Workaround: preliminary IPV6 support in valid_hostliteral().
File: util/valid_hostname.c.
+20021220
+
+ Bugfix: the reject_multi_recipient_bounce restriction had
+ an off-by-one error when used in smtpd_data_restrictions.
+ File: smtpd/smtpd_check.c.
+
+ Feature: new check_recipient_maps restriction that gives
+ finer control over when unknown recipients are rejected.
+ As with Postfix 1.1, the default is to do this at the end
+ of the recipient restrictions. Sites that want to improve
+ performance can put check_recipient_maps at the start of
+ the smtpd_client_restrictions list and avoid doing unnecessary
+ RBL lookups etc. File: smtpd/smtpd_check.c.
+
+ Feature: new show_user_unknown_recipient_table parameter
+ controls whether or not to reveal the lookup table name in
+ "User unknown" responses. The extra detail makes trouble
+ shooting easier but also reveals information that is nobody
+ elses business.
+
Open problems:
Low: after successful delivery, per-queue window += 1/window,
OpenBSD 3.x
Reliant UNIX 5.x
Rhapsody 5.x
- SunOS 4.1.x (July 2002)
+ SunOS 4.1.x (December 2002)
SunOS 5.4..5.8 (Solaris 2.4..8)
Ultrix 4.x (well, that was long ago)
--- /dev/null
+Introduction
+============
+
+Postfix version 2.0 introduces the concept of address classes.
+This is a way of grouping recipient addresses by their delivery
+method. The idea comes from discussions with Victor Duchovni.
+
+Benefits of address classes are:
+
+- You no longer need to specify all the virtual(8) mailbox domains
+ in the Postfix transport map. The virtual(8) delivery agent has
+ become a first-class citizen just like local(8) or smtp(8).
+
+- On mail gateway systems, separation of inbound mail relay traffic
+ from outbound traffic. This eliminates a problem where inbound
+ mail deliveries could become resource starved in the presence of
+ a high volume of outbound mail.
+
+- The SMTP server rejects unknown recipients in a more consistent
+ manner than was possible with previous Postfix versions.
+
+The list with "bad news" is at the end of this file :-)
+
+What address classes does Postfix implement?
+============================================
+
+Initially the list of address classes is hard coded, but this is
+meant to become extensible:
+
+-------------------------------------------------------------------
+Class Description
+-------------------------------------------------------------------
+local For UNIX accounts and for traditional /etc/aliases
+ Domain names are listed in $mydestination (or match the IP
+ address listed with $inet_interfaces)
+ Known recipients are listed in $local_recipient_maps (this
+ information is currently used by the Postfix SMTP server
+ only; if $local_recipient_maps is empty, the Postfix
+ SMTP server accepts all recipients)
+ Default delivery agent: local
+
+virtual For hosted domains that are aliased to mailboxes in other
+alias domains
+ Known recipients are listed in $virtual_alias_maps (default
+ is $virtual_maps for Postfix 1.1 compatibility)
+ Domain names are listed in $virtual_alias_domains (default
+ is $virtual_alias_maps for Postfix 1.1 compatibility)
+
+virtual For hosted domains with their own mailboxes
+mailbox Known recipients are listed in $virtual_mailbox_maps
+ Domain names are listed in $virtual_mailbox_domains (default
+ is $virtual_mailbox_maps for Postfix 1.1 compatibility)
+ Default delivery agent: virtual
+
+relay For remote destinations that list your system as MX host
+ Domain names are listed in $relay_domains
+ Known recipients are listed in $relay_recipient_maps (default
+ is empty; if $relay_recipient_maps is empty, the Postfix
+ SMTP server accepts all recipients)
+ Default delivery agent: relay (clone of default smtp agent)
+
+other Restricted to mail from authorized clients
+ Default delivery agent: smtp
+ No domain table
+ No recipient table
+-------------------------------------------------------------------
+
+Incompatibilities with Postfix 1.1
+==================================
+
+- virtual_maps is replaced by virtual_alias_maps (for address
+ lookups) and virtual_alias_domains (for the names of what were
+ formerly called "Postfix-style virtual domains").
+
+ For backwards compatibility with Postfix version 1.1, the new
+ virtual_alias_maps parameter defaults to $virtual_maps, and the
+ new virtual_alias_domains parameter defaults to $virtual_alias_maps.
+
+- virtual_mailbox_maps now has a companion parameter called
+ virtual_mailbox_domains (for the names of domains served by the
+ virtual delivery agent). virtual_mailbox_maps is now used for
+ address lookups only.
+
+ For backwards compatibility with Postfix version 1.1,, the new
+ virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps.
+
+- Introduction of relay_recipient_maps, so that the Postfix SMTP
+ server can block mail for relay recipients that don't exist. This
+ list is empty by default.
+
+- The local_recipient_maps feature is now turned on by default, so
+ that the Postfix SMTP server rejects mail for unknown local
+ recipients. This is enabled by default. See the LOCAL_RECIPIENT_README
+ file hints and tips.
+
+- Introduction of relay delivery transport in master.cf. This helps
+ to avoid mail delivery scheduling problems on inbound mail relays,
+ but may require that you update your "defer_transports" setting.
--- /dev/null
+Introduction
+============
+
+As of Postfix version 2.0, the Postfix SMTP server now rejects mail
+for recipients in $mydestination domains that it does not know about.
+This feature was optional with previous Postfix versions.
+
+The benefit is that this keeps undeliverable mail out of your queue.
+The downside is that it may cause mail to be rejected when you
+upgrade from a Postfix system that was not configured to reject
+mail for unknown local recipients.
+
+This document describes what steps you may need to take in order
+to not have Postfix reject mail incorrectly.
+
+For safety's sake, if you upgrade from a Postfix version that did
+not use this feature, the Postfix SMTP server replies with a 450
+(try again later) status code for users it does not know about.
+
+Configuring the local_recipient_maps parameter
+==============================================
+
+The local_recipient_maps parameter specifies lookup tables with
+all names or addresses of local recipients. A recipient address is
+local when the address domain matches $mydestination or $inet_interfaces.
+
+If the local_recipient_maps parameter value is non-empty, then the
+SMTP server will reject for an unknown local recipient mail with
+"User unknown in local recipient table".
+
+To turn off unknown local recipient rejects by the SMTP server, specify:
+
+ /etc/postfix/main.cf:
+ local_recipient_maps =
+
+That is, an empty value. With this setting, the Postfix SMTP server
+will not reject mail with "User unknown in local recipient table".
+
+The default setting assumes that you use the default Postfix local
+delivery agent for local delivery, where recipients are either UNIX
+accounts or local aliases:
+
+ /etc/postfix/main.cf:
+ local_recipient_maps = unix:passwd.byname $alias_maps
+
+You need to update the local_recipient_maps setting if one of the
+following is true:
+
+1 - You define your $mydestination domain recipients in files other
+ than /etc/passwd or /etc/aliases.
+
+ For example, you define $mydestination domain recipients in the
+ $virtual_mailbox_maps files. In that case, you specify your local
+ recipients as follows:
+
+ /etc/postfix/main.cf:
+ local_recipient_maps = $virtual_mailbox_maps
+
+ For non-Postfix delivery agents (i.e. not "local" or "virtual"),
+ see further down this document.
+
+2 - You run the Postfix SMTP server chrooted (specified in master.cf).
+
+ On many systems you will have to copy the passwd file into the
+ chroot environment.
+
+ For example, on 4.4 BSD systems one would do the following:
+
+ # mkdir /var/spool/postfix/etc
+ # cp /etc/pwd.db /var/spool/postfix/etc
+
+ On other systems one would do:
+
+ # mkdir /var/spool/postfix/etc
+ # cp /etc/pwd.db /var/spool/postfix/etc
+
+ You may also have to copy /etc/nsswitch.conf, as well as files
+ that are referenced by /etc/nsswitch.conf, but that is unlikely.
