Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM
(replace sender) request lost the sender_bcc_maps address.
- Fixed by moving some record keeping to the sender output function.
- Files: cleanup/cleanup_envelope.c, cleanup/cleanuop_addr.c,
- cleanup/cleanup_milter.c, cleanup/cleanup.h, regression tests.
+ Fixed by moving some record keeping to the sender output
+ function. Files: cleanup/cleanup_envelope.c,
+ cleanup/cleanup_addr.c, cleanup/cleanup_milter.c,
+ cleanup/cleanup.h, regression tests.
20160314
Cleanup: un-broke regression tests. Files: dns/mxonly_test.ref,
dns/no-mx.ref, smtpd/smtpd_server.ref, smtpd/smtpd_server.in.
+
+ Added Postfix version information to the "postconf -m" manpage
+ section. File: postconf/postconf.c.
+
+20160330
+
+ The collate.pl script by Viktor Dukhovni for grouping Postfix
+ logfile records into "sessions" based on queue ID and process
+ ID information. Files: auxiliary/collate/*.
+
+20160407
+
+ Treat SASL_FAIL and SASL_NOMEM as temporary errors.
+ Markus Benning. File: xsasl/xsasl_cyrus_server.c.
+
+20160410
+
+ Bugfix (introduced: Postfix 2.6): the "bad filetype"
+ header_checks pattern falsely rejected Content-Mumble headers
+ with ``name="example"; x-apple-part-url="example.com"''.
+ Fixed by respecting the ";" separator between content
+ attribute values. Reported by Cedric Knight. File:
+ proto/header_checks.
+
+20160515
+
+ Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h,
+ dns/dns_str_resflags.c.
--- /dev/null
+This script, by Viktor Dukhovni, untangles a Postfix logfile and
+groups the records one "session" at a time based on queue ID and
+process ID information.
+
+Records from different sessions are separated by an empty line.
+Such text is easy to process with $/="" in perl, or RS="" in awk.
+
+Usage:
+ perl collate.pl file...
+
+It reads standard input when no file is specified.
--- /dev/null
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+
+# Postfix delivery agents
+my @agents = qw(discard error lmtp local pipe smtp virtual);
+
+my $instre = qr{(?x)
+ \A # Absolute line start
+ (?:\S+ \s+){3} # Timestamp, adjust for other time formats
+ \S+ \s+ # Hostname
+ (postfix(?:-\S+)?)/ # postfix instance
+ };
+
+my $cmdpidre = qr{(?x)
+ \G # Continue from previous match
+ (\S+)\[(\d+)\]:\s+ # command[pid]:
+};
+
+my %smtpd;
+my %smtp;
+my %transaction;
+my $i = 0;
+my %seqno;
+
+my %isagent = map { ($_, 1) } @agents;
+
+while (<>) {
+ next unless m{$instre}ogc; my $inst = $1;
+ next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;
+
+ if ($command eq "smtpd") {
+ if (m{\Gconnect from }gc) {
+ # Start new log
+ $smtpd{$pid}->{"log"} = $_; next;
+ }
+
+ $smtpd{$pid}->{"log"} .= $_;
+
+ if (m{\G(\w+): client=}gc) {
+ # Fresh transaction
+ my $qid = "$inst/$1";
+ $smtpd{$pid}->{"qid"} = $qid;
+ $transaction{$qid} = $smtpd{$pid}->{"log"};
+ $seqno{$qid} = ++$i;
+ next;
+ }
+
+ my $qid = $smtpd{$pid}->{"qid"};
+ $transaction{$qid} .= $_
+ if (defined($qid) && exists $transaction{$qid});
+ delete $smtpd{$pid} if (m{\Gdisconnect from}gc);
+ next;
+ }
+
+ if ($command eq "pickup") {
+ if (m{\G(\w+): uid=}gc) {
+ my $qid = "$inst/$1";
+ $transaction{$qid} = $_;
+ $seqno{$qid} = ++$i;
+ }
+ next;
+ }
+
+ # bounce(8) logs transaction start after cleanup(8) already logged
+ # the message-id, so the cleanup log entry may be first
+ #
+ if ($command eq "cleanup") {
+ next unless (m{\G(\w+): }gc);
+ my $qid = "$inst/$1";
+ $transaction{$qid} .= $_;
+ $seqno{$qid} = ++$i if (! exists $seqno{$qid});
+ next;
+ }
+
+ if ($command eq "qmgr") {
+ next unless (m{\G(\w+): }gc);
+ my $qid = "$inst/$1";
+ if (defined($transaction{$qid})) {
+ $transaction{$qid} .= $_;
+ if (m{\Gremoved$}gc) {
+ print delete $transaction{$qid}, "\n";
+ }
+ }
+ next;
+ }
+
+ # Save pre-delivery messages for smtp(8) and lmtp(8)
+ #
+ if ($command eq "smtp" || $command eq "lmtp") {
+ $smtp{$pid} .= $_;
+
+ if (m{\G(\w+): to=}gc) {
+ my $qid = "$inst/$1";
+ if (defined($transaction{$qid})) {
+ $transaction{$qid} .= $smtp{$pid};
+ }
+ delete $smtp{$pid};
+ }
+ next;
+ }
+
+ if ($command eq "bounce") {
+ if (m{\G(\w+): .*? notification: (\w+)$}gc) {
+ my $qid = "$inst/$1";
+ my $newid = "$inst/$2";
+ if (defined($transaction{$qid})) {
+ $transaction{$qid} .= $_;
+ }
+ $transaction{$newid} =
+ $_ . $transaction{$newid};
+ $seqno{$newid} = ++$i if (! exists $seqno{$newid});
+ }
+ next;
+ }
+
+ if ($isagent{$command}) {
+ if (m{\G(\w+): to=}gc) {
+ my $qid = "$inst/$1";
+ if (defined($transaction{$qid})) {
+ $transaction{$qid} .= $_;
+ }
+ }
+ next;
+ }
+}
+
+# Dump logs of incomplete transactions.
+foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
+ print $transaction{$qid}, "\n";
+}
# header_checks = pcre:/etc/postfix/header_checks.pcre
#
# /etc/postfix/header_checks.pcre:
-# /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
+# /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
# hlp|ht[at]|
# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre
/etc/postfix/header_checks.<a href="pcre_table.5.html">pcre</a>:
- /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(
+ /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
hlp|ht[at]|
inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
tal updates. Available on systems with support for CDB
databases.
+ This feature is available with Postfix 2.2 and later.
+
<b>cidr</b> A table that associates values with Classless
Inter-Domain Routing (CIDR) patterns. This is described
in <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a>.
+ This feature is available with Postfix 2.2 and later.
+
<b>dbm</b> An indexed file type based on hashing. Available on sys-
tems with support for DBM databases.
ble name is used for logging. This table exists to sim-
plify Postfix error tests.
+ This feature is available with Postfix 2.9 and later.
+
<b>hash</b> An indexed file type based on hashing. Available on sys-
tems with support for Berkeley DB databases.
just a few fixed elements. See also the <i><a href="DATABASE_README.html#types">static</a>:</i> map
type.
+ This feature is available with Postfix 3.0 and later.
+
<b>internal</b>
A non-shared, in-memory hash table. Its content are lost
when a process terminates.
file). Available on systems with support for LMDB data-
bases. This is described in <a href="lmdb_table.5.html"><b>lmdb_table</b>(5)</a>.
+ This feature is available with Postfix 2.11 and later.
+
<b>ldap</b> (read-only)
LDAP database client. This is described in <a href="ldap_table.5.html"><b>ldap_table</b>(5)</a>.
Memcache database client. This is described in <a href="memcache_table.5.html"><b>mem-</b></a>
<a href="memcache_table.5.html"><b>cache_table</b>(5)</a>.
+ This feature is available with Postfix 2.9 and later.
+
<b>mysql</b> (read-only)
MySQL database client. Available on systems with support
for MySQL databases. This is described in <a href="mysql_table.5.html"><b>mysql_ta-</b></a>
PostgreSQL database client. This is described in
<a href="pgsql_table.5.html"><b>pgsql_table</b>(5)</a>.
+ This feature is available with Postfix 2.1 and later.
+
<b>pipemap</b> (read-only)
A lookup table that constructs a pipeline of tables.
Example: "<b><a href="DATABASE_README.html#types">pipemap</a>:{</b><i>type</i><b>_</b><i>1:name</i><b>_</b><i>1, ..., type</i><b>_</b><i>n:name</i><b>_</b><i>n</i><b>}</b>".
"<a href="DATABASE_README.html#types">pipemap</a>:" table name must be "<b>{</b>" and "<b>}</b>". Within these,
individual maps are separated with comma or whitespace.
+ This feature is available with Postfix 3.0 and later.
+
<b>proxy</b> Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> client for shared access to Postfix
databases. The table name syntax is <i>type</i><b>:</b><i>name</i>.
+ This feature is available with Postfix 2.0 and later.
+
<b>randmap</b> (read-only)
An in-memory table that performs random selection. Exam-
ple: "<b><a href="DATABASE_README.html#types">randmap</a>:{</b><i>result</i><b>_</b><i>1, ..., result</i><b>_</b><i>n</i><b>}</b>". Each table
results are separated with comma or whitespace. To give a
specific result more weight, specify it multiple times.
+ This feature is available with Postfix 3.0 and later.
+
<b>regexp</b> (read-only)
A lookup table based on regular expressions. The file
format is described in <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>.
<b>sdbm</b> An indexed file type based on hashing. Available on sys-
tems with support for SDBM databases.
+ This feature is available with Postfix 2.2 and later.
+
<b>socketmap</b> (read-only)
Sendmail-style socketmap client. The table name is
<b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP server, or <b>unix</b>:<i>path-</i>
<i>name</i>:<i>name</i> for a UNIX-domain server. This is described in
<a href="socketmap_table.5.html"><b>socketmap_table</b>(5)</a>.
+ This feature is available with Postfix 2.10 and later.
+
<b>sqlite</b> (read-only)
SQLite database. This is described in <a href="sqlite_table.5.html"><b>sqlite_table</b>(5)</a>.
+ This feature is available with Postfix 2.8 and later.
+
<b>static</b> (read-only)
A table that always returns its name as lookup result.
For example, <b><a href="DATABASE_README.html#types">static</a>:foobar</b> always returns the string <b>foo-</b>
ignores whitespace after "<b>{</b>" and before "<b>}</b>". See also the
<i><a href="DATABASE_README.html#types">inline</a>:</i> map.
+ The form "<b><a href="DATABASE_README.html#types">static</a>:{</b><i>text</i><b>}</b> is available with Postfix 3.0 and
+ later.
+
<b>tcp</b> (read-only)
TCP/IP client. The protocol is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
<b>texthash</b> (read-only)
- Produces similar results as <a href="DATABASE_README.html#types">hash</a>: files, except that you
- don't need to run the <a href="postmap.1.html"><b>postmap</b>(1)</a> command before you can
- use the file, and that it does not detect changes after
+ Produces similar results as <a href="DATABASE_README.html#types">hash</a>: files, except that you
+ don't need to run the <a href="postmap.1.html"><b>postmap</b>(1)</a> command before you can
+ use the file, and that it does not detect changes after
the file is read.
