TLS session tickets are supported as of OpenSSL 0.9.8h (May
2008). Files: mantools/postlink, proto/TLS_README.html,
proto/postconf.proto.
+
+20150831
+
+ Cleanup: obsolete comments in Makefile.init.
+
+20150903
+
+ Workaround: disable DNSSEC support for AIX 7x and earlier.
+ The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
+ defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
+ proto/INSTALL.html, dns/dns.h.
+
+20150912
+
+ Future-proofing and code cleanup: exploit GCC and Clang
+ "warn_unused_result" feature to flag missing error checks.
+ Files: util/sys_defs.h, util/attr.h, util/edit_file.h,
+ util/listen.h, util/lstat_as.h, util/mac_expand.h,
+ util/mac_parse.h, util/myaddrinfo.h, util/myflock.h,
+ util/sane_fsops.h, util/sane_socketpair.h, util/stat_as.h,
+ util/base32_code.h, util/base64_code.h, util/hex_code.h,
+ util/timed_wait.h, util/vstream.h, src/util/vstring_vstream.h.
+
+ Cleanup: incomplete error check. Found with WARN_UNUSED_RESULT
+ check. File: util/recv_pass_attr.c.
+
+ Future-proofing: added type mis-match detection for
+ ATTR_TYPE_FUNC function-pointer arguments. File: util/attr.h.
+
+ Cleanup: don't ignore seek-to-end-of-file errors. File:
+ global/record.c.
+
+ Cleanup: use vstream_fpurge() to purge VSTREAM buffers,
+ instead of calling vstream_fseek() and ignoring ESPIPE
+ errors. File: smtpstone/qmqp-sink.c.
+
+20150913
+
+ Feature: SMTPD policy service "policy_context" attribute
+ and smtpd_policy_service_policy_context main.cf parameter.
+ Originally, to share the same SMTPD service endpoint among
+ multiple check_policy_service clients. Markus Benning.
+ Files: mantools/postlink, proto/SMTPD_POLICY_README.html,
+ proto/postconf.proto, global/mail_params.h, global/mail_proto.h,
+ smtpd/smtpd.c, smtpd/smtpd_check.c.
|| |probably should also override DEF_DB_TYPE as |
|| |described in section 4.6. |
||_____________________________|______________________________________________|
+||-DNO_DNSSEC |Do not build with DNSSEC support, even if the |
+|| |resolver library appears to support it. |
+||_____________________________|______________________________________________|
|| |Do not build with Solaris /dev/poll support. |
||-DNO_DEVPOLL |By default, /dev/poll support is compiled in |
|| |on Solaris versions that are known to support |
# Usage:
-# make makefiles [CC=compiler] [OPT=compiler-flags] [DEBUG=debug-flags]
+# make makefiles [name=value]...
#
-# The defaults are: CC=gcc, OPT=-O, and DEBUG=-g. Examples:
+# See makedefs for a descripton of available options.
+# Examples:
#
# make makefiles
# make makefiles CC="purify cc"
|| |probably should also override DEF_DB_TYPE as |
|| |described in section 4.6. |
|_\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+||-DNO_DNSSEC |Do not build with DNSSEC support, even if the |
+|| |resolver library appears to support it. |
+|_\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
|| |Do not build with Solaris /dev/poll support. |
||-DNO_DEVPOLL |By default, /dev/poll support is compiled in |
|| |on Solaris versions that are known to support |
ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
P\bPo\bos\bst\btf\bfi\bix\bx v\bve\ber\brs\bsi\bio\bon\bn 3\b3.\b.0\b0 a\ban\bnd\bd l\bla\bat\bte\ber\br:\b:
client_port=1234
+ P\bPo\bos\bst\btf\bfi\bix\bx v\bve\ber\brs\bsi\bio\bon\bn 3\b3.\b.1\b1 a\ban\bnd\bd l\bla\bat\bte\ber\br:\b:
+ policy_context=submission
[empty line]
Notes:
* The "stress" attribute is either empty or "yes". See the STRESS_README
document for further information.
+ * The "policy_context" attribute provides a way to pass information that is
+ not available via other attributes (Postfix version 3.1 and later).
+
The following is specific to SMTPD delegated policy requests:
* Protocol names are ESMTP or SMTP.
to resend a failed SMTPD policy service request. Available with Postfix 3.0
and later.
+ * smtpd_policy_service_policy_context (default: empty): Optional information
+ that is passed in the "policy_context" attribute of an SMTPD policy service
+ request (originally, to share the same SMTPD service endpoint among
+ multiple check_policy_service clients). Available with Postfix 3.1 and
+ later.
+
Configuration parameters that control the server side of the policy delegation
protocol:
Postfix 3.0: In the DNS client, save/restore h_errno in the
multi-query functions.