+
+ The Postfix SMTP server has a safety net in place in case of a
+ missing or inaccessible passwd file and will reply with a 450
+ status code (try again) instead of losing your mail. Watch your
+ maillog file for the obvious error messages.
+
+3 - You redefined the local delivery agent in master.cf, or you
+ redefined the "local_transport" setting in main.cf, so that
+ mail for $mydestination domain recipients is delivered by
+ something else than the default Postfix local delivery agent.
+
+ Your local_recipient_maps setting needs to specify a database
+ that lists all the known user names or addresses for that
+ delivery agent. For example, if you deliver users in $mydestination
+ domains via the virtual delivery agent, specify:
+
+ /etc/postfix/main.cf
+ local_recipient_maps = $virtual_mailbox_maps
+
+ Your user database will be searched for the user@domain address
+ as well as for the bare username.
+
+4 - You use the mailbox_transport or fallback_transport feature of
+ the Postfix local delivery agent in order to deliver mail non-UNIX
+ accounts.
+
+ You need to add the database that lists the non-UNIX users:
+
+ /etc/postfix/main.cf
+ local_recipient_maps = unix_passwd.byname, $alias_maps,
+ <the database with non-UNIX accounts>
+
+ Your database will be searched for the user@domain address as
+ well as for the bare username.
+
+5 - You use the luser_relay feature of the Postfix local delivery agent.
+
+ In this case, you must disable the local_recipient_maps feature
+ completely, so that Postfix accepts mail for all local addresses:
+
+ /etc/postfix/main.cf
+ local_recipient_maps =
The Postfix SMTP server now rejects mail for $mydestination domain
recipients that it does not know about. This keeps undeliverable
-mail out of your queue. For safety's sake, the default is to reply
-with a 450 (try again later) status code so that you don't suddenly
-lose mail.
+mail out of your queue.
-For this to work correctly, you need to review the section titled
-"REJECTING UNKNOWN LOCAL USERS" in conf/main.cf if one of the
-following is true:
+To avoid losing mail when upgrading from Postfix 1.1, you need to
+review the LOCAL_RECIPIENT_README file if one of the following is
+true:
- You define $mydestination domain recipients in files other than
- /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
- For example, you define $mydestination domain recipients in the
- $virtual_mailbox_maps files.
+ /etc/passwd or /etc/aliases. For example, you define $mydestination
+ domain recipients in the $virtual_mailbox_maps files.
- You run the Postfix SMTP server chrooted (see master.cf).
- You redefined the local delivery agent in master.cf.
- You redefined the "local_transport" setting in main.cf.
- You use the fallback_transport feature of the Postfix local delivery agent.
- You use the luser_relay feature of the Postfix local delivery agent.
-Specify "local_recipient_maps =" (i.e. empty) to make the SMTP
-server accept mail for all known and unknown local recipients.
-That was the default setting prior to Postfix version 2.0.
-
Postfix no longer defaults to the "smtp" transport for all non-local
destinations. This may affect your defer_transports settings. In
particular, Postfix now uses the "relay" mail delivery transport
-for domains matching $relay_domains. The old "smtp" transport is
-now the default mail delivery transport for non-local domains that
-do not match relay_domains.
+for delivery to domains matching $relay_domains. The old "smtp"
+transport is now the default mail delivery transport for non-local
+domains that do not match relay_domains.
The "virtual_maps" configuration parameter is now called
"virtual_alias_maps", for consistency with "virtual_mailbox_maps".
Default settings are backwards compatible with Postfix 1.1.
-Postfix-style virtual domains are now called simulated virtual
-domains. Sendmail-style virtual domains are no longer documented.
-This part of Postfix was too confusing.
+Postfix-style virtual domains are now called virtual alias domains.
+Sendmail-style virtual domains are no longer documented. This part
+of Postfix was too confusing.
The default queue directory hash_queue_depth setting is reduced to
1 level of subdirectories per Postfix queue. This improves "mailq"
$relay_domains $relay_transport relay
other $default_transport smtp
-The benefits of these changes are that:
+The benefits of these changes are:
- You no longer need to specify all the virtual(8) domains in the
- Postfix transport map.
+ Postfix transport map. The virtual(8) delivery agent has
+ become a first-class citizen just like local(8) or smtp(8).
-- A lot of table lookups could be eliminated from the SMTP server's
- mail relay control and unknown user blocking code.
+- On mail gateway systems, separation of inbound mail relay traffic
+ from outbound traffic. This eliminates a problem where inbound
+ mail deliveries could become resource starved in the presence of
+ a high volume of outbound mail.
-This release introduces better handling of unknown recipients. Each
-address domain class now has its own table with known recipients,
-so that you can reject mail for unknown addresses consistently.
+- The SMTP server rejects unknown recipients in a more consistent
+ manner than was possible with previous Postfix versions.
- Destination matches Recipients defined by Remarks
- --------------------------------------------------------------
- $mydestination or
- $inet_interfaces $local_recipient_maps optional
- $virtual_alias_domains $virtual_alias_maps none
- $virtual_mailbox_domains $virtual_mailbox_maps none
- $relay_domains $relay_recipient_maps optional
- other (not applicable) (not applicable)
+See the ADDRESS_CLASS_README file for a description of address
+classes, their benefits, and their incompatibilities.
Finally, regular expression maps are now allowed with local delivery
agent alias tables and with all virtual delivery agent lookup tables.
# file sample-smtpd.cf for detailed information.
#
# By default, Postfix relays mail
-# - from "trusted" clients whose IP address matches $mynetworks,
-# - from any client to destinations that match $relay_domains or
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
+# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
$sample_directory/sample-smtpd.cf:f:root:-:644
$sample_directory/sample-transport.cf:f:root:-:644
$sample_directory/sample-virtual.cf:f:root:-:644
+$readme_directory/ADDRESS_CLASS_README:f:root:-:644
$readme_directory/DB_README:f:root:-:644
$readme_directory/DEBUG_README:f:root:-:644
$readme_directory/ETRN_README:f:root:-:644
$readme_directory/LDAP_README:f:root:-:644
$readme_directory/LINUX_README:f:root:-:644
$readme_directory/LMTP_README:f:root:-:644
+$readme_directory/LOCAL_RECIPIENT_README:f:root:-:644
$readme_directory/MACOSX_README:f:root:-:644
$readme_directory/MAILDROP_README:f:root:-:644
$readme_directory/MYSQL_README:f:root:-:644
# receiving mail, or when converting 8BITMIME to 7BIT while delivering
# mail.
#
-mime_nesting_limit = 20
+mime_nesting_limit = 100
# Specify "yes" to reject mail with 8-bit text in message headers.
# This optional restriction is enforced while receiving mail.
# Skip over base 64 encoded blocks. This saves lots of CPU cycles.
# Expressions by Liviu Daia. Amended by Victor Duchovni.
-~^[[:alnum:]+/]{60,}[:space:]*$~ OK
+~^[[:alnum:]+/]{60,}[[:space:]]*$~ OK
# Your own body patterns go here.
# recipient addresses that SMTP clients can send in RCPT TO commands.
#
# By default, Postfix relays mail
-# - from trusted clients whose IP address matches $mynetworks,
-# - from untrusted clients to destinations that match $relay_domains
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
+# - from "untrusted" clients to destinations that match $relay_domains
# or subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# parameters that control virtual alias database lookups.
# This file describes configuration settings that can be used for
-# aliasing and for implementing SIMULATED VIRTUAL DOMAINS (domains
-# for which all mail is aliased to one or more local or remote
-# addresses). For details, see the virtual(5) manual page.
+# virtual aliasing and for implementing VIRTUAL ALIAS DOMAINS (domains
+# for which all addresses are aliased to addresses in other domains).
+# For details, see the virtual(5) manual page.
