diff --git a/gnu/dist/postfix/FILTER_README b/gnu/dist/postfix/FILTER_README index adb7d28fdcda..7190790fdba4 100644 --- a/gnu/dist/postfix/FILTER_README +++ b/gnu/dist/postfix/FILTER_README @@ -128,9 +128,9 @@ for transit mail that arrives and leaves via SMTP, provided that you create no temporary files. Each temporary file adds another factor to the performance loss. -We will set up a content filtering program listening on localhost -port 10025 that receives mail via the SMTP protocol, and that -submits mail back into Postfix via localhost port 10026. +We will set up a content filtering program that receives SMTP mail +via localhost port 10025, and that submits SMTP mail back into +Postfix via localhost port 10026. .................................. : Postfix : @@ -162,7 +162,7 @@ transport table. The content filtering records are added by the smtpd and pickup servers. When a queue file has content filtering information, the queue -manager will deliver the mail to the specified content filtering +manager will deliver the mail to the specified content filter regardless of its final destination. The content filter can be set up with the Postfix spawn service, @@ -183,6 +183,9 @@ you want to have your filter listening on port localhost:10025 instead of Postfix, then you must run your filter as a stand-alone program. +Note: the localhost port 10025 SMTP server filter should announce +itself as "220 localhost...", to silence warnings in the log. + The /some/where/filter command is most likely a PERL script. PERL has modules that make talking SMTP easy. The command-line specifies that mail should be sent back into Postfix via localhost port 10026. diff --git a/gnu/dist/postfix/HISTORY b/gnu/dist/postfix/HISTORY index 4a6572894117..cae862b27465 100644 --- a/gnu/dist/postfix/HISTORY +++ b/gnu/dist/postfix/HISTORY @@ -4919,3 +4919,53 @@ Apologies for any names omitted. Code cleanup: some queue/transport operations need to be moved, after the code cleanup of the recipient/concurrency limit handling. Patrik Rak. Files: *qmgr/qmgr_message.c. + +20010313 + + Bugfix: the RFC 822 untokenizer quoted newlines inside + comments. File: global/tok822_parse.c. + +20010316 + + Cleanup: removed an extraneous warning when a queue file + write error happened. + +20010321 + + Workaround: LMTP connection caching never worked for + destinations starting with unix: or inet:. File: + lmtp/lmtp_connect.c. + +20010322 + + Portability: Solaris <2.6 does not have srandom() and + random() in libc. File: util/rand_sleep.c. It does not have + to be cryptographically strong. + + Bugfix: the fast ETRN flush server could not handle [ipaddr] + or domain names with one-character hostname part. This + fix changes the destination to logfile name mapping, so + that you need to populate the new files with "sendmail -q". + The old files go away automatically. File: flush/flush.c. + +20010327 + + Speed up mailq (sendmail -bp) display by flushing output + after each file. File: showq/showq.c. + + Portability: missing string.h includes, %p wants (void *), + Lamont Jones, HP. + +20010328 + + Bugfix: swapped logic caused cleanup to stall when the + queue file size exceeded the file size limit by less than + one the VSTREAM buffer size, so that the "file too big" + was detected after flushing the last queue file record. + File: cleanup/cleanup.c. + +20010329 + + Portability: workaround for missing prototype problem in + dict_ldap.c. This module should move to the global directory, + because it depends on Postfix main.cf parameter information. diff --git a/gnu/dist/postfix/INSTALL b/gnu/dist/postfix/INSTALL index 20d58268c25c..427a4528ce8c 100644 --- a/gnu/dist/postfix/INSTALL +++ b/gnu/dist/postfix/INSTALL @@ -249,6 +249,11 @@ or, if you feel nostalgic, use the Postfix sendmail command: and watch your syslog file for any error messages. + % egrep '(reject|warning|error|fatal|panic):' /some/log/file + +Typical logfile names are: /var/log/maillog or /var/log/syslog. +See /etc/syslog.conf for actual logfile names. + When it is run for the first time, the Postfix startup shell script will create a bunch of subdirectories below the Postfix spool directory. @@ -290,6 +295,11 @@ or, if you feel nostalgic, use the Postfix sendmail program: and watch your syslog file for any error messages. + % egrep '(reject|warning|error|fatal|panic):' /some/log/file + +Typical logfile names are: /var/log/maillog or /var/log/syslog. +See /etc/syslog.conf for actual logfile names. + When it is run for the first time, the Postfix startup shell script will create a bunch of subdirectories below the Postfix spool directory. @@ -323,6 +333,11 @@ But the good old sendmail way works just as well: and watch the syslog file for any complaints from the mail system. + % egrep '(reject|warning|error|fatal|panic):' /some/log/file + +Typical logfile names are: /var/log/maillog or /var/log/syslog. +See /etc/syslog.conf for actual logfile names. + When it is run for the first time, the Postfix startup shell script will create a bunch of subdirectories below the Postfix spool directory. @@ -509,5 +524,11 @@ idea to run every night before the syslog files are rotated: # postfix check # egrep '(reject|warning|error|fatal|panic):' /some/log/file +Typical logfile names are: /var/log/maillog or /var/log/syslog. +See /etc/syslog.conf for actual logfile names. + +The first line (postfix check) causes Postfix to report file +permission/ownership discrepancies. + The second line looks for problem reports from the mail software, and reports how effective the anti-relay and anti-UCE blocks are. diff --git a/gnu/dist/postfix/MYSQL_README b/gnu/dist/postfix/MYSQL_README index e5c0c27f8a42..faecf80a2631 100644 --- a/gnu/dist/postfix/MYSQL_README +++ b/gnu/dist/postfix/MYSQL_README @@ -3,7 +3,8 @@ We've written code to add a mysql map type. It utilizes the mysql client library, which can be obtained from: - http://www.tcx.se/download.html + http://www.mysql.com/downloads/ + http://sourceforge.net/projects/mysql/ In order to build postfix with mysql map support, you will need to add -DHAS_MYSQL and -I for the directory containing the mysql headers, and diff --git a/gnu/dist/postfix/RELEASE_NOTES b/gnu/dist/postfix/RELEASE_NOTES index 9fcf519b35b8..12117471b378 100644 --- a/gnu/dist/postfix/RELEASE_NOTES +++ b/gnu/dist/postfix/RELEASE_NOTES @@ -1,17 +1,23 @@ -This is the first official Postfix release that is not called BETA. -May it help the people who cannot get BETA software past their -management. - -Release 20010228 differs from snapshot 20010228 in that the virtual -delivery agent and nqmgr queue manager are left out. That software -will become part of the official release when it has not changed -in a while. +Release 20010228 is the first official Postfix release that is not +called BETA. May it help the people who cannot get BETA software +past their management. In the text below, incompatible changes are labeled with the Postfix version that introduced the change. If you upgrade from a later Postfix version, then you do not have to worry about that particular incompatibility. +Major incompatible changes with release-20010228 Patch 01 +========================================================= + +This release changes the names of the "fast ETRN" logfiles with +delayed mail per destination. These files are maintained by the +Postfix "fast flush" daemon. The old scheme failed with addresses +of the form user@[ip.address] and user@a.domain.name. In order to +populate the new "fast ETRN" logfiles, execute the command "sendmail +-q". The old "fast ETRN" logfiles go away by themselves (default: +after 7 days). + Major incompatible changes with release-20010228 ================================================ diff --git a/gnu/dist/postfix/SASL_README b/gnu/dist/postfix/SASL_README index 6567ab4e0cef..801d4f9afa5e 100644 --- a/gnu/dist/postfix/SASL_README +++ b/gnu/dist/postfix/SASL_README @@ -111,7 +111,16 @@ In order to allow mail relaying by authenticated clients: permit_mynetworks permit_sasl_authenticated ... In /usr/local/lib/sasl/smtpd.conf you need to specify how the server -should validate client passwords. For example: +should validate client passwords. + +In order to authenticate against the UNIX password database, try: + + /usr/local/lib/sasl/smtpd.conf: + pwcheck_method: pwcheck + +The pwcheck daemon is contained in the cyrus-sasl source tarball. + +In order to authenticate against SASL's own password database: /usr/local/lib/sasl/smtpd.conf: pwcheck_method: sasldb @@ -129,20 +138,11 @@ IMPORTANT: To get sasldb running, make sure that you set the SASL domain EXAMPLE: saslpasswd -c -u `postconf -h myhostname` exampleuser -Instead of the SASL-specific password file