Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Postfix to 2.4.5. 

2.4.2 through 2.4.5 include various build, milter, and other fixes.
This commit is contained in:
heas 2007-08-02 08:04:21 +00:00
parent 4986b07329
commit 1f8ae20c33
43 changed files with 883 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
gnu/dist/postfix/HISTORY vendored
View File

@ -13422,3 +13422,121 @@ Apologies for any names omitted.
with deadlock, "postfix stop" now forcefully stops all the
processes in the master's process group, not just the master
process alone. File: conf/postfix-script.
20070425
Bugfix: don't falsely report "lost connection from
localhost[127.0.0.1]" when Postfix is being portscanned.
Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
20070430
Robustness: recommend a "0" process limit for policy servers
to avoid "connection refused" problems when the smtpd process
limit exceeds the default process limit. File:
proto/SMTPD_POLICY_README.html.
20070501
Safety: when IPv6 (or IPv4) is turned off, don't treat an
IPv6 (or IPv4) connection from e.g. inetd as if it comes
from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c,
qmqpd/qmqpd_peer.c.
20070508
Bugfix: Content-Transfer-Encoding: attribute values are
case insensitive. File: src/cleanup/cleanup_message.c.
20070514
Bugfix: mailbox_transport(_maps) and fallback_transport(_maps)
were broken when used with the error(8) or discard(8)
transports. Cause: insufficient documentation. Files:
error/error.c, discard/discard.c.
20070520
Bugfix (problem introduced Postfix 2.3): when DSN support
was introduced it broke "agressive" recipient duplicate
elimination with "enable_original_recipient = no". File:
cleanup/cleanup_out_recipient.c.
20070529
Bugfix (introduced Postfix 2.3): the sendmail/postdrop
commands would hang when trying to submit a message larger
than the per-message size limit. File: postdrop/postdrop.c.
20070530
Sabotage the saboteur who insists on breaking Postfix by
adding gethostbyname() calls that cause maildir delivery
to fail when the machine name is not found in /etc/hosts,
or that cause Postfix processes to hang when the network
is down.
20070531
Portability: Victor helpfully pointed out that change
20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c,
qmqpd/qmqpd_peer.c.
20070613
Bugfix: the Milter client assumed that a Milter application
does not modify the message header or envelope, after that
same Milter application has modified the message body of
that same email message. This is not a problem with updates
by different Milter applications. Problem was triggered
by Jose-Marcio Martins da Cruz. Also simplified the handling
of queue file update errors. File: milter/milter8.c.
20070614
Workaround: some non-Cyrus SASL SMTP servers require SASL
login without authzid (authoriZation ID), i.e. the client
must send only the authcid (authentiCation ID) + the authcid's
password. In this case the server is supposed to derive
the authzid from the authcid. This works as expected when
authenticating to a Cyrus SASL SMTP server. To get the old
behavior specify "send_cyrus_sasl_authzid = yes", in which
case Postfix sends the (authzid, authcid, password), with
the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c.
20070619
Portability: /dev/poll support for Solaris chroot jail setup
scripts. Files: examples/chroot-setup/Solaris8,
examples/chroot-setup/Solaris10.
20070719
Cleanup: Milter client error handling, so that the (Postfix
SMTP server's Milter client) does not get out of sync with
Milter applications after the (cleanup server's Milter
client) encounters some non-recoverable problem. Files:
milter/milter8.c, smtpd/smtpd.c.
20070729
Performance: workaround for poor TCP performance on loopback
(127.0.0.1) connections. Problem reported by Mark Martinec.
Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c,
smtpstone/*source.c.
20070730
Bugfix: when a milter replied with ACCEPT at or before the
first RCPT command, the cleanup server would apply the
non_smtpd_milters setting as if the message was a local
submission. Problem reported by Jukka Salmi. Also, the
cleanup server would get out of sync with the milter when
a milter replied with ACCEPT at the DATA command. Files:
cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
20070731
Bugfix: the loopback TCP performance workaround was ineffective
due to a wetware bit-flip during code cleanup. File:
util/vstream_tweak.c.

12
gnu/dist/postfix/README_FILES/SASL_README vendored
View File

@ -356,20 +356,20 @@ bold font.
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
AAUUTTHH PPLLAAIINN ddGGVVzzddAABB00ZZXXNN00AAHHRRllcc33RRwwYYXXNNzz
AAUUTTHH PPLLAAIINN AAHHRRllcc33QQAAddGGVVzzddHHBBhhcc33MM==
235 Authentication successful
Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded form of
username\0username\0password (the \0 is a null byte). The example above is for
a user named `test' with password `testpass'.
Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded form of
\0username\0password (the \0 is a null byte). The example above is for a user
named `test' with password `testpass'.
In order to generate base64 encoded authentication information you can use one
of the following commands:
% printf 'username\0username\0password' | mmencode
% printf '\0username\0password' | mmencode
% perl -MMIME::Base64 -e \
'print encode_base64("username\0username\0password");'
'print encode_base64("\0username\0password");'
The mmencode command is part of the metamail software. MIME::Base64 is
available from http://www.cpan.org/.