+ This feature is available with Postfix 2.8 and later.
+
<b>unionmap</b> (read-only)
- A table that sends each query to multiple lookup tables
- and that concatenates all found results, separated by
+ A table that sends each query to multiple lookup tables
+ and that concatenates all found results, separated by
comma. The table name syntax is the same as for <b>pipemap</b>.
+ This feature is available with Postfix 3.0 and later.
+
<b>unix</b> (read-only)
- A limited view of the UNIX authentication database. The
+ A limited view of the UNIX authentication database. The
following tables are implemented:
<b>unix:passwd.byname</b>
- The table is the UNIX password database. The key
- is a login name. The result is a password file
+ The table is the UNIX password database. The key
+ is a login name. The result is a password file
entry in <b>passwd</b>(5) format.
<b>unix:group.byname</b>
The table is the UNIX group database. The key is a
- group name. The result is a group file entry in
+ group name. The result is a group file entry in
<b>group</b>(5) format.
- Other table types may exist depending on how Postfix was built.
+ Other table types may exist depending on how Postfix was built.
- <b>-M</b> Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a> file contents.
+ <b>-M</b> Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a> file contents.
Specify <b>-Mf</b> to fold long lines for human readability.
Specify zero or more arguments, each with a <i>service-name</i> or <i>ser-</i>
- <i>vice-name/service-type</i> pair, where <i>service-name</i> is the first
- field of a <a href="master.5.html">master.cf</a> entry and <i>service-type</i> is one of (<b>inet</b>,
+ <i>vice-name/service-type</i> pair, where <i>service-name</i> is the first
+ field of a <a href="master.5.html">master.cf</a> entry and <i>service-type</i> is one of (<b>inet</b>,
<b>unix</b>, <b>fifo</b>, or <b>pass</b>).
- If <i>service-name</i> or <i>service-name/service-type</i> is specified, only
- the matching <a href="master.5.html">master.cf</a> entries will be output. For example,
- "<b>postconf -Mf smtp</b>" will output all services named "smtp", and
- "<b>postconf -Mf smtp/inet</b>" will output only the smtp service that
- listens on the network. Trailing service type fields that are
+ If <i>service-name</i> or <i>service-name/service-type</i> is specified, only
+ the matching <a href="master.5.html">master.cf</a> entries will be output. For example,
+ "<b>postconf -Mf smtp</b>" will output all services named "smtp", and
+ "<b>postconf -Mf smtp/inet</b>" will output only the smtp service that
+ listens on the network. Trailing service type fields that are
omitted will be handled as "*" wildcard fields.
This feature is available with Postfix 2.9 and later. The syntax
- was changed from "<i>name.type</i>" to "<i>name/type</i>", and "*" wildcard
+ was changed from "<i>name.type</i>" to "<i>name/type</i>", and "*" wildcard
support was added with Postfix 2.11.
<b>-n</b> Show only configuration parameters that have explicit <i>name=value</i>
- settings in <a href="postconf.5.html"><b>main.cf</b></a>. Specify <b>-nf</b> to fold long lines for human
+ settings in <a href="postconf.5.html"><b>main.cf</b></a>. Specify <b>-nf</b> to fold long lines for human
readability (Postfix 2.9 and later).
<b>-o</b> <i>name=value</i>
This feature is available with Postfix 2.11 and later.
- <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser-
- vices and all parameters), formatted as "<i>service/type/parame-</i>
+ <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser-
+ vices and all parameters), formatted as "<i>service/type/parame-</i>
<i>ter=value</i>", one per line. Specify <b>-Pf</b> to fold long lines.
- Specify one or more "<i>service/type/parameter</i>" instances on the
- <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit the output to parameters of
- interest. Trailing parameter name or service type fields that
+ Specify one or more "<i>service/type/parameter</i>" instances on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit the output to parameters of
+ interest. Trailing parameter name or service type fields that
are omitted will be handled as "*" wildcard fields.
This feature is available with Postfix 2.11 and later.
<b>-t</b> [<i>template</i><b>_</b><i>file</i>]
- Display the templates for text that appears at the beginning of
- delivery status notification (DSN) messages, without expanding
+ Display the templates for text that appears at the beginning of
+ delivery status notification (DSN) messages, without expanding
$<b>name</b> expressions.
- To override the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter setting, specify
- a template file name at the end of the "<b>postconf -t</b>" command
- line. Specify an empty file name to display built-in templates
+ To override the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter setting, specify
+ a template file name at the end of the "<b>postconf -t</b>" command
+ line. Specify an empty file name to display built-in templates
(in shell language: "").
This feature is available with Postfix 2.3 and later.
<b>-T</b> <i>mode</i>
- If Postfix is compiled without TLS support, the <b>-T</b> option pro-
- duces no output. Otherwise, if an invalid <i>mode</i> is specified,
- the <b>-T</b> option reports an error and exits with a non-zero status
+ If Postfix is compiled without TLS support, the <b>-T</b> option pro-
+ duces no output. Otherwise, if an invalid <i>mode</i> is specified,
+ the <b>-T</b> option reports an error and exits with a non-zero status
code. The valid modes are:
<b>compile-version</b>
Output the OpenSSL version that Postfix was compiled with
- (i.e. the OpenSSL version in a header file). The output
+ (i.e. the OpenSSL version in a header file). The output
format is the same as with the command "<b>openssl version</b>".
