From d2c73aa0fe46a0c80fc5fe276188e5fb6e62f451 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Tue, 8 Feb 2005 00:00:00 -0500 Subject: [PATCH] postfix-2.2-20050208 --- postfix/HISTORY | 30 ++- postfix/README_FILES/SMTPD_ACCESS_README | 6 + postfix/README_FILES/TLS_README | 8 +- postfix/RELEASE_NOTES | 16 +- postfix/conf/relocated | 4 +- postfix/html/ADDRESS_REWRITING_README.html | 4 +- postfix/html/DATABASE_README.html | 2 +- postfix/html/IPV6_README.html | 2 +- postfix/html/Makefile.in.snapshot | 258 --------------------- postfix/html/Makefile.in.stable | 258 --------------------- postfix/html/SMTPD_ACCESS_README.html | 6 + postfix/html/TLS_README.html | 6 +- postfix/html/cleanup.8.html | 4 +- postfix/html/local.8.html | 4 +- postfix/html/postconf.5.html | 22 +- postfix/html/postfix.1.html | 75 +++--- postfix/html/postsuper.1.html | 95 ++++---- postfix/html/relocated.5.html | 4 +- postfix/makedefs | 2 +- postfix/man/man1/postfix.1 | 10 +- postfix/man/man1/postsuper.1 | 4 + postfix/man/man5/postconf.5 | 20 +- postfix/man/man5/relocated.5 | 2 +- postfix/mantools/postlink | 3 +- postfix/proto/SMTPD_ACCESS_README.html | 6 + postfix/proto/TLS_README.html | 6 +- postfix/proto/postconf.html.prolog | 6 +- postfix/proto/postconf.man.prolog | 6 +- postfix/proto/postconf.proto | 16 +- postfix/src/global/mail_params.h | 1 + postfix/src/global/mail_version.h | 2 +- postfix/src/local/local.c | 2 +- postfix/src/postfix/postfix.c | 10 +- postfix/src/postsuper/postsuper.c | 4 + postfix/src/smtpd/smtpd_check.c | 38 +++ postfix/src/util/dict.c | 94 +++----- postfix/src/util/dict_open.c | 9 +- postfix/src/util/mac_expand.c | 22 +- postfix/src/util/mac_parse.c | 20 +- postfix/src/util/mac_parse.h | 3 +- postfix/src/virtual/virtual.c | 2 +- 41 files changed, 345 insertions(+), 747 deletions(-) delete mode 100644 postfix/html/Makefile.in.snapshot delete mode 100644 postfix/html/Makefile.in.stable diff --git a/postfix/HISTORY b/postfix/HISTORY index f710bce07..3704a1481 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -10300,12 +10300,33 @@ Apologies for any names omitted. the input when the action is NOT executed. File: cleanup/cleanup_message.c. + Bugfix? Cleanup? Documentation? main.cf now implements + ${name[?:]value} as promised in the postconf(5) manual. + Implemented by deleting the macro processor in dict_eval(), + and using the one in mac_expand() instead. File: util/dict.c. + +20050208 + + Feature: check_ccert_access maptype:mapname for access(5) + control, based on code by Victor Duchovni. File: + smtpd/smtpd_check.c and documentation. + + Sanity check: don't allow unlimited message size with + limited mailbox size. File: local/local.c, virtual/virtual.c. + Open problems: Med: local and remote source port and IP address for smtpd policy hook. - Med: smtp_connect_timeout_budget (default: 2x smtp_connect_timeout) + Med: disable address rewriting after XCLIENT? Introduce a + better concept of original submission? + + Med: find out what TLS attributes to export via the policy + servicer hooks: peer CN, issuer CN, peer fingerprint, + verification status. + + Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout) to limit the total time spent trying to connect. Med: transform IPv4-in-IPv6 address literals to IPv4 form @@ -10336,9 +10357,6 @@ Open problems: Med: eliminate the tls_info data structure. - Med: implement ${name[?:]value} in main.cf or update the - postconf(5) manual. - Low: reject HELO with any domain name or IP address that this MTA is the final destination for. @@ -10384,7 +10402,9 @@ Open problems: Med: silly queue file bit so that the queue manager doesn't skip files when fast flush is requested while a queue scan - is in progress. + is in progress. The bit is set by the flush server and is + reset when the mail is deferred, so that it survives queue + manager restart. Med: postsuper -r should do something with recipients in bounce logfiles. diff --git a/postfix/README_FILES/SMTPD_ACCESS_README b/postfix/README_FILES/SMTPD_ACCESS_README index dac578645..41d51813d 100644 --- a/postfix/README_FILES/SMTPD_ACCESS_README +++ b/postfix/README_FILES/SMTPD_ACCESS_README @@ -125,6 +125,12 @@ Examples of simple restriction lists are: # Whitelisting: local clients may specify any destination. Others may not. smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination + # Block clients that speak too early. + smtpd_data_restrictions = reject_unauth_pipelining + + # Enforce mail volume quota via policy service callouts. + smtpd_end_of_data_restrictions = check_policy_service unix:private/policy + Each restriction list is evaluated from left to right until some restriction produces a result of PERMIT, REJECT or DEFER (try again later). The end of the list is equivalent to a PERMIT result. By placing a PERMIT restriction before a diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 6e1b10da7..fd270b9cb 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -382,8 +382,8 @@ Example: SSeerrvveerr aacccceessss ccoonnttrrooll -Postfix TLS support introduces two additional features for Postfix SMTP server -access control: +Postfix TLS support introduces three additional features for Postfix SMTP +server access control: permit_tls_clientcerts Allow the remote SMTP client SMTP request if the client certificate @@ -394,6 +394,10 @@ access control: Allow the remote client SMTP request if the client certificate passes verification. + check_ccert_access type:table + If the client certificate passes verification, use its fingerprint as a + key for the specified access(5) table. + The permit_tls_all_clientcerts feature must be used with caution, because it can result in too many access permissions. Use this feature only if a special CA issues the client certificates, and only if this CA is listed as trusted CA. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index fa9a2ba48..5804c1feb 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -7,17 +7,25 @@ snapshot release). Patches are issued for the official release and change the patchlevel and the release date. Patches are never issued for snapshot releases. +Major changes with snapshot Postfix-2.2-20050208 +================================================ + +New "check_ccert_maps maptype:mapname" feature to enforce access +control based on (hexadecimal) client certificate fingerprints. + Major changes with snapshot Postfix-2.2-20050206 ================================================ Support for address rewriting in outgoing SMTP mail. This is useful for sites that have no valid Internet domain name, and that use a domain name such as localdomain.local instead. Mail addresses that -use such domain names are often rejected by mail servers. The new -smtp_generics_maps feature allows you to replace local mail addresses -by valid Internet addresses when mail needs to be sent across the +use such domain names are often rejected by mail servers. + +The new smtp_generics_maps feature allows you to replace local mail +addresses by valid Internet addresses when mail is sent across the Internet. It has no effect on mail that is sent between accounts -on the local machine. +on the local machine. The syntax is described in generics(5) and +a detailed example is in the STANDARD_CONFIGURATION_README file. Example: diff --git a/postfix/conf/relocated b/postfix/conf/relocated index 8be26a4a7..2a34c0623 100644 --- a/postfix/conf/relocated +++ b/postfix/conf/relocated @@ -62,8 +62,8 @@ # in $inet_interfaces or $proxy_interfaces. # # @domain -# Matches every other address in domain. This form -# has the lowest precedence. +# Matches other addresses in domain. This form has +# the lowest precedence. # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- diff --git a/postfix/html/ADDRESS_REWRITING_README.html b/postfix/html/ADDRESS_REWRITING_README.html index e0a606eed..37025597a 100644 --- a/postfix/html/ADDRESS_REWRITING_README.html +++ b/postfix/html/ADDRESS_REWRITING_README.html @@ -685,12 +685,12 @@ recipients. Postfix provides three mechanisms:

the specified address. In Postfix versions before 2.1, this feature is implemented by smtpd(8), qmqpd(8), or pickup(8). -
sender_bcc_maps = type:table
Search the specified +
sender_bcc_maps = type:table
Search the specified "type:table" lookup table with the envelope sender address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
-
recipient_bcc_maps = type:table
Search the specified +
recipient_bcc_maps = type:table
Search the specified "type:table" lookup table with the envelope recipient address for an automatic BCC address. This feature is available in Postfix 2.1 and later.
diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html index 9ceea361f..84838b569 100644 --- a/postfix/html/DATABASE_README.html +++ b/postfix/html/DATABASE_README.html @@ -335,7 +335,7 @@ are given in pgsql_table(5).
proxy (read-only)
Access information via the Postfix proxymap(8) service. The -lookup table name syntax is "proxy:type:table".
+lookup table name syntax is "proxy:type:table".
regexp (read-only)
diff --git a/postfix/html/IPV6_README.html b/postfix/html/IPV6_README.html index b65c5ab0a..8848351d3 100644 --- a/postfix/html/IPV6_README.html +++ b/postfix/html/IPV6_README.html @@ -192,7 +192,7 @@ information inside "[]", like this:

IPv6 address information inside "[]" in the main.cf parameter value and in files specified with a "/file/name" pattern. IPv6 addresses contain the ":" character, and would otherwise be -confused with a "type:table" pattern.

+confused with a "type:table" pattern.

Known Limitations

diff --git a/postfix/html/Makefile.in.snapshot b/postfix/html/Makefile.in.snapshot deleted file mode 100644 index e7a7fc3df..000000000 --- a/postfix/html/Makefile.in.snapshot +++ /dev/null @@ -1,258 +0,0 @@ -SHELL = /bin/sh - -# For now, just hard-coded rules for daemons, commands, config files. - -DAEMONS = bounce.8.html cleanup.8.html defer.8.html error.8.html local.8.html \ - lmtp.8.html master.8.html pickup.8.html pipe.8.html qmgr.8.html \ - showq.8.html smtp.8.html smtpd.8.html trivial-rewrite.8.html \ - oqmgr.8.html spawn.8.html flush.8.html virtual.8.html qmqpd.8.html \ - trace.8.html verify.8.html proxymap.8.html anvil.8.html -COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \ - postconf.1.html postfix.1.html postkick.1.html postlock.1.html \ - postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \ - postqueue.1.html postsuper.1.html smtp-source.1.html \ - smtp-sink.1.html qmqp-source.1.html qmqp-sink.1.html -CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \ - transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \ - cidr_table.5.html tcp_table.5.html header_checks.5.html \ - ldap_table.5.html mysql_table.5.html pgsql_table.5.html -AWK = awk '{ print; if (NR == 1) print ".pl 9999" }' -MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`" - -update: $(DAEMONS) $(COMMANDS) $(CONFIG) - -Makefile: Makefile.in - (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../src/makedefs; cat $?) >$@ - -clean: - echo clean - -tidy: clean - -clobber: - rm -f $(DAEMONS) $(COMMANDS) $(CONFIG) - -bounce.8.html: ../src/bounce/bounce.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -defer.8.html: bounce.8.html - rm -f $@ - ln -s $? $@ - -error.8.html: ../src/error/error.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -flush.8.html: ../src/flush/flush.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -cleanup.8.html: ../src/cleanup/cleanup.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -anvil.8.html: ../src/anvil/anvil.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -lmtp.8.html: ../src/lmtp/lmtp.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -local.8.html: ../src/local/local.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -master.8.html: ../src/master/master.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -oqmgr.8.html: ../src/oqmgr/qmgr.c - PATH=../mantools:$$PATH; \ - srctoman $? | sed -e 's/qmgr[^_]/o&/' \ - -e 's/qmgr$$/o&/' \ - -e 's/QMGR[^_]/O&/' | \ - $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -pickup.8.html: ../src/pickup/pickup.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -pipe.8.html: ../src/pipe/pipe.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -proxymap.8.html: ../src/proxymap/proxymap.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -qmgr.8.html: ../src/qmgr/qmgr.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -qmqpd.8.html: ../src/qmqpd/qmqpd.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -showq.8.html: ../src/showq/showq.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -spawn.8.html: ../src/spawn/spawn.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -smtp.8.html: ../src/smtp/smtp.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -smtpd.8.html: ../src/smtpd/smtpd.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -virtual.8.html: ../src/virtual/virtual.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -trace.8.html: bounce.8.html - rm -f $@ - ln -s $? $@ - -trivial-rewrite.8.html: ../src/trivial-rewrite/trivial-rewrite.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -verify.8.html: ../src/verify/verify.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postalias.1.html: ../src/postalias/postalias.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postcat.1.html: ../src/postcat/postcat.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postconf.1.html: ../src/postconf/postconf.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postdrop.1.html: ../src/postdrop/postdrop.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postfix.1.html: ../src/postfix/postfix.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postkick.1.html: ../src/postkick/postkick.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postlock.1.html: ../src/postlock/postlock.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postlog.1.html: ../src/postlog/postlog.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postmap.1.html: ../src/postmap/postmap.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postqueue.1.html: ../src/postqueue/postqueue.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postsuper.1.html: ../src/postsuper/postsuper.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -sendmail.1.html: ../src/sendmail/sendmail.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -mailq.1.html: sendmail.1.html - PATH=../mantools:$$PATH; \ - rm -f $@ - ln -s $? $@ - -newaliases.1.html: sendmail.1.html - PATH=../mantools:$$PATH; \ - rm -f $@ - ln -s $? $@ - -smtp-source.1.html: ../src/smtpstone/smtp-source.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -smtp-sink.1.html: ../src/smtpstone/smtp-sink.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -qmqp-source.1.html: ../src/smtpstone/qmqp-source.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -qmqp-sink.1.html: ../src/smtpstone/qmqp-sink.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -access.5.html: ../proto/access - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -aliases.5.html: ../proto/aliases - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -canonical.5.html: ../proto/canonical - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -cidr_table.5.html: ../proto/cidr_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -header_checks.5.html: ../proto/header_checks - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -ldap_table.5.html: ../proto/ldap_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -mysql_table.5.html: ../proto/mysql_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -pcre_table.5.html: ../proto/pcre_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -pgsql_table.5.html: ../proto/pgsql_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -regexp_table.5.html: ../proto/regexp_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -relocated.5.html: ../proto/relocated - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -tcp_table.5.html: ../proto/tcp_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -transport.5.html: ../proto/transport - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -virtual.5.html: ../proto/virtual - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ diff --git a/postfix/html/Makefile.in.stable b/postfix/html/Makefile.in.stable deleted file mode 100644 index 1828046a3..000000000 --- a/postfix/html/Makefile.in.stable +++ /dev/null @@ -1,258 +0,0 @@ -SHELL = /bin/sh - -# For now, just hard-coded rules for daemons, commands, config files. - -DAEMONS = bounce.8.html cleanup.8.html defer.8.html error.8.html local.8.html \ - lmtp.8.html master.8.html pickup.8.html pipe.8.html qmgr.8.html \ - showq.8.html smtp.8.html smtpd.8.html trivial-rewrite.8.html \ - oqmgr.8.html spawn.8.html flush.8.html virtual.8.html qmqpd.8.html \ - trace.8.html verify.8.html proxymap.8.html -COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \ - postconf.1.html postfix.1.html postkick.1.html postlock.1.html \ - postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \ - postqueue.1.html postsuper.1.html smtp-source.1.html \ - smtp-sink.1.html qmqp-source.1.html qmqp-sink.1.html -CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \ - transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \ - cidr_table.5.html header_checks.5.html \ - ldap_table.5.html mysql_table.5.html pgsql_table.5.html -AWK = awk '{ print; if (NR == 1) print ".pl 9999" }' -MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`" - -update: $(DAEMONS) $(COMMANDS) $(CONFIG) - -Makefile: Makefile.in - (set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../src/makedefs; cat $?) >$@ - -clean: - echo clean - -tidy: clean - -clobber: - rm -f $(DAEMONS) $(COMMANDS) $(CONFIG) - -bounce.8.html: ../src/bounce/bounce.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -defer.8.html: bounce.8.html - rm -f $@ - ln -s $? $@ - -error.8.html: ../src/error/error.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -flush.8.html: ../src/flush/flush.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -cleanup.8.html: ../src/cleanup/cleanup.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -anvil.8.html: ../src/anvil/anvil.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -lmtp.8.html: ../src/lmtp/lmtp.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -local.8.html: ../src/local/local.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -master.8.html: ../src/master/master.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -oqmgr.8.html: ../src/oqmgr/qmgr.c - PATH=../mantools:$$PATH; \ - srctoman $? | sed -e 's/qmgr[^_]/o&/' \ - -e 's/qmgr$$/o&/' \ - -e 's/QMGR[^_]/O&/' | \ - $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -pickup.8.html: ../src/pickup/pickup.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -pipe.8.html: ../src/pipe/pipe.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -proxymap.8.html: ../src/proxymap/proxymap.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -qmgr.8.html: ../src/qmgr/qmgr.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -qmqpd.8.html: ../src/qmqpd/qmqpd.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -showq.8.html: ../src/showq/showq.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -spawn.8.html: ../src/spawn/spawn.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -smtp.8.html: ../src/smtp/smtp.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -smtpd.8.html: ../src/smtpd/smtpd.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -virtual.8.html: ../src/virtual/virtual.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -trace.8.html: bounce.8.html - rm -f $@ - ln -s $? $@ - -trivial-rewrite.8.html: ../src/trivial-rewrite/trivial-rewrite.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -verify.8.html: ../src/verify/verify.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postalias.1.html: ../src/postalias/postalias.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postcat.1.html: ../src/postcat/postcat.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postconf.1.html: ../src/postconf/postconf.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postdrop.1.html: ../src/postdrop/postdrop.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postfix.1.html: ../src/postfix/postfix.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postkick.1.html: ../src/postkick/postkick.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postlock.1.html: ../src/postlock/postlock.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postlog.1.html: ../src/postlog/postlog.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postmap.1.html: ../src/postmap/postmap.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postqueue.1.html: ../src/postqueue/postqueue.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -postsuper.1.html: ../src/postsuper/postsuper.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -sendmail.1.html: ../src/sendmail/sendmail.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -mailq.1.html: sendmail.1.html - PATH=../mantools:$$PATH; \ - rm -f $@ - ln -s $? $@ - -newaliases.1.html: sendmail.1.html - PATH=../mantools:$$PATH; \ - rm -f $@ - ln -s $? $@ - -smtp-source.1.html: ../src/smtpstone/smtp-source.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -smtp-sink.1.html: ../src/smtpstone/smtp-sink.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -qmqp-source.1.html: ../src/smtpstone/qmqp-source.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -qmqp-sink.1.html: ../src/smtpstone/qmqp-sink.c - PATH=../mantools:$$PATH; \ - srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -access.5.html: ../proto/access - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -aliases.5.html: ../proto/aliases - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -canonical.5.html: ../proto/canonical - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -cidr_table.5.html: ../proto/cidr_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -header_checks.5.html: ../proto/header_checks - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -ldap_table.5.html: ../proto/ldap_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -mysql_table.5.html: ../proto/mysql_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -pcre_table.5.html: ../proto/pcre_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -pgsql_table.5.html: ../proto/pgsql_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -regexp_table.5.html: ../proto/regexp_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -relocated.5.html: ../proto/relocated - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -tcp_table.5.html: ../proto/tcp_table - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -transport.5.html: ../proto/transport - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ - -virtual.5.html: ../proto/virtual - PATH=../mantools:$$PATH; \ - srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@ diff --git a/postfix/html/SMTPD_ACCESS_README.html b/postfix/html/SMTPD_ACCESS_README.html index a91bec999..84621f45c 100644 --- a/postfix/html/SMTPD_ACCESS_README.html +++ b/postfix/html/SMTPD_ACCESS_README.html @@ -179,6 +179,12 @@ described in the postconf(5) manual page.