#
-# If you need TRUE VIRTUAL DOMAINS (domains where each virtual address
-# can have its own mailbox), then you should use the virtual(8)
+# If you need VIRTUAL MAILBOX DOMAINS (domains where each virtual
+# address can have its own mailbox), then you should use the virtual(8)
# delivery agent instead. For details, see the VIRTUAL_README file.
# The virtual_alias_maps parameter specifies optional lookup tables to
# alias specific addresses or even complete domains to another
-# address. This is typically used to simulate virtual domain support.
+# address. This is typically used to implement virtual domain support.
#
# By default, no address aliasing is done.
#
#virtual_alias_maps = hash:/etc/postfix/virtual, netinfo:/virtual
virtual_alias_maps =
-# The virtual_alias_domains parameter specifies the names of simulated
-# virtual domains, that is, domains for which all mail is aliased to
-# one or more local or remote addresses.
+# The virtual_alias_domains parameter specifies the names of virtual
+# alias domains, that is, domains for which all addresses are aliased
+# to addresses in other domains.
#
# By default, this is set to $virtual_alias_maps so that you can keep
-# all information about simulated virtual domains in one place. If
+# all information about virtual alias domains in one place. If
# you have many users, it is better to separate information that
# changes more frequently (virtual address -> local or remote address
# mapping) from information that changes less frequently (the list
# o To redirect mail for one address to one or more
# addresses.
#
-# o To simulate virtual domains where all virtual
-# addresses are aliased to non-virtual addresses.
-#
-# Simulated virtual domains are not to be confused
-# with the true virtual domains that are implemented
-# with the Postfix virtual(8) mail delivery agent.
-#
-# Virtual aliasing is applied only to recipient envelope
-# addresses, and does not affect message headers. Think
-# Sendmail rule set S0, if you like. Use canonical(5) map-
-# ping to rewrite header and envelope addresses in general.
-#
-# Normally, the virtual alias table is specified as a text
-# file that serves as input to the postmap(1) command. The
-# result, an indexed file in dbm or db format, is used for
-# fast searching by the mail system. Execute the command
+# o To implement virtual alias domains where all
+# addresses are aliased to addresses in other
+# domains.
+#
+# Virtual alias domains are not to be confused with
+# the virtual mailbox domains that are implemented
+# with the Postfix virtual(8) mail delivery agent.
+# With virtual mailbox domains, each recipient
+# address can have its own mailbox.
+#
+# Virtual aliasing is applied only to recipient envelope
+# addresses, and does not affect message headers. Think
+# Sendmail rule set S0, if you like. Use canonical(5) map-
+# ping to rewrite header and envelope addresses in general.
+#
+# Normally, the virtual alias table is specified as a text
+# file that serves as input to the postmap(1) command. The
+# result, an indexed file in dbm or db format, is used for
+# fast searching by the mail system. Execute the command
# postmap /etc/postfix/virtual in order to rebuild the
# indexed file after changing the text file.
#
-# When the table is provided via other means such as NIS,
-# LDAP or SQL, the same lookups are done as for ordinary
+# When the table is provided via other means such as NIS,
+# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
-# Alternatively, the table can be provided as a regular-
+# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
-# sions. In that case, the lookups are done in a slightly
+# sions. In that case, the lookups are done in a slightly
# different way as described below.
#
# TABLE FORMAT
-# The format of the virtual table is as follows, mappings
+# The format of the virtual table is as follows, mappings
# being tried in the order as listed in this manual page:
#
# pattern result
-# When pattern matches a mail address, replace it by
+# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, patterns are
+# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address, address, ...
-# Mail for user@domain is redirected to address.
+# Mail for user@domain is redirected to address.
# This form has the highest precedence.
#
# user address, address, ...
-# Mail for user@site is redirected to address when
-# site is equal to $myorigin, when site is listed in
+# Mail for user@site is redirected to address when
+# site is equal to $myorigin, when site is listed in
# $mydestination, or when it is listed in
# $inet_interfaces.
#
-# This functionality overlaps with functionality of
-# the local aliases(5) database. The difference is
-# that virtual mapping can be applied to non-local
+# This functionality overlaps with functionality of
+# the local aliases(5) database. The difference is
+# that virtual mapping can be applied to non-local
# addresses.
#
# @domain address, address, ...
-# Mail for any user in domain is redirected to
+# Mail for any user in domain is redirected to
# address. This form has the lowest precedence.
#
-# In all the above forms, when address has the form @other-
-# domain, the result is the same user in otherdomain. This
+# In all the above forms, when address has the form @other-
+# domain, the result is the same user in otherdomain. This
# works for the first address in the expansion only.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
-# @domain. An unmatched address extension (+foo) is propa-
+# @domain. An unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
-# SIMULATED VIRTUAL DOMAINS
-# Besides virtual aliases, the virtual alias table can also
-# be used to simulate virtual domains. With a simulated vir-
-# tual domain, all recipient addresses are aliased to non-
-# virtual addresses. These non-virtual addresses may be
-# either local or remote.
+# VIRTUAL ALIAS DOMAINS
+# Besides virtual aliases, the virtual alias table can also
+# be used to implement virtual alias domains. With a virtual
+# alias domain, all recipient addresses are aliased to
+# addresses in other domains.
#
-# Simulated virtual domains are not to be confused with the
-# true virtual domains that are implemented with the Postfix
-# virtual(8) mail delivery agent. With true virtual domains,
-# each recipient address can have its own mailbox.
+# Virtual alias domains are not to be confused with the vir-
+# tual mailbox domains that are implemented with the Postfix
+# virtual(8) mail delivery agent. With virtual mailbox
+# domains, each recipient address can have its own mailbox.
#
-# With a simulated virtual domain, the virtual domain has
-# its own user name space. Local (i.e. non-virtual) user-
-# names are not visible in a simulated virtual domain. In
-# particular, local aliases(5) and local mailing lists are
-# not visible as localname@simulated.domain.
+# With a virtual alias domain, the virtual domain has its
+# own user name space. Local (i.e. non-virtual) usernames
+# are not visible in a virtual alias domain. In particular,
+# local aliases(5) and local mailing lists are not visible
+# as localname@virtual-alias.domain.
#
-# Support for a simulated virtual domain looks like:
+# Support for a virtual alias domain looks like:
#
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
-# Note: some systems use dbm databases instead of hash.
+# Note: some systems use dbm databases instead of hash.
# See the output from postconf -m for available database
# types.
#
# /etc/postfix/virtual:
-# simulated.domain anything (right-hand content does not matter)
-# postmaster@simulated.domain postmaster
-# user1@simulated.domain address1
-# user2@simulated.domain address2, address3
-#
-# The simulated.domain anything entry is required for a sim-
-# ulated virtual domain. Without this entry, mail will be
-# rejected with a "relay access denied" error condition.
-#
-# Do not list a simulated virtual domain name in the main.cf
+# virtual-alias.domain anything (right-hand content does not matter)
+# postmaster@virtual-alias.domain postmaster
+# user1@virtual-alias.domain address1
+# user2@virtual-alias.domain address2, address3
+#
+# The virtual-alias.domain anything entry is required for a
+# virtual alias domain. Without this entry, mail is rejected
+# with "relay access denied", or bounces with "mail loops
+# back to myself".
+#
+# Do not specify virtual alias domain names in the main.cf
+# mydestination or relay_domains configuration parameters.
+#
+# With a virtual alias domain, the Postfix SMTP server
+# accepts mail for known-user@virtual-alias.domain, and
+# rejects mail for unknown-user@virtual-alias.domain as
+# undeliverable.
+#
+# Instead of specifying the virtual alias domain name via
+# the virtual_alias_maps table, you may also specify it via
+# the main.cf virtual_alias_domains configuration parameter.
+# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
-# With a simulated virtual domain, the Postfix SMTP server
-# accepts mail for known-user@simulated.domain, and rejects
-# mail for unknown-user@simulated.domain as undeliverable.
-#
-# Instead of specifying the simulated virtual domain name
-# via the virtual_alias_maps table, you may also specify it
-# via the main.cf virtual_alias_domains configuration param-
-# eter. This latter parameter uses the same syntax as the
-# main.cf mydestination configuration parameter.
-#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the postfix reload
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the postfix reload
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
-# List of simulated virtual domains. This uses the
-# same syntax as the mydestination parameter.
+# List of virtual alias domains. This uses the same
+# syntax as the mydestination parameter.
#
# Other parameters of interest:
#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
-# The domain that is appended to any address that
+# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
# pcre_table(5) Perl Compatible Regular Expression table format
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
iter characters.
<b>Known</b> <b>versus</b> <b>unknown</b> <b>recipients</b>
+ <b>show</b><i>_</i><b>user</b><i>_</i><b>unknown</b><i>_</i><b>table</b><i>_</i><b>name</b>
+ Whether or not to reveal the table name in the
+ "User unknown" responses. The extra detail makes
+ trouble shooting easier but also reveals informa-
+ tion that is nobody elses business.
+
<b>unknown</b><i>_</i><b>local</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$mydestination</b> or
+ ent whose domain matches <b>$mydestination</b> or
<b>$inet</b><i>_</i><b>interfaces</b>, while <b>$local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is
- non-empty and does not list the recipient address
+ non-empty and does not list the recipient address
or address local-part.
<b>unknown</b><i>_</i><b>relay</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi-
ent whose domain matches <b>$relay</b><i>_</i><b>domains</b>, while
- <b>$relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not
+ <b>$relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not
list the recipient address.
<b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>alias</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>,
- while the recipient is not listed in <b>$vir-</b>
+ ent whose domain matches <b>$virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>,
+ while the recipient is not listed in <b>$vir-</b>
<b>tual</b><i>_</i><b>alias</b><i>_</i><b>maps</b>.
<b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>,
+ ent whose domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>,
while the recipient is not listed in <b>$virtual</b><i>_</i><b>mail-</b>
<b>box</b><i>_</i><b>maps</b>.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory in bytes used for the
+ Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
- Minimal amount of free space in bytes in the queue
- file system for the SMTP server to accept any mail
+ Minimal amount of free space in bytes in the queue
+ file system for the SMTP server to accept any mail
at all.
<b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b>
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
- wait <i>error_count</i> seconds before responding to any
+ wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk
- command such as NOOP, VRFY, ETRN or RSET in one
- SMTP session before it is penalized with tarpit
+ command such as NOOP, VRFY, ETRN or RSET in one
+ SMTP session before it is penalized with tarpit
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b>
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
+ Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b>
- Restrictions on the <b>DATA</b> command. Currently, the
- only restriction that makes sense here is
+ Restrictions on the <b>DATA</b> command. Currently, the
+ only restriction that makes sense here is
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b>
- The lookup key to be used in SMTPD access tables
- instead of the null sender address. A null sender
+ The lookup key to be used in SMTPD access tables
+ instead of the null sender address. A null sender
address cannot be looked up.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated)
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
<b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction.
<b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b>
- Only domains whose primary MX hosts match the
- listed networks are eligible for the <b>per-</b>
+ Only domains whose primary MX hosts match the
+ listed networks are eligible for the <b>per-</b>
<b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature.
<b>relay</b><i>_</i><b>domains</b>
- Restrict what domains this mail system will relay
- mail to. The domains are routed to the delivery
+ Restrict what domains this mail system will relay
+ mail to. The domains are routed to the delivery
agent specified with the <b>relay</b><i>_</i><b>transport</b> setting.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates an access
+ Response code when a client violates an access
database restriction.
<b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b>
Default template reply when a request is RBL black-
- listed. This template is used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b>
- and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
+ listed. This template is used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b>
+ and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
<b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>.
<b>defer</b><i>_</i><b>code</b>
- Response code when a client request is rejected by
+ Response code when a client request is rejected by
the <b>defer</b> restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a request is RBL blacklisted.
<b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b>
- Table with template responses for RBL blacklisted
- requests, indexed by RBL domain name. These tem-
+ Table with template responses for RBL blacklisted
+ requests, indexed by RBL domain name. These tem-
plates are used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b> and
- <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
+ <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
<b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>.
<b>reject</b><i>_</i><b>code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
tion.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
<a href="transport.5.html">transport(5)</a> transport table format
+ <a href="relocated.5.html">relocated(5)</a> format of the "user has moved" table
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
<dt>Examples:
<dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access,
-reject_rbl_client relays.mail-abuse.org</b>
+reject_rbl_client relays.mail-abuse.org</b> (paid service)
<dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access,
-reject_rhsbl_client dsn.rfc-ignorant.org</b>
+reject_rbl_client relays.ordb.org</b> (free service)
+
+<dd> <b>smtpd_client_restrictions = hash:/etc/postfix/access,
+reject_rhsbl_client dsn.rfc-ignorant.org</b> (free service)
<dd> <b>smtpd_client_restrictions = permit_mynetworks,
reject_unknown_client</b>
<p>
-<a name="permit_naked_ip_address">
-
-<dt> <b>permit_naked_ip_address</b> <dd> Permit the request when
-the client HELO (EHLO) command contains a naked IP address without
-the enclosing <b>[]</b> brackets that the RFC requires. Unfortunately,
-some popular PC mail clients send <b>HELO</b> greetings in this
-manner.
-
-<p>
-
<a name="reject_unknown_hostname">
<dt> <b>reject_unknown_hostname</b> <dd> Reject the request when
<ul>
<li>from trusted clients whose IP address matches <a
-href="basic.html#mynetworks">$mynetworks</a>,
+href="basic.html#mynetworks">$mynetworks</a> to any destination,
<li>from untrusted clients to destinations that match <a
href="#relay_domains"> $relay_domains</a> or a subdomain thereof,
<a name="permit_auth_destination">
-<dt> <b>permit_auth_destination</b> <dd> Ignore the client hostname.
+<dt> <b>permit_auth_destination</b> <dd>
Permit the request when one of the following is true:
<ul>
</ul>
-Otherwise proceed with the next restriction.
-
<p>
<a name="reject_unauth_destination">
-<dt> <b>reject_unauth_destination</b> <dd> Ignore the client
-hostname. Reject the request unless one of the following is true:
+<dt> <b>reject_unauth_destination</b> <dd>
+Reject the request unless one of the following is true:
<ul>
<p>
+<a name="check_recipient_maps">
+
+<dt> <b>check_recipient_maps</b> <dd> Reject the request
+when the recipient address is not listed in one of the following
+lookup tables:
+
+<blockquote>
+
+<table border="1">
+
+<tr><th>Recipient domain matches <th>Recipient lookup table
+
+<tr><td><a href="basic.html#mydestination"> $mydestination</a> or
+<a href="basic.html#inet_interfaces">$inet_interfaces</a>
+<td>$local_recipient_maps
+
+<tr><td>$virtual_alias_domains <td>$virtual_alias_maps
+
+<tr><td>$virtual_mailbox_domains <td>$virtual_mailbox_maps
+
+<tr><td>$relay_domains <td>$relay_recipient_maps
+
+</table>
+
+</blockquote>
+
+Note 1: a null $local_recipient_maps or $relay_recipient_maps setting
+means that no recipient check is done for the corresponding domains.
+
+<p>
+
+Note 2: Postfix applies an implicit <b>check_recipient_maps</b>
+restriction at the end of all recipient restrictions.
+
+<p>
+
<a name="reject_unknown_recipient_domain">
<dt> <b>reject_unknown_recipient_domain</b> <dd> Reject the request
<b>o</b> To redirect mail for one address to one or more
addresses.