<b>run-version</b>
runtime (i.e. the OpenSSL version in a shared library).
<b>public-key-algorithms</b>
- Output the lower-case names of the supported public-key
+ Output the lower-case names of the supported public-key
algorithms, one per-line.
This feature is available with Postfix 3.1 and later.
- <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
options make the software increasingly verbose.
- <b>-x</b> Expand <i>$name</i> in <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> parameter values. The
+ <b>-x</b> Expand <i>$name</i> in <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> parameter values. The
expansion is recursive.
This feature is available with Postfix 2.10 and later.
- <b>-X</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the parameters
+ <b>-X</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the parameters
named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Specify a list of param-
eter names, not "<i>name=value</i>" pairs.
- With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
- or more service entries as specified with "<i>service/type</i>" on the
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+ or more service entries as specified with "<i>service/type</i>" on the
<a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+ With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
or more service parameter settings (-o parameter=value settings)
as specied with "<i>service/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> com-
mand line.
into place. Specify quotes to protect special characters on the
<a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
tion.
- This feature is available with Postfix 2.10 and later. Support
+ This feature is available with Postfix 2.10 and later. Support
for -M and -P was added with Postfix 2.11.
<b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and comment out the parame-
eters revert to their default values. Specify a list of parame-
ter names, not "<i>name=value</i>" pairs.
- With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment out
- one or more service entries as specified with "<i>service/type</i>" on
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment out
+ one or more service entries as specified with "<i>service/type</i>" on
the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
In all cases the file is copied to a temporary file then renamed
into place. Specify quotes to protect special characters on the
<a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
tion.
- This feature is available with Postfix 2.6 and later. Support
+ This feature is available with Postfix 2.6 and later. Support
for -M was added with Postfix 2.11.
<b>DIAGNOSTICS</b>
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
gram.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
- Pathname of a configuration file with bounce message templates.
+ Pathname of a configuration file with bounce message templates.
<b>FILES</b>
/etc/postfix/<a href="postconf.5.html">main.cf</a>, Postfix configuration parameters
/etc/postfix/<a href="master.5.html">master.cf</a>, Postfix master daemon configuration
<b>SEE ALSO</b>
- <a href="bounce.5.html">bounce(5)</a>, bounce template file format <a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a>
- configuration file syntax <a href="postconf.5.html">postconf(5)</a>, <a href="postconf.5.html">main.cf</a> configuration
- file syntax
+ <a href="bounce.5.html">bounce(5)</a>, bounce template file format
+ <a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> configuration file syntax
+ <a href="postconf.5.html">postconf(5)</a>, <a href="postconf.5.html">main.cf</a> configuration file syntax
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<title> Postfix manual - postscreen(8) </title>
</head> <body> <pre>
-POSTSCREEN(8) POSTSCREEN(8)
+POSTSCREEN(8) System Manager's Manual POSTSCREEN(8)
<b>NAME</b>
postscreen - Postfix zombie blocker
This program should not be used on SMTP ports that receive mail from
end-user clients (MUAs). In a typical deployment, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> handles
- the MX service on TCP port 25, while MUA clients submit mail via the
- <b>submission</b> service on TCP port 587 which requires client authentica-
+ the MX service on TCP port 25, and <a href="smtpd.8.html"><b>smtpd</b>(8)</a> receives mail from MUAs on
+ the <b>submission</b> service (TCP port 587) which requires client authentica-
tion. Alternatively, a site could set up a dedicated, non-postscreen,
"port 25" server that provides <b>submission</b> service and client authenti-
cation, but no MX service.
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently does not
announce support for AUTH, XCLIENT or XFORWARD. If you need to make
these services available on port 25, then do not enable the optional
- "after 220 server greeting" tests, and do not use DNSBLs that reject
- traffic from dial-up and residential networks.
-
- The optional "after 220 server greeting" tests involve <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s
- built-in SMTP protocol engine. When these tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- adds the client to the temporary whitelist, but it cannot not hand off
- the "live" connection to a Postfix SMTP server process in the middle of
- a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to deliver mail with
- a 4XX status, and waits for the client to disconnect. When the client
- connects again, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Post-
- fix SMTP server process (provided that the whitelist status has not
- expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of this limitation by
- giving the "after 220 server greeting" tests a long expiration time.
+ "after 220 server greeting" tests.
+
+ The optional "after 220 server greeting" tests may result in unexpected
+ delivery delays from senders that retry email delivery from a different
+ IP address. Reason: after passing these tests a new client must dis-
+ connect, and reconnect from the same IP address before it can deliver
+ mail. See <a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, section "Tests after the 220 SMTP server
+ greeting", for a discussion.
<b>CONFIGURATION PARAMETERS</b>
- Changes
to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- processes may run for several hours. Use the command "postfix reload"
+ Changes
to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ processes may run for several hours. Use the command "postfix reload"
after a configuration change.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
- NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-dependent behav-
- ior. This is supported only when the default parameter value is
- stress-dependent (that is, it looks like ${stress?{X}:{Y}}, or it is
- the $<i>name</i> of an smtpd parameter with a stress-dependent default).
- Other parameters always evaluate as if the <b>stress</b> parameter value is
+ NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-dependent behav-
+ ior. This is supported only when the default parameter value is
+ stress-dependent (that is, it looks like ${stress?{X}:{Y}}, or it is
+ the $<i>name</i> of an smtpd parameter with a stress-dependent default).
+ Other parameters always evaluate as if the <b>stress</b> parameter value is
the empty string.