17
gnu/dist/postfix/README_FILES/SMTPD_POLICY_README vendored
View File

@ -43,6 +43,7 @@ terminated by an empty line.
Here is an example of all the attributes that the Postfix SMTP server sends in
a delegated SMTPD access policy request:
PPoossttffiixx vveerrssiioonn 22..11 aanndd llaatteerr::
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
@ -170,7 +171,7 @@ To create a policy service that listens on a UNIX-domain socket called
use something like this:
1 /etc/postfix/master.cf:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -190,13 +191,17 @@ NOTES:
"policy_time_limit" setting. The name of the parameter is the name of the
master.cf entry ("policy") concatenated with the "_time_limit" suffix.
* Line 2: specify a "0" process limit instead of the default "-", to avoid
"connection refused" and other problems when the smtpd process limit
exceeds the default_process_limit setting.
* Lines 8, 9: always specify "check_policy_service" AFTER
"reject_unauth_destination" or else your system could become an open relay.
* Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead:
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -264,7 +269,7 @@ daemon. For example, to run the script as user "nobody", using a UNIX-domain
socket that is accessible by Postfix processes only:
1 /etc/postfix/master.cf:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:
@ -282,11 +287,15 @@ Notes:
"policy_time_limit" setting. The name of the parameter is the name of the
master.cf entry ("policy") concatenated with the "_time_limit" suffix.
* Line 2: specify a "0" process limit instead of the default "-", to avoid
"connection refused" and other problems when the smtpd process limit
exceeds the default_process_limit setting.
On Solaris you must use inet: style sockets instead of unix: style, as detailed
in the "Policy client/server configuration" section above.
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:

14
gnu/dist/postfix/RELEASE_NOTES vendored
View File

@ -11,6 +11,20 @@ instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
Incompatibility with Postfix 2.4.4
==================================
By default, the Postfix Cyrus SASL client no longer sends a SASL
authoriZation ID (authzid); it sends only the SASL authentiCation
ID (authcid) plus the authcid's password. Specify "send_cyrus_sasl_authzid
= yes" to get the old behavior, which is to send the (authzid,
authcid, password), with the authzid equal to the authcid. This
workaround for non-Cyrus SASL servers is back-ported from Postfix
2.5.
Release notes for Postfix 2.4.0
===============================
Major changes - critical
------------------------

2
gnu/dist/postfix/examples/chroot-setup/Solaris10 vendored
View File

@ -61,6 +61,7 @@ more="
/dev/tcp6
/dev/udp
/dev/tcp
/dev/poll
/dev/rawip
/dev/ticlts
/dev/ticotsord
@ -71,6 +72,7 @@ more="
/devices/pseudo/tcp6@0:tcp6
/devices/pseudo/udp@0:udp
/devices/pseudo/tcp@0:tcp
/devices/pseudo/poll@0:poll
/devices/pseudo/icmp@0:icmp
/devices/pseudo/tl@0:ticlts
/devices/pseudo/tl@0:ticotsord

2
gnu/dist/postfix/examples/chroot-setup/Solaris8 vendored
View File

@ -61,6 +61,7 @@ more="
/dev/tcp6
/dev/udp
/dev/tcp
/dev/poll
/dev/rawip
/dev/ticlts
/dev/ticotsord
@ -71,6 +72,7 @@ more="
/devices/pseudo/tcp6@0:tcp6
/devices/pseudo/udp@0:udp
/devices/pseudo/tcp@0:tcp
/devices/pseudo/poll@0:poll
/devices/pseudo/icmp@0:icmp
/devices/pseudo/tl@0:ticlts
/devices/pseudo/tl@0:ticotsord

10
gnu/dist/postfix/html/SASL_README.html vendored
View File

@ -537,13 +537,13 @@ client is shown in bold font. </p>
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
<b>AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz</b>
<b>AUTH PLAIN AHRlc3QAdGVzdHBhc3M=</b>
235 Authentication successful
</pre>
</blockquote>
<p> Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded
form of username\0username\0password (the \0 is a null byte). The
<p> Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded
form of \0username\0password (the \0 is a null byte). The
example above is for a user named `test' with password `testpass'.
</p>
@ -552,14 +552,14 @@ you can use one of the following commands: </p>
<blockquote>
<pre>
% printf 'username\0username\0password' | mmencode
% printf '\0username\0password' | mmencode
</pre>
</blockquote>
<blockquote>
<pre>
% perl -MMIME::Base64 -e \
'print encode_base64("username\0username\0password");'
'print encode_base64("\0username\0password");'
</pre>
</blockquote>

17
gnu/dist/postfix/html/SMTPD_POLICY_README.html vendored
View File

@ -74,6 +74,7 @@ server sends in a delegated SMTPD access policy request: </p>
<blockquote>
<pre>
<b>Postfix version 2.1 and later:</b>
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
@ -240,7 +241,7 @@ daemon, you would use something like this: </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -265,6 +266,10 @@ to an SMTP server process. The default time limit is overruled in
the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
concatenated with the "_time_limit" suffix. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
"-", to avoid "connection refused" and other problems when the smtpd
process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
<li> <p> Lines 8, 9: always specify "<a href="postconf.5.html#check_policy_service">check_policy_service</a>" AFTER
"<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>" or else your system could become an
open relay. </p>
@ -277,7 +282,7 @@ TCP sockets instead: </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -369,7 +374,7 @@ processes only: </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@ -392,6 +397,10 @@ to an SMTP server process. The default time limit is overruled in
the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
concatenated with the "_time_limit" suffix. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
"-", to avoid "connection refused" and other problems when the smtpd
process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
</ul>
<p> On Solaris you must use inet: style sockets instead of unix:
@ -401,7 +410,7 @@ client/server configuration</a>" section above. </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:

4
gnu/dist/postfix/html/error.8.html vendored
View File

@ -17,8 +17,8 @@ ERROR(8) ERROR(8)
requests from the queue manager. Each request specifies a
queue file, a sender address, the reason for non-delivery
(specified as the next-hop destination), and recipient
information. The reason may be prefixed with an RFC
3463-compatible detail code. This program expects to be
information. The reason may be prefixed with an <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc3463.html">3463</a>-compatible detail code. This program expects to be
run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or