- <b>o</b> To simulate virtual domains where all virtual
- addresses are aliased to non-virtual addresses.
-
- Simulated virtual domains are not to be confused
- with the true virtual domains that are implemented
- with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent.
-
- Virtual aliasing is applied only to recipient envelope
- addresses, and does not affect message headers. Think
- Sendmail rule set <b>S0</b>, if you like. Use <a href="canonical.5.html"><b>canonical</b>(5)</a> map-
- ping to rewrite header and envelope addresses in general.
-
- Normally, the <b>virtual</b> alias table is specified as a text
- file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
+ <b>o</b> To implement virtual alias domains where all
+ addresses are aliased to addresses in other
+ domains.
+
+ Virtual alias domains are not to be confused with
+ the virtual mailbox domains that are implemented
+ with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent.
+ With virtual mailbox domains, each recipient
+ address can have its own mailbox.
+
+ Virtual aliasing is applied only to recipient envelope
+ addresses, and does not affect message headers. Think
+ Sendmail rule set <b>S0</b>, if you like. Use <a href="canonical.5.html"><b>canonical</b>(5)</a> map-
+ ping to rewrite header and envelope addresses in general.
+
+ Normally, the <b>virtual</b> alias table is specified as a text
+ file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
+ result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
+ fast searching by the mail system. Execute the command
<b>postmap</b> <b>/etc/postfix/virtual</b> in order to rebuild the
indexed file after changing the text file.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
indexed files.
- Alternatively, the table can be provided as a regular-
+ Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
- sions. In that case, the lookups are done in a slightly
+ sions. In that case, the lookups are done in a slightly
different way as described below.
<b>TABLE</b> <b>FORMAT</b>
- The format of the virtual table is as follows, mappings
+ The format of the virtual table is as follows, mappings
being tried in the order as listed in this manual page:
<i>pattern</i> <i>result</i>
- When <i>pattern</i> matches a mail address, replace it by
+ When <i>pattern</i> matches a mail address, replace it by
the corresponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user</i>@<i>domain</i> <i>address,</i> <i>address,</i> <i>...</i>
- Mail for <i>user</i>@<i>domain</i> is redirected to <i>address</i>.
+ Mail for <i>user</i>@<i>domain</i> is redirected to <i>address</i>.
This form has the highest precedence.
<i>user</i> <i>address,</i> <i>address,</i> <i>...</i>
- Mail for <i>user</i>@<i>site</i> is redirected to <i>address</i> when
- <i>site</i> is equal to $<b>myorigin</b>, when <i>site</i> is listed in
+ Mail for <i>user</i>@<i>site</i> is redirected to <i>address</i> when
+ <i>site</i> is equal to $<b>myorigin</b>, when <i>site</i> is listed in
$mydestination, or when it is listed in
$<i>inet_interfaces</i>.
- This functionality overlaps with functionality of
- the local <i>aliases</i>(5) database. The difference is
- that <b>virtual</b> mapping can be applied to non-local
+ This functionality overlaps with functionality of
+ the local <i>aliases</i>(5) database. The difference is
+ that <b>virtual</b> mapping can be applied to non-local
addresses.
@<i>domain</i> <i>address,</i> <i>address,</i> <i>...</i>
- Mail for any user in <i>domain</i> is redirected to
+ Mail for any user in <i>domain</i> is redirected to
<i>address</i>. This form has the lowest precedence.
- In all the above forms, when <i>address</i> has the form @<i>other-</i>
- <i>domain</i>, the result is the same user in <i>otherdomain</i>. This
+ In all the above forms, when <i>address</i> has the form @<i>other-</i>
+ <i>domain</i>, the result is the same user in <i>otherdomain</i>. This
works for the first address in the expansion only.
<b>ADDRESS</b> <b>EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
- @<i>domain</i>. An unmatched address extension (<i>+foo</i>) is propa-
+ @<i>domain</i>. An unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
-<b>SIMULATED</b> <b>VIRTUAL</b> <b>DOMAINS</b>
- Besides virtual aliases, the virtual alias table can also
- be used to simulate virtual domains. With a simulated vir-
- tual domain, all recipient addresses are aliased to non-
- virtual addresses. These non-virtual addresses may be
- either local or remote.
+<b>VIRTUAL</b> <b>ALIAS</b> <b>DOMAINS</b>
+ Besides virtual aliases, the virtual alias table can also
+ be used to implement virtual alias domains. With a virtual
+ alias domain, all recipient addresses are aliased to
+ addresses in other domains.
- Simulated virtual domains are not to be confused with the
- true virtual domains that are implemented with the Postfix
- <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With true virtual domains,
- each recipient address can have its own mailbox.
+ Virtual alias domains are not to be confused with the vir-
+ tual mailbox domains that are implemented with the Postfix
+ <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox
+ domains, each recipient address can have its own mailbox.
- With a simulated virtual domain, the virtual domain has
- its own user name space. Local (i.e. non-virtual) user-
- names are not visible in a simulated virtual domain. In
- particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are
- not visible as <i>localname@simulated.domain</i>.
+ With a virtual alias domain, the virtual domain has its
+ own user name space. Local (i.e. non-virtual) usernames
+ are not visible in a virtual alias domain. In particular,
+ local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
+ as <i>localname@virtual-alias.domain</i>.
- Support for a simulated virtual domain looks like:
+ Support for a virtual alias domain looks like:
/etc/postfix/main.cf:
virtual_alias_maps = hash:/etc/postfix/virtual
- Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
+ Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
See the output from <b>postconf</b> <b>-m</b> for available database
types.
/etc/postfix/virtual:
- <i>simulated.domain</i> <i>anything</i> (right-hand content does not matter)
- <i>postmaster@simulated.domain</i> <i>postmaster</i>
- <i>user1@simulated.domain</i> <i>address1</i>
- <i>user2@simulated.domain</i> <i>address2,</i> <i>address3</i>
-
- The <i>simulated.domain</i> <i>anything</i> entry is required for a sim-
- ulated virtual domain. Without this entry, mail will be
- rejected with a "relay access denied" error condition.
-
- Do not list a simulated virtual domain name in the <b>main.cf</b>
+ <i>virtual-alias.domain</i> <i>anything</i> (right-hand content does not matter)
+ <i>postmaster@virtual-alias.domain</i> <i>postmaster</i>
+ <i>user1@virtual-alias.domain</i> <i>address1</i>
+ <i>user2@virtual-alias.domain</i> <i>address2,</i> <i>address3</i>
+
+ The <i>virtual-alias.domain</i> <i>anything</i> entry is required for a
+ virtual alias domain. Without this entry, mail is rejected
+ with "relay access denied", or bounces with "mail loops
+ back to myself".
+
+ Do not specify virtual alias domain names in the <b>main.cf</b>
+ <b>mydestination</b> or <b>relay</b><i>_</i><b>domains</b> configuration parameters.
+
+ With a virtual alias domain, the Postfix SMTP server
+ accepts mail for <i>known-user@virtual-alias.domain</i>, and
+ rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
+ undeliverable.
+
+ Instead of specifying the virtual alias domain name via
+ the <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>maps</b> table, you may also specify it via
+ the <b>main.cf</b> <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b> configuration parameter.
+ This latter parameter uses the same syntax as the <b>main.cf</b>
<b>mydestination</b> configuration parameter.
- With a simulated virtual domain, the Postfix SMTP server
- accepts mail for <i>known-user@simulated.domain</i>, and rejects
- mail for <i>unknown-user</i>@<i>simulated.domain</i> as undeliverable.
-
- Instead of specifying the simulated virtual domain name
- via the <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>maps</b> table, you may also specify it
- via the <b>main.cf</b> <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b> configuration param-
- eter. This latter parameter uses the same syntax as the
- <b>main.cf</b> <b>mydestination</b> configuration parameter.