<b>COMPATIBILITY CONTROLS</b>
<b><a href="postconf.5.html#postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a></b>
<b>(${<a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>?{$<a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>}:{1}}h)</b>
- The maximum amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
- result from a successful DNS-based reputation test before a
+ The maximum amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ result from a successful DNS-based reputation test before a
client IP address is required to pass that test again.
<b><a href="postconf.5.html#postscreen_dnsbl_min_ttl">postscreen_dnsbl_min_ttl</a> (60s)</b>
- The minimum amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
- result from a successful DNS-based reputation test before a
+ The minimum amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ result from a successful DNS-based reputation test before a
client IP address is required to pass that test again.
<b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
<b>RESOURCE CONTROLS</b>
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces of at most
+ Upon input, long lines are chopped up into pieces of at most
this length; upon delivery, long lines are reconstructed.
<b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> ($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connec</a>-</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post-
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>SEE ALSO</b>
<b>HISTORY</b>
This service was introduced with Postfix version 2.8.
- Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work by Michael
+ Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work by Michael
Tokarev, in OpenBSD spamd, and in MailChannels Traffic Control.
<b>AUTHOR(S)</b>
# are known to support it.
# .IP \fB-DNO_EAI\fR
# Do not build with EAI (SMTPUTF8) support. By default, EAI
-# support is compiled in when the "icuuc" library and header
-# files are found.
+# support is compiled in when the "icu-config" command is
+# found.
# .IP \fB-DNO_INLINE\fR
# Do not require support for C99 "inline" functions. Instead,
-# implement argument typechecks for non-printf/scanf-like
+# implement argument typechecks for non-(printf/scanf)-like
# functions with ternary operators and unreachable code.
# .IP \fB-DNO_IPV6\fR
# Do not build with IPv6 support.
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC} -shared"}
;;
+ OpenBSD.6*) SYSTYPE=OPENBSD6
+ : ${CC=cc}
+ : ${SHLIB_SUFFIX=.so.1.0}
+ : ${SHLIB_CFLAGS=-fPIC}
+ : ${SHLIB_LD="${CC} -shared"' -Wl,-soname,${LIB}'}
+ : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
+ : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+ : ${PLUGIN_LD="${CC} -shared"}
+ ;;
ekkoBSD.1*) SYSTYPE=EKKOBSD1
;;
NetBSD.1*) SYSTYPE=NETBSD1
# Look for the ICU library and enable unicode email if available.
#
case "$CCARGS" in
-*-DNO_EAI*) ;;
+*-DNO_EAI*) CCARGS="$CCARGS "'-DDEF_SMTPUTF8_ENABLE=\"no\"';;
*) icu_cppflags=`(icu-config --cppflags) 2>/dev/null` && {
icu_ldflags=`(icu-config --ldflags) 2>/dev/null` && {
trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
fi
rm -f makedefs.test makedefs.test.[co]
}
- } || CCARGS="$CCARGS -DNO_EAI"
+ } || CCARGS="$CCARGS -DNO_EAI"'-DDEF_SMTPUTF8_ENABLE=\"no\"'
esac
#
.IP \fBcdb\fR
A read\-optimized structure with no support for incremental
updates. Available on systems with support for CDB databases.
+
+This feature is available with Postfix 2.2 and later.
.IP \fBcidr\fR
A table that associates values with Classless Inter\-Domain
Routing (CIDR) patterns. This is described in \fBcidr_table\fR(5).
+
+This feature is available with Postfix 2.2 and later.
.IP \fBdbm\fR
An indexed file type based on hashing. Available on systems
with support for DBM databases.
A table that reliably fails all requests. The lookup table
name is used for logging. This table exists to simplify
Postfix error tests.
+
+This feature is available with Postfix 2.9 and later.
.IP \fBhash\fR
An indexed file type based on hashing. Available on systems
with support for Berkeley DB databases.
is ignored. Inline tables eliminate the need to create a
database file for just a few fixed elements. See also the
\fIstatic:\fR map type.
+
+This feature is available with Postfix 3.0 and later.
.IP \fBinternal\fR
A non\-shared, in\-memory hash table. Its content are lost
when a process terminates.
OpenLDAP LMDB database (a memory\-mapped, persistent file).
Available on systems with support for LMDB databases. This
is described in \fBlmdb_table\fR(5).
+
+This feature is available with Postfix 2.11 and later.
.IP "\fBldap\fR (read\-only)"
LDAP database client. This is described in \fBldap_table\fR(5).
.IP "\fBmemcache\fR"
Memcache database client. This is described in
\fBmemcache_table\fR(5).
+
+This feature is available with Postfix 2.9 and later.
.IP "\fBmysql\fR (read\-only)"
MySQL database client. Available on systems with support
for MySQL databases. This is described in \fBmysql_table\fR(5).
.IP "\fBpgsql\fR (read\-only)"
PostgreSQL database client. This is described in
\fBpgsql_table\fR(5).
+
+This feature is available with Postfix 2.1 and later.
.IP "\fBpipemap\fR (read\-only)"
A lookup table that constructs a pipeline of tables. Example:
"\fBpipemap:{\fItype_1:name_1, ..., type_n:name_n\fB}\fR".
"pipemap:" table name must be "\fB{\fR" and "\fB}\fR".
Within these, individual maps are separated with comma or
whitespace.
+
+This feature is available with Postfix 3.0 and later.
.IP "\fBproxy\fR"
Postfix \fBproxymap\fR(8) client for shared access to Postfix
databases. The table name syntax is \fItype\fB:\fIname\fR.
+
+This feature is available with Postfix 2.0 and later.
