From: Wietse Venema Date: Wed, 27 Dec 2017 05:00:00 +0000 (-0500) Subject: postfix-3.3-20171227 X-Git-Tag: v3.3.0-RC1~7 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8f899dca088b2dd218f6f505379525ec71c18fa4;p=thirdparty%2Fpostfix.git postfix-3.3-20171227 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 2d6887de9..accbaa63f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23215,7 +23215,7 @@ Apologies for any names omitted. 20171223 Feature: Milters can now send RET and ENVID arguments in - SMFI_CHGFROM requests. Files: cleanup/Makefile.in, + SMFIR_CHGFROM requests. Files: cleanup/Makefile.in, cleanup/cleanup.h, cleanup/cleanup_envelope.c, cleanup/cleanup_milter.c, cleanup/cleanup_milter.in13h, cleanup/cleanup_milter.in13i, cleanup/cleanup_milter.ref13c, @@ -23224,3 +23224,14 @@ Apologies for any names omitted. cleanup/cleanup_milter.ref13i, cleanup/cleanup_state.c, cleanup/test-queue-file13h, cleanup/test-queue-file13i, oqmgr/qmgr_message.c, qmgr/qmgr_message.c. + +20171226 + + Documentation patches by Sven Neuhaus. Files: + proto/FORWARD_SECRECY_README.html, proto/MILTER_README.html, + proto/SMTPD_ACCESS_README.html. + +20171227 + + Feature: postgresql:// URI support by Magosányi Árpád. + Files: global/dict_pgsql.c, proto/pgsql_table. diff --git a/postfix/README_FILES/MILTER_README b/postfix/README_FILES/MILTER_README index a1b68b68d..6cdea837d 100644 --- a/postfix/README_FILES/MILTER_README +++ b/postfix/README_FILES/MILTER_README @@ -1,8 +1,8 @@ -Postfix before-queue Milter support +PPoossttffiixx bbeeffoorree--qquueeuuee MMiilltteerr ssuuppppoorrtt ------------------------------------------------------------------------------- -Introduction +IInnttrroodduuccttiioonn Postfix implements support for the Sendmail version 8 Milter (mail filter) protocol. This protocol is used by applications that run outside the MTA to @@ -30,7 +30,7 @@ This document provides information on the following topics: * Workarounds * Limitations -How Milter applications plug into Postfix +HHooww MMiilltteerr aapppplliiccaattiioonnss pplluugg iinnttoo PPoossttffiixx The Postfix Milter implementation uses two different lists of mail filters: one list of filters for SMTP mail only, and one list of filters for non-SMTP mail. @@ -80,7 +80,7 @@ Postfix architecture). Local -> sendmail(1) -Building Milter applications +BBuuiillddiinngg MMiilltteerr aapppplliiccaattiioonnss Milter applications have been written in C, JAVA and Perl, but this document deals with C applications only. For these, you need an object library that @@ -94,25 +94,25 @@ some Linux systems). Once libmilter is installed, applications such as OpenDKIM and OpenDMARC build out of the box without requiring any tinkering: - $ gzcat opendkim-x.y.z.tar.gz | tar xf - - $ cd opendkim-x.y.z - $ ./configure ...options... - $ make + $ ggzzccaatt ooppeennddkkiimm--xx..yy..zz..ttaarr..ggzz || ttaarr xxff -- + $ ccdd ooppeennddkkiimm--xx..yy..zz + $ ..//ccoonnffiigguurree ......ooppttiioonnss...... + $ mmaakkee [...lots of output omitted...] - $ make install + $ mmaakkee iinnssttaallll -Running Milter applications +RRuunnnniinngg MMiilltteerr aapppplliiccaattiioonnss To run a Milter application, see the documentation of the filter for options. A typical command looks like this: - # /some/where/opendkim -l -u userid -p inet:portnumber@localhost ...other - options... + # //ssoommee//wwhheerree//ooppeennddkkiimm --ll --uu uusseerriidd --pp iinneett::ppoorrttnnuummbbeerr@@llooccaallhhoosstt ......ootthheerr + ooppttiioonnss...... Please specify a userid value that isn't used for other applications (not "postfix", not "www", etc.). -Configuring Postfix +CCoonnffiigguurriinngg PPoossttffiixx Like Sendmail, Postfix has a lot of configuration options that control how it talks to Milter applications. Besides global options that apply to all Milter @@ -131,7 +131,7 @@ Information in this section: * Sendmail macro emulation * What macros will Postfix send to Milters? -SMTP-Only Milter applications +SSMMTTPP--OOnnllyy MMiilltteerr aapppplliiccaattiioonnss The SMTP-only Milter applications handle mail that arrives via the Postfix smtpd(8) server. They are typically used to filter unwanted mail, and to sign @@ -159,23 +159,23 @@ from other Milter applications. The general syntax for listening sockets is as follows: - unix:pathname + uunniixx::pathname Connect to the local UNIX-domain server that is bound to the specified pathname. If the smtpd(8) or cleanup(8) process runs chrooted, an absolute pathname is interpreted relative to the Postfix queue directory. - inet:host:port + iinneett::host::port Connect to the specified TCP port on the specified local or remote host. The host and port can be specified in numeric or symbolic form. NOTE: Postfix syntax differs from Milter syntax which has the form - inet:port@host. + iinneett::port@@host. For advanced configuration see "Different settings for different SMTP clients" and "Different settings for different Milter applications". -Non-SMTP Milter applications +NNoonn--SSMMTTPP MMiilltteerr aapppplliiccaattiioonnss The non-SMTP Milter applications handle mail that arrives via the Postfix sendmail(1) command-line or via the Postfix qmqpd(8) server. They are typically @@ -226,7 +226,7 @@ must not REJECT or TEMPFAIL simulated RCPT TO commands. When a non_smtpd_milters application REJECTs or TEMPFAILs a recipient, Postfix will report a configuration error, and mail will stay in the queue. -Signing internally-generated bounce messages +SSiiggnniinngg iinntteerrnnaallllyy--ggeenneerraatteedd bboouunnccee mmeessssaaggeess Postfix normally does not apply content filters to mail that is generated internally such as bounces or Postmaster notifications. Filtering internally- @@ -243,7 +243,7 @@ non_smtpd_milters, header_checks or body_checks (lines 3-5 below). 