-
<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this topic. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this topic. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>virtual</b><i>_</i><b>alias</b><i>_</i><b>maps</b>
List of virtual aliasing tables.
<b>virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>
- List of simulated virtual domains. This uses the
- same syntax as the <b>mydestination</b> parameter.
+ List of virtual alias domains. This uses the same
+ syntax as the <b>mydestination</b> parameter.
Other parameters of interest:
<b>inet</b><i>_</i><b>interfaces</b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b>mydestination</b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b>myorigin</b>
- The domain that is appended to any address that
+ The domain that is appended to any address that
does not have a domain.
<b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
<a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
.IP \(bu
To redirect mail for one address to one or more addresses.
.IP \(bu
-To simulate virtual domains where all virtual addresses are aliased
-to non-virtual addresses.
+To implement virtual alias domains where all addresses are aliased
+to addresses in other domains.
.sp
-Simulated virtual domains are not to be confused with the true virtual
+Virtual alias domains are not to be confused with the virtual mailbox
domains that are implemented with the Postfix \fBvirtual\fR(8) mail
-delivery agent.
+delivery agent. With virtual mailbox domains, each recipient address
+can have its own mailbox.
.PP
Virtual aliasing is applied only to recipient
envelope addresses, and does not affect message headers.
\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
\fIuser\fR, and @\fIdomain\fR. An unmatched address extension
(\fI+foo\fR) is propagated to the result of table lookup.
-.SH SIMULATED VIRTUAL DOMAINS
+.SH VIRTUAL ALIAS DOMAINS
.na
.nf
.ad
.fi
Besides virtual aliases, the virtual alias table can also be used
-to simulate virtual domains. With a simulated virtual domain, all
-recipient addresses are aliased to non-virtual addresses. These
-non-virtual addresses may be either local or remote.
+to implement virtual alias domains. With a virtual alias domain, all
+recipient addresses are aliased to addresses in other domains.
-Simulated virtual domains are not to be confused with the true virtual
+Virtual alias domains are not to be confused with the virtual mailbox
domains that are implemented with the Postfix \fBvirtual\fR(8) mail
-delivery agent. With true virtual domains, each recipient address can
-have its own mailbox.
+delivery agent. With virtual mailbox domains, each recipient address
+can have its own mailbox.
-With a simulated virtual domain, the virtual domain has its
+With a virtual alias domain, the virtual domain has its
own user name space. Local (i.e. non-virtual) usernames are not
-visible in a simulated virtual domain. In particular, local
+visible in a virtual alias domain. In particular, local
\fBaliases\fR(5) and local mailing lists are not visible as
-\fIlocalname@simulated.domain\fR.
+\fIlocalname@virtual-alias.domain\fR.
-Support for a simulated virtual domain looks like:
+Support for a virtual alias domain looks like:
/etc/postfix/main.cf:
.in +4
/etc/postfix/virtual:
.nf
.na
-\fIsimulated.domain anything\fR (right-hand content does not matter)
-\fIpostmaster@simulated.domain postmaster\fR
-\fIuser1@simulated.domain address1\fR
-\fIuser2@simulated.domain address2, address3\fR
+\fIvirtual-alias.domain anything\fR (right-hand content does not matter)
+\fIpostmaster@virtual-alias.domain postmaster\fR
+\fIuser1@virtual-alias.domain address1\fR
+\fIuser2@virtual-alias.domain address2, address3\fR
.fi
.in -4
.ad
.fi
.sp
-The \fIsimulated.domain anything\fR entry is required for a
-simulated virtual domain. Without this entry, mail will
-be rejected with a "relay access denied" error condition.
+The \fIvirtual-alias.domain anything\fR entry is required for a
+virtual alias domain. Without this entry, mail is rejected
+with "relay access denied", or bounces with
+"mail loops back to myself".
-Do not list a simulated virtual domain name in the \fBmain.cf
-mydestination\fR configuration parameter.
+Do not specify virtual alias domain names in the \fBmain.cf
+mydestination\fR or \fBrelay_domains\fR configuration parameters.
-With a simulated virtual domain, the Postfix SMTP server
-accepts mail for \fIknown-user@simulated.domain\fR, and rejects
-mail for \fIunknown-user\fR@\fIsimulated.domain\fR as undeliverable.
+With a virtual alias domain, the Postfix SMTP server
+accepts mail for \fIknown-user@virtual-alias.domain\fR, and rejects
+mail for \fIunknown-user\fR@\fIvirtual-alias.domain\fR as undeliverable.
-Instead of specifying the simulated virtual domain name via
+Instead of specifying the virtual alias domain name via
the \fBvirtual_alias_maps\fR table, you may also specify it via
the \fBmain.cf virtual_alias_domains\fR configuration parameter.
This latter parameter uses the same syntax as the \fBmain.cf
.IP \fBvirtual_alias_maps\fR
List of virtual aliasing tables.
.IP \fBvirtual_alias_domains\fR
-List of simulated virtual domains. This uses the same syntax
+List of virtual alias domains. This uses the same syntax
as the \fBmydestination\fR parameter.
.PP
Other parameters of interest:
.SH "Known versus unknown recipients"
.ad
.fi
+.IP \fBshow_user_unknown_table_name\fR
+Whether or not to reveal the table name in the "User unknown"
+responses. The extra detail makes trouble shooting easier
+but also reveals information that is nobody elses business.
.IP \fBunknown_local_recipient_reject_code\fR
The response code when a client specifies a recipient whose domain
matches \fB$mydestination\fR or \fB$inet_interfaces\fR, while
master(8) process manager
syslogd(8) system logging
transport(5) transport table format
+relocated(5) format of the "user has moved" table
.SH LICENSE
.na
.nf
# .IP \(bu
# To redirect mail for one address to one or more addresses.
# .IP \(bu
-# To simulate virtual domains where all virtual addresses are aliased
-# to non-virtual addresses.
+# To implement virtual alias domains where all addresses are aliased
+# to addresses in other domains.
# .sp
-# Simulated virtual domains are not to be confused with the true virtual
+# Virtual alias domains are not to be confused with the virtual mailbox
# domains that are implemented with the Postfix \fBvirtual\fR(8) mail
-# delivery agent.
+# delivery agent. With virtual mailbox domains, each recipient address
+# can have its own mailbox.
# .PP
# Virtual aliasing is applied only to recipient
# envelope addresses, and does not affect message headers.
# \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
# \fIuser\fR, and @\fIdomain\fR. An unmatched address extension
# (\fI+foo\fR) is propagated to the result of table lookup.
-# SIMULATED VIRTUAL DOMAINS
+# VIRTUAL ALIAS DOMAINS
# .ad
# .fi
# Besides virtual aliases, the virtual alias table can also be used
-# to simulate virtual domains. With a simulated virtual domain, all
-# recipient addresses are aliased to non-virtual addresses. These
-# non-virtual addresses may be either local or remote.
+# to implement virtual alias domains. With a virtual alias domain, all
+# recipient addresses are aliased to addresses in other domains.
#
-# Simulated virtual domains are not to be confused with the true virtual
+# Virtual alias domains are not to be confused with the virtual mailbox
# domains that are implemented with the Postfix \fBvirtual\fR(8) mail
-# delivery agent. With true virtual domains, each recipient address can
-# have its own mailbox.
+# delivery agent. With virtual mailbox domains, each recipient address
+# can have its own mailbox.
#
-# With a simulated virtual domain, the virtual domain has its
+# With a virtual alias domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames are not
-# visible in a simulated virtual domain. In particular, local
+# visible in a virtual alias domain. In particular, local
# \fBaliases\fR(5) and local mailing lists are not visible as
-# \fIlocalname@simulated.domain\fR.
+# \fIlocalname@virtual-alias.domain\fR.