.IP "\fBrandmap\fR (read\-only)"
An in\-memory table that performs random selection. Example:
"\fBrandmap:{\fIresult_1, ..., result_n\fB}\fR". Each table query
"\fB{\fR" and "\fB}\fR". Within these, individual results
are separated with comma or whitespace. To give a specific
result more weight, specify it multiple times.
+
+This feature is available with Postfix 3.0 and later.
.IP "\fBregexp\fR (read\-only)"
A lookup table based on regular expressions. The file format
is described in \fBregexp_table\fR(5).
.IP \fBsdbm\fR
An indexed file type based on hashing. Available on systems
with support for SDBM databases.
+
+This feature is available with Postfix 2.2 and later.
.IP "\fBsocketmap\fR (read\-only)"
Sendmail\-style socketmap client. The table name is
\fBinet\fR:\fIhost\fR:\fIport\fR:\fIname\fR for a TCP/IP
server, or \fBunix\fR:\fIpathname\fR:\fIname\fR for a
UNIX\-domain server. This is described in \fBsocketmap_table\fR(5).
+
+This feature is available with Postfix 2.10 and later.
.IP "\fBsqlite\fR (read\-only)"
SQLite database. This is described in \fBsqlite_table\fR(5).
+
+This feature is available with Postfix 2.8 and later.
.IP "\fBstatic\fR (read\-only)"
A table that always returns its name as lookup result. For
example, \fBstatic:foobar\fR always returns the string
with whitespace\fB }\fR" when the result contains whitespace;
this form ignores whitespace after "\fB{\fR" and before
"\fB}\fR". See also the \fIinline:\fR map.
+
+The form "\fBstatic:{\fItext\fB}\fR is available with Postfix
+3.0 and later.
.IP "\fBtcp\fR (read\-only)"
TCP/IP client. The protocol is described in \fBtcp_table\fR(5).
.IP "\fBtexthash\fR (read\-only)"
don't need to run the \fBpostmap\fR(1) command before you
can use the file, and that it does not detect changes after
the file is read.
+
+This feature is available with Postfix 2.8 and later.
.IP "\fBunionmap\fR (read\-only)"
A table that sends each query to multiple lookup tables and
that concatenates all found results, separated by comma.
The table name syntax is the same as for \fBpipemap\fR.
+
+This feature is available with Postfix 3.0 and later.
.IP "\fBunix\fR (read\-only)"
A limited view of the UNIX authentication database. The
following tables are implemented:
.SH "SEE ALSO"
.na
.nf
-bounce(5), bounce template file format master(5), master.cf
-configuration file syntax postconf(5), main.cf configuration
-file syntax
+bounce(5), bounce template file format
+master(5), master.cf configuration file syntax
+postconf(5), main.cf configuration file syntax
.SH "README FILES"
.na
.nf
header_checks = pcre:/etc/postfix/header_checks.pcre
/etc/postfix/header_checks.pcre:
- /^Content\-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)(
+ /^Content\-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)(
ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
hlp|ht[at]|
inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
This program should not be used on SMTP ports that receive
mail from end\-user clients (MUAs). In a typical deployment,
-\fBpostscreen\fR(8) handles the MX service on TCP port 25,
-while MUA clients submit mail via the \fBsubmission\fR
-service on TCP port 587 which requires client authentication.
+\fBpostscreen\fR(8) handles the MX service on TCP port 25, and
+\fBsmtpd\fR(8) receives mail from MUAs on the \fBsubmission\fR
+service (TCP port 587) which requires client authentication.
Alternatively, a site could set up a dedicated, non\-postscreen,
"port 25" server that provides \fBsubmission\fR service and
client authentication, but no MX service.
XFORWARD.
If you need to make these services available
on port 25, then do not enable the optional "after 220
-server greeting" tests, and do not use DNSBLs that reject
-traffic from dial\-up and residential networks.
+server greeting" tests.
-The optional "after 220 server greeting" tests involve
-\fBpostscreen\fR(8)'s built\-in SMTP protocol engine. When
-these tests succeed, \fBpostscreen\fR(8) adds the client
-to the temporary whitelist, but it cannot not hand off the
-"live" connection to a Postfix SMTP server process in the
-middle of a session. Instead, \fBpostscreen\fR(8) defers
-attempts to deliver mail with a 4XX status, and waits for
-the client to disconnect. When the client connects again,
-\fBpostscreen\fR(8) will allow the client to talk to a
-Postfix SMTP server process (provided that the whitelist
-status has not expired). \fBpostscreen\fR(8) mitigates
-the impact of this limitation by giving the "after 220
-server greeting" tests a long expiration time.
+The optional "after 220 server greeting" tests may result in
+unexpected delivery delays from senders that retry email delivery
+from a different IP address. Reason: after passing these tests a
+new client must disconnect, and reconnect from the same IP
+address before it can deliver mail. See POSTSCREEN_README, section
+"Tests after the 220 SMTP server greeting", for a discussion.
.SH "CONFIGURATION PARAMETERS"
.na
.nf
.ad
.fi
The Secure Mailer license must be distributed with this software.
-.SH "HISTORY"
-.na
-.nf
+.SH HISTORY
+.ad
+.fi
.ad
.fi
This service was introduced with Postfix version 2.8.