+ Specify WARN_UNUSED_RESULT for all library functions that
+ pass, deliver, bounce or defer a delivery request.
+
+ Specify WARN_UNUSED_RESULT for mac_expand(), after making
+ smtp_reply_footer() undoable.
+
Type-checking wrappers for htable(3), ctable(3) and other
modules that take and return a void* pointer.
relevant only for fingerprint-based authentication including
DANE, and affects logging, SMTPD policy, and Milters.
- Exploit GCC 3.4+ __attribute__((warn_unused_result)) to
- warn about unused function result values.
-
Generalize the daemon '-S' stand-alone mode, so that it can
be used with custom configuration files for request/reply
regression testing.
this, then you probably should also override DEF_DB_TYPE as described
in section 4.6. </td> </tr>
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
<tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
support is compiled in on Solaris versions that are known to support
ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
<b>Postfix version 3.0 and later:</b>
client_port=1234
+<b>Postfix version 3.1 and later:</b>
+policy_context=submission
[empty line]
</pre>
</blockquote>
<li> <p> The "stress" attribute is either empty or "yes". See
the <a href="STRESS_README.html">STRESS_README</a> document for further information. </p>
+ <li> <p> The "policy_context" attribute provides a way to pass
+ information that is not available via other attributes (Postfix
+ version 3.1 and later). </p>
+
</ul>
<p> The following is specific to SMTPD delegated policy requests:
between attempts to resend a failed SMTPD policy service request.
Available with Postfix 3.0 and later. </p>
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (default: empty):
+Optional information that is passed in the "policy_context" attribute
+of an SMTPD policy service request (originally, to share the same
+SMTPD service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
+Available with Postfix 3.1 and later. </p>
+
</ul>
<p> Configuration parameters that control the server side of the
requested record does not exist. If this promise is broken, specify
"yes" to enable a workaround for DNS reputation lookups. </p>
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
</DD>
</p>
+</DD>
+
+<DT><b><a name="smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a>
+clients). </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+
</DD>
<DT><b><a name="smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a>
The delay between attempts to resend a failed SMTPD policy ser-
vice request.
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (empty)</b>
+ Optional information that the Postfix SMTP server specifies in
+ the "policy_context" attribute of a policy service request
+ (originally, to share the same service endpoint among multiple
+ <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
+
<b>ACCESS CONTROLS</b>
- The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
+ The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
- Wait until the RCPT TO command before evaluating
+ Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command
- before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
+ before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
- A list of Postfix features where the pattern "example.com" also
- matches subdomains of example.com, instead of requiring an
+ A list of Postfix features where the pattern "example.com" also
+ matches subdomains of example.com, instead of requiring an
explicit ".example.com" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
- Require that a remote SMTP client introduces itself with the
- HELO or EHLO command before sending the MAIL command or other
+ Require that a remote SMTP client introduces itself with the
+ HELO or EHLO command before sending the MAIL command or other
commands that require EHLO negotiation.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b>
- Optional restrictions that the Postfix SMTP server applies in
- the context of a client RCPT TO command, after
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client RCPT TO command, after
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client ETRN command.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
- Forward mail with sender-specified routing
- (user[@%!]remote[@%!]site) from untrusted clients to destina-
+ Forward mail with sender-specified routing
+ (user[@%!]remote[@%!]site) from untrusted clients to destina-
tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
User-defined aliases for groups of access restrictions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b>
- The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
+ The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
- Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
+ Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
only domains whose primary MX hosts match the listed networks.
Available in Postfix version 2.0 and later:
applies in the context of the SMTP DATA command.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
- What characters are allowed in $name expansions of RBL reply
+ What characters are allowed in $name expansions of RBL reply
templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
- Request that the Postfix SMTP server rejects mail from unknown
- sender
addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+ Request that the Postfix SMTP server rejects mail from unknown
+ sender
addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
access restriction is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
- Request that the Postfix SMTP server rejects mail for unknown
- recipient addresses, even when no explicit
+ Request that the Postfix SMTP server rejects mail for unknown
+ recipient addresses, even when no explicit
<a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b>
<b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
Access restrictions for mail relay control that the Postfix SMTP
- server applies in the context of the RCPT TO command, before
+ server applies in the context of the RCPT TO command, before
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient address verifica-
+ Postfix version 2.1 introduces sender and recipient address verifica-
tion. This feature is implemented by sending probe email messages that
are not actually delivered. This feature is requested via the
- <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
- restrictions. The status of verification probes is maintained by the
- <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
- mation about how to configure and operate the Postfix sender/recipient
+ <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
+ restrictions. The status of verification probes is maintained by the
+ <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
+ mation about how to configure and operate the Postfix sender/recipient
address verification service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b>
fication request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
- The sender address to use in address verification probes; prior
+ The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster".
