTPD_NAME_REWRITE "Local address rewriting" /* * YASLM. @@ -460,7 +462,7 @@ static void policy_client_register(const char *name) /* smtpd_check_parse - pre-parse restrictions */ -static ARGV *smtpd_check_parse(const char *checks) +static ARGV *smtpd_check_parse(int flags, const char *checks) { char *saved_checks = mystrdup(checks); ARGV *argv = argv_alloc(1); @@ -473,11 +475,17 @@ static ARGV *smtpd_check_parse(const char *checks) * encounter. Dictionaries must be opened before entering the chroot * jail. */ +#define SMTPD_CHECK_PARSE_POLICY (1<<0) +#define SMTPD_CHECK_PARSE_MAPS (1<<1) +#define SMTPD_CHECK_PARSE_ALL (~0) + while ((name = mystrtok(&bp, RESTRICTION_SEPARATORS)) != 0) { argv_add(argv, name, (char *) 0); - if (last && strcasecmp(last, CHECK_POLICY_SERVICE) == 0) + if ((flags & SMTPD_CHECK_PARSE_POLICY) + && last && strcasecmp(last, CHECK_POLICY_SERVICE) == 0) policy_client_register(name); - else if (strchr(name, ':') && dict_handle(name) == 0) { + else if ((flags & SMTPD_CHECK_PARSE_MAPS) + && strchr(name, ':') && dict_handle(name) == 0) { dict_register(name, dict_open(name, O_RDONLY, DICT_FLAG_LOCK)); } last = name; @@ -571,8 +579,6 @@ void smtpd_check_init(void) perm_mx_networks = namadr_list_init(match_parent_style(VAR_PERM_MX_NETWORKS), var_perm_mx_networks); - local_rewrite_clients = - namadr_list_init(MATCH_FLAG_NONE, var_local_rwr_clients); /* * Pre-parse and pre-open the recipient maps. @@ -633,12 +639,18 @@ void smtpd_check_init(void) * Pre-parse the restriction lists. At the same time, pre-open tables * before going to jail. */ - client_restrctions = smtpd_check_parse(var_client_checks); - helo_restrctions = smtpd_check_parse(var_helo_checks); - mail_restrctions = smtpd_check_parse(var_mail_checks); - rcpt_restrctions = smtpd_check_parse(var_rcpt_checks); - etrn_restrctions = smtpd_check_parse(var_etrn_checks); - data_restrctions = smtpd_check_parse(var_data_checks); + client_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + var_client_checks); + helo_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + var_helo_checks); + mail_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + var_mail_checks); + rcpt_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + var_rcpt_checks); + etrn_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + var_etrn_checks); + data_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + var_data_checks); /* * Parse the pre-defined restriction classes. @@ -650,7 +662,8 @@ void smtpd_check_init(void) if ((value = mail_conf_lookup_eval(name)) == 0 || *value == 0) msg_fatal("restriction class `%s' needs a definition", name); htable_enter(smtpd_rest_classes, name, - (char *) smtpd_check_parse(value)); + (char *) smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + value)); } myfree(saved_classes); } @@ -661,10 +674,12 @@ void smtpd_check_init(void) */ #if 0 htable_enter(smtpd_rest_classes, "check_relay_domains", - smtpd_check_parse("permit_mydomain reject_unauth_destination")); + smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + "permit_mydomain reject_unauth_destination")); #endif htable_enter(smtpd_rest_classes, REJECT_SENDER_LOGIN_MISMATCH, - (char *) smtpd_check_parse(REJECT_AUTH_SENDER_LOGIN_MISMATCH + (char *) smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, + REJECT_AUTH_SENDER_LOGIN_MISMATCH " " REJECT_UNAUTH_SENDER_LOGIN_MISMATCH)); /* @@ -681,6 +696,12 @@ void smtpd_check_init(void) */ expand_filter = vstring_alloc(10); unescape(expand_filter, var_smtpd_exp_filter); + + /* + * Local rewrite policy. + */ + local_rewrite_clients = smtpd_check_parse(SMTPD_CHECK_PARSE_MAPS, + var_local_rwr_clients); } /* log_whatsup - log as much context as we have */ @@ -3370,26 +3391,51 @@ int smtpd_check_addr(const char *addr) void smtpd_check_rewrite(SMTPD_STATE *state) { + const char *myname = "smtpd_check_rewrite"; + int status; + char **cpp; + DICT *dict; /* - * This should be made more configurable. - */ -#define SASL_AUTHENTICATED 1 -#define NOT_SASL_AUTHENTICATED 0 - - /* - * XXX We accept same