#
-# Support for a simulated virtual domain looks like:
+# Support for a virtual alias domain looks like:
#
# /etc/postfix/main.cf:
# .in +4
# /etc/postfix/virtual:
# .nf
# .na
-# \fIsimulated.domain anything\fR (right-hand content does not matter)
-# \fIpostmaster@simulated.domain postmaster\fR
-# \fIuser1@simulated.domain address1\fR
-# \fIuser2@simulated.domain address2, address3\fR
+# \fIvirtual-alias.domain anything\fR (right-hand content does not matter)
+# \fIpostmaster@virtual-alias.domain postmaster\fR
+# \fIuser1@virtual-alias.domain address1\fR
+# \fIuser2@virtual-alias.domain address2, address3\fR
# .fi
# .in -4
# .ad
# .fi
# .sp
-# The \fIsimulated.domain anything\fR entry is required for a
-# simulated virtual domain. Without this entry, mail will
-# be rejected with a "relay access denied" error condition.
+# The \fIvirtual-alias.domain anything\fR entry is required for a
+# virtual alias domain. Without this entry, mail is rejected
+# with "relay access denied", or bounces with
+# "mail loops back to myself".
#
-# Do not list a simulated virtual domain name in the \fBmain.cf
-# mydestination\fR configuration parameter.
+# Do not specify virtual alias domain names in the \fBmain.cf
+# mydestination\fR or \fBrelay_domains\fR configuration parameters.
#
-# With a simulated virtual domain, the Postfix SMTP server
-# accepts mail for \fIknown-user@simulated.domain\fR, and rejects
-# mail for \fIunknown-user\fR@\fIsimulated.domain\fR as undeliverable.
+# With a virtual alias domain, the Postfix SMTP server
+# accepts mail for \fIknown-user@virtual-alias.domain\fR, and rejects
+# mail for \fIunknown-user\fR@\fIvirtual-alias.domain\fR as undeliverable.
#
-# Instead of specifying the simulated virtual domain name via
+# Instead of specifying the virtual alias domain name via
# the \fBvirtual_alias_maps\fR table, you may also specify it via
# the \fBmain.cf virtual_alias_domains\fR configuration parameter.
# This latter parameter uses the same syntax as the \fBmain.cf
# .IP \fBvirtual_alias_maps\fR
# List of virtual aliasing tables.
# .IP \fBvirtual_alias_domains\fR
-# List of simulated virtual domains. This uses the same syntax
+# List of virtual alias domains. This uses the same syntax
# as the \fBmydestination\fR parameter.
# .PP
# Other parameters of interest:
#define DEF_HELPFUL_WARNINGS 1
extern bool var_helpful_warnings;
+ /*
+ * You want to be helped or not.
+ */
+#define VAR_SHOW_UNK_RCPT_TABLE "show_user_unknown_table_name"
+#define DEF_SHOW_UNK_RCPT_TABLE 1
+extern bool var_show_unk_rcpt_table;
+
/*
* What problem classes should be reported to the postmaster via email.
* Default is bad problems only. See mail_error(3). Even when mail notices
#define REJECT_UNKNOWN_SENDDOM "reject_unknown_sender_domain"
#define REJECT_UNKNOWN_RCPTDOM "reject_unknown_recipient_domain"
#define REJECT_UNKNOWN_ADDRESS "reject_unknown_address"
+#define CHECK_RCPT_MAPS "check_recipient_maps"
#define VAR_UNK_ADDR_CODE "unknown_address_reject_code"
#define DEF_UNK_ADDR_CODE 450
extern int var_unk_addr_code;
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20021219"
+#define MAIL_RELEASE_DATE "20021221"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.12-" MAIL_RELEASE_DATE
smtpd.o: ../../include/quote_822_local.h
smtpd.o: ../../include/quote_flags.h
smtpd.o: ../../include/lex_822.h
+smtpd.o: ../../include/namadr_list.h
smtpd.o: ../../include/mail_server.h
smtpd.o: smtpd_token.h
smtpd.o: smtpd.h
/* .SH "Known versus unknown recipients"
/* .ad
/* .fi
+/* .IP \fBshow_user_unknown_table_name\fR
+/* Whether or not to reveal the table name in the "User unknown"
+/* responses. The extra detail makes trouble shooting easier
+/* but also reveals information that is nobody elses business.
/* .IP \fBunknown_local_recipient_reject_code\fR
/* The response code when a client specifies a recipient whose domain
/* matches \fB$mydestination\fR or \fB$inet_interfaces\fR, while
int var_virt_mailbox_code;
int var_relay_rcpt_code;
char *var_verp_clients;
+int var_show_unk_rcpt_table;
/*
* Silly little macros.
return (-1);
}
if (SMTPD_STAND_ALONE(state) == 0) {
- if ((err = smtpd_check_rcptmap(state, argv[2].strval)) != 0) {
+ if ((err = smtpd_check_rcpt(state, argv[2].strval)) != 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
}
- if ((err = smtpd_check_rcpt(state, argv[2].strval)) != 0) {
+ if ((err = smtpd_check_rcptmap(state, argv[2].strval)) != 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
}
VAR_ALLOW_UNTRUST_ROUTE, DEF_ALLOW_UNTRUST_ROUTE, &var_allow_untrust_route,
VAR_SMTPD_SASL_ENABLE, DEF_SMTPD_SASL_ENABLE, &var_smtpd_sasl_enable,
VAR_BROKEN_AUTH_CLNTS, DEF_BROKEN_AUTH_CLNTS, &var_broken_auth_clients,
+ VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table,
0,
};
static CONFIG_STR_TABLE str_table[] = {
VSTRING *sasl_encoded;
VSTRING *sasl_decoded;
#endif
+ int rcptmap_checked;
int warn_if_reject; /* force reject into warning */
SMTPD_DEFER defer_if_reject; /* force reject into deferral */
SMTPD_DEFER defer_if_permit; /* force permit into deferral */
/* .IP "check_recipient_access maptype:mapname"
/* Look up the resolved recipient address in the named access table,
/* any parent domains of the recipient domain, and the localpart@.
+/* .IP "check_recipient_maps"
+/* Reject recipients not listed as valid local, virtual or relay
+/* recipients.
/* .IP reject_rbl_client rbl.domain.tld
/* Look up the reversed client network address in the specified
/* real-time blackhole DNS zone. The \fIrbl_reply_maps\fR configuration
/* TO command.
/* .PP
/* smtpd_check_rcptmap() validates the recipient address provided
-/* with an RCPT TO request. Relevant configuration parameters:
+/* with an RCPT TO request and sets the rcptmap_checked flag.
+/* Relevant configuration parameters:
/* .IP local_recipients_map
/* Tables of user names (not addresses) that exist in $mydestination.
/* Mail for local users not in these tables is rejected.
*/
static int generic_checks(SMTPD_STATE *, ARGV *, const char *, const char *, const char *);
+ /*
+ * Recipient table check.
+ */
+static int check_rcpt_maps(SMTPD_STATE *state, const char *recipient);
+
/*
* Reject context.
*/
status = reject_rbl_domain(state, *cpp, state->recipient,
SMTPD_NAME_RECIPIENT);
}
+ } else if (strcasecmp(name, CHECK_RCPT_MAPS) == 0) {
+ if (state->recipient && *state->recipient)
+ status = check_rcpt_maps(state, state->recipient);
}
/*
return (x); \
}
+ /*
+ * The "check_recipient_maps" restriction is relevant only when
+ * responding to RCPT TO. It's effectively disabled with DATA (recipient
+ * context is explicitly turned off) and not applicable with undelayed
+ * client/helo/sender restrictions (no recipient info) or with ETRN
+ * (command not allowed in the middle of an ongoing MAIL transaction).
+ */
+ state->rcptmap_checked = 0;
+
/*
* Apply delayed restrictions.