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response when a recipient
- address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
+ The numerical Postfix SMTP server response when a recipient
+ address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
tion.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a sender
+ The numerical Postfix SMTP server response code when a sender
address probe fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response when a recipient
+ The numerical Postfix SMTP server response when a recipient
address probe fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
<b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
<a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
- The time between changes in the time-dependent portion of
+ The time between changes in the time-dependent portion of
address verification probe sender addresses.
<b>ACCESS CONTROL RESPONSES</b>
map "reject" action.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a remote
+ The numerical Postfix SMTP server response code when a remote
SMTP client request is rejected by the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
- The numerical Postfix SMTP server response code when the client
- HELO or EHLO command parameter is rejected by the
+ The numerical Postfix SMTP server response code when the client
+ HELO or EHLO command parameter is rejected by the
<a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a remote
- SMTP
client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
+ The numerical Postfix SMTP server response code when a remote
+ SMTP
client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
- The numerical Postfix SMTP server reply code when a client
- request
is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
+ The numerical Postfix SMTP server reply code when a client
+ request
is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
<b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a request
+ The numerical Postfix SMTP server response code when a request
is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a remote
+ The numerical Postfix SMTP server response code when a remote
SMTP client request is rejected by the "reject" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a client
- request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
+ The numerical Postfix SMTP server response code when a client
+ request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
a sender or recipient address because its domain is unknown.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a client
- without valid address <=> name mapping is rejected by the
+ The numerical Postfix SMTP server response code when a client
+ without valid address <=> name mapping is rejected by the
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when the host-
- name specified with the HELO or EHLO command is rejected by the
+ The numerical Postfix SMTP server response code when the host-
+ name specified with the HELO or EHLO command is rejected by the
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
- The default Postfix SMTP server response template for a request
+ The default Postfix SMTP server response template for a request
that is rejected by an RBL-based restriction.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code when a remote
- SMTP
client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
+ The numerical Postfix SMTP server response code when a remote
+ SMTP
client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
<a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
<b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b>
The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
- map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
+ map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
"<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
<b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b>
- The Postfix SMTP server's action when a reject-type restriction
+ The Postfix SMTP server's action when a reject-type restriction
fails due to a temporary error condition.
<b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
<a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to an temporary error condition.
<b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The Postfix SMTP server's action when
- <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
+ The Postfix SMTP server's action when
+ <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
fail due to a temporary error condition.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
- The sender address of postmaster notifications that are gener-
+ The sender address of postmaster notifications that are gener-
ated by the mail system.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
- The mail system name that is displayed in Received: headers, in
+ The mail system name that is displayed in Received: headers, in
the SMTP greeting banner, and in bounced mail.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue and most
+ The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
- The list of "trusted" remote SMTP clients that have more privi-
+ The list of "trusted" remote SMTP clients that have more privi-
leges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The domain name that locally-posted mail appears to come from,
+ The domain name that locally-posted mail appears to come from,
and that locally posted mail is delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate a user name from its
- extension (example: user+foo), or a .forward file name from its
+ The set of characters that can separate a user name from its
+ extension (example: user+foo), or a .forward file name from its
extension (example: .forward+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
- The text that follows the 220 status code in the SMTP greeting
+ The text that follows the 220 status code in the SMTP greeting
banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post-
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
- List of commands that cause the Postfix SMTP server to immedi-
+ List of commands that cause the Postfix SMTP server to immedi-
ately terminate the session with a 221 code.
Available in Postfix version 2.5 and later:
# Do not build with Solaris /dev/poll support.
# By default, /dev/poll support is compiled in on platforms that
# are known to support it.
+# .IP \fB-DNO_DNSSEC\fR
+# Do not build with DNSSEC support, even if the resolver
+# library appears to support it.
# .IP \fB-DNO_EPOLL\fR
# Do not build with Linux EPOLL support.
# By default, EPOLL support is compiled in on platforms that
;;
AIX.*) case "`uname -v`" in
6) SYSTYPE=AIX6
+ CCARGS="$CCARGS -DNO_DNSSEC"
case "$CC" in
cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
esac
CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
;;
5) SYSTYPE=AIX5
+ CCARGS="$CCARGS -DNO_DNSSEC"
case "$CC" in
cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
esac
CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
;;
4) SYSTYPE=AIX4
+ CCARGS="$CCARGS -DNO_DNSSEC"
# How embarrassing...
case "$CC" in
cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
;;
3) SYSTYPE=AIX3
+ CCARGS="$CCARGS -DNO_DNSSEC"
# How embarrassing...
case "$CC" in
cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w";;
returns the server response in an application buffer even if the
requested record does not exist. If this promise is broken, specify
"yes" to enable a workaround for DNS reputation lookups.
+.PP
+This feature is available in Postfix 3.1 and later.
.SH dnsblog_reply_delay (default: 0s)
A debugging aid to artificially delay DNS responses.