syntax as mynetwork. + * We don't use generic_checks() because it produces results that + * aren't applicable such as DEFER or REJECT. */ - if (SMTPD_STAND_ALONE(state) - || namadr_list_match(local_rewrite_clients, state->name, state->addr) + for (cpp = local_rewrite_clients->argv; *cpp != 0; cpp++) { + if (msg_verbose) + msg_info("%s: trying: %s", myname, *cpp); + status = SMTPD_CHECK_DUNNO; + if (strcasecmp(*cpp, PERMIT_MYNETWORKS) == 0) { + status = permit_mynetworks(state); + } else if (is_map_command(state, *cpp, CHECK_ADDR_MAP, &cpp)) { + if ((dict = dict_handle(*cpp)) == 0) + msg_panic("%s: dictionary not found: %s", myname, *cpp); + if (dict_get(dict, state->addr) != 0) + status = SMTPD_CHECK_OK; + } else if (strcasecmp(*cpp, PERMIT_SASL_AUTH) == 0) { #ifdef USE_SASL_AUTH - || permit_sasl_auth(state, SASL_AUTHENTICATED, - NOT_SASL_AUTHENTICATED) + status = permit_sasl_auth(state, SMTPD_CHECK_OK, + SMTPD_CHECK_DUNNO); +#else + status = SMTPD_CHECK_DUNNO; #endif - ) - state->rewrite_context_name = mystrdup(REWRITE_LOCAL); - else - state->rewrite_context_name = mystrdup(var_remote_rwr_name); +#ifdef USE_SSL + } else if (strcasecmp(*cpp, PERMIT_TLS_ALL_CLIENTCERTS) == 0) { + status = permit_tls_clientcerts(state, 1); + } else if (strcasecmp(*cpp, PERMIT_TLS_CLIENTCERTS) == 0) { + status = permit_tls_clientcerts(state, 0); +#endif + } else { + msg_warn("parameter %s: invalid request: %s", + VAR_LOC_RWR_CLIENTS, *cpp); + continue; + } + if (status == SMTPD_CHECK_OK) { + state->rewrite_context_name = mystrdup(REWRITE_LOCAL); + return; + } + } + state->rewrite_context_name = mystrdup(*var_remote_rwr_domain ? + REWRITE_REMOTE : REWRITE_NONE); } /* smtpd_check_client - validate client name or address */ @@ -4205,7 +4251,7 @@ static int rest_update(char **argv) for (rp = rest_table; rp->name; rp++) { if (strcasecmp(rp->name, argv[0]) == 0) { argv_free(rp->target[0]); - rp->target[0] = smtpd_check_parse(argv[1]); + rp->target[0] = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, argv[1]); return (1); } } @@ -4229,7 +4275,7 @@ static void rest_class(char *class) argv_free((ARGV *) entry->value); else entry = htable_enter(smtpd_rest_classes, name, (char *) 0); - entry->value = (char *) smtpd_check_parse(cp); + entry->value = (char *) smtpd_check_parse(SMTPD_CHECK_PARSE_ALL, cp); } /* resolve_clnt_init - initialize reply */ diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c index 282743b92..2030d2705 100644 --- a/postfix/src/smtpd/smtpd_proxy.c +++ b/postfix/src/smtpd/smtpd_proxy.c @@ -157,6 +157,7 @@ #include #include #include +#include /* Application-specific. */ diff --git a/postfix/src/smtpd/smtpd_state.c b/postfix/src/smtpd/smtpd_state.c index f8d8e1e20..388957d55 100644 --- a/postfix/src/smtpd/smtpd_state.c +++ b/postfix/src/smtpd/smtpd_state.c @@ -115,8 +115,6 @@ void smtpd_state_init(SMTPD_STATE *state, VSTREAM *stream, state->instance = vstring_alloc(10); state->seqno = 0; state->rewrite_context_name = 0; - state->xclient_allowed = 0; - state->xforward_allowed = 0; #ifdef USE_SASL_AUTH if (SMTPD_STAND_ALONE(state)) diff --git a/postfix/src/trivial-rewrite/Makefile.in b/postfix/src/trivial-rewrite/Makefile.in index ecfa05cf7..84da86e67 100644 --- a/postfix/src/trivial-rewrite/Makefile.in +++ b/postfix/src/trivial-rewrite/Makefile.in @@ -107,6 +107,7 @@ rewrite.o: ../../include/resolve_local.h rewrite.o: ../../include/tok822.h rewrite.o: ../../include/resolve_clnt.h rewrite.o: ../../include/mail_conf.h +rewrite.o: ../../include/rewrite_clnt.h rewrite.o: trivial-rewrite.h transport.o: transport.c transport.o: ../../include/sys_defs.h @@ -146,6 +147,7 @@ trivial-rewrite.o: ../../include/attr.h trivial-rewrite.o: ../../include/resolve_local.h trivial-rewrite.o: ../../include/mail_conf.h trivial-rewrite.o: ../../include/resolve_clnt.h +trivial-rewrite.o: ../../include/rewrite_clnt.h trivial-rewrite.o: ../../include/tok822.h trivial-rewrite.o: ../../include/mail_addr.h trivial-rewrite.o: ../../include/mail_server.h diff --git a/postfix/src/trivial-rewrite/rewrite.c