240
gnu/dist/postfix/html/lmtp.8.html vendored
View File

@ -253,11 +253,19 @@ SMTP(8) SMTP(8)
will ignore in the LHLO response from a remote LMTP
server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
When authenticating to a remote SMTP or LMTP server
with the default setting "no", send no SASL autho-
riZation ID (authzid); send only the SASL authenti-
Cation ID (authcid) plus the authcid's password.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
Disable the conversion of 8BITMIME format to 7BIT
Disable the conversion of 8BITMIME format to 7BIT
format.
<b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
@ -272,90 +280,90 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
Send the non-standard XFORWARD command when the
Postfix SMTP server EHLO response announces XFOR-
Send the non-standard XFORWARD command when the
Postfix SMTP server EHLO response announces XFOR-
WARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
<b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
Enable SASL authentication in the Postfix SMTP
Enable SASL authentication in the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
Optional SMTP client lookup tables with one user-
name:password entry per remote hostname or domain,
Optional SMTP client lookup tables with one user-
name:password entry per remote hostname or domain,
or sender address when sender-dependent authentica-
tion is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
SASL security options; as of Postfix 2.3 the list
of available features depends on the SASL client
implementation that is selected with
SASL security options; as of Postfix 2.3 the list
of available features depends on the SASL client
implementation that is selected with
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
If non-empty, a Postfix SMTP client filter for the
remote SMTP server's list of offered SASL mecha-
If non-empty, a Postfix SMTP client filter for the
remote SMTP server's list of offered SASL mecha-
nisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Post-
fix SMTP client; this is available only with SASL
authentication, and disables SMTP connection
caching to ensure that mail from different senders
fix SMTP client; this is available only with SASL
authentication, and disables SMTP connection
caching to ensure that mail from different senders
will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP client
The SASL plug-in type that the Postfix SMTP client
should use for authentication.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
File with the Postfix SMTP client RSA certificate
File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP
The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -364,43 +372,43 @@ SMTP(8) SMTP(8)
levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
tory TLS security levels.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
File with the Postfix SMTP client DSA certificate
File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
File with the Postfix SMTP client DSA private key
File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
File with the Postfix SMTP client RSA private key
File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of
Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
non-empty value is specified, this overrides the
non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
List of TLS protocols that the Postfix SMTP client
List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
The verification depth for remote SMTP server cer-
The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -408,7 +416,7 @@ SMTP(8) SMTP(8)
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -420,9 +428,9 @@ SMTP(8) SMTP(8)
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -434,7 +442,7 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "LOW" or higher grade
The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -442,40 +450,40 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
The OpenSSL cipherlist for "NULL" grade ciphers
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send
Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send
the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the
Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
With mandatory TLS encryption, require that the
With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS usage policy by next-hop destination and by
TLS usage policy by next-hop destination and by
remote SMTP server hostname.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
@ -485,27 +493,27 @@ SMTP(8) SMTP(8)
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per delivery via
The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The SMTP client time limit for completing a TCP
The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
The LMTP client time limit for sending the LHLO
The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
@ -514,30 +522,30 @@ SMTP(8) SMTP(8)
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
The SMTP client time limit for sending the QUIT
The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
@ -548,12 +556,12 @@ SMTP(8) SMTP(8)
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
The SMTP client time limit for sending the RSET
The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
@ -565,11 +573,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the
Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a
Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
@ -579,62 +587,62 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
of time that an unused SMTP client socket is kept
of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or
Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a
remote client or server matches a pattern in the
The increment in verbose logging level when a
remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by
What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail
Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP
Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -642,7 +650,7 @@ SMTP(8) SMTP(8)
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -650,75 +658,75 @@ SMTP(8) SMTP(8)
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client
The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the
Postfix SMTP client should bind to when making an
An optional numerical network address that the
Postfix SMTP client should bind to when making an
IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the
Postfix SMTP client should bind to when making an
An optional numerical network address that the
Postfix SMTP client should bind to when making an
IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the SMTP EHLO or HELO com-
The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
What mechanisms when the Postfix SMTP client uses
What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
Randomize the order of equal-preference MX host
Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
@ -736,7 +744,7 @@ SMTP(8) SMTP(8)
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

4
gnu/dist/postfix/html/postconf.1.html vendored
View File

@ -177,8 +177,8 @@ POSTCONF(1) POSTCONF(1)
<b>tcp</b> (read-only)
Perform lookups using a simple request-reply
protocol that is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
This feature is not included with Postfix
2.2.
This feature is not included with the stable
Postfix release.
<b>unix</b> (read-only)
A limited way to query the UNIX authentica-

20
gnu/dist/postfix/html/postconf.5.html vendored
View File

@ -53,6 +53,8 @@ recursively replaced by the value of the named parameter. </p>
"$name" is empty. This form is supported with Postfix version 2.2
and later. </p>
<li> <p> Specify "$$" to produce a single "$" character. </p>
</ul>
<li> <p> When the same parameter is defined multiple times, only
@ -6684,6 +6686,24 @@ The name of the directory with example Postfix configuration files.
</p>
</DD>
<DT><b><a name="send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a>
(default: no)</b></DT><DD>
<p> When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid); send
only the SASL authentiCation ID (authcid) plus the authcid's password.
</p>
<p> The non-default setting "yes" enables the behavior of older
Postfix versions. These always send a SASL authzid that is equal
to the SASL authcid, but this causes inter-operability problems
with some SMTP servers. </p>
<p> This feature is available in Postfix 2.4.4 and later. </p>
</DD>
<DT><b><a name="sender_based_routing">sender_based_routing</a>