.PP
closed.
.PP
This feature is available in Postfix 2.1 and later.
+.SH smtpd_policy_service_policy_context (default: empty)
+Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients).
+.PP
+This feature is available in Postfix 3.1 and later.
.SH smtpd_policy_service_request_limit (default: 0)
The maximal number of requests per SMTPD policy service connection,
or zero (no limit). Once a connection reaches this limit, the
.IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
The delay between attempts to resend a failed SMTPD policy
service request.
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
+Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients).
.SH "ACCESS CONTROLS"
.na
.nf
s;\bsmtpd_policy_service_default_action\b;<a href="postconf.5.html#smtpd_policy_service_default_action">$&</a>;g;
s;\bsmtpd_policy_service_try_limit\b;<a href="postconf.5.html#smtpd_policy_service_try_limit">$&</a>;g;
s;\bsmtpd_policy_service_retry_delay\b;<a href="postconf.5.html#smtpd_policy_service_retry_delay">$&</a>;g;
+ s;\bsmtpd_policy_service_policy_context\b;<a href="postconf.5.html#smtpd_policy_service_policy_context">$&</a>;g;
s;\bsmtpd_proxy_ehlo\b;<a href="postconf.5.html#smtpd_proxy_ehlo">$&</a>;g;
s;\bsmtpd_proxy_filter\b;<a href="postconf.5.html#smtpd_proxy_filter">$&</a>;g;
s;\bsmtpd_proxy_timeout\b;<a href="postconf.5.html#smtpd_proxy_timeout">$&</a>;g;
this, then you probably should also override DEF_DB_TYPE as described
in section 4.6. </td> </tr>
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
<tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
support is compiled in on Solaris versions that are known to support
ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
<b>Postfix version 3.0 and later:</b>
client_port=1234
+<b>Postfix version 3.1 and later:</b>
+policy_context=submission
[empty line]
</pre>
</blockquote>
<li> <p> The "stress" attribute is either empty or "yes". See
the STRESS_README document for further information. </p>
+ <li> <p> The "policy_context" attribute provides a way to pass
+ information that is not available via other attributes (Postfix
+ version 3.1 and later). </p>
+
</ul>
<p> The following is specific to SMTPD delegated policy requests:
between attempts to resend a failed SMTPD policy service request.
Available with Postfix 3.0 and later. </p>
+<li> <p> smtpd_policy_service_policy_context (default: empty):
+Optional information that is passed in the "policy_context" attribute
+of an SMTPD policy service request (originally, to share the same
+SMTPD service endpoint among multiple check_policy_service clients).
+Available with Postfix 3.1 and later. </p>
+
</ul>
<p> Configuration parameters that control the server side of the
returns the server response in an application buffer even if the
requested record does not exist. If this promise is broken, specify
"yes" to enable a workaround for DNS reputation lookups. </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+%PARAM smtpd_policy_service_policy_context
+
+<p> Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple check_policy_service
+clients). </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
(cp) += 4; \
}
+#endif
+
+/*
+ * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
+ */
+#ifdef DISABLE_DNSSEC
+#undef RES_USE_DNSSEC
#endif
/*
#define DEF_SMTPD_POLICY_DEF_ACTION "451 4.3.5 Server configuration problem"
extern char *var_smtpd_policy_def_action;
+#define VAR_SMTPD_POLICY_CONTEXT "smtpd_policy_service_policy_context"
+#define DEF_SMTPD_POLICY_CONTEXT ""
+extern char *var_smtpd_policy_context;
+
#define CHECK_POLICY_SERVICE "check_policy_service"
/*
#define MAIL_ATTR_STRESS "stress"
#define MAIL_ATTR_LOG_IDENT "log_ident"
#define MAIL_ATTR_RWR_CONTEXT "rewrite_context"
+#define MAIL_ATTR_POL_CONTEXT "policy_context"
#define MAIL_ATTR_RWR_LOCAL "local"
#define MAIL_ATTR_RWR_REMOTE "remote"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20150829"
+#define MAIL_RELEASE_DATE "20150913"
#define MAIL_VERSION_NUMBER "3.1"
#ifdef SNAPSHOT
if (vstream_fseek(stream, offset, SEEK_SET) < 0
|| VSTREAM_PUTC(type, stream) != type) {
+ msg_warn("%s: seek or write error", VSTREAM_PATH(stream));
return (REC_TYPE_ERROR);
} else {
return (type);
continue;
if (type == REC_TYPE_DTXT && (flags & REC_FLAG_SKIP_DTXT) != 0)
continue;
- if (type == REC_TYPE_END && (flags & REC_FLAG_SEEK_END) != 0)
- (void) vstream_fseek(stream, (off_t) 0, SEEK_END);
+ if (type == REC_TYPE_END && (flags & REC_FLAG_SEEK_END) != 0
+ && vstream_fseek(stream, (off_t) 0, SEEK_END) < 0) {
+ msg_warn("%s: seek error after reading END record: %m",
+ VSTREAM_PATH(stream));
+ return (REC_TYPE_ERROR);
+ }
break;
}
return (type);
/* .IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
/* The delay between attempts to resend a failed SMTPD policy
/* service request.