you can configure the -Postfix SMTP server to validate client passwords against the UNIX -shadow password file: +To run software chrooted with SASL support is an interesting +exercise. It probably is not worth the trouble. - /usr/local/lib/sasl/smtpd.conf: - pwcheck_method: shadow - -However this requires that Postfix has read access to the UNIX shadow -password file, which is normally readable only by root. Shadow -password support has been found to work for Solaris 2.7 and RedHat -6.1 but not with FreeBSD 3.4. - -To run software chrooted with SASL support is an interesting exercise. -This is one of the many problems with the present SASL support. +Testing SASL authentication in the Postfix SMTP server +====================================================== To test the whole mess, connect to the SMTP server, and you should be able to have a conversation like this: diff --git a/gnu/dist/postfix/conf/access b/gnu/dist/postfix/conf/access index 78f93f18859e..59a855eb32b6 100644 --- a/gnu/dist/postfix/conf/access +++ b/gnu/dist/postfix/conf/access @@ -76,7 +76,7 @@ # octets separated by ".". # # ACTIONS -# [45]XX text +# [45]NN text # Reject the address etc. that matches the pattern, # and respond with the numerical code and text. # @@ -86,7 +86,7 @@ # OK Accept the address etc. that matches the pattern. # # restriction... -# Apply the named UCE restriction (permit, reject, +# Apply the named UCE restriction(s) (permit, reject, # reject_unauth_destination, and so on). # # REGULAR EXPRESSION TABLES diff --git a/gnu/dist/postfix/conf/main.cf b/gnu/dist/postfix/conf/main.cf index ee1c90c708ab..fb75a55a289f 100644 --- a/gnu/dist/postfix/conf/main.cf +++ b/gnu/dist/postfix/conf/main.cf @@ -226,14 +226,12 @@ mail_owner = postfix # $inet_interfaces. If this parameter is defined, then the SMTP server # will reject mail for unknown local users. # -# The local_recipient_maps parameter accepts tables with bare usernames -# such as unix:passwd.byname and alias maps. +# If you use the default Postfix local delivery agent for local +# delivery, uncomment the definition below. # # Beware: if the Postfix SMTP server runs chrooted, you may have to -# copy the passwd database into the jail. This is system dependent. -# -# FOR THIS TO WORK, DO NOT SPECIFY VIRTUAL DOMAINS IN MYDESTINATION. -# MYDESTINATION MUST LIST NON-VIRTUAL DOMAINS ONLY. +# copy the passwd (not shadow) database into the jail. This is +# system dependent. # #local_recipient_maps = $alias_maps unix:passwd.byname diff --git a/gnu/dist/postfix/conf/sample-compatibility.cf b/gnu/dist/postfix/conf/sample-compatibility.cf index 329ee4cf3221..868ee5df0f9c 100644 --- a/gnu/dist/postfix/conf/sample-compatibility.cf +++ b/gnu/dist/postfix/conf/sample-compatibility.cf @@ -4,6 +4,16 @@ # This file contains example settings of Postfix configuration # parameters that control compatibility with broken software. +# The broken_sasl_auth_clients controls inter-operability with SMTP +# clients that do not recognize that Postfix supports RFC 2554 (AUTH +# command). Examples of such clients are MicroSoft Outlook Express +# version 4 and MicroSoft Exchange version 5.0. +# +# Specify broken_sasl_auth_clients=yes to have Postfix advertise +# AUTH support in a non-standard way. +# +broken_sasl_auth_clients = no + # The ignore_mx_lookup_error parameter controls what happens when a # name server fails to respond to an MX lookup request. By default, # Postfix defers delivery and tries again after some delay. Specify diff --git a/gnu/dist/postfix/examples/chroot-setup/HPUX10 b/gnu/dist/postfix/examples/chroot-setup/HPUX10 index ca54c658ba3f..c8869446b886 100644 --- a/gnu/dist/postfix/examples/chroot-setup/HPUX10 +++ b/gnu/dist/postfix/examples/chroot-setup/HPUX10 @@ -19,3 +19,5 @@ cd ${POSTFIX_DIR} mkdir etc cp /etc/services etc +mkdir -p usr/lib +cp /usr/lib/tztab usr/lib diff --git a/gnu/dist/postfix/examples/chroot-setup/LINUX2 b/gnu/dist/postfix/examples/chroot-setup/LINUX2 index f65f12d90100..cd63d099bbc0 100644 --- a/gnu/dist/postfix/examples/chroot-setup/LINUX2 +++ b/gnu/dist/postfix/examples/chroot-setup/LINUX2 @@ -39,7 +39,10 @@ # remove /etc/localtime in case it's a broken symlink # restrict find to maxdepth 1 (faster) -# Log: LINUX2,v +# $Log: LINUX2,v $ +# Revision 1.1.1.3 2001/04/02 10:55:36 itojun +# postfix 20010228-pl01 +# # Revision 1.4 2001/01/15 