From 3a7fa9f6e43d687b8a683b73b196a78abb6d20cf Mon Sep 17 00:00:00 2001 From: Wietse Z Venema Date: Mon, 22 Apr 2024 00:00:00 -0500 Subject: [PATCH] postfix-3.10-20240422 --- postfix/HISTORY | 45 +++++++++- postfix/README_FILES/BUILTIN_FILTER_README | 2 +- .../STANDARD_CONFIGURATION_README | 5 +- postfix/WISHLIST | 27 ++++++ postfix/conf/aliases | 87 ++++++++++--------- postfix/conf/master.cf | 2 + postfix/conf/virtual | 40 +++++---- postfix/html/BUILTIN_FILTER_README.html | 2 +- .../html/STANDARD_CONFIGURATION_README.html | 2 +- postfix/html/aliases.5.html | 14 +-- postfix/html/ldap_table.5.html | 6 ++ postfix/html/mysql_table.5.html | 6 ++ postfix/html/pgsql_table.5.html | 6 ++ postfix/html/postconf.5.html | 28 ++++-- postfix/html/virtual.5.html | 16 ++-- postfix/man/man5/aliases.5 | 12 ++- postfix/man/man5/ldap_table.5 | 6 ++ postfix/man/man5/mysql_table.5 | 6 ++ postfix/man/man5/pgsql_table.5 | 6 ++ postfix/man/man5/postconf.5 | 28 ++++-- postfix/man/man5/virtual.5 | 11 ++- postfix/proto/BUILTIN_FILTER_README.html | 2 +- .../proto/STANDARD_CONFIGURATION_README.html | 2 +- postfix/proto/aliases | 12 ++- postfix/proto/ldap_table | 6 ++ postfix/proto/mysql_table | 6 ++ postfix/proto/pgsql_table | 6 ++ postfix/proto/postconf.proto | 28 ++++-- postfix/proto/stop.double-history | 2 + postfix/proto/stop.spell-history | 6 +- postfix/proto/virtual | 11 ++- postfix/src/global/mail_version.h | 2 +- postfix/src/pickup/pickup.c | 9 +- 33 files changed, 326 insertions(+), 123 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index acf125219..c636ce03f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -26245,7 +26245,7 @@ Apologies for any names omitted. Documentation: added LINUX_README sections for logging in a container, and for systemd logging workarounds. File: - proto/LINUX_README.hmtl. + proto/LINUX_README.html. 20220126 @@ -28004,3 +28004,46 @@ Apologies for any names omitted. Documentation: added text that the read-only "service_name" configuration parameter was introduced in Postfix 3.3. File: proto/postconf.proto. + +20240402 + + Workaround: in the stock master.cf file, disable the feature + smtpd_forbid_unauth_pipelining in the submission and + submissions services, to work around a 15-year old open + Mozilla bug for sending a non-compliant SMTP command:"EHLO + we-guess.mozilla.orgQUIT" (see + https://bugzilla.mozilla.org/show_bug.cgi?id=538809). File: + conf/master.cf. + +20240413 + + Documentation: mention in the first aliases(5) and virtual(5) + manpage paragraphs that alias_maps is searched only with + the email address localpart (no domain) and that + virtual_alias_maps is often queried with a full email address + (including domain). Add similar text to the parameter + descriptions for alias_maps and virtual_alias_maps. Files: + proto/aliases, proto/virtual. + + Documentation: workaround for a load balancer paradox. When + a destination (relayhost, MySQL server, PostgreSQL server, + LDAP server) is a load balancer, and there are no alternative + servers, specify the load balancer multiple times. Without + this duplication, the Postfix client would not reconnect + immediately to the same load balancer after a server failure, + and it would defer mail. Files: proto/postconf.proto, + proto/mysql_table, proto/pgsql_table, proto/ldap_table. + +20240421 + + Documentation: replace the obsolete pickup service type + fifo with unix, and fix typos. Dilyan Palauzov. Files: + HISTORY< proto/BUILTIN_FILTER_README.html, + proto/STANDARD_CONFIGURATION_README.html + +20240418 + + Logging: when the pickup daemon logs a warning for a maildrop + queue file, log not only the 'new' name in the incoming + queue, but also log the 'old' name in the maildrop queue. + File: pickup/pickup.c. diff --git a/postfix/README_FILES/BUILTIN_FILTER_README b/postfix/README_FILES/BUILTIN_FILTER_README index 2ce639df5..690db98d1 100644 --- a/postfix/README_FILES/BUILTIN_FILTER_README +++ b/postfix/README_FILES/BUILTIN_FILTER_README @@ -235,7 +235,7 @@ server IP addresses in master.cf: -o receive_override_options=no_header_body_checks 127.0.0.1:smtp inet n - n - - smtpd -o receive_override_options=no_header_body_checks - pickup fifo n - n 60 1 pickup + pickup unix n - n 60 1 pickup -o receive_override_options=no_header_body_checks * Add some firewall rule to prevent access to 1.2.3.4:smtp from the outside diff --git a/postfix/README_FILES/STANDARD_CONFIGURATION_README b/postfix/README_FILES/STANDARD_CONFIGURATION_README index f3cdb587b..a40fb7da0 100644 --- a/postfix/README_FILES/STANDARD_CONFIGURATION_README +++ b/postfix/README_FILES/STANDARD_CONFIGURATION_README @@ -306,9 +306,8 @@ In some installations, there may be separate instances of Postfix processing inbound and outbound mail on a multi-homed firewall. The inbound Postfix instance has an SMTP server listening on the external firewall interface, and the outbound Postfix instance has an SMTP server listening on the internal -interface. In such a configuration is it is tempting to configure -$inet_interfaces in each instance with just the corresponding interface -address. +interface. In such a configuration it is tempting to configure $inet_interfaces +in each instance with just the corresponding interface address. In most cases, using inet_interfaces in this way will not work, because as documented in the $inet_interfaces reference manual, the smtp(8) delivery agent diff --git a/postfix/WISHLIST b/postfix/WISHLIST index bb053f8cb..e2e2b8dd0 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -6,10 +6,37 @@ Wish list: Disable -DSNAPSHOT and -DNONPROD in makedefs. + migrate rbl -> dnsbl + + migrate smtpd_sasl_tls_security_options to "noanonymous" + (drop the "noplaintext" part). + + Safety: restrict sender-dependent features to, for example, + mail from an authorized client (SASL, TLS, or IP address). + If this becomes the default then it needs to be subject to + comptibility_level. + + Make some of the message editing features available for + non-Milter configurations (for example, set envelope.from + from primary header.from). + The postconf command needs more mongodb tests. The mongodb client needs tests. + Change Postfix SMTP debug logging to display the entire + input, instead of stopping at the first null byte. + + SRS-friendly envelope.from output rewrite in the SMTP client. + TBD: before or after smtp_generic_maps. The two mechanisms + are unlikely to be useful in combination. + + Cleanup: In documentation, replace DBM with LMDB (*.lmdb). + + Cleanup: Is it time to remove SDBM support? Its iterator + was unusable, when the SDBM client was adopted in Postfix + 2.2. + In documentation and configuration file examples, replace IPv4 address prefixes from Cloud9 with 192.168.* from RFC 1918, and replace IPv6 address prefixes with unique local diff --git a/postfix/conf/aliases b/postfix/conf/aliases index 280c3d256..c27bce78b 100644 --- a/postfix/conf/aliases +++ b/postfix/conf/aliases @@ -44,30 +44,36 @@ decode: root # SYNOPSIS # newaliases # +# postalias -q name [file-type]:[file-name] +# # DESCRIPTION # The optional aliases(5) table (alias_maps) redirects mail # for local recipients. The redirections are processed by -# the Postfix local(8) delivery agent. +# the Postfix local(8) delivery agent. This table is always +# searched with an email address localpart (no domain por- +# tion). # # This is unlike virtual(5) aliasing (virtual_alias_maps) # which applies to all recipients: local(8), virtual, and # remote, and which is implemented by the cleanup(8) daemon. +# That table is often searched with a full email address +# (including domain). # # Normally, the aliases(5) table is specified as a text file -# that serves as input to the postalias(1) command. The -# result, an indexed file in dbm or db format, is used for -# fast lookup by the mail system. Execute the command -# newaliases in order to rebuild the indexed file after +# that serves as input to the postalias(1) command. The +# result, an indexed file in dbm or db format, is used for +# fast lookup by the mail system. Execute the command +# newaliases in order to rebuild the indexed file after # changing the Postfix alias database. # -# When the table is provided via other means such as NIS, -# LDAP or SQL, the same lookups are done as for ordinary +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regu- -# lar-expression map where patterns are given as regular -# expressions. In this case, the lookups are done in a -# slightly different way as described below under "REGULAR +# Alternatively, the table can be provided as a regu- +# lar-expression map where patterns are given as regular +# expressions. In this case, the lookups are done in a +# slightly different way as described below under "REGULAR # EXPRESSION TABLES". # # Users can control delivery of their own mail by setting up @@ -81,63 +87,64 @@ decode: root # # name: value1, value2, ... # -# o Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# o Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # -# o A logical line starts with non-whitespace text. A -# line that starts with whitespace continues a logi- +# o A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- # cal line. # -# The name is a local address (no domain part). Use double -# quotes when the name contains any special characters such -# as whitespace, `#', `:', or `@'. The name is folded to +# The name is a local address (no domain part). Use double +# quotes when the name contains any special characters such +# as whitespace, `#', `:', or `@'. The name is folded to # lowercase, in order to make database lookups case insensi- # tive. # -# In addition, when an alias exists for owner-name, this -# will override the envelope sender address, so that deliv- +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- # ery diagnostics are directed to owner-name, instead of the -# originator of the message (for details, see -# owner_request_special, expand_owner_alias and -# reset_owner_alias). This is typically used to direct -# delivery errors to the maintainer of a mailing list, who +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who # is in a better position to deal with mailing list delivery # problems than the originator of the undelivered mail. # # The value contains one or more of the following: # # address -# Mail is forwarded to address, which is compatible +# Mail is forwarded to address, which is compatible # with the RFC 822 standard. # # /file/name -# Mail is appended to /file/name. For details on how -# a file is written see the sections "EXTERNAL FILE -# DELIVERY" and "DELIVERY RIGHTS" in the local(8) -# documentation. Delivery is not limited to regular -# files. For example, to dispose of unwanted mail, +# Mail is appended to /file/name. For details on how +# a file is written see the sections "EXTERNAL FILE +# DELIVERY" and "DELIVERY RIGHTS" in the local(8) +# documentation. Delivery is not limited to regular +# files. For example, to dispose of unwanted mail, # deflect it to /dev/null. # # |command -# Mail is piped into command. Commands that contain -# special characters, such as whitespace, should be -# enclosed between double quotes. For details on how -# a command is executed see "EXTERNAL COMMAND