240
gnu/dist/postfix/html/smtp.8.html vendored
View File

@ -253,11 +253,19 @@ SMTP(8) SMTP(8)
will ignore in the LHLO response from a remote LMTP
server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
When authenticating to a remote SMTP or LMTP server
with the default setting "no", send no SASL autho-
riZation ID (authzid); send only the SASL authenti-
Cation ID (authcid) plus the authcid's password.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
Disable the conversion of 8BITMIME format to 7BIT
Disable the conversion of 8BITMIME format to 7BIT
format.
<b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
@ -272,90 +280,90 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
Send the non-standard XFORWARD command when the
Postfix SMTP server EHLO response announces XFOR-
Send the non-standard XFORWARD command when the
Postfix SMTP server EHLO response announces XFOR-
WARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
<b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
Enable SASL authentication in the Postfix SMTP
Enable SASL authentication in the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
Optional SMTP client lookup tables with one user-
name:password entry per remote hostname or domain,
Optional SMTP client lookup tables with one user-
name:password entry per remote hostname or domain,
or sender address when sender-dependent authentica-
tion is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
SASL security options; as of Postfix 2.3 the list
of available features depends on the SASL client
implementation that is selected with
SASL security options; as of Postfix 2.3 the list
of available features depends on the SASL client
implementation that is selected with
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
If non-empty, a Postfix SMTP client filter for the
remote SMTP server's list of offered SASL mecha-
If non-empty, a Postfix SMTP client filter for the
remote SMTP server's list of offered SASL mecha-
nisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Post-
fix SMTP client; this is available only with SASL
authentication, and disables SMTP connection
caching to ensure that mail from different senders
fix SMTP client; this is available only with SASL
authentication, and disables SMTP connection
caching to ensure that mail from different senders
will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP client
The SASL plug-in type that the Postfix SMTP client
should use for authentication.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
File with the Postfix SMTP client RSA certificate
File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP
The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -364,43 +372,43 @@ SMTP(8) SMTP(8)
levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
tory TLS security levels.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
File with the Postfix SMTP client DSA certificate
File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
File with the Postfix SMTP client DSA private key
File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
File with the Postfix SMTP client RSA private key
File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of
Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
non-empty value is specified, this overrides the
non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
List of TLS protocols that the Postfix SMTP client
List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
The verification depth for remote SMTP server cer-
The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -408,7 +416,7 @@ SMTP(8) SMTP(8)
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -420,9 +428,9 @@ SMTP(8) SMTP(8)
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -434,7 +442,7 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "LOW" or higher grade
The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -442,40 +450,40 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
The OpenSSL cipherlist for "NULL" grade ciphers
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send
Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send
the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the
Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
With mandatory TLS encryption, require that the
With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS usage policy by next-hop destination and by
TLS usage policy by next-hop destination and by
remote SMTP server hostname.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
@ -485,27 +493,27 @@ SMTP(8) SMTP(8)
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per delivery via
The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The SMTP client time limit for completing a TCP
The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
The LMTP client time limit for sending the LHLO
The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
@ -514,30 +522,30 @@ SMTP(8) SMTP(8)
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
The SMTP client time limit for sending the QUIT
The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
@ -548,12 +556,12 @@ SMTP(8) SMTP(8)
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
The SMTP client time limit for sending the RSET
The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
@ -565,11 +573,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the
Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a
Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
@ -579,62 +587,62 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
of time that an unused SMTP client socket is kept
of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or
Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a
remote client or server matches a pattern in the
The increment in verbose logging level when a
remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by
What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail
Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP
Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -642,7 +650,7 @@ SMTP(8) SMTP(8)
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -650,75 +658,75 @@ SMTP(8) SMTP(8)
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client
The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the
Postfix SMTP client should bind to when making an
An optional numerical network address that the
Postfix SMTP client should bind to when making an
IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the
Postfix SMTP client should bind to when making an
An optional numerical network address that the
Postfix SMTP client should bind to when making an
IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the SMTP EHLO or HELO com-
The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
What mechanisms when the Postfix SMTP client uses
What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
Randomize the order of equal-preference MX host
Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
@ -736,7 +744,7 @@ SMTP(8) SMTP(8)
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

4
gnu/dist/postfix/man/man1/postconf.1 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: postconf.1,v 1.1.1.8 2006/07/19 01:16:44 rpaulo Exp $
.\" $NetBSD: postconf.1,v 1.1.1.9 2007/08/02 08:04:46 heas Exp $
.\"
.TH POSTCONF 1
.ad
@ -154,7 +154,7 @@ result.
.IP "\fBtcp\fR (read-only)"
Perform lookups using a simple request-reply protocol that is
described in \fBtcp_table\fR(5).
This feature is not included with Postfix 2.2.
This feature is not included with the stable Postfix release.
.IP "\fBunix\fR (read-only)"
A limited way to query the UNIX authentication database. The
following tables are implemented:

8
gnu/dist/postfix/man/man8/smtp.8 vendored
View File

@ -1,4 +1,4 @@
.\" $NetBSD: smtp.8,v 1.1.1.14 2007/05/19 16:27:52 heas Exp $
.\" $NetBSD: smtp.8,v 1.1.1.15 2007/08/02 08:04:51 heas Exp $
.\"
.TH SMTP 8
.ad
@ -228,6 +228,12 @@ from a remote LMTP server.
A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the LMTP client will ignore in the LHLO response
from a remote LMTP server.
.PP
Available in Postfix version 2.4.4 and later:
.IP "\fBsend_cyrus_sasl_authzid (no)\fR"
When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid); send
only the SASL authentiCation ID (authcid) plus the authcid's password.
.SH "MIME PROCESSING CONTROLS"
.na
.nf

1
gnu/dist/postfix/mantools/postlink vendored
View File

@ -364,6 +364,7 @@ while (<>) {
s;\bresolve_dequoted_address\b;<a href="postconf.5.html#resolve_dequoted_address">$&</a>;g;
s;\brewrite_service_name\b;<a href="postconf.5.html#rewrite_service_name">$&</a>;g;
s;\bsample_directory\b;<a href="postconf.5.html#sample_directory">$&</a>;g;
s;\bsend_cyrus_sasl_authzid\b;<a href="postconf.5.html#send_cyrus_sasl_authzid">$&</a>;g;
s;\bsender_based_routing\b;<a href="postconf.5.html#sender_based_routing">$&</a>;g;
s;\bsender_bcc_maps\b;<a href="postconf.5.html#sender_bcc_maps">$&</a>;g;
s;\bsender_canonical_classes\b;<a href="postconf.5.html#sender_canonical_classes">$&</a>;g;