# header_checks = pcre:/etc/postfix/header_checks.pcre
#
# /etc/postfix/header_checks.pcre:
-# /^Content-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)(
+# /^Content-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)(
# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
# hlp|ht[at]|
# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
/* Fix 20160310: Moved from cleanup_envelope.c. */
if (state->milters || cleanup_milters) {
/* Make room to replace sender. */
- if ((len = strlen(state->sender)) < REC_TYPE_PTR_PAYL_SIZE)
+ if ((len = LEN(clean_addr)) < REC_TYPE_PTR_PAYL_SIZE)
rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len);
/* Remember the after-sender record offset. */
if ((after_sender_offs = vstream_ftell(state->dst)) < 0)
"RES_INSECURE2", RES_INSECURE2,
"RES_NOALIASES", RES_NOALIASES,
"RES_USE_INET6", RES_USE_INET6,
+#ifdef RES_ROTATE
"RES_ROTATE", RES_ROTATE,
+#endif
+#ifdef RES_NOCHECKNAME
"RES_NOCHECKNAME", RES_NOCHECKNAME,
+#endif
"RES_USE_EDNS0", RES_USE_EDNS0,
"RES_USE_DNSSEC", RES_USE_DNSSEC,
#ifdef RES_KEEPTSIG
/* does not exist, and so on.
/* .IP "2bounce (MAIL_ERROR_2BOUNCE)"
/* A bounce message could not be delivered.
-/* .IP "dat (MAIL_ERROR_DATA)"
+/* .IP "data (MAIL_ERROR_DATA)"
/* A message could not be delivered because a critical data
/* file was unavailable.
/* .IP "policy (MAIL_ERROR_POLICY)"
* SMTPUTF8 support.
*/
#define VAR_SMTPUTF8_ENABLE "smtputf8_enable"
+#ifndef DEF_SMTPUTF8_ENABLE
#define DEF_SMTPUTF8_ENABLE "${{$compatibility_level} < {1} ? " \
"{no} : {yes}}"
+#endif
extern int var_smtputf8_enable;
#define VAR_STRICT_SMTPUTF8 "strict_smtputf8"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20160327"
+#define MAIL_RELEASE_DATE "20160515"
#define MAIL_VERSION_NUMBER "3.2"
#ifdef SNAPSHOT
int main(int argc, char **argv)
{
- struct test_case *tp;
+ const struct test_case *tp;
int status;
VSTRING *buf = vstring_alloc(10);
void *context = 0;
/* .IP \fBcdb\fR
/* A read-optimized structure with no support for incremental
/* updates. Available on systems with support for CDB databases.
+/*
+/* This feature is available with Postfix 2.2 and later.
/* .IP \fBcidr\fR
/* A table that associates values with Classless Inter-Domain
/* Routing (CIDR) patterns. This is described in \fBcidr_table\fR(5).
+/*
+/* This feature is available with Postfix 2.2 and later.
/* .IP \fBdbm\fR
/* An indexed file type based on hashing. Available on systems
/* with support for DBM databases.
/* A table that reliably fails all requests. The lookup table
/* name is used for logging. This table exists to simplify
/* Postfix error tests.
+/*
+/* This feature is available with Postfix 2.9 and later.
/* .IP \fBhash\fR
/* An indexed file type based on hashing. Available on systems
/* with support for Berkeley DB databases.
/* is ignored. Inline tables eliminate the need to create a
/* database file for just a few fixed elements. See also the
/* \fIstatic:\fR map type.
+/*
+/* This feature is available with Postfix 3.0 and later.
/* .IP \fBinternal\fR
/* A non-shared, in-memory hash table. Its content are lost
/* when a process terminates.
/* OpenLDAP LMDB database (a memory-mapped, persistent file).
/* Available on systems with support for LMDB databases. This
/* is described in \fBlmdb_table\fR(5).
+/*
+/* This feature is available with Postfix 2.11 and later.
/* .IP "\fBldap\fR (read-only)"
/* LDAP database client. This is described in \fBldap_table\fR(5).
/* .IP "\fBmemcache\fR"
/* Memcache database client. This is described in
/* \fBmemcache_table\fR(5).
+/*
+/* This feature is available with Postfix 2.9 and later.
/* .IP "\fBmysql\fR (read-only)"
/* MySQL database client. Available on systems with support
/* for MySQL databases. This is described in \fBmysql_table\fR(5).
/* .IP "\fBpgsql\fR (read-only)"
/* PostgreSQL database client. This is described in
/* \fBpgsql_table\fR(5).
+/*
+/* This feature is available with Postfix 2.1 and later.
/* .IP "\fBpipemap\fR (read-only)"
/* A lookup table that constructs a pipeline of tables. Example:
/* "\fBpipemap:{\fItype_1:name_1, ..., type_n:name_n\fB}\fR".
/* "pipemap:" table name must be "\fB{\fR" and "\fB}\fR".
/* Within these, individual maps are separated with comma or
/* whitespace.
+/*
+/* This feature is available with Postfix 3.0 and later.
/* .IP "\fBproxy\fR"
/* Postfix \fBproxymap\fR(8) client for shared access to Postfix
/* databases. The table name syntax is \fItype\fB:\fIname\fR.
+/*
+/* This feature is available with Postfix 2.0 and later.
/* .IP "\fBrandmap\fR (read-only)"
/* An in-memory table that performs random selection. Example:
/* "\fBrandmap:{\fIresult_1, ..., result_n\fB}\fR". Each table query
/* "\fB{\fR" and "\fB}\fR". Within these, individual results
/* are separated with comma or whitespace. To give a specific
/* result more weight, specify it multiple times.
+/*
+/* This feature is available with Postfix 3.0 and later.
/* .IP "\fBregexp\fR (read-only)"
/* A lookup table based on regular expressions. The file format
/* is described in \fBregexp_table\fR(5).
/* .IP \fBsdbm\fR
/* An indexed file type based on hashing. Available on systems
/* with support for SDBM databases.
+/*
+/* This feature is available with Postfix 2.2 and later.