DELIV- +# Mail is piped into command. Commands that contain +# special characters, such as whitespace, should be +# enclosed between double quotes. For details on how +# a command is executed see "EXTERNAL COMMAND DELIV- # ERY" and "DELIVERY RIGHTS" in the local(8) documen- # tation. # # When the command fails, a limited amount of command -# output is mailed back to the sender. The file -# /usr/include/sysexits.h defines the expected exit -# status codes. For example, use "|exit 67" to simu- -# late a "user unknown" error, and "|exit 0" to +# output is mailed back to the sender. The file +# /usr/include/sysexits.h defines the expected exit +# status codes. For example, use "|exit 67" to simu- +# late a "user unknown" error, and "|exit 0" to # implement an expensive black hole. # # :include:/file/name -# Mail is sent to the destinations listed in the +# Mail is sent to the destinations listed in the # named file. Lines in :include: files have the same -# syntax as the right-hand side of alias entries. +# syntax as the right-hand side of aliases(5) +# entries. # # A destination can be any destination that is # described in this manual page. However, delivery to diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index fd282dd29..e5e14e449 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -18,6 +18,7 @@ smtp inet n - n - - smtpd #127.0.0.1:submission inet n - n - - smtpd #submission inet n - n - - smtpd # -o syslog_name=postfix/submission +# -o smtpd_forbid_unauth_pipelining=no # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes @@ -37,6 +38,7 @@ smtp inet n - n - - smtpd #127.0.0.1:submissions inet n - n - - smtpd #submissions inet n - n - - smtpd # -o syslog_name=postfix/submissions +# -o smtpd_forbid_unauth_pipelining=no # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o local_header_rewrite_clients=static:all diff --git a/postfix/conf/virtual b/postfix/conf/virtual index 8200ca49b..63799778c 100644 --- a/postfix/conf/virtual +++ b/postfix/conf/virtual @@ -14,10 +14,12 @@ # The optional virtual(5) alias table (virtual_alias_maps) # applies to all recipients: local(8), virtual, and remote. # This feature is implemented in the Postfix cleanup(8) dae- -# mon before mail is queued. +# mon before mail is queued. These tables are often queried +# with a full email address (including domain). # -# This is unlike the aliases(5) table (alias_maps) which -# applies only to local(8) recipients. +# This is unlike the aliases(5) table (alias_maps) which +# applies only to local(8) recipients. That table is only +# queried with the email address localpart (no domain). # # Virtual aliasing is recursive; to terminate recursion for # a specific address, alias that address to itself. @@ -256,46 +258,48 @@ # command after a configuration change. # # virtual_alias_maps ($virtual_maps) -# Optional lookup tables with aliases that apply to -# all recipients: local(8), virtual, and remote; this -# is unlike alias_maps that apply only to local(8) -# recipients. +# Optional lookup tables that are often searched with +# a full email address (including domain) and that +# apply to all recipients: local(8), virtual, and +# remote; this is unlike alias_maps that are only +# searched with an email address localpart (no +# domain) and that apply only to local(8) recipients. # # virtual_alias_domains ($virtual_alias_maps) -# Postfix is the final destination for the specified +# Postfix is the final destination for the specified # list of virtual alias domains, that is, domains for -# which all addresses are aliased to addresses in +# which all addresses are aliased to addresses in # other local or remote domains. # # propagate_unmatched_extensions (canonical, virtual) -# What address lookup tables copy an address exten- +# What address lookup tables copy an address exten- # sion from the lookup key to the lookup result. # # Other parameters of interest: # # inet_interfaces (all) -# The local network interface addresses that this +# The local network interface addresses that this # mail system receives mail on. # # mydestination ($myhostname, localhost.$mydomain, local- # host) -# The list of domains that are delivered via the +# The list of domains that are delivered via the # $local_transport mail delivery transport. # # myorigin ($myhostname) # The domain name that locally-posted mail appears to -# come from, and that locally posted mail is deliv- +# come from, and that locally posted mail is deliv- # ered to. # # owner_request_special (yes) # Enable special treatment for owner-listname entries # in the aliases(5) file, and don't split owner-list- -# name and listname-request address localparts when +# name and listname-request address localparts when # the recipient_delimiter is set to "-". # # proxy_interfaces (empty) -# The remote network interface addresses that this -# mail system receives mail on by way of a proxy or +# The remote network interface addresses that this +# mail system receives mail on by way of a proxy or # network address translation unit. # # SEE ALSO @@ -305,14 +309,14 @@ # canonical(5), canonical address mapping # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # ADDRESS_REWRITING_README, address rewriting guide # DATABASE_README, Postfix lookup table overview # VIRTUAL_README, domain hosting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/html/BUILTIN_FILTER_README.html b/postfix/html/BUILTIN_FILTER_README.html index 31f80a8ae..d2c5b9caf 100644 --- a/postfix/html/BUILTIN_FILTER_README.html +++ b/postfix/html/BUILTIN_FILTER_README.html @@ -377,7 +377,7 @@ service with header/body filtering turned off.