# Whitelisting: local clients may specify any destination. Others may not. smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination + + # Block clients that speak too early. + smtpd_data_restrictions = reject_unauth_pipelining + + # Enforce mail volume quota via policy service callouts. + smtpd_end_of_data_restrictions = check_policy_service unix:private/policy

Each restriction list is evaluated from left to right until diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 1bb15cf60..8030a819d 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -580,7 +580,7 @@ recommends a maximum of 24 hours.

Server access control

-

Postfix TLS support introduces two additional features for +

Postfix TLS support introduces three additional features for Postfix SMTP server access control:

@@ -596,6 +596,10 @@ and if its fingerprint is listed in the list of client certificates client SMTP request if the client certificate passes verification.

+
check_ccert_access type:table
+

If the client certificate passes verification, use its fingerprint +as a key for the specified access(5) table.

+
diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index b6b385270..479ffa21e 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -243,8 +243,8 @@ CLEANUP(8) CLEANUP(8) RESOURCE AND RATE CONTROLS duplicate_filter_limit (1000) The maximal number of addresses remembered by the - address duplicate filter for aliases(5) or vir- - tual(5) alias expansion, or for showq(8) queue dis- + address duplicate filter for aliases(5) or vir- + tual(5) alias expansion, or for showq(8) queue dis- plays. header_size_limit (102400) diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index d1e0b9631..5b96131e6 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -445,8 +445,8 @@ LOCAL(8) LOCAL(8) duplicate_filter_limit (1000) The maximal number of addresses remembered by the - address duplicate filter for aliases(5) or vir- - tual(5) alias expansion, or for showq(8) queue dis- + address duplicate filter for aliases(5) or vir- + tual(5) alias expansion, or for showq(8) queue dis- plays. local_destination_concurrency_limit (2) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 601e20791..f78f41b1e 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -46,10 +46,12 @@ that starts with whitespace continues a logical line.

recursively replaced by the value of the named parameter.

  • The expression "${name?value}" expands to "value" when -"$name" is non-empty.

    +"$name" is non-empty. This form is supported with Postfix version +2.2 and later.

  • The expression "${name:value}" expands to "value" when -"$name" is empty.

    +"$name" is empty. This form is supported with Postfix version 2.2 +and later.

    @@ -5073,6 +5075,12 @@ D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home

    relay_clientcerts = hash:/etc/postfix/relay_clientcerts +

    For more fine-grained control, use check_ccert_access to select +an appropriate access(5) policy for each client. +See RESTRICTION_CLASS_README.

    + +

    This feature is available with Postfix 2.2.