4 header_checks = don't reject internally-generated bounces 5 body_checks = don't reject internally-generated bounces -Milter error handling +MMiilltteerr eerrrroorr hhaannddlliinngg The milter_default_action parameter specifies how Postfix handles Milter application errors. The default action is to respond with a temporary error @@ -260,16 +260,16 @@ the message in the "hold" queue, and is available with Postfix 2.6 or later. See "Different settings for different Milter applications" for advanced configuration options. -Milter protocol version +MMiilltteerr pprroottooccooll vveerrssiioonn As Postfix is not built with the Sendmail libmilter library, you may need to configure the Milter protocol version that Postfix should use. The default version is 6 (before Postfix 2.6 the default version is 2). /etc/postfix/main.cf: - # Postfix ≥ 2.6 + # Postfix >= 2.6 milter_protocol = 6 - # 2.3 ≤ Postfix ≤ 2.5 + # 2.3 <= Postfix <= 2.5 milter_protocol = 2 If the Postfix milter_protocol setting specifies a too low version, the @@ -298,21 +298,21 @@ libmilter library does not expect. See "Different settings for different Milter applications" for advanced configuration options. -Milter protocol timeouts +MMiilltteerr pprroottooccooll ttiimmeeoouuttss Postfix uses different time limits at different Milter protocol stages. The table shows the timeout settings and the corresponding protocol stages (EOH = end of headers; EOM = end of message). - _________________________________________________________________ - |Postfix parameter |Time limit|Milter protocol stage | - |______________________|__________|_______________________________| + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + |PPoossttffiixx ppaarraammeetteerr |TTiimmee lliimmiitt|MMiilltteerr pprroottooccooll ssttaaggee | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_connect_timeout|30s |CONNECT | - |______________________|__________|_______________________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_command_timeout|30s |HELO, MAIL, RCPT, DATA, UNKNOWN| - |______________________|__________|_______________________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_content_timeout|300s |HEADER, EOH, BODY, EOM | - |______________________|__________|_______________________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | Beware: 30s may be too short for Milter applications that do lots of DNS lookups. However, if you increase the above timeouts too much, remote SMTP @@ -322,7 +322,7 @@ inherent problem with before-queue filtering. See "Different settings for different Milter applications" for advanced configuration options. -Different settings for different Milter applications +DDiiffffeerreenntt sseettttiinnggss ffoorr ddiiffffeerreenntt MMiilltteerr aapppplliiccaattiioonnss The previous sections list a number of Postfix main.cf parameters that control time limits and other settings for all Postfix Milter clients. This is @@ -349,11 +349,11 @@ Instead of a server endpoint, we now have a list enclosed in {}. content_timeout, default_action, and protocol. Inside the list, syntax is similar to what we already know from main.cf: items -separated by space or comma. There is one difference: you must enclose a -setting in parentheses, as in "{ name = value }", if you want to have space or -comma within a value or around "=". +separated by space or comma. There is one difference: yyoouu mmuusstt eenncclloossee aa +sseettttiinngg iinn ppaarreenntthheesseess,, aass iinn ""{{ nnaammee == vvaalluuee }}"",, iiff yyoouu wwaanntt ttoo hhaavvee ssppaaccee oorr +ccoommmmaa wwiitthhiinn aa vvaalluuee oorr aarroouunndd ""=="". -Different settings for different SMTP clients +DDiiffffeerreenntt sseettttiinnggss ffoorr ddiiffffeerreenntt SSMMTTPP cclliieennttss The smtpd_milter_maps feature supports different Milter settings for different client IP addresses. Lookup results override the the global smtpd_milters @@ -373,7 +373,7 @@ local address ranges: This feature is available with Postfix 3.2 and later. -Sendmail macro emulation +SSeennddmmaaiill mmaaccrroo eemmuullaattiioonn Postfix emulates a limited number of Sendmail macros, as shown in the table. Some macro values depend on whether a recipient is rejected (rejected @@ -382,70 +382,92 @@ macros are available at different Milter protocol stages (EOH = end-of-header, EOM = end-of-message); their availability is not always the same as in Sendmail. See the workarounds section below for solutions. - _________________________________________________________________________________________________________________________________________ - |Sendmail macro |Milter protocol stage |Description | - |____________________|_______________________________________________|____________________________________________________________________| - |i |DATA, EOH, EOM |Queue ID, also Postfix queue file name | - |____________________|_______________________________________________|____________________________________________________________________| - |j |Always |Value of myhostname | - |____________________|_______________________________________________|____________________________________________________________________| - |_ |Always |The validated client name and address | - |____________________|_______________________________________________|____________________________________________________________________| - |{auth_authen} |MAIL, DATA, EOH, EOM |SASL login name | - |____________________|_______________________________________________|____________________________________________________________________| - |{auth_author} |MAIL, DATA, EOH, EOM |SASL sender | - |____________________|_______________________________________________|____________________________________________________________________| - |{auth_type} |MAIL, DATA, EOH, EOM |SASL login method | - |____________________|_______________________________________________|____________________________________________________________________| - |{client_addr} |Always |Remote client IP address | - |____________________|_______________________________________________|____________________________________________________________________| - |{client_connections}|CONNECT |Connection concurrency for this client (zero if the client is | - | | |excluded from all smtpd_client_* limits). | - |____________________|_______________________________________________|____________________________________________________________________| - | | |Remote client hostname | - |{client_name} |Always |When address → name lookup or name → address verification fails:| - | | |"unknown" | - |____________________|_______________________________________________|____________________________________________________________________| - |{client_port} |Always (Postfix ≥2.5) |Remote client TCP port | - |____________________|_______________________________________________|____________________________________________________________________| - |{client_ptr} |CONNECT, HELO, MAIL, DATA |Client name from address → name lookup | - | | |When address → name lookup fails: "unknown" | - |____________________|_______________________________________________|____________________________________________________________________| - |{cert_issuer} |HELO, MAIL, DATA, EOH, EOM |TLS client certificate issuer | - |____________________|_______________________________________________|____________________________________________________________________| - |{cert_subject} |HELO, MAIL, DATA, EOH, EOM |TLS client certificate subject | - |____________________|_______________________________________________|____________________________________________________________________| - |{cipher_bits} |HELO, MAIL, DATA, EOH, EOM |TLS session key size | - |____________________|_______________________________________________|____________________________________________________________________| - |{cipher} |HELO, MAIL, DATA, EOH, EOM |TLS cipher | - |____________________|_______________________________________________|____________________________________________________________________| - |{daemon_addr} |Always (Postfix ≥3.2) |Local server IP address | - |____________________|_______________________________________________|____________________________________________________________________| - |{daemon_name} |Always |value of milter_macro_daemon_name | - |____________________|_______________________________________________|____________________________________________________________________| - |{daemon_port} |Always (Postfix ≥3.2) |Local server TCP port | - |____________________|_______________________________________________|____________________________________________________________________| - |{mail_addr} |MAIL |Sender address | - |____________________|_______________________________________________|____________________________________________________________________| - |{mail_host} |MAIL (Postfix ≥ 2.6, only with smtpd_milters)|Sender next-hop destination | - |____________________|_______________________________________________|____________________________________________________________________| - |{mail_mailer} |MAIL (Postfix ≥ 2.6, only with smtpd_milters)|Sender mail delivery transport | - |____________________|_______________________________________________|____________________________________________________________________| - |{rcpt_addr} |RCPT |Recipient address | - | | |With rejected recipient: descriptive text | - |____________________|_______________________________________________|____________________________________________________________________| - |{rcpt_host} |RCPT (Postfix ≥ 2.6, only with smtpd_milters)|Recipient next-hop destination | - | | |With rejected recipient: enhanced status code | - |____________________|_______________________________________________|____________________________________________________________________| - |{rcpt_mailer} |RCPT (Postfix ≥ 2.6, only with smtpd_milters)|Recipient mail delivery transport | - | | |With rejected recipient: "error" | - |____________________|_______________________________________________|____________________________________________________________________| - |{tls_version} |HELO, MAIL, DATA, EOH, EOM |TLS protocol version | - |____________________|_______________________________________________|____________________________________________________________________| - |v |Always |value of milter_macro_v | - |____________________|_______________________________________________|____________________________________________________________________| - -What macros will Postfix send to Milters? + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + |SSeennddmmaaiill mmaaccrroo |MMiilltteerr pprroottooccooll ssttaaggee |DDeessccrriippttiioonn | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |i |DATA, EOH, EOM |Queue ID, also Postfix | + | | |queue file name | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |j |Always |Value of myhostname | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |_ |Always |The validated client name | + | | |and address | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{auth_authen} |MAIL, DATA, EOH, EOM |SASL login name | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{auth_author} |MAIL, DATA, EOH, EOM |SASL sender | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{auth_type} |MAIL, DATA, EOH, EOM |SASL login method | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{client_addr} |Always |Remote client IP address | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + | | |Connection concurrency for| + | | |this client (zero if the | + |{client_connections}|CONNECT |client is excluded from | + | | |all smtpd_client_* | + | | |limits). | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + | | |Remote client hostname | + | | |When address -> name | + |{client_name} |Always |lookup or name -> address | + | | |verification fails: | + | | |"unknown" | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{client_port} |Always (Postfix >=2.5) |Remote client TCP port | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + | | |Client name from address -| + |{client_ptr} |CONNECT, HELO, MAIL, DATA|> name lookup | + | | |When address -> name | + | | |lookup fails: "unknown" | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{cert_issuer} |HELO, MAIL, DATA, EOH, |TLS client certificate | + | |EOM |issuer | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{cert_subject} |HELO, MAIL, DATA, EOH, |TLS client certificate | + | |EOM |subject | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{cipher_bits} |HELO, MAIL, DATA, EOH, |TLS session key size | + | |EOM | | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{cipher} |HELO, MAIL, DATA, EOH, |TLS cipher | + | |EOM | | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{daemon_addr} |Always (Postfix >=3.2) |Local server IP address | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{daemon_name} |Always |value of | + | | |milter_macro_daemon_name | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{daemon_port} |Always (Postfix >=3.2) |Local server TCP port | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{mail_addr} |MAIL |Sender address | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{mail_host} |MAIL (Postfix >= 2.6, |Sender next-hop | + | |only with smtpd_milters) |destination | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{mail_mailer} |MAIL (Postfix >= 2.6, |Sender mail delivery | + | |only with smtpd_milters) |transport | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + | | |Recipient address | + |{rcpt_addr} |RCPT |With rejected recipient: | + | | |descriptive text | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + | | |Recipient next-hop | + |{rcpt_host} |RCPT (Postfix >= 2.6, |destination | + | |only with smtpd_milters) |With rejected recipient: | + | | |enhanced status code | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + | | |Recipient mail delivery | + |{rcpt_mailer} |RCPT (Postfix >= 2.6, |transport | + | |only with smtpd_milters) |With rejected recipient: | + | | |"error" | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |{tls_version} |HELO, MAIL, DATA, EOH, |TLS protocol version | + | |EOM | | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |v |Always |value of milter_macro_v | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + +WWhhaatt mmaaccrrooss wwiillll PPoossttffiixx sseenndd ttoo MMiilltteerrss?? Postfix sends specific sets of macros at different Milter protocol stages. The sets are configured with the parameters as shown in the table below (EOH = end @@ -456,26 +478,26 @@ As of Sendmail 8.14.0, Milter applications can specify what macros they want to receive at different Milter protocol stages. An application-specified list takes precedence over a Postfix-specified list. - ___________________________________________________________________ - |Postfix parameter |Milter protocol|Milter protocol stage| - | |version | | - |_____________________________|_______________|_____________________| + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + |PPoossttffiixx ppaarraammeetteerr |MMiilltteerr pprroottooccooll|MMiilltteerr pprroottooccooll ssttaaggee| + | |vveerrssiioonn | | + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_connect_macros |2 or higher |CONNECT | - |_____________________________|_______________|_____________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_helo_macros |2 or higher |HELO/EHLO | - |_____________________________|_______________|_____________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_mail_macros |2 or