-o receive_override_options=no_header_body_checks 127.0.0.1:smtp inet n - n - - smtpd -o receive_override_options=no_header_body_checks - pickup fifo n - n 60 1 pickup + pickup unix n - n 60 1 pickup -o receive_override_options=no_header_body_checks diff --git a/postfix/html/STANDARD_CONFIGURATION_README.html b/postfix/html/STANDARD_CONFIGURATION_README.html index 998d1bd2c..6c5e88b3b 100644 --- a/postfix/html/STANDARD_CONFIGURATION_README.html +++ b/postfix/html/STANDARD_CONFIGURATION_README.html @@ -423,7 +423,7 @@ whenever you change the transport table.

processing inbound and outbound mail on a multi-homed firewall. The inbound Postfix instance has an SMTP server listening on the external firewall interface, and the outbound Postfix instance has an SMTP server -listening on the internal interface. In such a configuration is it is +listening on the internal interface. In such a configuration it is tempting to configure $inet_interfaces in each instance with just the corresponding interface address.

diff --git a/postfix/html/aliases.5.html b/postfix/html/aliases.5.html index 79d01b483..177f3f76b 100644 --- a/postfix/html/aliases.5.html +++ b/postfix/html/aliases.5.html @@ -13,14 +13,18 @@ ALIASES(5) ALIASES(5) SYNOPSIS newaliases + postalias -q name [file-type]:[file-name] + DESCRIPTION The optional aliases(5) table (alias_maps) redirects mail for local recipients. The redirections are processed by the Postfix local(8) - delivery agent. + delivery agent. This table is always searched with an email address + localpart (no domain portion). - This is unlike virtual(5) aliasing (virtual_alias_maps) which applies - to all recipients: local(8), virtual, and remote, and which is imple- - mented by the cleanup(8) daemon. + This is unlike virtual(5) aliasing (virtual_alias_maps) which applies + to all recipients: local(8), virtual, and remote, and which is imple- + mented by the cleanup(8) daemon. That table is often searched with a + full email address (including domain). Normally, the aliases(5) table is specified as a text file that serves as input to the postalias(1) command. The result, an indexed file in @@ -94,7 +98,7 @@ ALIASES(5) ALIASES(5) :include:/file/name Mail is sent to the destinations listed in the named file. Lines in :include: files have the same syntax as the right-hand - side of alias entries. + side of aliases(5) entries. A destination can be any destination that is described in this manual page. However, delivery to "|command" and /file/name is diff --git a/postfix/html/ldap_table.5.html b/postfix/html/ldap_table.5.html index 69edb107f..d200cd5b3 100644 --- a/postfix/html/ldap_table.5.html +++ b/postfix/html/ldap_table.5.html @@ -78,6 +78,12 @@ LDAP_TABLE(5) LDAP_TABLE(5) server_host = ldap.example.com:1444 + NOTE: if "server_host" specifies one load balancer and no alter- + native servers, specify the load balancer multiple times in the + "server_host" line. Without the duplicate info, the Postfix LDAP + client would not reconnect immediately to the same load balancer + after an LDAP server failure. + With OpenLDAP, a (list of) LDAP URLs can be used to specify both the hostname(s) and the port(s): diff --git a/postfix/html/mysql_table.5.html b/postfix/html/mysql_table.5.html index 5063e65d0..c572cf535 100644 --- a/postfix/html/mysql_table.5.html +++ b/postfix/html/mysql_table.5.html @@ -61,6 +61,12 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) TCP you have to specify hosts = 127.0.0.1 + NOTE: if "hosts" specifies one load balancer and no alternative + servers, specify the load balancer multiple times in the "hosts" + line. Without the duplicate info, the Postfix MySQL client would + not reconnect immediately to the same load balancer after a + MySQL server failure. + user password diff --git a/postfix/html/pgsql_table.5.html b/postfix/html/pgsql_table.5.html index 0b50fd1c2..04eb91690 100644 --- a/postfix/html/pgsql_table.5.html +++ b/postfix/html/pgsql_table.5.html @@ -57,6 +57,12 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) matically closed after being idle for about 1 minute, and are re-opened as necessary. + NOTE: if "hosts" specifies one load balancer and no alternative + servers, specify the load balancer multiple times in the "hosts" + line. Without the duplicate info, the Postfix PostgreSQL client + would not reconnect immediately to the same load balancer after + a PostgreSQL server failure. + user password diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index a1a0c0063..67dbfa209 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -612,12 +612,14 @@ Examples: (default: see "postconf -d" output)

-Optional lookup tables with aliases that apply only to local(8) -recipients; this is unlike virtual_alias_maps that apply to all -recipients: local(8), virtual, and remote. -The table format and lookups are documented in aliases(5). For an -overview of Postfix address manipulations see the ADDRESS_REWRITING_README -document.