    + @@ -7050,6 +7058,12 @@ client network address information.
    +
    check_ccert_access type:table
    + +
    When the remote SMTP client certificate is verified successfully, +use the client certificate fingerprint as lookup key for the specified +access(5) database. This feature is available with Postfix 2.2.
    +
    check_client_access type:table
    Search the specified access database for the client hostname, @@ -7077,13 +7091,13 @@ authenticated via the RFC 2554 +allowed to relay. This feature is available with Postfix 2.2.
    permit_tls_clientcerts
    Permit the request when the remote SMTP client certificate is verified successfully, and the certificate fingerprint is listed -in $relay_clientcerts.
    +in $relay_clientcerts. This feature is available with Postfix 2.2.
    reject_rbl_client rbl_domain=d.d.d.d
    Reject the request when the reversed client network address is diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index 08566ab8a..572abb000 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -26,56 +26,55 @@ POSTFIX(1) POSTFIX(1) The following commands are implemented: - check Validate the Postfix mail system configuration. - Warn about bad directory/file ownership or permis- + check Warn about bad directory/file ownership or permis- sions, and create missing directories. - start Start the Postfix mail system. This also runs the + start Start the Postfix mail system. This also runs the configuration check described above. stop Stop the Postfix mail system in an orderly fashion. - Running processes are allowed to terminate at their - earliest convenience. + If possible, running processes are allowed to ter- + minate at their earliest convenience. - Note: in order to refresh the Postfix mail system - after a configuration change, do not use the start - and stop commands in succession. Use the reload + Note: in order to refresh the Postfix mail system + after a configuration change, do not use the start + and stop commands in succession. Use the reload command instead. abort Stop the Postfix mail system abruptly. Running pro- cesses are signaled to stop immediately. flush Force delivery: attempt to deliver every message in - the deferred mail queue. Normally, attempts to - deliver delayed mail happen at regular intervals, + the deferred mail queue. Normally, attempts to + deliver delayed mail happen at regular intervals, the interval doubling after each failed attempt. Warning: flushing undeliverable mail frequently - will result in poor delivery performance of all + will result in poor delivery performance of all other mail. reload Re-read configuration files. Running processes ter- minate at their earliest convenience. set-permissions [name=value ...] - Set the ownership and permissions of Postfix - related files and directories, as specified in the + Set the ownership and permissions of Postfix + related files and directories, as specified in the postfix-files file. - Specify name=value to override and update specific - main.cf configuration parameters. Use this, for - example, to change the mail_owner or setgid_group + Specify name=value to override and update specific + main.cf configuration parameters. Use this, for + example, to change the mail_owner or setgid_group setting for an already installed Postfix system. This feature is available in Postfix 2.1 and later. upgrade-configuration [name=value ...] - Update the main.cf and master.cf files with infor- - mation that Postfix needs in order to run: add or - update services, and add or update configuration + Update the main.cf and master.cf files with infor- + mation that Postfix needs in order to run: add or + update services, and add or update configuration parameter settings. - Specify name=value to override and update specific + Specify name=value to override and update specific main.cf configuration parameters. This feature is available in Postfix 2.1 and later. @@ -83,10 +82,10 @@ POSTFIX(1) POSTFIX(1) The following options are implemented: -c config_dir - Read the main.cf and master.cf configuration files - in the named directory instead of the default con- + Read the main.cf and master.cf configuration files + in the named directory instead of the default con- figuration directory. Use this to distinguish - between multiple Postfix instances on the same + between multiple Postfix instances on the same host. -D (with postfix start only) @@ -95,11 +94,11 @@ POSTFIX(1) POSTFIX(1) parameter. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. ENVIRONMENT - The postfix(1) command exports the following environment + The postfix(1) command exports the following environment variables before executing the postfix-script file: MAIL_CONFIG @@ -115,23 +114,23 @@ POSTFIX(1) POSTFIX(1) sent. CONFIGURATION PARAMETERS - The following main.cf configuration parameters are + The following main.cf configuration parameters are exported as environment variables with the same names: command_directory (see 'postconf -d' output) - The location of all postfix administrative com- + The location of all postfix administrative com- mands. daemon_directory (see 'postconf -d' output) - The directory with Postfix support programs and + The directory with Postfix support programs and daemon programs. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. mail_owner (postfix) @@ -147,7 +146,7 @@ POSTFIX(1) POSTFIX(1) location of the Postfix sendmail(1) command. newaliases_path (see 'postconf -d' output) - Sendmail compatibility feature that specifies the + Sendmail compatibility feature that specifies the location of the newaliases(1) command. mailq_path (see 'postconf -d' output) @@ -155,7 +154,7 @@ POSTFIX(1) POSTFIX(1) the Postfix mailq(1) command is installed. html_directory (see 'postconf -d' output) - The location of Postfix HTML files that describe + The location of Postfix HTML files that describe how to build, configure or operate a specific Post- fix subsystem or feature. @@ -163,26 +162,26 @@ POSTFIX(1) POSTFIX(1) Where the Postfix manual pages are installed. readme_directory (see 'postconf -d' output) - The location of Postfix README files that describe + The location of Postfix README files that describe how to build, configure or operate a specific Post- fix subsystem or feature. Other configuration parameters: config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. import_environment (see 'postconf -d' output) - The list of environment parameters that a Postfix - process will import from a non-Postfix parent pro- + The list of environment parameters that a Postfix + process will import from a non-Postfix parent pro- cess. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the pro- + The mail system name that is prepended to the pro- cess name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". @@ -271,7 +270,7 @@ POSTFIX(1) POSTFIX(1) QSHAPE_README, Postfix queue analysis LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html index 810204c5b..6eca13e04 100644 --- a/postfix/html/postsuper.1.html +++ b/postfix/html/postsuper.1.html @@ -38,10 +38,12 @@ POSTSUPER(1) POSTSUPER(1) -d queue_id Delete one message with the named queue ID from the named mail queue(s) (default: hold, incoming, - active and deferred). If a queue_id of - is speci- - fied, the program reads queue IDs from standard - input. For example, to delete all mail with exactly - one recipient user@example.com: + active and deferred). + + If a queue_id of - is specified, the program reads + queue IDs from standard input. For example, to + delete all mail with exactly one recipient + user@example.com: mailq | tail +2 | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 @@ -83,26 +85,28 @@ POSTSUPER(1) POSTSUPER(1) Put mail "on hold" so that no attempt is made to deliver it. Move one message with the named queue ID from the named mail queue(s) (default: incoming, - active and deferred) to the hold queue. If a - queue_id of - is specified, the program reads queue - IDs from standard input. + active and deferred) to the hold queue. + + If a queue_id of - is specified, the program reads + queue IDs from standard input. - Specify -h ALL to hold all messages; for example, + Specify -h ALL to hold all messages; for example, specify -h ALL deferred to hold mail in the - deferred queue. As a safety measure, the word ALL + deferred queue. As a safety measure, the word ALL must be specified in upper case. - Note: while mail is "on hold" it will not expire - when its time in the queue exceeds the maxi- + Note: while mail is "on hold" it will not expire + when its time in the queue exceeds the maxi- mal_queue_lifetime or bounce_queue_lifetime set- - ting. It becomes subject to expiration after it is + ting. It becomes subject to expiration after it is released from "hold". -H queue_id Release mail that was put "on hold". Move one mes- - sage with the named queue ID from the named mail - queue(s) (default: hold) to the deferred queue. If - a queue_id of - is specified, the program reads + sage with the named queue ID from the named mail + queue(s) (default: hold) to the deferred queue. + + If a queue_id of - is specified, the program reads queue IDs from standard input. Note: use "postsuper -r" to release mail that was @@ -121,55 +125,56 @@ POSTSUPER(1) POSTSUPER(1) Requeue the message with the named queue ID from the named mail queue(s) (default: hold, incoming, active and deferred). To requeue multiple mes- - sages, specify multiple -r command-line options. + sages, specify multiple -r command-line options. + Alternatively, if a queue_id of - is specified, the program reads queue IDs from standard input. Specify -r ALL to requeue all messages. As a safety - measure, the word ALL must be specified in upper + measure, the word ALL must be specified in upper case. - A requeued message is moved to the maildrop queue, - from where it is copied by the pickup daemon to a - new file whose name is guaranteed to match the new + A requeued message is moved to the maildrop queue, + from where it is copied by the pickup daemon to a + new file whose name is guaranteed to match the new queue file inode number. The new queue file is sub- - jected again to mail address rewriting and substi- + jected again to mail address rewriting and substi- tution. This is useful when rewriting rules or vir- tual mappings have changed. - Warning: Postfix queue IDs are reused. There is a - very small possibility that postsuper(1) requeues - the wrong message file when it is executed while - the Postfix mail system is running, but no harm + Warning: Postfix queue IDs are reused. There is a + very small possibility that postsuper(1) requeues + the wrong message file when it is executed while + the Postfix mail system is running, but no harm should be done. - -s Structure check and structure repair. This should + -s Structure check and structure repair. This should be done once before Postfix startup. - o Rename files whose name does not match the + o Rename files whose name does not match the message file inode number. This operation is - necessary after restoring a mail queue from + necessary after restoring a mail queue from a different machine, or from backup media. o Move queue files that are in the wrong place in the file system hierarchy and remove sub- directories that are no longer needed. File - position rearrangements are necessary after + position rearrangements are necessary after a change in the hash_queue_names and/or hash_queue_depth configuration parameters. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. DIAGNOSTICS - Problems are reported to the standard error stream and to + Problems are reported to the standard error stream and to syslogd(8). - postsuper(1) reports the number of messages deleted with - -d, the number of messages requeued with -r, and the num- - ber of messages whose queue file name was fixed with -s. - The report is written to the standard error stream and to + postsuper(1) reports the number of messages deleted with + -d, the number of messages requeued with -r, and the num- + ber of messages whose queue file name was fixed with -s. + The report is written to the standard error stream and to syslogd(8). ENVIRONMENT @@ -177,36 +182,36 @@ POSTSUPER(1) POSTSUPER(1) Directory with the main.cf file. BUGS - Mail that is not sanitized by Postfix (i.e. mail in the + Mail that is not sanitized by Postfix (i.e. mail in the maildrop queue) cannot be placed "on hold". CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant + The following main.cf parameters are especially relevant to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- + summary. See postconf(5) for more details including exam- ples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. hash_queue_depth (1) - The number of subdirectory levels for queue direc- - tories listed with the hash_queue_names parameter. + The number of subdirectory levels for queue direc- + tories listed with the hash_queue_names parameter. hash_queue_names (deferred, defer) - The names of queue directories that are split + The names of queue directories that are split across multiple subdirectory levels. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the pro- + The mail system name that is prepended to the pro- cess name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". @@ -215,7 +220,7 @@ POSTSUPER(1) POSTSUPER(1) postqueue(1), unprivileged queue operations LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/relocated.5.html b/postfix/html/relocated.5.html index 9a31a3bfb..00be2e021 100644 --- a/postfix/html/relocated.5.html +++ b/postfix/html/relocated.5.html @@ -68,8 +68,8 @@ RELOCATED(5) RELOCATED(5) in $inet_interfaces or $proxy_interfaces. @domain - Matches every other address in domain. This form - has the lowest precedence. + Matches other addresses in domain. This form has + the lowest precedence. ADDRESS EXTENSION When a mail address localpart contains the optional recip- diff --git a/postfix/makedefs b/postfix/makedefs index d8cb0a6fb..ee5508c5b 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -8,7 +8,7 @@ # SYNOPSIS # \fBmake makefiles \fIname=value...\fR # DESCRIPTION -# The \fBmakedefs\fR command identifies the program compilation +# The \fBmakedefs\fR command identifies the compilation # environment, and emits macro definitions on the standard output # stream that can be prepended to template Makefiles. # diff --git a/postfix/man/man1/postfix.1 b/postfix/man/man1/postfix.1 index 82c0a256c..ac150d4b7 100644 --- a/postfix/man/man1/postfix.1 +++ b/postfix/man/man1/postfix.1 @@ -25,15 +25,15 @@ runs the \fBpostfix-script\fR shell script to do the actual work. The following commands are implemented: .IP \fBcheck\fR -Validate the Postfix mail system configuration. Warn about bad -directory/file ownership or permissions, and create missing -directories. +Warn about bad directory/file ownership or permissions, +and create missing directories. .IP \fBstart\fR Start the Postfix mail system. This also runs the configuration check described above. .IP \fBstop\fR -Stop the Postfix mail system in an orderly fashion. Running processes -are allowed to terminate at their earliest convenience. +Stop the Postfix mail system in an orderly fashion. If +possible, running processes are allowed to terminate at +their earliest convenience. .sp Note: in order to refresh the Postfix mail system after a configuration change, do not use the \fBstart\fR and \fBstop\fR diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1 index 5c2982bbf..0790904e5 100644 --- a/postfix/man/man1/postsuper.1 +++ b/postfix/man/man1/postsuper.1 @@ -37,6 +37,7 @@ MAIL_CONFIG environment setting below. Delete one message with the named queue ID from the named mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and \fBdeferred\fR). + If a \fIqueue_id\fR of \fB-\fR is specified, the program reads queue IDs from standard input. For example, to delete all mail with exactly one recipient \fBuser@example.com\fR: @@ -82,6 +83,7 @@ Put mail "on hold" so that no attempt is made to deliver it. Move one message with the named queue ID from the named mail queue(s) (default: \fBincoming\fR, \fBactive\fR and \fBdeferred\fR) to the \fBhold\fR queue. + If a \fIqueue_id\fR of \fB-\fR is specified, the program reads queue IDs from standard input. .sp @@ -98,6 +100,7 @@ expiration after it is released from "hold". Release mail that was put "on hold". Move one message with the named queue ID from the named mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue. + If a \fIqueue_id\fR of \fB-\fR is specified, the program reads queue IDs from standard input. .sp @@ -117,6 +120,7 @@ mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and \fBdeferred\fR). To requeue multiple messages, specify multiple \fB-r\fR command-line options. + Alternatively, if a \fIqueue_id\fR of \fB-\fR is specified, the program reads queue IDs from standard input. .sp diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index f74971bcb..360ca6432 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -36,10 +36,12 @@ The expressions "$name", "${name}" or "$(name)" are recursively replaced by the value of the named parameter. .IP \(bu The expression "${name?value}" expands to "value" when -"$name" is non-empty. +"$name" is non-empty. This form is supported with Postfix +version 2.2 and later. .IP \(bu The expression "${name:value}" expands to "value" when -"$name" is empty. +"$name" is empty. This form is supported with Postfix +version 2.2 and later. .RE .IP \(bu When the same parameter is defined multiple times, only the last @@ -2743,6 +2745,12 @@ relay_clientcerts = hash:/etc/postfix/relay_clientcerts .fi .ad .ft R +.PP +For more fine-grained control, use check_ccert_access to select +an appropriate \fBaccess\fR(5) policy for each client. +See RESTRICTION_CLASS_README. +.PP +This feature is available with Postfix 2.2. .SH relay_destination_concurrency_limit (default: $default_destination_concurrency_limit) The maximal number of parallel deliveries to the same destination via the relay message delivery transport. This limit is enforced @@ -3925,6 +3933,10 @@ restriction that matches wins. .PP The following restrictions are specific to client hostname or client network address information. +.IP "\fBcheck_ccert_access \fItype:table\fR\fR" +When the remote SMTP client certificate is verified successfully, +use the client certificate fingerprint as lookup key for the specified +\fBaccess\fR(5) database. This feature is available with Postfix 2.2. .IP "\fBcheck_client_access \fItype:table\fR\fR" Search the specified access database for the client hostname, parent domains, client IP address, or networks obtained by stripping @@ -3943,11 +3955,11 @@ Permit the request when the remote SMTP client certificate is verified successfully. This option must be used only if a special CA issues the certificates and only this CA is listed as trusted CA, otherwise all clients with a recognized certificate would be -allowed to relay. +allowed to relay. This feature is available with Postfix 2.2. .IP "\fBpermit_tls_clientcerts\fR" Permit the request when the remote SMTP client certificate is verified successfully, and the certificate fingerprint is listed -in $relay_clientcerts. +in $relay_clientcerts. This feature is available with Postfix 2.2. .IP "\fBreject_rbl_client \fIrbl_domain=d.d.d.d\fR\fR" Reject the request when the reversed client network address is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR diff --git a/postfix/man/man5/relocated.5 b/postfix/man/man5/relocated.5 index 5e8c9c182..8888886c1 100644 --- a/postfix/man/man5/relocated.5 +++ b/postfix/man/man5/relocated.5 @@ -67,7 +67,7 @@ Matches \fIuser\fR@\fIsite\fR when \fIsite\fR is $\fBmyorigin\fR, when \fIsite\fR is listed in $\fBmydestination\fR, or when \fIsite\fR is listed in $\fBinet_interfaces\fR or $\fBproxy_interfaces\fR. .IP @\fIdomain\fR -Matches every other address in \fIdomain\fR. This form has the lowest +Matches other addresses in \fIdomain\fR. This form has the lowest precedence. .SH "ADDRESS EXTENSION" .na diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index af081aa4b..d7d5499da 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -578,7 +578,7 @@ while (<>) { s/\b[A-Z0-9_]*_README\b/$&<\/a>/g; s/\bINSTALL\b/$&<\/a>/g; s/\bOVERVIEW\b/$&<\/a>/g; - s/"type:table"/"type:table<\/a>"/g; + s/\btype:table\b/type:table<\/a>/g; # Split manual page hyperlinks across newlines @@ -597,6 +597,7 @@ while (<>) { # Access restrictions - client s;\bcheck_client_access\b;$&;g; + s;\bcheck_ccert_access\b;$&;g; s;\bpermit_inet_interfaces\b;$&;g; s;\bpermit_mynetworks\b;$&;g; s;\bpermit_sasl_authenticated\b;$&;g; diff --git a/postfix/proto/SMTPD_ACCESS_README.html b/postfix/proto/SMTPD_ACCESS_README.html index e271afebd..c5176b41b 100644 --- a/postfix/proto/SMTPD_ACCESS_README.html +++ b/postfix/proto/SMTPD_ACCESS_README.html @@ -179,6 +179,12 @@ described in the postconf(5) manual page.