+/* .PP
+/* Available in Postfix version 3.1 and later:
+/* .IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
+/* Optional information that the Postfix SMTP server specifies in
+/* the "policy_context" attribute of a policy service request (originally,
+/* to share the same service endpoint among multiple check_policy_service
+/* clients).
/* ACCESS CONTROLS
/* .ad
/* .fi
int var_smtpd_policy_try_limit;
int var_smtpd_policy_try_delay;
char *var_smtpd_policy_def_action;
+char *var_smtpd_policy_context;
int var_smtpd_policy_idle;
int var_smtpd_policy_ttl;
char *var_xclient_hosts;
VAR_SMTPD_ACL_PERM_LOG, DEF_SMTPD_ACL_PERM_LOG, &var_smtpd_acl_perm_log, 0, 0,
VAR_SMTPD_UPROXY_PROTO, DEF_SMTPD_UPROXY_PROTO, &var_smtpd_uproxy_proto, 0, 0,
VAR_SMTPD_POLICY_DEF_ACTION, DEF_SMTPD_POLICY_DEF_ACTION, &var_smtpd_policy_def_action, 1, 0,
+ VAR_SMTPD_POLICY_CONTEXT, DEF_SMTPD_POLICY_CONTEXT, &var_smtpd_policy_context, 0, 0,
VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0,
0,
};
typedef struct {
ATTR_CLNT *client; /* client handle */
char *def_action; /* default action */
+ char *policy_context; /* context of policy request */
} SMTPD_POLICY_CLNT;
/*
};
static ATTR_OVER_STR str_table[] = {
21 + VAR_SMTPD_POLICY_DEF_ACTION, 0, 1, 0,
+ 21 + VAR_SMTPD_POLICY_CONTEXT, 0, 1, 0,
0,
};
#define smtpd_policy_try_limit_offset 1
#define smtpd_policy_def_action_offset 0
+#define smtpd_policy_context_offset 1
/* policy_client_register - register policy service endpoint */
int smtpd_policy_req_limit = var_smtpd_policy_req_limit;
int smtpd_policy_try_limit = var_smtpd_policy_try_limit;
const char *smtpd_policy_def_action = var_smtpd_policy_def_action;
+ const char *smtpd_policy_context = var_smtpd_policy_context;
link_override_table_to_variable(time_table, smtpd_policy_tmout);
link_override_table_to_variable(time_table, smtpd_policy_idle);
link_override_table_to_variable(int_table, smtpd_policy_req_limit);
link_override_table_to_variable(int_table, smtpd_policy_try_limit);
link_override_table_to_variable(str_table, smtpd_policy_def_action);
+ link_override_table_to_variable(str_table, smtpd_policy_context);
if (*name == parens[0]) {
cp = saved_name = mystrdup(name);
if (msg_verbose)
msg_info("%s: name=\"%s\" default_action=\"%s\" max_idle=%d "
"max_ttl=%d request_limit=%d retry_delay=%d "
- "timeout=%d try_limit=%d",
+ "timeout=%d try_limit=%d policy_context=\"%s\"",
myname, policy_name, smtpd_policy_def_action,
smtpd_policy_idle, smtpd_policy_ttl,
smtpd_policy_req_limit, smtpd_policy_try_delay,
- smtpd_policy_tmout, smtpd_policy_try_limit);
+ smtpd_policy_tmout, smtpd_policy_try_limit,
+ smtpd_policy_context);
/*
* Create the client.
ATTR_CLNT_CTL_TRY_DELAY, smtpd_policy_try_delay,
ATTR_CLNT_CTL_END);
policy_client->def_action = mystrdup(smtpd_policy_def_action);
+ policy_client->policy_context = mystrdup(smtpd_policy_context);
htable_enter(policy_clnt_table, name, (void *) policy_client);
if (saved_name)
myfree(saved_name);
SEND_ATTR_INT(MAIL_ATTR_CRYPTO_KEYSIZE,
IF_ENCRYPTED(state->tls_context->cipher_usebits, 0)),
#endif
+ SEND_ATTR_STR(MAIL_ATTR_POL_CONTEXT,
+ policy_clnt->policy_context),
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply attributes. */
RECV_ATTR_STR(MAIL_ATTR_ACTION, action),
char *var_mynetworks = "";
char *var_notify_classes = "";
char *var_smtpd_policy_def_action = "";
+char *var_smtpd_policy_context = "";
/*
* String-valued configuration parameters.
send_reply(state);
return;
}
- vstream_fseek(state->stream, 0L, 0);
+ vstream_fpurge(state->stream, VSTREAM_PURGE_BOTH);
}
/*
#include <nvtable.h>
#include <check_arg.h>
+ /*
+ * Delegation for better data abstraction.