higher |MAIL FROM | - |_____________________________|_______________|_____________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_rcpt_macros |2 or higher |RCPT TO | - |_____________________________|_______________|_____________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_data_macros |4 or higher |DATA | - |_____________________________|_______________|_____________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_end_of_header_macros |6 or higher |EOH | - |_____________________________|_______________|_____________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_end_of_data_macros |2 or higher |EOM | - |_____________________________|_______________|_____________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |milter_unknown_command_macros|3 or higher |unknown command | - |_____________________________|_______________|_____________________| + |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | By default, Postfix will send only macros whose values have been updated with information from main.cf or master.cf, from an SMTP session (for example; SASL @@ -487,7 +509,7 @@ specify macro default values with the milter_macro_defaults parameter. Specify zero or more name=value pairs separated by comma or whitespace; you may even specify macro names that Postfix does know about! -Workarounds +WWoorrkkaarroouunnddss * To avoid breaking DKIM etc. signatures with an SMTP-based content filter, update the before-filter SMTP client in master.cf, and add a line with "- @@ -506,7 +528,7 @@ Workarounds * Some Milter applications use the "{if_addr}" macro to recognize local mail; this macro does not exist in Postfix. Workaround: use the "{daemon_addr}" - (Postfix ≥ 3.2) or "{client_addr}" macro instead. + (Postfix >= 3.2) or "{client_addr}" macro instead. * Some Milter applications log a warning that looks like this: @@ -535,19 +557,19 @@ Workarounds o Edit the filter source file (typically named xxx-filter/xxx-filter.c or similar). - o Look up the mlfi_eom() function and add code near the top shown as bold + o Look up the mlfi_eom() function and add code near the top shown as bboolldd text below: dfc = cc->cctx_msg; assert(dfc != NULL); - /* Determine the job ID for logging. */ - if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) - { - char *jobid = smfi_getsymval(ctx, "i"); - if (jobid != 0) - dfc->mctx_jobid = jobid; - } + //** DDeetteerrmmiinnee tthhee jjoobb IIDD ffoorr llooggggiinngg.. **// + iiff ((ddffcc-->>mmccttxx__jjoobbiidd ==== 00 |||| ssttrrccmmpp((ddffcc-->>mmccttxx__jjoobbiidd,, JJOOBBIIDDUUNNKKNNOOWWNN)) ==== 00)) + {{ + cchhaarr **jjoobbiidd == ssmmffii__ggeettssyymmvvaall((ccttxx,, ""ii""));; + iiff ((jjoobbiidd !!== 00)) + ddffcc-->>mmccttxx__jjoobbiidd == jjoobbiidd;; + }} NOTES: @@ -559,7 +581,7 @@ Workarounds o This change fixes only the ugly message header, but not the WARNING message. Fortunately, many Milters log that message only once. -Limitations +LLiimmiittaattiioonnss This section lists limitations of the Postfix Milter implementation. Some limitations will be removed as the implementation is extended over time. Of @@ -569,22 +591,22 @@ the CONTENT_INSPECTION_README document for a discussion. * The Milter protocol has evolved over time. Therefore, different Postfix versions implement different feature sets. - ________________________________________________________________________ - |Postfix|Supported Milter requests | - |_______|________________________________________________________________| + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + |PPoossttffiixx|SSuuppppoorrtteedd MMiilltteerr rreeqquueessttss | + |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | 2.6 |All Milter requests of Sendmail 8.14.0 (see notes below). | - |_______|________________________________________________________________| + |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | |All Milter requests of Sendmail 8.14.0, except: | | |SMFIP_RCPT_REJ (report rejected recipients to the mail filter), | | 2.5 |SMFIR_CHGFROM (replace sender, with optional ESMTP parameters), | | |SMFIR_ADDRCPT_PAR (add recipient, with optional ESMTP | | |parameters). | - |_______|________________________________________________________________| + |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | 2.4 |All Milter requests of Sendmail 8.13.0. | - |_______|________________________________________________________________| + |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | 2.3 |All Milter requests of Sendmail 8.13.0, except: | | |SMFIR_REPLBODY (replace message body). | - |_______|________________________________________________________________| + |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | * For Milter applications that are written in C, you need to use the Sendmail libmilter library. diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html index e8416c47e..b18d892d5 100644 --- a/postfix/html/FORWARD_SECRECY_README.html +++ b/postfix/html/FORWARD_SECRECY_README.html @@ -341,9 +341,9 @@ few seconds to a few minutes): 

 # cd /etc/postfix
 # umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
 # chmod 644 dh512.pem dh1024.pem dh2048.pem
diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html index 99af63a12..537ebbe8c 100644 --- a/postfix/html/MILTER_README.html +++ b/postfix/html/MILTER_README.html @@ -785,7 +785,7 @@ example.