    # Whitelisting: local clients may specify any destination. Others may not. smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination + + # Block clients that speak too early. + smtpd_data_restrictions = reject_unauth_pipelining + + # Enforce mail volume quota via policy service callouts. + smtpd_end_of_data_restrictions = check_policy_service unix:private/policy

    Each restriction list is evaluated from left to right until diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html index c284b7513..6b2165685 100644 --- a/postfix/proto/TLS_README.html +++ b/postfix/proto/TLS_README.html @@ -580,7 +580,7 @@ recommends a maximum of 24 hours.

    Server access control

    -

    Postfix TLS support introduces two additional features for +

    Postfix TLS support introduces three additional features for Postfix SMTP server access control:

    @@ -596,6 +596,10 @@ and if its fingerprint is listed in the list of client certificates client SMTP request if the client certificate passes verification.

    +
    check_ccert_access type:table
    +

    If the client certificate passes verification, use its fingerprint +as a key for the specified access(5) table.

    +
    diff --git a/postfix/proto/postconf.html.prolog b/postfix/proto/postconf.html.prolog index 9efb2372a..5b8c4806f 100644 --- a/postfix/proto/postconf.html.prolog +++ b/postfix/proto/postconf.html.prolog @@ -46,10 +46,12 @@ that starts with whitespace continues a logical line.

    recursively replaced by the value of the named parameter.

  • The expression "${name?value}" expands to "value" when -"$name" is non-empty.

    +"$name" is non-empty. This form is supported with Postfix version +2.2 and later.

  • The expression "${name:value}" expands to "value" when -"$name" is empty.

    +"$name" is empty. This form is supported with Postfix version 2.2 +and later.

    diff --git a/postfix/proto/postconf.man.prolog b/postfix/proto/postconf.man.prolog index 702d3206e..a3f50bf14 100644 --- a/postfix/proto/postconf.man.prolog +++ b/postfix/proto/postconf.man.prolog @@ -36,10 +36,12 @@ The expressions "$name", "${name}" or "$(name)" are recursively replaced by the value of the named parameter. .IP \(bu The expression "${name?value}" expands to "value" when -"$name" is non-empty. +"$name" is non-empty. This form is supported with Postfix +version 2.2 and later. .IP \(bu The expression "${name:value}" expands to "value" when -"$name" is empty. +"$name" is empty. This form is supported with Postfix +version 2.2 and later. .RE .IP \(bu When the same parameter is defined multiple times, only the last diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 3cd47a66e..8009bd1ba 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -4313,6 +4313,12 @@ client network address information.
    +
    check_ccert_access type:table
    + +
    When the remote SMTP client certificate is verified successfully, +use the client certificate fingerprint as lookup key for the specified +access(5) database. This feature is available with Postfix 2.2.
    +
    check_client_access type:table
    Search the specified access database for the client hostname, @@ -4341,13 +4347,13 @@ authenticated via the RFC 2554 (AUTH) protocol.
    verified successfully. This option must be used only if a special CA issues the certificates and only this CA is listed as trusted CA, otherwise all clients with a recognized certificate would be -allowed to relay. +allowed to relay. This feature is available with Postfix 2.2.
    permit_tls_clientcerts
    Permit the request when the remote SMTP client certificate is verified successfully, and the certificate fingerprint is listed -in $relay_clientcerts.
    +in $relay_clientcerts. This feature is available with Postfix 2.2.
    reject_rbl_client rbl_domain=d.d.d.d
    Reject the request when the reversed client network address is @@ -7873,6 +7879,12 @@ D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home

    relay_clientcerts = hash:/etc/postfix/relay_clientcerts +

    For more fine-grained control, use check_ccert_access to select +an appropriate access(5) policy for each client. +See RESTRICTION_CLASS_README.

    + +

    This feature is available with Postfix 2.2.