+ */
+typedef int (*ATTR_SCAN_MASTER_FN) (VSTREAM *, int,...);
+typedef int (*ATTR_SCAN_SLAVE_FN) (ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
+typedef int (*ATTR_PRINT_MASTER_FN) (VSTREAM *, int,...);
+typedef int (*ATTR_PRINT_SLAVE_FN) (ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
+
/*
* Attribute types. See attr_scan(3) for documentation.
*/
#define SEND_ATTR_NV(val) ATTR_TYPE_NV, CHECK_CPTR(ATTR, NVTABLE, (val))
#define SEND_ATTR_LONG(name, val) ATTR_TYPE_LONG, CHECK_CPTR(ATTR, char, (name)), CHECK_VAL(ATTR, long, (val))
#define SEND_ATTR_DATA(name, len, val) ATTR_TYPE_DATA, CHECK_CPTR(ATTR, char, (name)), CHECK_VAL(ATTR, ssize_t, (len)), CHECK_CPTR(ATTR, void, (val))
-#define SEND_ATTR_FUNC(func, val) ATTR_TYPE_FUNC, (func), CHECK_CPTR(ATTR, void, (val))
+#define SEND_ATTR_FUNC(func, val) ATTR_TYPE_FUNC, CHECK_VAL(ATTR, ATTR_PRINT_SLAVE_FN, (func)), CHECK_CPTR(ATTR, void, (val))
#define RECV_ATTR_INT(name, val) ATTR_TYPE_INT, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, int, (val))
#define RECV_ATTR_STR(name, val) ATTR_TYPE_STR, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, VSTRING, (val))
#define RECV_ATTR_NV(val) ATTR_TYPE_NV, CHECK_PTR(ATTR, NVTABLE, (val))
#define RECV_ATTR_LONG(name, val) ATTR_TYPE_LONG, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, long, (val))
#define RECV_ATTR_DATA(name, val) ATTR_TYPE_DATA, CHECK_CPTR(ATTR, char, (name)), CHECK_PTR(ATTR, VSTRING, (val))
-#define RECV_ATTR_FUNC(func, val) ATTR_TYPE_FUNC, (func), CHECK_PTR(ATTR, void, (val))
+#define RECV_ATTR_FUNC(func, val) ATTR_TYPE_FUNC, CHECK_VAL(ATTR, ATTR_SCAN_SLAVE_FN, (func)), CHECK_PTR(ATTR, void, (val))
CHECK_VAL_HELPER_DCL(ATTR, ssize_t);
CHECK_VAL_HELPER_DCL(ATTR, long);
CHECK_CPTR_HELPER_DCL(ATTR, char);
CHECK_CPTR_HELPER_DCL(ATTR, NVTABLE);
CHECK_CPTR_HELPER_DCL(ATTR, HTABLE);
+CHECK_VAL_HELPER_DCL(ATTR, ATTR_PRINT_SLAVE_FN);
+CHECK_VAL_HELPER_DCL(ATTR, ATTR_SCAN_SLAVE_FN);
/*
* Flags that control processing. See attr_scan(3) for documentation.
#define ATTR_FLAG_STRICT (ATTR_FLAG_MISSING | ATTR_FLAG_EXTRA)
#define ATTR_FLAG_ALL (07)
- /*
- * Delegation for better data abstraction.
- */
-typedef int (*ATTR_SCAN_MASTER_FN) (VSTREAM *, int,...);
-typedef int (*ATTR_SCAN_SLAVE_FN) (ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
-typedef int (*ATTR_PRINT_MASTER_FN) (VSTREAM *, int,...);
-typedef int (*ATTR_PRINT_SLAVE_FN) (ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
-
/*
* Default to null-terminated, as opposed to base64-encoded.
*/
/*
* attr_scan64.c.
*/
-extern int attr_scan64(VSTREAM *, int,...);
-extern int attr_vscan64(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan64(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan64(VSTREAM *, int, va_list);
/*
* attr_print0.c.
/*
* attr_scan0.c.
*/
-extern int attr_scan0(VSTREAM *, int,...);
-extern int attr_vscan0(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan0(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan0(VSTREAM *, int, va_list);
/*
* attr_scan_plain.c.
/*
* attr_print_plain.c.
*/
-extern int attr_scan_plain(VSTREAM *, int,...);
-extern int attr_vscan_plain(VSTREAM *, int, va_list);
+extern int WARN_UNUSED_RESULT attr_scan_plain(VSTREAM *, int,...);
+extern int WARN_UNUSED_RESULT attr_vscan_plain(VSTREAM *, int, va_list);
/*
* External interface.