09:36:35 emma # add note it was successfully tested on Debian sid # diff --git a/gnu/dist/postfix/html/access.5.html b/gnu/dist/postfix/html/access.5.html index 0818d204c6f0..89db2dcb3a77 100644 --- a/gnu/dist/postfix/html/access.5.html +++ b/gnu/dist/postfix/html/access.5.html @@ -87,7 +87,7 @@ ACCESS(5) ACCESS(5) octets separated by ".". ACTIONS - [45]XX text + [45]NN text Reject the address etc. that matches the pattern, and respond with the numerical code and text. @@ -97,7 +97,7 @@ ACCESS(5) ACCESS(5) OK Accept the address etc. that matches the pattern. restriction... - Apply the named UCE restriction (permit, reject, + Apply the named UCE restriction(s) (permit, reject, reject_unauth_destination, and so on). REGULAR EXPRESSION TABLES diff --git a/gnu/dist/postfix/html/faq.html b/gnu/dist/postfix/html/faq.html index d48c5be2f10e..d65089113674 100644 --- a/gnu/dist/postfix/html/faq.html +++ b/gnu/dist/postfix/html/faq.html @@ -24,6 +24,8 @@
@@ -186,6 +198,8 @@ domains with "relay access denied"
+
+
+
+
+
+The envelope sender address is also the default value for the From:
+header address, when none is specified in the message.
+
+
+
+To fix, specify the envelope sender address on the sendmail command
+line:
+
+Problems with specific Operating Systems
+
+
+
+
+
+Problems with Compaq
+
+
+
+Problems with IRIX
+
+
+
POP or IMAP problems
@@ -970,6 +1014,30 @@ PERMISSION_SECURITY="secure local"
+sendmail: unable to find out your login name
+
+This message is logged when submitting mail from a process with a
+userid that does not exist in the UNIX password file. Postfix uses
+this information in order to set the envelope sender address.
+
+
+
+
+
+sendmail -f user@domain ...
+
+
+
Running hundreds of Postfix processes on FreeBSD
With hundreds of Postfix processes, the kernel will eventually
@@ -1112,32 +1180,41 @@ depending on the interface that it is supposed to handle.
Postfix responds slowly to incoming SMTP connections
-
-- My Postfix server is too slow. When I telnet to the SMTP port +My Postfix server is too slow. When I telnet to the SMTP port (telnet hostname 25), the response comes after 40 seconds. On the other hand, when I telnet to the the POP port (telnet hostname 110) the response comes with no delay. -
- -
- Answer: - -
- - -This is a DNS configuration problem. Postfix tries to resolve the -SMTP client IP address to a hostname. Apparently, your POP server -does not look up POP clients. +
-The fix is to properly configure the naming service. If you can't -have every host in the DNS, then configure the mail server to look -in /etc/hosts before the DNS, and specify the clients in /etc/hosts. +Answer: -
+ +You have a name service problem. + ++ +Postfix calls the C library routines gethostbyname() and +gethostbyaddr() in order to find out the SMTP client hostname. +These library routines use several system configuration files in +order to satisfy the request. They may in fact end up calling the +DNS for reasons that are not under control by Postfix. + +
+ +Depending on your system, these controlling files can be named +/etc/nsswitch.conf, /etc/svcorder, /etc/host.conf +or otherwise. Those files specify whether the C library routines +will use local /etc/hosts before or after DNS. + +
+ +Enabling chroot operation adds a non-trivial barrier for +system penetrators. + +
+ +Two solutions: + +
+ +
+Sendmail-style virtual domains are not supported in Postfix versions +released before 20001118. + +
+ Be sure to follow instructions in the virtual manual page. @@ -2909,6 +3020,36 @@ href="http://www.isc.org/"> http://www.isc.org/
.+ +Postfix sets the execute bit on a queue file to indicate that it +is done receiving a message. As long as a queue file does not have +the execute bit set, Postfix will ignore it as "mail still being +received". + +
+ +With enhanced security enabled, Compaq Tru64 UNIX has a feature +that disallows non-superuser attempts to set the execute bit on a +queuefile. Unfortunately, Postfix is never informed that such +attempts fail, and mail seems to disappear into a black hole. + +
+ +Postfix could be modified to use some other bit than the execute +bit, but that might equally well fail on other systems. Another +possibility is to allow non-superusers to set the execute bit on +files, and to mount the Postfix queue file system with the +noexec option or equivalent. + +