b/postfix/src/trivial-rewrite/rewrite.c index a0eca67bf..6bf8a4a52 100644 --- a/postfix/src/trivial-rewrite/rewrite.c +++ b/postfix/src/trivial-rewrite/rewrite.c @@ -21,7 +21,7 @@ /* TOK822 *tree; /* /* RWR_CONTEXT local_context; -/* RWR_CONTEXT inval_context; +/* RWR_CONTEXT remote_context; /* DESCRIPTION /* This module implements the trivial address rewriting engine. /* @@ -39,7 +39,7 @@ /* rewrite_tree() rewrites a parse tree with a single address to /* another tree. A tree is a dummy node on top of a token list. /* -/* local_context and inval_context provide domain names for +/* local_context and remote_context provide domain names for /* completing incomplete address forms. /* STANDARDS /* DIAGNOSTICS @@ -78,6 +78,7 @@ #include #include #include +#include /* Application-specific. */ @@ -88,9 +89,9 @@ RWR_CONTEXT local_context = { VAR_MYDOMAIN, &var_mydomain, }; -RWR_CONTEXT inval_context = { - VAR_INV_RWR_DOMAIN, &var_inv_rwr_domain, - VAR_INV_RWR_DOMAIN, &var_inv_rwr_domain, +RWR_CONTEXT remote_context = { + VAR_REM_RWR_DOMAIN, &var_remote_rwr_domain, + VAR_REM_RWR_DOMAIN, &var_remote_rwr_domain, }; static VSTRING *ruleset; @@ -244,19 +245,10 @@ int rewrite_proto(VSTREAM *stream) ATTR_TYPE_END) != 2) return (-1); - /* - * Note: an unqualified username is for all practical purposes equivalent - * to a fully qualified local address, if only because a reply to an - * unqualified address will be sent to a local recipient. Having to - * support both forms is error prone, therefore an unqualified address is - * rewritten in the local domain context when no address rewriting - * context is given. - */ - if (strcmp(vstring_str(ruleset), REWRITE_LOCAL) == 0 - || strcmp(vstring_str(ruleset), REWRITE_NONE) == 0) + if (strcmp(vstring_str(ruleset), REWRITE_LOCAL) == 0) context = &local_context; - else if (strcmp(vstring_str(ruleset), REWRITE_INVALID) == 0) - context = &inval_context; + else if (strcmp(vstring_str(ruleset), REWRITE_REMOTE) == 0) + context = &remote_context; else { msg_warn("unknown context: %s", vstring_str(ruleset)); return (-1); diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index cdc1ebb7f..bf0b73988 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -21,7 +21,7 @@ /* to \fIuser@domain\fR form. /* .IP \fBinvalid\fR /* Append the domain name specified with -/* \fB$invalid_header_rewrite_context_domain\fR to incomplete +/* \fB$remote_header_rewrite_domain\fR to incomplete /* addresses. Otherwise the result is identical to that of /* the \fBlocal\fR address rewriting context. This prevents /* Postfix from appending the local domain to spam from poorly @@ -107,15 +107,10 @@ /* Enable the rewriting of "site!user" into "user@site". /* .PP /* Available in Postfix 2.2 and later: -/* .IP "\fBinvalid_header_rewrite_context_domain (domain.invalid)\fR" +/* .IP "\fBremote_header_rewrite_domain (domain.invalid)\fR" /* Append this domain to incomplete message header addresses from -/* remote clients, when $remote_header_rewrite_context_name is set to -/* "invalid". -/* .PP -/* Implemented by the smtpd(8) server: -/* .IP "\fBremote_header_rewrite_context_name (local)\fR" -/* The address rewriting context that should be used for incomplete -/* mail header addresses from remote clients. +/* remote clients; when the domain is empty, don't rewrite remote message +/* headers at all. /* ROUTING CONTROLS /* .ad /* .fi @@ -301,7 +296,7 @@ char *var_def_transport; char *var_empty_addr; int var_show_unk_rcpt_table; int var_resolve_nulldom; -char *var_inv_rwr_domain; +char *var_remote_rwr_domain; /* * Shadow personality for address verification. @@ -429,7 +424,7 @@ int main(int argc, char **argv) VAR_VRFY_RELAY_XPORT, DEF_VRFY_RELAY_XPORT, &var_vrfy_relay_xport, 1, 0, VAR_VRFY_DEF_XPORT, DEF_VRFY_DEF_XPORT, &var_vrfy_def_xport, 1, 0, VAR_VRFY_RELAYHOST, DEF_VRFY_RELAYHOST, &var_vrfy_relayhost, 0, 0, - VAR_INV_RWR_DOMAIN, DEF_INV_RWR_DOMAIN, &var_inv_rwr_domain, 1, 0, + VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0, 0, }; static CONFIG_BOOL_TABLE bool_table[] = {