/* .IP "\fBsocketmap\fR (read-only)"
/* Sendmail-style socketmap client. The table name is
/* \fBinet\fR:\fIhost\fR:\fIport\fR:\fIname\fR for a TCP/IP
/* server, or \fBunix\fR:\fIpathname\fR:\fIname\fR for a
/* UNIX-domain server. This is described in \fBsocketmap_table\fR(5).
+/*
+/* This feature is available with Postfix 2.10 and later.
/* .IP "\fBsqlite\fR (read-only)"
/* SQLite database. This is described in \fBsqlite_table\fR(5).
+/*
+/* This feature is available with Postfix 2.8 and later.
/* .IP "\fBstatic\fR (read-only)"
/* A table that always returns its name as lookup result. For
/* example, \fBstatic:foobar\fR always returns the string
/* with whitespace\fB }\fR" when the result contains whitespace;
/* this form ignores whitespace after "\fB{\fR" and before
/* "\fB}\fR". See also the \fIinline:\fR map.
+/*
+/* The form "\fBstatic:{\fItext\fB}\fR is available with Postfix
+/* 3.0 and later.
/* .IP "\fBtcp\fR (read-only)"
/* TCP/IP client. The protocol is described in \fBtcp_table\fR(5).
/* .IP "\fBtexthash\fR (read-only)"
/* don't need to run the \fBpostmap\fR(1) command before you
/* can use the file, and that it does not detect changes after
/* the file is read.
+/*
+/* This feature is available with Postfix 2.8 and later.
/* .IP "\fBunionmap\fR (read-only)"
/* A table that sends each query to multiple lookup tables and
/* that concatenates all found results, separated by comma.
/* The table name syntax is the same as for \fBpipemap\fR.
+/*
+/* This feature is available with Postfix 3.0 and later.
/* .IP "\fBunix\fR (read-only)"
/* A limited view of the UNIX authentication database. The
/* following tables are implemented:
/* /etc/postfix/main.cf, Postfix configuration parameters
/* /etc/postfix/master.cf, Postfix master daemon configuration
/* SEE ALSO
-/* bounce(5), bounce template file format master(5), master.cf
-/* configuration file syntax postconf(5), main.cf configuration
-/* file syntax
+/* bounce(5), bounce template file format
+/* master(5), master.cf configuration file syntax
+/* postconf(5), main.cf configuration file syntax
/* README FILES
/* .ad
/* .fi
/*
/* This program should not be used on SMTP ports that receive
/* mail from end-user clients (MUAs). In a typical deployment,
-/* \fBpostscreen\fR(8) handles the MX service on TCP port 25,
-/* while MUA clients submit mail via the \fBsubmission\fR
-/* service on TCP port 587 which requires client authentication.
+/* \fBpostscreen\fR(8) handles the MX service on TCP port 25, and
+/* \fBsmtpd\fR(8) receives mail from MUAs on the \fBsubmission\fR
+/* service (TCP port 587) which requires client authentication.
/* Alternatively, a site could set up a dedicated, non-postscreen,
/* "port 25" server that provides \fBsubmission\fR service and
/* client authentication, but no MX service.
/* XFORWARD.
/* If you need to make these services available
/* on port 25, then do not enable the optional "after 220
-/* server greeting" tests, and do not use DNSBLs that reject
-/* traffic from dial-up and residential networks.
+/* server greeting" tests.
/*
-/* The optional "after 220 server greeting" tests involve
-/* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
-/* these tests succeed, \fBpostscreen\fR(8) adds the client
-/* to the temporary whitelist, but it cannot not hand off the
-/* "live" connection to a Postfix SMTP server process in the
-/* middle of a session. Instead, \fBpostscreen\fR(8) defers
-/* attempts to deliver mail with a 4XX status, and waits for
-/* the client to disconnect. When the client connects again,
-/* \fBpostscreen\fR(8) will allow the client to talk to a
-/* Postfix SMTP server process (provided that the whitelist
-/* status has not expired). \fBpostscreen\fR(8) mitigates
-/* the impact of this limitation by giving the "after 220
-/* server greeting" tests a long expiration time.
+/* The optional "after 220 server greeting" tests may result in
+/* unexpected delivery delays from senders that retry email delivery
+/* from a different IP address. Reason: after passing these tests a
+/* new client must disconnect, and reconnect from the same IP
+/* address before it can deliver mail. See POSTSCREEN_README, section
+/* "Tests after the 220 SMTP server greeting", for a discussion.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/*
* Do not reject mail if we were asked to warn only. However,
- * configuration errors cannot be converted into warnings.
+ * configuration/software/data errors cannot be converted into warnings.
*/
if (state->warn_if_reject && error_class != MAIL_ERROR_SOFTWARE
- && error_class != MAIL_ERROR_RESOURCE) {
+ && error_class != MAIL_ERROR_RESOURCE
+ && error_class != MAIL_ERROR_DATA) {
warn_if_reject = 1;
whatsup = "reject_warning";
} else {
|| defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
- || defined(OPENBSD5) \
+ || defined(OPENBSD5) || defined(OPENBSD6) \
|| defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \
|| defined(NETBSD4) || defined(NETBSD5) || defined(NETBSD6) \
|| defined(NETBSD7) \
sasl_status = SASL_BADAUTH;
vstring_strcpy(reply, xsasl_cyrus_strerror(sasl_status));
switch (sasl_status) {
+ case SASL_FAIL:
+ case SASL_NOMEM:
case SASL_TRYAGAIN:
case SASL_UNAVAIL:
return XSASL_AUTH_TEMP;
projects / thirdparty / postfix.git / commitdiff