  • Some Milter applications use the "{if_addr}" macro to recognize local mail; this macro does not exist in Postfix. -Workaround: use the "{daemon_addr}" (Postfix &ge 3.2) or +Workaround: use the "{daemon_addr}" (Postfix ≥ 3.2) or "{client_addr}" macro instead.

  • Some Milter applications log a warning that looks like diff --git a/postfix/html/SMTPD_ACCESS_README.html b/postfix/html/SMTPD_ACCESS_README.html index 411440c7a..83235574a 100644 --- a/postfix/html/SMTPD_ACCESS_README.html +++ b/postfix/html/SMTPD_ACCESS_README.html @@ -251,7 +251,7 @@ Reject MAIL FROM information relay policy Reject RCPT TO information - < 2.10 Not available + < 2.10 Not available smtpd_recipient_restrictions ≥ @@ -259,7 +259,7 @@ relay policy relay policy Reject RCPT TO information - < 2.10 Required + < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional diff --git a/postfix/html/pgsql_table.5.html b/postfix/html/pgsql_table.5.html index 17d887c98..49c4476e9 100644 --- a/postfix/html/pgsql_table.5.html +++ b/postfix/html/pgsql_table.5.html @@ -42,21 +42,18 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) PGSQL PARAMETERS hosts The hosts that Postfix will try to connect to and query from. - Specify unix: for UNIX-domain sockets, inet: for TCP connections - (default). Example: + Besides a postgresql:// connection URI, this setting supports + the historical forms unix:/pathname for UNIX-domain sockets and + inet:host:port for TCP connections, where the unix: and inet: + prefixes are accepted and ignored for backwards compatibility. + Examples: + hosts = postgresql://username@example.com/tablename?sslmode=require hosts = host1.some.domain host2.some.domain:port hosts = unix:/file/name - The hosts are tried in random order, with all connections over - UNIX domain sockets being tried before those over TCP. The con- - nections are automatically closed after being idle for about 1 - minute, and are re-opened as necessary. - - NOTE: the unix: and inet: prefixes are accepted for backwards - compatibility reasons, but are actually ignored. The PostgreSQL - client library will always try to connect to an UNIX socket if - the name starts with a slash, and will try a TCP connection oth- - erwise. + The hosts are tried in random order. The connections are auto- + matically closed after being idle for about 1 minute, and are + re-opened as necessary. user, password The user name and password to log into the pgsql server. Exam- diff --git a/postfix/man/man5/pgsql_table.5 b/postfix/man/man5/pgsql_table.5 index 2e6f587d6..a55f2db31 100644 --- a/postfix/man/man5/pgsql_table.5 +++ b/postfix/man/man5/pgsql_table.5 @@ -54,24 +54,22 @@ return the key itself or a constant value. .ad .fi .IP "\fBhosts\fR" -The hosts that Postfix will try to connect to and query from. -Specify \fIunix:\fR for UNIX\-domain sockets, \fIinet:\fR for TCP -connections (default). Example: +The hosts that Postfix will try to connect to and query +from. Besides a \fBpostgresql://\fR connection URI, this +setting supports the historical forms \fBunix:/\fIpathname\fR +for UNIX\-domain sockets and \fBinet:\fIhost:port\fR for TCP +connections, where the \fBunix:\fR and \fBinet:\fR prefixes +are accepted and ignored for backwards compatibility. +Examples: .nf + hosts = postgresql://username@example.com/tablename?sslmode=require hosts = host1.some.domain host2.some.domain:port hosts = unix:/file/name .fi -The hosts are tried in random order, with all connections over -UNIX domain sockets being tried before those over TCP. The -connections are automatically closed after being idle for about -1 minute, and are re\-opened as necessary. - -NOTE: the \fIunix:\fR and \fIinet:\fR prefixes are accepted for -backwards compatibility reasons, but are actually ignored. -The PostgreSQL client library will always try to connect to an -UNIX socket if the name starts with a slash, and will try a TCP -connection otherwise. +The hosts are tried in random order. The connections are +automatically closed after being idle for about 1 minute, +and are re\-opened as necessary. .IP "\fBuser, password\fR" The user name and password to log into the pgsql server. Example: diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html index 7ff465796..62593d291 100644 --- a/postfix/proto/FORWARD_SECRECY_README.html +++ b/postfix/proto/FORWARD_SECRECY_README.html @@ -341,9 +341,9 @@ few seconds to a few minutes): 

     # cd /etc/postfix
 # umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
 # chmod 644 dh512.pem dh1024.pem dh2048.pem
    diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html index 6ccc8a6df..886299f4f 100644 --- a/postfix/proto/MILTER_README.html +++ b/postfix/proto/MILTER_README.html @@ -785,7 +785,7 @@ example.