+Optional lookup tables that are searched only with an email address +localpart (no domain) and that apply only to local(8) recipients; +this is unlike virtual_alias_maps that are often searched with a +full email address (including domain) and that apply to all recipients: +local(8), virtual, and remote. +The alias_maps table format and lookups are documented in aliases(5). +For an overview of Postfix address manipulations see the +ADDRESS_REWRITING_README document.

Specify zero or more "type:name" lookup tables, separated by @@ -10330,6 +10332,12 @@ are supported in Postfix 3.5 and later. Each destination is tried in the specified order.

+

If an SMTP destination is a load balancer, and there are no +alternative destinations, specify the load balancer multiple times. +Without the duplicate info, the Postfix SMTP client would not +reconnect immediately to the same load balancer after a remote SMTP +server failure.

+

If you're connected via UUCP, see the UUCP_README file for useful information. @@ -22239,10 +22247,12 @@ This feature is available in Postfix 2.1 and later. (default: $virtual_maps)

-Optional lookup tables with aliases that apply to all recipients: -local(8), virtual, and remote; this is unlike alias_maps that apply +Optional lookup tables that are often searched with a full email +address (including domain) and that apply to all recipients: local(8), +virtual, and remote; this is unlike alias_maps that are only searched +with an email address localpart (no domain) and that apply only to local(8) recipients. -The table format and lookups +The virtual_alias_maps table format and lookups are documented in virtual(5). For an overview of Postfix address manipulations see the ADDRESS_REWRITING_README document.

diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index c1c6eceaf..798e644a7 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -20,10 +20,12 @@ VIRTUAL(5) VIRTUAL(5) DESCRIPTION The optional virtual(5) alias table (virtual_alias_maps) applies to all recipients: local(8), virtual, and remote. This feature is implemented - in the Postfix cleanup(8) daemon before mail is queued. + in the Postfix cleanup(8) daemon before mail is queued. These tables + are often queried with a full email address (including domain). - This is unlike the aliases(5) table (alias_maps) which applies only to - local(8) recipients. + This is unlike the aliases(5) table (alias_maps) which applies only to + local(8) recipients. That table is only queried with the email address + localpart (no domain). Virtual aliasing is recursive; to terminate recursion for a specific address, alias that address to itself. @@ -231,9 +233,11 @@ VIRTUAL(5) VIRTUAL(5) Use the "postfix reload" command after a configuration change. virtual_alias_maps ($virtual_maps) - Optional lookup tables with aliases that apply to all recipi- - ents: local(8), virtual, and remote; this is unlike alias_maps - that apply only to local(8) recipients. + Optional lookup tables that are often searched with a full email + address (including domain) and that apply to all recipients: + local(8), virtual, and remote; this is unlike alias_maps that + are only searched with an email address localpart (no domain) + and that apply only to local(8) recipients. virtual_alias_domains ($virtual_alias_maps) Postfix is the final destination for the specified list of vir- diff --git a/postfix/man/man5/aliases.5 b/postfix/man/man5/aliases.5 index ed6a10fd1..2a18e579e 100644 --- a/postfix/man/man5/aliases.5 +++ b/postfix/man/man5/aliases.5 @@ -10,16 +10,22 @@ Postfix local alias database format .nf .fi \fBnewaliases\fR + +\fBpostalias \-q \fIname\fB [\fIfile\-type\fB]:[\fIfile\-name\fB]\fR .SH DESCRIPTION .ad .fi The optional \fBaliases\fR(5) table (alias_maps) redirects mail for local recipients. The redirections are processed -by the Postfix \fBlocal\fR(8) delivery agent. +by the Postfix \fBlocal\fR(8) delivery agent. This table +is always searched with an email address localpart (no +domain portion). This is unlike \fBvirtual\fR(5) aliasing (virtual_alias_maps) which applies to all recipients: local(8), virtual, and remote, -and which is implemented by the \fBcleanup\fR(8) daemon. +and which is implemented by the \fBcleanup\fR(8) daemon. That +table is often searched with a full email address (including +domain). Normally, the \fBaliases\fR(5) table is specified as a text file that serves as input to the \fBpostalias\fR(1) command. The @@ -95,7 +101,7 @@ defines the expected exit status codes. For example, use .IP \fB:include:\fI/file/name\fR Mail is sent to the destinations listed in the named file. Lines in \fB:include:\fR files have the same syntax -as the right\-hand side of alias entries. +as the right\-hand side of \fBaliases\fR(5) entries. .sp A destination can be any destination that is described in this manual page. However, delivery to "|\fIcommand\fR" and diff --git a/postfix/man/man5/ldap_table.5 b/postfix/man/man5/ldap_table.5 index 660f2c581..7a8dfc19e 100644 --- a/postfix/man/man5/ldap_table.5 +++ b/postfix/man/man5/ldap_table.5 @@ -97,6 +97,12 @@ be possible to give each server in the list a different port server_host = ldap.example.com:1444 .fi +NOTE: if "server_host" specifies one load balancer and no +alternative servers, specify the load balancer multiple +times in the "server_host" line. Without the duplicate info, +the Postfix LDAP client would not reconnect immediately to +the same load balancer after an LDAP server failure. + With OpenLDAP, a (list of) LDAP URLs can be used to specify both the hostname(s) and the port(s): diff --git a/postfix/man/man5/mysql_table.5 b/postfix/man/man5/mysql_table.5 index aebb949e2..d6e64e231 100644 --- a/postfix/man/man5/mysql_table.5 +++ b/postfix/man/man5/mysql_table.5 @@ -76,6 +76,12 @@ localhost over TCP you have to specify .nf hosts = 127.0.0.1 .fi + +NOTE: if "hosts" specifies one load balancer and no alternative +servers, specify the load balancer multiple times in the +"hosts" line. Without the duplicate info, the Postfix MySQL +client would not reconnect immediately to the same load +balancer after a MySQL server failure. .IP "\fBuser\fR" .IP "\fBpassword\fR" The user name and password to log into the mysql server. diff --git a/postfix/man/man5/pgsql_table.5 b/postfix/man/man5/pgsql_table.5 index 869a63540..4b4ecb12e 100644 --- a/postfix/man/man5/pgsql_table.5 +++ b/postfix/man/man5/pgsql_table.5 @@ -71,6 +71,12 @@ Examples: The hosts are tried in random order. The connections are automatically closed after being idle for about 1 minute, and are re\-opened as necessary. + +NOTE: if "hosts" specifies one load balancer and no alternative +servers, specify the load balancer multiple times in the +"hosts" line. Without the duplicate info, the Postfix +PostgreSQL client would not reconnect immediately to the +same load balancer after a PostgreSQL server failure. .IP "\fBuser\fR" .IP "\fBpassword\fR" The user name and password to log into the pgsql server. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 38821b16b..67314334f 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -358,12 +358,14 @@ alias_database = hash:/etc/mail/aliases .ad .ft R .SH alias_maps (default: see "postconf \-d" output) -Optional lookup tables with aliases that apply only to \fBlocal\fR(8) -recipients; this is unlike virtual_alias_maps that apply to all -recipients: \fBlocal\fR(8), virtual, and remote. -The table format and lookups are documented in \fBaliases\fR(5). For an -overview of Postfix address manipulations see the ADDRESS_REWRITING_README -document. +Optional lookup tables that are searched only with an email address +localpart (no domain) and that apply only to \fBlocal\fR(8) recipients; +this is unlike virtual_alias_maps that are often searched with a +full email address (including domain) and that apply to all recipients: +\fBlocal\fR(8), virtual, and remote. +The alias_maps table format and lookups are documented in \fBaliases\fR(5). +For an overview of Postfix address manipulations see the +ADDRESS_REWRITING_README document. .PP Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order @@ -6547,6 +6549,12 @@ The form [hostname] turns off MX or SRV lookups. Multiple destinations are supported in Postfix 3.5 and later. Each destination is tried in the specified order. .PP +If an SMTP destination is a load balancer, and there are no +alternative destinations, specify the load balancer multiple times. +Without the duplicate info, the Postfix SMTP client would not +reconnect immediately to the same load balancer after a remote SMTP +server failure. +.PP If you're connected via UUCP, see the UUCP_README file for useful information. .PP @@ -15808,10 +15816,12 @@ from each original recipient. .PP This feature is available in Postfix 2.1 and later. .SH virtual_alias_maps (default: $virtual_maps) -Optional lookup tables with aliases that apply to all recipients: -\fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply +Optional lookup tables that are often searched with a full email +address (including domain) and that apply to all recipients: \fBlocal\fR(8), +virtual, and remote; this is unlike alias_maps that are only searched +with an email address localpart (no domain) and that apply only to \fBlocal\fR(8) recipients. -The table format and lookups +The virtual_alias_maps table format and lookups are documented in \fBvirtual\fR(5). For an overview of Postfix address manipulations see the ADDRESS_REWRITING_README document. .PP diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5 index e03a50008..15f87d93a 100644 --- a/postfix/man/man5/virtual.5 +++ b/postfix/man/man5/virtual.5 @@ -20,9 +20,12 @@ The optional \fBvirtual\fR(5) alias table (virtual_alias_maps) applies to all recipients: local(8), virtual, and remote. This feature is implemented in the Postfix \fBcleanup\fR(8) daemon before mail is queued. +These tables are often queried with a full email address +(including domain). This is unlike the \fBaliases\fR(5) table (alias_maps) which -applies only to \fBlocal\fR(8) recipients. +applies only to \fBlocal\fR(8) recipients. That table is +only queried with the email address localpart (no domain). Virtual aliasing is recursive; to terminate recursion for a specific address, alias that address to itself. @@ -271,8 +274,10 @@ this topic. See the Postfix \fBmain.cf\fR file for syntax details and for default values. Use the "\fBpostfix reload\fR" command after a configuration change. .IP "\fBvirtual_alias_maps ($virtual_maps)\fR" -Optional lookup tables with aliases that apply to all recipients: -\fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply +Optional lookup tables that are often searched with a full email +address (including domain) and that apply to all recipients: \fBlocal\fR(8), +virtual, and remote; this is unlike alias_maps that are only searched +with an email address localpart (no domain) and that apply only to \fBlocal\fR(8) recipients. .IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" Postfix is the final destination for the specified list of virtual diff --git a/postfix/proto/BUILTIN_FILTER_README.html b/postfix/proto/BUILTIN_FILTER_README.html index 3d3471d71..8eaeaa030 100644 --- a/postfix/proto/BUILTIN_FILTER_README.html +++ b/postfix/proto/BUILTIN_FILTER_README.html @@ -377,7 +377,7 @@ service with header/body filtering turned off.