10
gnu/dist/postfix/proto/SASL_README.html vendored
View File

@ -537,13 +537,13 @@ client is shown in bold font. </p>
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
<b>AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz</b>
<b>AUTH PLAIN AHRlc3QAdGVzdHBhc3M=</b>
235 Authentication successful
</pre>
</blockquote>
<p> Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded
form of username\0username\0password (the \0 is a null byte). The
<p> Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded
form of \0username\0password (the \0 is a null byte). The
example above is for a user named `test' with password `testpass'.
</p>
@ -552,14 +552,14 @@ you can use one of the following commands: </p>
<blockquote>
<pre>
% printf 'username\0username\0password' | mmencode
% printf '\0username\0password' | mmencode
</pre>
</blockquote>
<blockquote>
<pre>
% perl -MMIME::Base64 -e \
'print encode_base64("username\0username\0password");'
'print encode_base64("\0username\0password");'
</pre>
</blockquote>

17
gnu/dist/postfix/proto/SMTPD_POLICY_README.html vendored
View File

@ -74,6 +74,7 @@ server sends in a delegated SMTPD access policy request: </p>
<blockquote>
<pre>
<b>Postfix version 2.1 and later:</b>
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
@ -240,7 +241,7 @@ daemon, you would use something like this: </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -265,6 +266,10 @@ main.cf with an explicit "policy_time_limit" setting. The name of
the parameter is the name of the master.cf entry ("policy")
concatenated with the "_time_limit" suffix. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
"-", to avoid "connection refused" and other problems when the smtpd
process limit exceeds the default_process_limit setting. </p>
<li> <p> Lines 8, 9: always specify "check_policy_service" AFTER
"reject_unauth_destination" or else your system could become an
open relay. </p>
@ -277,7 +282,7 @@ TCP sockets instead: </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -369,7 +374,7 @@ processes only: </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 policy unix - n n - - spawn
2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:
@ -392,6 +397,10 @@ main.cf with an explicit "policy_time_limit" setting. The name of
the parameter is the name of the master.cf entry ("policy")
concatenated with the "_time_limit" suffix. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
"-", to avoid "connection refused" and other problems when the smtpd
process limit exceeds the default_process_limit setting. </p>
</ul>
<p> On Solaris you must use inet: style sockets instead of unix:
@ -401,7 +410,7 @@ client/server configuration</a>" section above. </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 inet n n n - - spawn
2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:

2
gnu/dist/postfix/proto/postconf.html.prolog vendored
View File

@ -53,6 +53,8 @@ recursively replaced by the value of the named parameter. </p>
"$name" is empty. This form is supported with Postfix version 2.2
and later. </p>
<li> <p> Specify "$$" to produce a single "$" character. </p>
</ul>
<li> <p> When the same parameter is defined multiple times, only

2
gnu/dist/postfix/proto/postconf.man.prolog vendored
View File

@ -42,6 +42,8 @@ version 2.2 and later.
The expression "${name:value}" expands to "value" when
"$name" is empty. This form is supported with Postfix
version 2.2 and later.
.IP \(bu
Specify "$$" to produce a single "$" character.
.RE
.IP \(bu
When the same parameter is defined multiple times, only the last

14
gnu/dist/postfix/proto/postconf.proto vendored
View File

@ -10572,3 +10572,17 @@ configuration parameter. See there for details. </p>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.4 and later. </p>
%PARAM send_cyrus_sasl_authzid no
<p> When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid); send
only the SASL authentiCation ID (authcid) plus the authcid's password.
</p>
<p> The non-default setting "yes" enables the behavior of older
Postfix versions. These always send a SASL authzid that is equal
to the SASL authcid, but this causes inter-operability problems
with some SMTP servers. </p>
<p> This feature is available in Postfix 2.4.4 and later. </p>

4
gnu/dist/postfix/src/cleanup/cleanup_message.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: cleanup_message.c,v 1.1.1.14 2007/05/19 16:28:06 heas Exp $ */
/* $NetBSD: cleanup_message.c,v 1.1.1.15 2007/08/02 08:05:04 heas Exp $ */
/*++
/* NAME
@ -517,7 +517,7 @@ static void cleanup_header_callback(void *context, int header_class,
if (hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
for (cmp = code_map; cmp->name != 0; cmp++) {
if (strcasecmp(hdrval, cmp->name) == 0) {
if (strcmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
if (strcasecmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
nvtable_update(state->attr, MAIL_ATTR_ENCODING,
cmp->encoding);
break;

4
gnu/dist/postfix/src/cleanup/cleanup_milter.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: cleanup_milter.c,v 1.1.1.7 2007/05/19 16:28:07 heas Exp $ */
/* $NetBSD: cleanup_milter.c,v 1.1.1.8 2007/08/02 08:05:05 heas Exp $ */
/*++
/* NAME
@ -1316,6 +1316,8 @@ static const char *cleanup_milter_eval(const char *name, void *ptr)
void cleanup_milter_receive(CLEANUP_STATE *state, int count)
{
if (state->milters)
milter_free(state->milters);
state->milters = milter_receive(state->src, count);
milter_macro_callback(state->milters, cleanup_milter_eval, (void *) state);
milter_edit_callback(state->milters,