*/
extern VSTRING *base32_encode(VSTRING *, const char *, ssize_t);
-extern VSTRING *base32_decode(VSTRING *, const char *, ssize_t);
+extern VSTRING *WARN_UNUSED_RESULT base32_decode(VSTRING *, const char *, ssize_t);
/* LICENSE
/* .ad
* External interface.
*/
extern VSTRING *base64_encode_opt(VSTRING *, const char *, ssize_t, int);
-extern VSTRING *base64_decode_opt(VSTRING *, const char *, ssize_t, int);
+extern VSTRING *WARN_UNUSED_RESULT base64_decode_opt(VSTRING *, const char *, ssize_t, int);
#define BASE64_FLAG_NONE 0
#define BASE64_FLAG_APPEND (1<<0)
#define EDIT_FILE_SUFFIX ".tmp"
extern EDIT_FILE *edit_file_open(const char *, int, mode_t);
-extern int edit_file_close(EDIT_FILE *);
+extern int WARN_UNUSED_RESULT edit_file_close(EDIT_FILE *);
extern void edit_file_cleanup(EDIT_FILE *);
/* LICENSE
* External interface.
*/
extern VSTRING *hex_encode(VSTRING *, const char *, ssize_t);
-extern VSTRING *hex_decode(VSTRING *, const char *, ssize_t);
+extern VSTRING *WARN_UNUSED_RESULT hex_decode(VSTRING *, const char *, ssize_t);
/* LICENSE
/* .ad
/* External interface. */
-extern const char *host_port(char *, char **, char *, char **, char *);
+extern const char *WARN_UNUSED_RESULT host_port(char *, char **, char *,
+ char **, char *);
/* LICENSE
/* .ad
extern int unix_accept(int);
extern int stream_accept(int);
-extern int recv_pass_attr(int, HTABLE **, int, ssize_t);
+extern int WARN_UNUSED_RESULT recv_pass_attr(int, HTABLE **, int, ssize_t);
extern int pass_accept(int);
extern int pass_accept_attr(int, HTABLE **);
/* External interface. */
-extern int lstat_as(const char *, struct stat *, uid_t, gid_t);
+extern int WARN_UNUSED_RESULT lstat_as(const char *, struct stat *, uid_t, gid_t);
/* LICENSE
/* .ad
typedef int (*MAC_PARSE_FN) (int, VSTRING *, void *);
-extern int mac_parse(const char *, MAC_PARSE_FN, void *);
+extern int WARN_UNUSED_RESULT mac_parse(const char *, MAC_PARSE_FN, void *);
/* LICENSE
/* .ad
char buf[MAI_SERVPORT_STRSIZE];
} MAI_SERVPORT_STR;
-extern int hostname_to_sockaddr_pf(const char *, int, const char *, int,
- struct addrinfo **);
-extern int hostaddr_to_sockaddr(const char *, const char *, int,
- struct addrinfo **);
-extern int sockaddr_to_hostaddr(const struct sockaddr *, SOCKADDR_SIZE,
- MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
-extern int sockaddr_to_hostname(const struct sockaddr *, SOCKADDR_SIZE,
- MAI_HOSTNAME_STR *, MAI_SERVNAME_STR *, int);
+extern int WARN_UNUSED_RESULT hostname_to_sockaddr_pf(const char *,
+ int, const char *, int, struct addrinfo **);
+extern int WARN_UNUSED_RESULT hostaddr_to_sockaddr(const char *,
+ const char *, int, struct addrinfo **);
+extern int WARN_UNUSED_RESULT sockaddr_to_hostaddr(const struct sockaddr *,
+ SOCKADDR_SIZE, MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
+extern int WARN_UNUSED_RESULT sockaddr_to_hostname(const struct sockaddr *,
+ SOCKADDR_SIZE, MAI_HOSTNAME_STR *, MAI_SERVNAME_STR *, int);
extern void myaddrinfo_control(int,...);
#define MAI_CTL_END 0 /* list terminator */
/*
* External interface.
*/
-extern int myflock(int, int, int);
+extern int WARN_UNUSED_RESULT myflock(int, int, int);
/*
* Lock styles.
/* ssize_t bufsize;
/* DESCRIPTION
/* recv_pass_attr() receives named attributes over the specified
-/* The result value is zero for success, -1 for error.
+/* descriptor. The result value is zero for success, -1 for error.
/*
/* Arguments:
/* .IP fd
/* .IP attr
/* Pointer to attribute list pointer. The target is set to
/* zero on error or when the received attribute list is empty,
-/* ohterwise it is assigned a pointer to non-empty attribute
+/* otherwise it is assigned a pointer to non-empty attribute
/* list.