-o receive_override_options=no_header_body_checks 127.0.0.1:smtp inet n - n - - smtpd -o receive_override_options=no_header_body_checks - pickup fifo n - n 60 1 pickup + pickup unix n - n 60 1 pickup -o receive_override_options=no_header_body_checks diff --git a/postfix/proto/STANDARD_CONFIGURATION_README.html b/postfix/proto/STANDARD_CONFIGURATION_README.html index 72f07b367..6c592479a 100644 --- a/postfix/proto/STANDARD_CONFIGURATION_README.html +++ b/postfix/proto/STANDARD_CONFIGURATION_README.html @@ -423,7 +423,7 @@ whenever you change the transport table.

processing inbound and outbound mail on a multi-homed firewall. The inbound Postfix instance has an SMTP server listening on the external firewall interface, and the outbound Postfix instance has an SMTP server -listening on the internal interface. In such a configuration is it is +listening on the internal interface. In such a configuration it is tempting to configure $inet_interfaces in each instance with just the corresponding interface address.

diff --git a/postfix/proto/aliases b/postfix/proto/aliases index f48a00b1e..696e76479 100644 --- a/postfix/proto/aliases +++ b/postfix/proto/aliases @@ -6,14 +6,20 @@ # SYNOPSIS # .fi # \fBnewaliases\fR +# +# \fBpostalias -q \fIname\fB [\fIfile-type\fB]:[\fIfile-name\fB]\fR # DESCRIPTION # The optional \fBaliases\fR(5) table (alias_maps) redirects # mail for local recipients. The redirections are processed -# by the Postfix \fBlocal\fR(8) delivery agent. +# by the Postfix \fBlocal\fR(8) delivery agent. This table +# is always searched with an email address localpart (no +# domain portion). # # This is unlike \fBvirtual\fR(5) aliasing (virtual_alias_maps) # which applies to all recipients: local(8), virtual, and remote, -# and which is implemented by the \fBcleanup\fR(8) daemon. +# and which is implemented by the \fBcleanup\fR(8) daemon. That +# table is often searched with a full email address (including +# domain). # # Normally, the \fBaliases\fR(5) table is specified as a text file # that serves as input to the \fBpostalias\fR(1) command. The @@ -89,7 +95,7 @@ # .IP \fB:include:\fI/file/name\fR # Mail is sent to the destinations listed in the named file. # Lines in \fB:include:\fR files have the same syntax -# as the right-hand side of alias entries. +# as the right-hand side of \fBaliases\fR(5) entries. # .sp # A destination can be any destination that is described in this # manual page. However, delivery to "|\fIcommand\fR" and diff --git a/postfix/proto/ldap_table b/postfix/proto/ldap_table index be4c014d0..fadf24a88 100644 --- a/postfix/proto/ldap_table +++ b/postfix/proto/ldap_table @@ -87,6 +87,12 @@ # server_host = ldap.example.com:1444 # .fi # +# NOTE: if "server_host" specifies one load balancer and no +# alternative servers, specify the load balancer multiple +# times in the "server_host" line. Without the duplicate info, +# the Postfix LDAP client would not reconnect immediately to +# the same load balancer after an LDAP server failure. +# # With OpenLDAP, a (list of) LDAP URLs can be used to specify both # the hostname(s) and the port(s): # diff --git a/postfix/proto/mysql_table b/postfix/proto/mysql_table index 31e626fb2..e68e0aea8 100644 --- a/postfix/proto/mysql_table +++ b/postfix/proto/mysql_table @@ -66,6 +66,12 @@ # .nf # hosts = 127.0.0.1 # .fi +# +# NOTE: if "hosts" specifies one load balancer and no alternative +# servers, specify the load balancer multiple times in the +# "hosts" line. Without the duplicate info, the Postfix MySQL +# client would not reconnect immediately to the same load +# balancer after a MySQL server failure. # .IP "\fBuser\fR" # .IP "\fBpassword\fR" # The user name and password to log into the mysql server. diff --git a/postfix/proto/pgsql_table b/postfix/proto/pgsql_table index b4364fb70..31f6661e1 100644 --- a/postfix/proto/pgsql_table +++ b/postfix/proto/pgsql_table @@ -61,6 +61,12 @@ # The hosts are tried in random order. The connections are # automatically closed after being idle for about 1 minute, # and are re-opened as necessary. +# +# NOTE: if "hosts" specifies one load balancer and no alternative +# servers, specify the load balancer multiple times in the +# "hosts" line. Without the duplicate info, the Postfix +# PostgreSQL client would not reconnect immediately to the +# same load balancer after a PostgreSQL server failure. # .IP "\fBuser\fR" # .IP "\fBpassword\fR" # The user name and password to log into the pgsql server. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index a434e1853..e941e7c0b 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -489,12 +489,14 @@ alias_database = hash:/etc/mail/aliases %PARAM alias_maps see "postconf -d" output

-Optional lookup tables with aliases that apply only to local(8) -recipients; this is unlike virtual_alias_maps that apply to all -recipients: local(8), virtual, and remote. -The table format and lookups are documented in aliases(5). For an -overview of Postfix address manipulations see the ADDRESS_REWRITING_README -document.