24
gnu/dist/postfix/src/cleanup/cleanup_out_recipient.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: cleanup_out_recipient.c,v 1.1.1.7 2006/07/19 01:17:19 rpaulo Exp $ */
/* $NetBSD: cleanup_out_recipient.c,v 1.1.1.8 2007/08/02 08:05:05 heas Exp $ */
/*++
/* NAME
@ -129,13 +129,20 @@ void cleanup_out_recipient(CLEANUP_STATE *state,
* Distinguish between different original recipient addresses that map
* onto the same mailbox. The recipient will use our original recipient
* message header to figure things out.
*
* Postfix 2.2 compatibility: when ignoring differences in Postfix original
* recipient information, also ignore differences in DSN attributes. We
* do, however, keep the DSN attributes of the recipient that survives
* duplicate elimination.
*/
#define STREQ(x, y) (strcmp((x), (y)) == 0)
if ((state->flags & CLEANUP_FLAG_MAP_OK) == 0
|| cleanup_virt_alias_maps == 0) {
if (been_here(state->dups, "%s\n%d\n%s\n%s",
dsn_orcpt, dsn_notify, orcpt, recip) == 0) {
if ((var_enable_orcpt ?
been_here(state->dups, "%s\n%d\n%s\n%s",
dsn_orcpt, dsn_notify, orcpt, recip) :
been_here_fixed(state->dups, recip)) == 0) {
if (dsn_notify)
cleanup_out_format(state, REC_TYPE_ATTR, "%s=%d",
MAIL_ATTR_DSN_NOTIFY, dsn_notify);
@ -183,6 +190,11 @@ void cleanup_out_recipient(CLEANUP_STATE *state,
* notifications. The queue manager will flush the trace (and bounce)
* logfile, possibly after it has generated its own success or failure
* notification records.
*
* Postfix 2.2 compatibility: when ignoring differences in Postfix original
* recipient information, also ignore differences in DSN attributes. We
* do, however, keep the DSN attributes of the recipient that survives
* duplicate elimination.
*/
else {
RECIPIENT rcpt;
@ -200,8 +212,10 @@ void cleanup_out_recipient(CLEANUP_STATE *state,
dsn_notify & ~DSN_NOTIFY_SUCCESS);
}
for (cpp = argv->argv; *cpp; cpp++) {
if (been_here(state->dups, "%s\n%d\n%s\n%s",
dsn_orcpt, dsn_notify, orcpt, *cpp) == 0) {
if ((var_enable_orcpt ?
been_here(state->dups, "%s\n%d\n%s\n%s",
dsn_orcpt, dsn_notify, orcpt, *cpp) :
been_here_fixed(state->dups, *cpp)) == 0) {
if (dsn_notify)
cleanup_out_format(state, REC_TYPE_ATTR, "%s=%d",
MAIL_ATTR_DSN_NOTIFY, dsn_notify);

14
gnu/dist/postfix/src/discard/discard.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: discard.c,v 1.1.1.3 2007/05/19 16:28:07 heas Exp $ */
/* $NetBSD: discard.c,v 1.1.1.4 2007/08/02 08:05:06 heas Exp $ */
/*++
/* NAME
@ -176,13 +176,11 @@ static int deliver_message(DELIVER_REQUEST *request)
(void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
rcpt = request->rcpt_list.info + nrcpt;
if (rcpt->offset >= 0) {
status = sent(BOUNCE_FLAGS(request), request->queue_id,
&request->msg_stats, rcpt, "none", &dsn);
if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS))
deliver_completed(src, rcpt->offset);
result |= status;
}
status = sent(BOUNCE_FLAGS(request), request->queue_id,
&request->msg_stats, rcpt, "none", &dsn);
if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS))
deliver_completed(src, rcpt->offset);
result |= status;
}
/*

14
gnu/dist/postfix/src/error/error.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: error.c,v 1.1.1.7 2007/05/19 16:28:08 heas Exp $ */
/* $NetBSD: error.c,v 1.1.1.8 2007/08/02 08:05:06 heas Exp $ */
/*++
/* NAME
@ -183,13 +183,11 @@ static int deliver_message(DELIVER_REQUEST *request, const char *def_dsn,
(void) DSN_SIMPLE(&dsn, DSN_STATUS(dp.dsn), dp.text);
for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
rcpt = request->rcpt_list.info + nrcpt;
if (rcpt->offset >= 0) {
status = append(BOUNCE_FLAGS(request), request->queue_id,
&request->msg_stats, rcpt, "none", &dsn);
if (status == 0)
deliver_completed(src, rcpt->offset);
result |= status;
}
status = append(BOUNCE_FLAGS(request), request->queue_id,
&request->msg_stats, rcpt, "none", &dsn);
if (status == 0)
deliver_completed(src, rcpt->offset);
result |= status;
}
/*

5
gnu/dist/postfix/src/global/mail_params.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: mail_params.c,v 1.1.1.7 2006/07/19 01:17:25 rpaulo Exp $ */
/* $NetBSD: mail_params.c,v 1.1.1.8 2007/08/02 08:05:10 heas Exp $ */
/*++
/* NAME
@ -108,6 +108,7 @@
/* int var_oldlog_compat;
/* int var_delay_max_res;
/* char *var_int_filt_classes;
/* int var_cyrus_sasl_authzid;
/*
/* void mail_params_init()
/*
@ -277,6 +278,7 @@ int var_verify_neg_cache;
int var_oldlog_compat;
int var_delay_max_res;
char *var_int_filt_classes;
int var_cyrus_sasl_authzid;
const char null_format_string[1] = "";
@ -545,6 +547,7 @@ void mail_params_init()
VAR_VERIFY_NEG_CACHE, DEF_VERIFY_NEG_CACHE, &var_verify_neg_cache,
VAR_OLDLOG_COMPAT, DEF_OLDLOG_COMPAT, &var_oldlog_compat,
VAR_HELPFUL_WARNINGS, DEF_HELPFUL_WARNINGS, &var_helpful_warnings,
VAR_CYRUS_SASL_AUTHZID, DEF_CYRUS_SASL_AUTHZID, &var_cyrus_sasl_authzid,
0,
};
const char *cp;

6
gnu/dist/postfix/src/global/mail_version.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: mail_version.h,v 1.1.1.29 2007/05/19 16:28:14 heas Exp $ */
/* $NetBSD: mail_version.h,v 1.1.1.30 2007/08/02 08:05:11 heas Exp $ */
#ifndef _MAIL_VERSION_H_INCLUDED_
#define _MAIL_VERSION_H_INCLUDED_
@ -22,8 +22,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20070423"
#define MAIL_VERSION_NUMBER "2.4.1"
#define MAIL_RELEASE_DATE "20070731"
#define MAIL_VERSION_NUMBER "2.4.5"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