  • Some Milter applications use the "{if_addr}" macro to recognize local mail; this macro does not exist in Postfix. -Workaround: use the "{daemon_addr}" (Postfix &ge 3.2) or +Workaround: use the "{daemon_addr}" (Postfix ≥ 3.2) or "{client_addr}" macro instead.

  • Some Milter applications log a warning that looks like diff --git a/postfix/proto/SMTPD_ACCESS_README.html b/postfix/proto/SMTPD_ACCESS_README.html index ef45e1dd4..5952bb278 100644 --- a/postfix/proto/SMTPD_ACCESS_README.html +++ b/postfix/proto/SMTPD_ACCESS_README.html @@ -251,7 +251,7 @@ Reject MAIL FROM information relay policy Reject RCPT TO information - < 2.10 Not available + < 2.10 Not available smtpd_recipient_restrictions ≥ @@ -259,7 +259,7 @@ relay policy relay policy Reject RCPT TO information - < 2.10 Required + < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional diff --git a/postfix/proto/pgsql_table b/postfix/proto/pgsql_table index bf9b3c837..fefc7a830 100644 --- a/postfix/proto/pgsql_table +++ b/postfix/proto/pgsql_table @@ -44,24 +44,22 @@ # .ad # .fi # .IP "\fBhosts\fR" -# The hosts that Postfix will try to connect to and query from. -# Specify \fIunix:\fR for UNIX-domain sockets, \fIinet:\fR for TCP -# connections (default). Example: +# The hosts that Postfix will try to connect to and query +# from. Besides a \fBpostgresql://\fR connection URI, this +# setting supports the historical forms \fBunix:/\fIpathname\fR +# for UNIX-domain sockets and \fBinet:\fIhost:port\fR for TCP +# connections, where the \fBunix:\fR and \fBinet:\fR prefixes +# are accepted and ignored for backwards compatibility. +# Examples: # .nf +# hosts = postgresql://username@example.com/tablename?sslmode=require # hosts = host1.some.domain host2.some.domain:port # hosts = unix:/file/name # .fi # -# The hosts are tried in random order, with all connections over -# UNIX domain sockets being tried before those over TCP. The -# connections are automatically closed after being idle for about -# 1 minute, and are re-opened as necessary. -# -# NOTE: the \fIunix:\fR and \fIinet:\fR prefixes are accepted for -# backwards compatibility reasons, but are actually ignored. -# The PostgreSQL client library will always try to connect to an -# UNIX socket if the name starts with a slash, and will try a TCP -# connection otherwise. +# The hosts are tried in random order. The connections are +# automatically closed after being idle for about 1 minute, +# and are re-opened as necessary. # .IP "\fBuser, password\fR" # The user name and password to log into the pgsql server. # Example: diff --git a/postfix/src/global/dict_pgsql.c b/postfix/src/global/dict_pgsql.c index e3e6d3027..0ffc75586 100644 --- a/postfix/src/global/dict_pgsql.c +++ b/postfix/src/global/dict_pgsql.c @@ -160,7 +160,6 @@ #include "argv.h" #include "vstring.h" #include "split_at.h" -#include "find_inet.h" #include "myrand.h" #include "events.h" #include "stringops.h" @@ -180,6 +179,7 @@ #define TYPEUNIX (1<<0) #define TYPEINET (1<<1) +#define TYPECONNSTRING (1<<2) #define RETRY_CONN_MAX 100 #define RETRY_CONN_INTV 60 /* 1 minute */ @@ -190,7 +190,7 @@ typedef struct { char *hostname; char *name; char *port; - unsigned type; /* TYPEUNIX | TYPEINET */ + unsigned type; /* TYPEUNIX | TYPEINET | TYPECONNSTRING*/ unsigned stat; /* STATUNTRIED | STATFAIL | STATCUR */ time_t ts; /* used for attempting reconnection */ } HOST; @@ -469,7 +469,8 @@ static HOST *dict_pgsql_get_active(PLPGSQL *PLDB, char *dbname, /* try the active connections first; prefer the ones to UNIX sockets */ if ((host = dict_pgsql_find_host(PLDB, STATACTIVE, TYPEUNIX)) != NULL || - (host = dict_pgsql_find_host(PLDB, STATACTIVE, TYPEINET)) != NULL) { + (host = dict_pgsql_find_host(PLDB, STATACTIVE, TYPEINET)) != NULL || + (host = dict_pgsql_find_host(PLDB, STATACTIVE, TYPECONNSTRING)) != NULL) { if (msg_verbose) msg_info("%s: found active connection to host %s", myname, host->hostname); @@ -485,7 +486,9 @@ static HOST *dict_pgsql_get_active(PLPGSQL *PLDB, char *dbname, ((host = dict_pgsql_find_host(PLDB, STATUNTRIED | STATFAIL, TYPEUNIX)) != NULL || (host = dict_pgsql_find_host(PLDB, STATUNTRIED | STATFAIL, - TYPEINET)) != NULL)) { + TYPEINET)) != NULL || + (host = dict_pgsql_find_host(PLDB, STATUNTRIED | STATFAIL, + TYPECONNSTRING)) != NULL)) { if (msg_verbose) msg_info("%s: attempting to connect to host %s", myname, host->hostname); @@ -624,9 +627,13 @@ static PGSQL_RES *plpgsql_query(DICT_PGSQL *dict_pgsql, */ static void plpgsql_connect_single(HOST *host, char *dbname, char *username, char *password) { - if ((host->db = PQsetdbLogin(host->name, host->port, NULL, NULL, - dbname, username, password)) == NULL - || PQstatus(host->db) != CONNECTION_OK) { + if (host->type == TYPECONNSTRING) { + host->db = PQconnectdb(host->name); + } else { + host->db = PQsetdbLogin(host->name, host->port, NULL, NULL, + dbname, username, password); + } + if (host->db == NULL || PQstatus(host->db) != CONNECTION_OK) { msg_warn("connect to pgsql server %s: %s", host->hostname, PQerrorMessage(host->db)); plpgsql_down_host(host); @@ -814,24 +821,37 @@ static HOST *host_init(const char *hostname) host->ts = 0; /* - * Ad-hoc parsing code. Expect "unix:pathname" or "inet:host:port", where - * both "inet:" and ":port" are optional. + * Modern syntax: "postgresql://connection-info". */ - if (strncmp(d, "unix:", 5) == 0 || strncmp(d, "inet:", 5) == 0) - d += 5; - host->name = mystrdup(d); - host->port = split_at_right(host->name, ':'); - - /* This is how PgSQL distinguishes between UNIX and INET: */ - if (host->name[0] && host->name[0] != '/') - host->type = TYPEINET; - else - host->type = TYPEUNIX; + if (strncmp(d, "postgresql:", 11) == 0) { + host->type = TYPECONNSTRING; + host->name = mystrdup(d); + host->port = 0; + } + /* + * Historical syntax: "unix:/pathname" and "inet:host:port". Strip the + * "unix:" and "inet:" prefixes. Look at the first character, which is + * how PgSQL historically distinguishes between UNIX and INET. + */ + else { + if (strncmp(d, "unix:", 5) == 0 || strncmp(d, "inet:", 5) == 0) + d += 5; + host->name = mystrdup(d); + if (host->name[0] && host->name[0] != '/') { + host->type = TYPEINET; + host->port = split_at_right(host->name, ':'); + } else { + host->type = TYPEUNIX; + host->port = 0; + } + } if (msg_verbose > 1) msg_info("%s: host=%s, port=%s, type=%s", myname, host->name, host->port ? host->port : "", - host->type == TYPEUNIX ? "unix" : "inet"); + host->type == TYPEUNIX ? "unix" : + host->type == TYPEINET ? "inet" : + "uri"); return host; } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 6d0e3198d..ac1f0df5a 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20171223" +#define MAIL_RELEASE_DATE "20171227" #define MAIL_VERSION_NUMBER "3.3" #ifdef SNAPSHOT