+Optional lookup tables that are searched only with an email address +localpart (no domain) and that apply only to local(8) recipients; +this is unlike virtual_alias_maps that are often searched with a +full email address (including domain) and that apply to all recipients: +local(8), virtual, and remote. +The alias_maps table format and lookups are documented in aliases(5). +For an overview of Postfix address manipulations see the +ADDRESS_REWRITING_README document.

Specify zero or more "type:name" lookup tables, separated by @@ -3938,6 +3940,12 @@ are supported in Postfix 3.5 and later. Each destination is tried in the specified order.

+

If an SMTP destination is a load balancer, and there are no +alternative destinations, specify the load balancer multiple times. +Without the duplicate info, the Postfix SMTP client would not +reconnect immediately to the same load balancer after a remote SMTP +server failure.

+

If you're connected via UUCP, see the UUCP_README file for useful information. @@ -7311,10 +7319,12 @@ This feature is available in Postfix 2.1 and later. %PARAM virtual_alias_maps $virtual_maps

-Optional lookup tables with aliases that apply to all recipients: -local(8), virtual, and remote; this is unlike alias_maps that apply +Optional lookup tables that are often searched with a full email +address (including domain) and that apply to all recipients: local(8), +virtual, and remote; this is unlike alias_maps that are only searched +with an email address localpart (no domain) and that apply only to local(8) recipients. -The table format and lookups +The virtual_alias_maps table format and lookups are documented in virtual(5). For an overview of Postfix address manipulations see the ADDRESS_REWRITING_README document.

diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 55d625fbc..c09be05de 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -121,3 +121,5 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html systems 6 bytes for LP64 File dns dns h xxfi_unknown return values File smtpd smtpd c or unimplemented commands File smtpd smtpd c +proto proto mysql_table proto pgsql_table proto ldap_table + File pickup pickup c diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history index 5bfdc4ab3..87de3f6f1 100644 --- a/postfix/proto/stop.spell-history +++ b/postfix/proto/stop.spell-history @@ -14,7 +14,6 @@ Velasco WISHLIST Yasuhiro deduplicates -hmtl libs segfaulting srctoman @@ -77,3 +76,8 @@ Sakaguchi Toshifumi mxonly shar +bugzilla +cgi +mozilla +Dilyan +Palauzov diff --git a/postfix/proto/virtual b/postfix/proto/virtual index e1935f00b..0affd82f1 100644 --- a/postfix/proto/virtual +++ b/postfix/proto/virtual @@ -14,9 +14,12 @@ # applies to all recipients: local(8), virtual, and remote. # This feature is implemented # in the Postfix \fBcleanup\fR(8) daemon before mail is queued. +# These tables are often queried with a full email address +# (including domain). # # This is unlike the \fBaliases\fR(5) table (alias_maps) which -# applies only to \fBlocal\fR(8) recipients. +# applies only to \fBlocal\fR(8) recipients. That table is +# only queried with the email address localpart (no domain). # # Virtual aliasing is recursive; to terminate recursion for # a specific address, alias that address to itself. @@ -245,8 +248,10 @@ # and for default values. Use the "\fBpostfix reload\fR" command after # a configuration change. # .IP "\fBvirtual_alias_maps ($virtual_maps)\fR" -# Optional lookup tables with aliases that apply to all recipients: -# \fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply +# Optional lookup tables that are often searched with a full email +# address (including domain) and that apply to all recipients: \fBlocal\fR(8), +# virtual, and remote; this is unlike alias_maps that are only searched +# with an email address localpart (no domain) and that apply # only to \fBlocal\fR(8) recipients. # .IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" # Postfix is the final destination for the specified list of virtual diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 2461069bb..feded4ed4 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20240310" +#define MAIL_RELEASE_DATE "20240422" #define MAIL_VERSION_NUMBER "3.10" #ifdef SNAPSHOT diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c index 4a77a476e..384a83eb0 100644 --- a/postfix/src/pickup/pickup.c +++ b/postfix/src/pickup/pickup.c @@ -334,12 +334,13 @@ static int pickup_copy(VSTREAM *qfile, VSTREAM *cleanup, #define HOUR_SECONDS 3600 if (info->st.st_mtime > now + 2 * HOUR_SECONDS) { - msg_warn("%s: message dated %ld seconds into the future", - info->id, (long) (info->st.st_mtime - now)); + msg_warn("%s: message %s dated %ld seconds into the future", + info->id, info->path, (long) (info->st.st_mtime - now)); info->st.st_mtime = now; } else if (info->st.st_mtime < now - DAY_SECONDS) { - msg_warn("%s: message has been queued for %d days", - info->id, (int) ((now - info->st.st_mtime) / DAY_SECONDS)); + msg_warn("%s: message %s has been queued for %d days", + info->id, info->path, + (int) ((now - info->st.st_mtime) / DAY_SECONDS)); } /* -- 2.47.3