3
gnu/dist/postfix/src/local/mailbox.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: mailbox.c,v 1.1.1.6 2006/07/19 01:17:31 rpaulo Exp $ */
/* $NetBSD: mailbox.c,v 1.1.1.7 2007/08/02 08:05:16 heas Exp $ */
/*++
/* NAME
@ -273,6 +273,7 @@ int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp)
if (*var_mbox_transp_maps && transp_maps == 0)
transp_maps = maps_create(VAR_MBOX_TRANSP_MAPS, var_mbox_transp_maps,
DICT_FLAG_LOCK | DICT_FLAG_NO_REGSUB);
/* The -1 is a hint for the down-stream deliver_completed() function. */
if (*var_mbox_transp_maps
&& (map_transport = maps_find(transp_maps, state.msg_attr.user,
DICT_FLAG_NONE)) != 0) {

4
gnu/dist/postfix/src/local/unknown.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: unknown.c,v 1.1.1.5 2006/07/19 01:17:31 rpaulo Exp $ */
/* $NetBSD: unknown.c,v 1.1.1.6 2007/08/02 08:05:16 heas Exp $ */
/*++
/* NAME
@ -111,9 +111,11 @@ int deliver_unknown(LOCAL_STATE state, USER_ATTR usr_attr)
if (*var_fbck_transp_maps && transp_maps == 0)
transp_maps = maps_create(VAR_FBCK_TRANSP_MAPS, var_fbck_transp_maps,
DICT_FLAG_LOCK | DICT_FLAG_NO_REGSUB);
/* The -1 is a hint for the down-stream deliver_completed() function. */
if (*var_fbck_transp_maps
&& (map_transport = maps_find(transp_maps, state.msg_attr.user,
DICT_FLAG_NONE)) != 0) {
state.msg_attr.rcpt.offset = -1L;
return (deliver_pass(MAIL_CLASS_PRIVATE, map_transport,
state.request, &state.msg_attr.rcpt));
}

24
gnu/dist/postfix/src/milter/milter.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: milter.c,v 1.1.1.3 2007/05/19 16:28:22 heas Exp $ */
/* $NetBSD: milter.c,v 1.1.1.4 2007/08/02 08:05:18 heas Exp $ */
/*++
/* NAME
@ -99,6 +99,10 @@
/* MILTERS *milter_receive(fp, count)
/* VSTREAM *fp;
/* int count;
/*
/* int milter_dummy(milters, fp)
/* MILTERS *milters;
/* VSTREAM *fp;
/* DESCRIPTION
/* The functions in this module manage one or more milter (mail
/* filter) clients. Currently, only the Sendmail 8 filter
@ -194,6 +198,9 @@
/* milter_receive() receives the specified number of mail
/* filters over the specified stream. The result is a null
/* pointer when no milters were sent, or when an error happened.
/*
/* milter_dummy() is like milter_send(), except that it sends
/* a dummy, but entirely valid, mail filter list.
/* SEE ALSO
/* milter8(3) Sendmail 8 Milter protocol
/* DIAGNOSTICS
@ -589,6 +596,16 @@ void milter_free(MILTERS *milters)
#define MAIL_ATTR_MILT_EOD "eod_macros"
#define MAIL_ATTR_MILT_UNK "unk_macros"
/* milter_dummy - send empty milter list */
int milter_dummy(MILTERS *milters, VSTREAM *stream)
{
MILTERS dummy = *milters;
dummy.milter_list = 0;
return (milter_send(&dummy, stream));
}
/* milter_send - send Milter instances over stream */
int milter_send(MILTERS *milters, VSTREAM *stream)
@ -608,8 +625,6 @@ int milter_send(MILTERS *milters, VSTREAM *stream)
for (m = milters->milter_list; m != 0; m = m->next)
if (m->active(m))
count++;
if (count == 0)
return (0);
(void) rec_fprintf(stream, REC_TYPE_MILT_COUNT, "%d", count);
/*
@ -658,9 +673,6 @@ MILTERS *milter_receive(VSTREAM *stream, int count)
VSTRING *eod_macros;
VSTRING *unk_macros;
if (count == 0)
return (0);
/*
* Receive filter macros.
*/

3
gnu/dist/postfix/src/milter/milter.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: milter.h,v 1.1.1.2 2007/05/19 16:28:22 heas Exp $ */
/* $NetBSD: milter.h,v 1.1.1.3 2007/08/02 08:05:18 heas Exp $ */
#ifndef _MILTER_H_INCLUDED_
#define _MILTER_H_INCLUDED_
@ -101,6 +101,7 @@ extern const char *milter_unknown_event(MILTERS *, const char *);
extern const char *milter_other_event(MILTERS *);
extern void milter_abort(MILTERS *);
extern void milter_disc_event(MILTERS *);
extern int milter_dummy(MILTERS *, VSTREAM *);
extern int milter_send(MILTERS *, VSTREAM *);
extern MILTERS *milter_receive(VSTREAM *, int);
extern void milter_free(MILTERS *);