*/
SMTPD_CHECK_RESET();
status = setjmp(smtpd_check_buf);
if (status == 0 && rcpt_restrctions->argc)
- status = generic_checks(state, rcpt_restrctions,
+ status = generic_checks(state, rcpt_restrctions,
recipient, SMTPD_NAME_RECIPIENT, CHECK_RECIP_ACL);
/*
char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
{
char *myname = "smtpd_check_rcptmap";
- char *saved_recipient;
- const RESOLVE_REPLY *reply;
int status;
- /*
- * XXX This module does a lot of unnecessary guessing. This functionality
- * will eventually become part of the trivial-rewrite resolver, including
- * the canonical and virtual mapping.
- */
if (msg_verbose)
msg_info("%s: %s", myname, recipient);
/*
- * Minor kluge so that we can delegate work to the generic routine and so
- * that we can syslog the recipient with the reject messages.
+ * Return here in case of serious trouble.
*/
- SMTPD_CHECK_PUSH(saved_recipient, state->recipient, recipient);
+ if ((status = setjmp(smtpd_check_buf)) == 0)
+ status = check_rcpt_maps(state, recipient);
+
+ return (status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
+}
+
+/* check_rcpt_maps - generic_checks() interface for recipient table check */
+
+static int check_rcpt_maps(SMTPD_STATE *state, const char *recipient)
+{
+ const RESOLVE_REPLY *reply;
/*
- * Return here in case of serious trouble.
+ * Duplicate suppression. There's an implicit check_recipient_maps
+ * restriction at the end of all recipient restrictions.
*/
- if ((status = setjmp(smtpd_check_buf)) != 0)
- SMTPD_CHECK_RCPT_RETURN(status == SMTPD_CHECK_REJECT ?
- STR(error_text) : 0);
+ if (state->rcptmap_checked == 1)
+ return (0);
+ state->rcptmap_checked = 1;
/*
* Resolve the address.
(checkv8_maps_find(state, recipient, map, rcpt) == 0)
/*
- * XXX We throw up our hands if the address matches a canonical or
- * virtual alias map. Eventually, the address resolver should give us the
- * final resolved recipient address, and the SMTP server should write the
- * final recipient address to the output record stream. See also the next
- * comment block on recipients in simulated virtual domains.
+ * XXX We assume the recipient address is OK if it matches a canonical
+ * map or virtual alias map. Eventually, the address resolver should give
+ * us the final resolved recipient address, and the SMTP server should
+ * write the final resolved recipient address to the output record
+ * stream. See also the next comment block on recipients in virtual alias
+ * domains.
*/
if (MATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
|| MATCH(canonical_maps, CONST_STR(reply->recipient))
|| MATCH(virt_alias_maps, CONST_STR(reply->recipient)))
- SMTPD_CHECK_RCPT_RETURN(0);
+ return (0);
/*
* At this point, anything that resolves to the error mailer is known to
* be undeliverable.
*
* XXX Until the address resolver does final address resolution, known and
- * unknown recipients in simulated virtual domains will both resolve to
+ * unknown recipients in virtual alias domains will both resolve to
* "error:user unknown".
*/
- if (strcmp(STR(reply->transport), MAIL_SERVICE_ERROR) == 0) {
- (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
- "%d <%s>: %s",
- (reply->flags & RESOLVE_CLASS_ALIAS) ?
- var_virt_alias_code : 550,
- recipient, STR(reply->nexthop));
- SMTPD_CHECK_RCPT_RETURN(STR(error_text));
- }
+ if (strcmp(STR(reply->transport), MAIL_SERVICE_ERROR) == 0)
+ return (smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
+ "%d <%s>: %s",
+ (reply->flags & RESOLVE_CLASS_ALIAS) ?
+ var_virt_alias_code : 550,
+ recipient, STR(reply->nexthop)));
/*
* Reject mail to unknown addresses in local domains (domains that match
*/
if ((reply->flags & RESOLVE_CLASS_LOCAL)
&& *var_local_rcpt_maps
- && NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) {
- (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
- "%d <%s>: User unknown in local recipient table",
- var_local_rcpt_code, recipient);
- SMTPD_CHECK_RCPT_RETURN(STR(error_text));
- }
+ && NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient)))
+ return (smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
+ "%d <%s>: User unknown%s",
+ var_local_rcpt_code, recipient,
+ var_show_unk_rcpt_table ?
+ " in local recipient table" : ""));
/*
* Reject mail to unknown addresses in virtual mailbox domains.
*/
if ((reply->flags & RESOLVE_CLASS_VIRTUAL)
- && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))) {
- (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
- "%d <%s>: User unknown in virtual mailbox table",
- var_virt_mailbox_code, recipient);
- SMTPD_CHECK_RCPT_RETURN(STR(error_text));
- }
+ && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient)))
+ return (smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
+ "%d <%s>: User unknown%s",
+ var_virt_mailbox_code, recipient,
+ var_show_unk_rcpt_table ?
+ " in virtual mailbox table" : ""));
/*
* Reject mail to unknown addresses in relay domains.
*/
if ((reply->flags & RESOLVE_CLASS_RELAY)
&& *var_relay_rcpt_maps
- && NOMATCH(relay_rcpt_maps, CONST_STR(reply->recipient))) {
- (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
- "%d <%s>: User unknown in relay recipient table",
- var_relay_rcpt_code, recipient);
- SMTPD_CHECK_RCPT_RETURN(STR(error_text));
- }
+ && NOMATCH(relay_rcpt_maps, CONST_STR(reply->recipient)))
+ return (smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
+ "%d <%s>: User unknown%s",
+ var_relay_rcpt_code, recipient,
+ var_show_unk_rcpt_table ?
+ " in relay recipient table" : ""));
/*
* Accept all other addresses - including addresses that passed the above
* tests because of some table lookup problem.
*/
- SMTPD_CHECK_RCPT_RETURN(0);
+ return (0);
}
/* smtpd_check_size - check optional SIZE parameter value */
rcpt_domain, VAR_VIRT_ALIAS_DOMS,
VAR_VIRT_MAILBOX_DOMS);
vstring_strcpy(channel, MAIL_SERVICE_ERROR);
- vstring_strcpy(nexthop, "User unknown in virtual alias table");
+ vstring_sprintf(nexthop, "User unknown%s",
+ var_show_unk_rcpt_table ?
+ " in virtual alias table" : "");
*flags |= RESOLVE_CLASS_ALIAS;
} else if (dict_errno != 0) {
msg_warn("%s lookup failure", VAR_VIRT_ALIAS_DOMS);
/* master(8) process manager
/* syslogd(8) system logging
/* transport(5) transport table format
+/* relocated(5) format of the "user has moved" table
/* LICENSE
/* .ad
/* .fi
char *var_relocated_maps;
char *var_def_transport;
char *var_empty_addr;
+int var_show_unk_rcpt_table;
/* rewrite_service - read request and send reply */
VAR_APP_AT_MYORIGIN, DEF_APP_AT_MYORIGIN, &var_append_at_myorigin,
VAR_PERCENT_HACK, DEF_PERCENT_HACK, &var_percent_hack,
VAR_RESOLVE_DEQUOTED, DEF_RESOLVE_DEQUOTED, &var_resolve_dequoted,
+ VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table,
0,
};
/* .PP
/* argv_alloc() returns an empty string array of the requested
/* length. The result is ready for use by argv_add(). The array
-/* is not null terminated.
+/* is null terminated.
/*
/* argv_add() copies zero or more strings and adds them to the
-/* specified string array. The array is not null terminated.
+/* specified string array. The array is null terminated.
/* Terminate the argument list with a null pointer. The manifest
/* constant ARGV_END provides a convenient notation for this.
/*
argvp->argv[argvp->argc++] = mystrdup(arg);
}
va_end(ap);
+ argvp->argv[argvp->argc] = 0;
}
/* argv_terminate - terminate string array */
projects / thirdparty / postfix.git / commitdiff