/* .IP timeout
/* The deadline for receiving all attributes.
CA_VSTREAM_CTL_TIMEOUT(timeout),
CA_VSTREAM_CTL_START_DEADLINE,
CA_VSTREAM_CTL_END);
- (void) attr_scan(fp, ATTR_FLAG_NONE,
- ATTR_TYPE_HASH, *attr = htable_create(1),
- ATTR_TYPE_END);
- stream_err = (vstream_feof(fp) || vstream_ferror(fp));
+ stream_err = (attr_scan(fp, ATTR_FLAG_NONE,
+ ATTR_TYPE_HASH, *attr = htable_create(1),
+ ATTR_TYPE_END) < 0
+ || vstream_feof(fp) || vstream_ferror(fp));
vstream_fdclose(fp);
/*
/* External interface. */
-extern int sane_rename(const char *, const char *);
-extern int sane_link(const char *, const char *);
+extern int WARN_UNUSED_RESULT sane_rename(const char *, const char *);
+extern int WARN_UNUSED_RESULT sane_link(const char *, const char *);
/* LICENSE
/* .ad
/* External interface. */
-extern int sane_socketpair(int, int, int, int *);
+extern int WARN_UNUSED_RESULT sane_socketpair(int, int, int, int *);
/* LICENSE
/* .ad
/* External interface. */
-extern int stat_as(const char *, struct stat *, uid_t, gid_t);
+extern int WARN_UNUSED_RESULT stat_as(const char *, struct stat *, uid_t, gid_t);
/* LICENSE
/* .ad
extern int allprint(const char *);
extern int allspace(const char *);
extern int allascii_len(const char *, ssize_t);
-extern const char *split_nameval(char *, char **, char **);
+extern const char *WARN_UNUSED_RESULT split_nameval(char *, char **, char **);
extern int valid_utf8_string(const char *, ssize_t);
extern size_t balpar(const char *, const char *);
-extern char *extpar(char **, const char *, int);
+extern char *WARN_UNUSED_RESULT extpar(char **, const char *, int);
extern int strcasecmp_utf8x(int, const char *, const char *);
extern int strncasecmp_utf8x(int, const char *, const char *, ssize_t);
#define EXPECTED(x) (x)
#define UNEXPECTED(x) (x)
#endif
+#endif
+
+ /*
+ * Warn about ignored function result values that must never be ignored.
+ * Typically, this is for error results from "read" functions that normally
+ * write to output parameters (for example, stat- or scanf-like functions)
+ * or from functions that have other useful side effects (for example,
+ * fseek- or rename-like functions).
+ *
+ * DO NOT use this for functions that write to a stream; it is entirely
+ * legitimate to detect write errors with fflush() or fclose() only. On the
+ * other hand most (but not all) functions that read from a stream must
+ * never ignore result values.
+ *
+ * XXX Prepending "(void)" won't shut up GCC. Clang behaves as expected.
+ */
+#if ((__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || __GNUC__ > 3)
+#define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+#elif defined(__clang__) && __has_attribute(warn_unused_result)
+#define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+#else
+#define WARN_UNUSED_RESULT
#endif
/*
/*
* External interface.
*/
-extern int timed_waitpid(pid_t, WAIT_STATUS_T *, int, int);
+extern int WARN_UNUSED_RESULT timed_waitpid(pid_t, WAIT_STATUS_T *, int, int);
/* LICENSE
/* .ad
extern VSTREAM *vstream_fopen(const char *, int, mode_t);
extern int vstream_fclose(VSTREAM *);
-extern off_t vstream_fseek(VSTREAM *, off_t, int);
+extern off_t WARN_UNUSED_RESULT vstream_fseek(VSTREAM *, off_t, int);
extern off_t vstream_ftell(VSTREAM *);
extern int vstream_fpurge(VSTREAM *, int);
extern int vstream_fflush(VSTREAM *);
/*
* External interface.
*/
-extern int vstring_get(VSTRING *, VSTREAM *);
-extern int vstring_get_nonl(VSTRING *, VSTREAM *);
-extern int vstring_get_null(VSTRING *, VSTREAM *);
-extern int vstring_get_bound(VSTRING *, VSTREAM *, ssize_t);
-extern int vstring_get_nonl_bound(VSTRING *, VSTREAM *, ssize_t);
-extern int vstring_get_null_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_nonl(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_null(VSTRING *, VSTREAM *);
+extern int WARN_UNUSED_RESULT vstring_get_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_nonl_bound(VSTRING *, VSTREAM *, ssize_t);
+extern int WARN_UNUSED_RESULT vstring_get_null_bound(VSTRING *, VSTREAM *, ssize_t);
/*
* Backwards compatibility for code that still uses the vstring_fgets()
projects / thirdparty / postfix.git / commitdiff