    + %PARAM smtpd_tls_cipherlist

    Controls the Postfix SMTP server TLS cipher selection scheme. diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 5f6f9dd89..f6c089296 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1662,6 +1662,7 @@ extern char *var_perm_mx_networks; extern int var_access_map_code; #define CHECK_CLIENT_ACL "check_client_access" +#define CHECK_CCERT_ACL "check_ccert_access" #define CHECK_HELO_ACL "check_helo_access" #define CHECK_SENDER_ACL "check_sender_access" #define CHECK_RECIP_ACL "check_recipient_access" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 06af3306e..6990a2dcc 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only. */ -#define MAIL_RELEASE_DATE "20050207" +#define MAIL_RELEASE_DATE "20050208" #define MAIL_VERSION_NUMBER "2.2" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index 88f0e9ff4..413b6fdce 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -790,7 +790,7 @@ static void pre_init(char *unused_name, char **unused_argv) * file. */ if (var_mailbox_limit) { - if (var_mailbox_limit < var_message_limit) + if (var_mailbox_limit < var_message_limit || var_message_limit == 0) msg_fatal("main.cf configuration error: %s is smaller than %s", VAR_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT); set_file_limit(var_mailbox_limit); diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index 68efdc25b..d502db114 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -19,15 +19,15 @@ /* /* The following commands are implemented: /* .IP \fBcheck\fR -/* Validate the Postfix mail system configuration. Warn about bad -/* directory/file ownership or permissions, and create missing -/* directories. +/* Warn about bad directory/file ownership or permissions, +/* and create missing directories. /* .IP \fBstart\fR /* Start the Postfix mail system. This also runs the configuration /* check described above. /* .IP \fBstop\fR -/* Stop the Postfix mail system in an orderly fashion. Running processes -/* are allowed to terminate at their earliest convenience. +/* Stop the Postfix mail system in an orderly fashion. If +/* possible, running processes are allowed to terminate at +/* their earliest convenience. /* .sp /* Note: in order to refresh the Postfix mail system after a /* configuration change, do not use the \fBstart\fR and \fBstop\fR diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c index f523a5dfe..eba72e685 100644 --- a/postfix/src/postsuper/postsuper.c +++ b/postfix/src/postsuper/postsuper.c @@ -31,6 +31,7 @@ /* Delete one message with the named queue ID from the named /* mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and /* \fBdeferred\fR). +/* /* If a \fIqueue_id\fR of \fB-\fR is specified, the program reads /* queue IDs from standard input. For example, to delete all mail /* with exactly one recipient \fBuser@example.com\fR: @@ -76,6 +77,7 @@ /* Move one message with the named queue ID from the named /* mail queue(s) (default: \fBincoming\fR, \fBactive\fR and /* \fBdeferred\fR) to the \fBhold\fR queue. +/* /* If a \fIqueue_id\fR of \fB-\fR is specified, the program reads /* queue IDs from standard input. /* .sp @@ -92,6 +94,7 @@ /* Release mail that was put "on hold". /* Move one message with the named queue ID from the named /* mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue. +/* /* If a \fIqueue_id\fR of \fB-\fR is specified, the program reads /* queue IDs from standard input. /* .sp @@ -111,6 +114,7 @@ /* \fBdeferred\fR). /* To requeue multiple messages, specify multiple \fB-r\fR /* command-line options. +/* /* Alternatively, if a \fIqueue_id\fR of \fB-\fR is specified, /* the program reads queue IDs from standard input. /* .sp diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 9b0718bf0..7875146b0 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -336,6 +336,7 @@ static int check_rcpt_maps(SMTPD_STATE *, const char *, const char *); * Reject context. */ #define SMTPD_NAME_CLIENT "Client host" +#define SMTPD_NAME_CCERT "Client certificate" #define SMTPD_NAME_HELO "Helo command" #define SMTPD_NAME_SENDER "Sender address" #define SMTPD_NAME_RECIPIENT "Recipient address" @@ -2341,6 +2342,39 @@ static int check_server_access(SMTPD_STATE *state, const char *table, CHECK_SERVER_RETURN(SMTPD_CHECK_DUNNO); } +/* check_ccert_access - access for TLS clients by certificate fingerprint */ + +#ifdef USE_TLS + +static int check_ccert_access(SMTPD_STATE *state, const char *table, + const char *def_acl) +{ + char *myname = "check_ccert_access"; + int found; + + if (state->tls_info.peer_verified && state->tls_info.peer_fingerprint) { + if (msg_verbose) + msg_info("%s: %s", myname, state->tls_info.peer_fingerprint); + + /* + * Regexp tables don't make sense for certificate fingerprints. That + * may be so, but we can't ignore the entire check_ccert_access + * request without logging a warning. + * + * Log the peer CommonName when access is denied. Non-printable + * characters will be neutered by smtpd_check_reject(). The SMTP + * client name and address are always syslogged as part of a "reject" + * event. + */ + return (check_access(state, table, state->tls_info.peer_fingerprint, + DICT_FLAG_NONE, &found, state->tls_info.peer_CN, + SMTPD_NAME_CCERT, def_acl)); + } + return (SMTPD_CHECK_DUNNO); +} + +#endif + /* check_mail_access - OK/FAIL based on mail address lookup */ static int check_mail_access(SMTPD_STATE *state, const char *table, @@ -3204,6 +3238,10 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, status = reject_rbl_domain(state, *cpp, state->name, SMTPD_NAME_CLIENT); } +#ifdef USE_TLS + } else if (is_map_command(state, name, CHECK_CCERT_ACL, &cpp)) { + status = check_ccert_access(state, *cpp, def_acl); +#endif } /* diff --git a/postfix/src/util/dict.c b/postfix/src/util/dict.c index 91b3a57b5..d20eb2fd0 100644 --- a/postfix/src/util/dict.c +++ b/postfix/src/util/dict.c @@ -117,8 +117,8 @@ /* dict_eval() expands macro references in the specified string. /* The result is owned by the dictionary manager. Make a copy if the /* result is to survive multiple dict_eval() calls. When the -/* \fIrecursive\fR argument is non-zero, macros references are -/* expanded recursively. +/* \fIrecursive\fR argument is non-zero, macro references in macro +/* lookup results are expanded recursively. /* /* dict_walk() iterates over all registered dictionaries in some /* arbitrary order, and invokes the specified action routine with @@ -183,7 +183,7 @@ #include "vstream.h" #include "vstring.h" #include "readlline.h" -#include "mac_parse.h" +#include "mac_expand.h" #include "stringops.h" #include "iostuff.h" #include "dict.h" @@ -410,94 +410,52 @@ void dict_load_fp(const char *dict_name, VSTREAM *fp) vstring_free(buf); } - /* - * Helper for macro expansion callback. - */ -struct dict_eval_context { - const char *dict_name; /* where to look */ - VSTRING *buf; /* result buffer */ - int recursive; /* recursive or not */ -}; - -/* dict_eval_action - macro parser call-back routine */ +/* dict_eval_lookup - macro parser call-back routine */ -static int dict_eval_action(int type, VSTRING *buf, char *ptr) +static const char *dict_eval_lookup(const char *key, int unused_type, + char *dict_name) { - struct dict_eval_context *ctxt = (struct dict_eval_context *) ptr; - char *myname = "dict_eval_action"; const char *pp; - if (msg_verbose > 1) - msg_info("%s: type %s buf %s context %s \"%s\" %s", - myname, type == MAC_PARSE_VARNAME ? "variable" : "literal", - STR(buf), ctxt->dict_name, STR(ctxt->buf), - ctxt->recursive ? "recursive" : "non-recursive"); - /* - * In order to support recursion, we must save the dict_lookup() result. - * We use the input buffer since it will not be needed anymore. + * XXX how would one recover? */ - if (type == MAC_PARSE_VARNAME) { - if ((pp = dict_lookup(ctxt->dict_name, STR(buf))) == 0) { - if (dict_errno) /* XXX how would one recover? */ - msg_fatal("dictionary %s: lookup %s: temporary error", - ctxt->dict_name, STR(buf)); - } else if (ctxt->recursive) { - vstring_strcpy(buf, pp); /* XXX clobber input */ - dict_eval(ctxt->dict_name, STR(buf), ctxt->recursive); - } else { - vstring_strcat(ctxt->buf, pp); - } - } else { - vstring_strcat(ctxt->buf, STR(buf)); - } - return (0); + if ((pp = dict_lookup(dict_name, key)) == 0 && dict_errno != 0) + msg_fatal("dictionary %s: lookup %s: temporary error", dict_name, key); + + return (pp); } /* dict_eval - expand embedded dictionary references */ const char *dict_eval(const char *dict_name, const char *value, int recursive) { + const char *myname = "dict_eval"; static VSTRING *buf; - static struct dict_eval_context ctxt; - static int loop = 0; - - /* - * Sanity check. - */ - if (loop > 100) - msg_fatal("unreasonable macro nesting: \"%s\"", value); + int status; /* * Initialize. */ if (buf == 0) buf = vstring_alloc(10); - if (loop++ == 0) { - VSTRING_RESET(buf); - VSTRING_TERMINATE(buf); - } - ctxt.buf = buf; - ctxt.recursive = recursive; - ctxt.dict_name = dict_name; /* * Expand macros, possibly recursively. */ - if (msg_verbose > 1) - msg_info("dict_eval[%d] %s", loop, value); - - mac_parse(value, dict_eval_action, (char *) &ctxt); - - if (msg_verbose > 1) - msg_info("dict_eval[%d] result %s", loop, STR(buf)); - - /* - * Cleanup. - */ - loop--; - VSTRING_TERMINATE(buf); - +#define DONT_FILTER (char *) 0 + + status = mac_expand(buf, value, + recursive ? MAC_EXP_FLAG_RECURSE : MAC_EXP_FLAG_NONE, + DONT_FILTER, dict_eval_lookup, (char *) dict_name); + if (status & MAC_PARSE_ERROR) + msg_fatal("dictionary %s: macro processing error", dict_name); + if (msg_verbose) { + if (strcmp(value, STR(buf)) != 0) + msg_info("%s: expand %s -> %s", myname, value, STR(buf)); + else + msg_info("%s: const %s", myname, value); + } return (STR(buf)); } diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c index 0a1ff93ab..fc892f05b 100644 --- a/postfix/src/util/dict_open.c +++ b/postfix/src/util/dict_open.c @@ -88,9 +88,14 @@ /* into the right-hand side. /* .IP DICT_FLAG_NO_PROXY /* Disallow access through the \fBproxymap\fR service. +/* .IP DICT_FLAG_NO_UNAUTH +/* Disallow network lookup mechanisms that lack any form of +/* authentication (example: tcp_table; even NIS can be secured +/* to some extent by requiring that the server binds to a +/* privileged port). /* .IP DICT_FLAG_PARANOID -/* A combination of all the paranoia flags: DICT_FLAG_NO_REGSUB -/* and DICT_FLAG_NO_PROXY. +/* A combination of all the paranoia flags: DICT_FLAG_NO_REGSUB, +/* DICT_FLAG_NO_PROXY and DICT_FLAG_NO_UNAUTH. /* .PP /* Specify DICT_FLAG_NONE for no special processing. /* diff --git a/postfix/src/util/mac_expand.c b/postfix/src/util/mac_expand.c index 922244c61..44724785a 100644 --- a/postfix/src/util/mac_expand.c +++ b/postfix/src/util/mac_expand.c @@ -45,7 +45,7 @@ /* Bit-wise OR of zero or more of the following: /* .RS /* .IP MAC_EXP_FLAG_RECURSE -/* Expand $name recursively. This should never be done with +/* Expand macros in lookup results. This should never be done with /* data whose origin is untrusted. /* .PP /* The constant MAC_EXP_FLAG_NONE specifies a manifest null value. @@ -59,7 +59,7 @@ /* MAC_EXP_MODE_TEST to test the existence of the named attribute /* or MAC_EXP_MODE_USE to use the value of the named attribute, /* and the caller context that was given to mac_expand(). A null -/* result means that the requested attribute was not defined. +/* result value means that the requested attribute was not defined. /* .IP context /* Caller context that is passed on to the attribute lookup routine. /* DIAGNOSTICS @@ -136,8 +136,11 @@ static int mac_expand_callback(int type, VSTRING *buf, char *ptr) /* * $Name etc. reference. + * + * In order to support expansion of lookup results, we must save the lookup + * result. We use the input buffer since it will not be needed anymore. */ - if (type == MAC_PARSE_VARNAME) { + if (type == MAC_PARSE_EXPR) { /* * Look for the ? or : delimiter. In case of a syntax error, return @@ -183,7 +186,8 @@ static int mac_expand_callback(int type, VSTRING *buf, char *ptr) } else if (*text == 0) { /* void */ ; } else if (mc->flags & MAC_EXP_FLAG_RECURSE) { - mac_parse(text, mac_expand_callback, (char *) mc); + vstring_strcpy(buf, text); + mac_parse(vstring_str(buf), mac_expand_callback, (char *) mc); } else { len = VSTRING_LEN(mc->result); vstring_strcat(mc->result, text); @@ -201,17 +205,9 @@ static int mac_expand_callback(int type, VSTRING *buf, char *ptr) * Literal text. */ else { - text = vstring_str(buf); - vstring_strcat(mc->result, text); + vstring_strcat(mc->result, vstring_str(buf)); } - /* - * Give the poor tester a clue of what is going on. - */ - if (msg_verbose) - msg_info("%s: %s = %s", myname, vstring_str(buf), - text ? text : "(undef)"); - mc->level--; return (mc->status); diff --git a/postfix/src/util/mac_parse.c b/postfix/src/util/mac_parse.c index b21f8b21f..6bd638d42 100644 --- a/postfix/src/util/mac_parse.c +++ b/postfix/src/util/mac_parse.c @@ -23,9 +23,11 @@ /* found, and \fIcontext\fR is passed on unmodified from the caller. /* The application is at liberty to clobber \fIbuf\fR. /* .IP MAC_PARSE_LITERAL -/* The text in \fIbuf\fR is literal text. -/* .IP MAC_PARSE_VARNAME -/* The text in \fIbuf\fR is a macro expression. +/* The content of \fIbuf\fR is literal text. +/* .IP MAC_PARSE_EXPR +/* The content of \fIbuf\fR is a macro expression: either a +/* bare macro name without the preceding "$", or all the text +/* inside $() or ${}. /* .PP /* The action routine result value is the bit-wise OR of zero or more /* of the following: @@ -72,11 +74,11 @@ * execute the action, and reset the temporary buffer for re-use. */ #define MAC_PARSE_ACTION(status, type, buf, context) \ - { \ + do { \ VSTRING_TERMINATE(buf); \ - status |= action(type, buf, context); \ + status |= action((type), (buf), (context)); \ VSTRING_RESET(buf); \ - } + } while(0) /* mac_parse - split string into literal text and macro references */ @@ -138,7 +140,7 @@ int mac_parse(const char *value, MAC_PARSE_FN action, char *context) msg_warn("empty macro name: \"%s\"", value); break; } - MAC_PARSE_ACTION(status, MAC_PARSE_VARNAME, buf, context); + MAC_PARSE_ACTION(status, MAC_PARSE_EXPR, buf, context); } } if (VSTRING_LEN(buf) > 0 && (status & MAC_PARSE_ERROR) == 0) @@ -167,8 +169,8 @@ static int mac_parse_print(int type, VSTRING *buf, char *unused_context) char *type_name; switch (type) { - case MAC_PARSE_VARNAME: - type_name = "MAC_PARSE_VARNAME"; + case MAC_PARSE_EXPR: + type_name = "MAC_PARSE_EXPR"; break; case MAC_PARSE_LITERAL: type_name = "MAC_PARSE_LITERAL"; diff --git a/postfix/src/util/mac_parse.h b/postfix/src/util/mac_parse.h index b702fcaf0..7a9411e77 100644 --- a/postfix/src/util/mac_parse.h +++ b/postfix/src/util/mac_parse.h @@ -20,7 +20,8 @@ * External interface. */ #define MAC_PARSE_LITERAL 1 -#define MAC_PARSE_VARNAME 2 +#define MAC_PARSE_EXPR 2 +#define MAC_PARSE_VARNAME MAC_PARSE_EXPR /* 2.1 compatibility */ #define MAC_PARSE_OK 0 #define MAC_PARSE_ERROR (1<<0) diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index ceeabd8a0..a36cb1769 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -457,7 +457,7 @@ static void pre_init(char *unused_name, char **unused_argv) * file. */ if (var_virt_mailbox_limit) { - if (var_virt_mailbox_limit < var_message_limit) + if (var_virt_mailbox_limit < var_message_limit || var_message_limit == 0) msg_fatal("main.cf configuration error: %s is smaller than %s", VAR_VIRT_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT); set_file_limit(var_virt_mailbox_limit); -- 2.47.3