142
gnu/dist/postfix/src/milter/milter8.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: milter8.c,v 1.1.1.5 2007/05/19 16:28:23 heas Exp $ */
/* $NetBSD: milter8.c,v 1.1.1.6 2007/08/02 08:05:19 heas Exp $ */
/*++
/* NAME
@ -66,6 +66,10 @@
#include <string.h>
#include <stdarg.h>
#ifndef SHUT_RDWR
#define SHUT_RDWR 2
#endif
/* Sendmail 8 Milter protocol. */
#ifdef USE_LIBMILTER_INCLUDES
@ -439,7 +443,16 @@ static int milter8_conf_error(MILTER8 *milter)
{
const char *reply;
/*
* XXX When the cleanup server closes its end of the Milter socket while
* editing a queue file, the SMTP server is left out of sync with the
* Milter. Sending an ABORT to the Milters will not restore
* synchronization, because there may be any number of Milter replies
* already in flight. Workaround: poison the socket and force the SMTP
* server to abandon it.
*/
if (milter->fp != 0) {
(void) shutdown(vstream_fileno(milter->fp), SHUT_RDWR);
(void) vstream_fclose(milter->fp);
milter->fp = 0;
}
@ -458,7 +471,16 @@ static int milter8_comm_error(MILTER8 *milter)
{
const char *reply;
/*
* XXX When the cleanup server closes its end of the Milter socket while
* editing a queue file, the SMTP server is left out of sync with the
* Milter. Sending an ABORT to the Milters will not restore
* synchronization, because there may be any number of Milter replies
* already in flight. Workaround: poison the socket and force the SMTP
* server to abandon it.
*/
if (milter->fp != 0) {
(void) shutdown(vstream_fileno(milter->fp), SHUT_RDWR);
(void) vstream_fclose(milter->fp);
milter->fp = 0;
}
@ -875,6 +897,7 @@ static const char *milter8_event(MILTER8 *milter, int event,
const char *retval = 0;
VSTRING *body_line_buf = 0;
int done = 0;
int body_edit_lockout = 0;
#define DONT_SKIP_REPLY 0
@ -976,10 +999,21 @@ static const char *milter8_event(MILTER8 *milter, int event,
/*
* Receive the reply or replies.
*
* Intercept all loop exits so that we can do post body replacement
* Intercept all loop exits so that we can do post header/body edit
* processing.
*
* XXX Bound the loop iteration count.
*
* In the end-of-body stage, the Milter may reply with one or more queue
* file edit requests before it replies with its final decision: accept,
* reject, etc. After a local queue file edit error (file too big, media
* write error), do not close the Milter socket in the cleanup server.
* Instead skip all further Milter replies until the final decision. This
* way the Postfix SMTP server stays in sync with the Milter, and Postfix
* doesn't have to lose the ability to handle multiple deliveries within
* the same SMTP session. This requires that the Postfix SMTP server uses
* something other than CLEANUP_STAT_WRITE when it loses contact with the
* cleanup server.
*/
#define IN_CONNECT_EVENT(e) ((e) == SMFIC_CONNECT || (e) == SMFIC_HELO)
@ -1004,6 +1038,32 @@ static const char *milter8_event(MILTER8 *milter, int event,
msg_info("reply: %s data %ld bytes",
(smfir_name = str_name_code(smfir_table, cmd)) != 0 ?
smfir_name : "unknown", (long) data_size);
/*
* Handle unfinished message body replacement first.
*
* XXX When SMFIR_REPLBODY is followed by some different request, we
* assume that the body replacement operation is complete. The queue
* file editing implementation currently does not support sending
* part 1 of the body replacement text, doing some other queue file
* updates, and then sending part 2 of the body replacement text. To
* avoid loss of data, we log an error when SMFIR_REPLBODY requests
* are alternated with other requests.
*/
if (body_line_buf != 0 && cmd != SMFIR_REPLBODY) {
/* In case the last body replacement line didn't end in CRLF. */
if (edit_resp == 0 && LEN(body_line_buf) > 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_LINE,
body_line_buf);
if (edit_resp == 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_END,
(VSTRING *) 0);
body_edit_lockout = 1;
vstring_free(body_line_buf);
body_line_buf = 0;
}
switch (cmd) {
/*
@ -1054,7 +1114,6 @@ static const char *milter8_event(MILTER8 *milter, int event,
if (IN_CONNECT_EVENT(event)) {
msg_warn("milter %s: DISCARD action is not allowed "
"for connect or helo", milter->m.name);
milter8_conf_error(milter);
MILTER8_EVENT_BREAK(milter->def_reply);
} else {
/* No more events for this message. */
@ -1190,6 +1249,9 @@ static const char *milter8_event(MILTER8 *milter, int event,
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
/* Skip to the next request after previous edit error. */
if (edit_resp)
continue;
/* XXX Sendmail 8 compatibility. */
if (index == 0)
index = 1;
@ -1214,8 +1276,6 @@ static const char *milter8_event(MILTER8 *milter, int event,
edit_resp = parent->del_header(parent->chg_context,
(ssize_t) index,
STR(milter->buf));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
continue;
#endif
@ -1228,11 +1288,12 @@ static const char *milter8_event(MILTER8 *milter, int event,
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
/* Skip to the next request after previous edit error. */
if (edit_resp)
continue;
edit_resp = parent->add_header(parent->chg_context,
STR(milter->buf),
STR(milter->body));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
continue;
/*
@ -1249,6 +1310,9 @@ static const char *milter8_event(MILTER8 *milter, int event,
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
/* Skip to the next request after previous edit error. */
if (edit_resp)
continue;
if ((ssize_t) index + 1 < 1) {
msg_warn("milter %s: bad insert header index: %ld",
milter->m.name, (long) index);
@ -1259,8 +1323,6 @@ static const char *milter8_event(MILTER8 *milter, int event,
(ssize_t) index + 1,
STR(milter->buf),
STR(milter->body));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
continue;
#endif
@ -1272,10 +1334,11 @@ static const char *milter8_event(MILTER8 *milter, int event,
MILTER8_DATA_STRING, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
/* Skip to the next request after previous edit error. */
if (edit_resp)
continue;
edit_resp = parent->add_rcpt(parent->chg_context,
STR(milter->buf));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
continue;
/*
@ -1286,10 +1349,11 @@ static const char *milter8_event(MILTER8 *milter, int event,
MILTER8_DATA_STRING, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
/* Skip to the next request after previous edit error. */
if (edit_resp)
continue;
edit_resp = parent->del_rcpt(parent->chg_context,
STR(milter->buf));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
continue;
/*
@ -1297,10 +1361,20 @@ static const char *milter8_event(MILTER8 *milter, int event,
* update the message size.
*/
case SMFIR_REPLBODY:
if (body_edit_lockout) {
msg_warn("milter %s: body replacement requests can't "
"currently be mixed with other requests",
milter->m.name);
milter8_conf_error(milter);
MILTER8_EVENT_BREAK(milter->def_reply);
}
if (milter8_read_data(milter, data_size,
MILTER8_DATA_BUFFER, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
/* Skip to the next request after previous edit error. */
if (edit_resp)
continue;
/* Start body replacement. */
if (body_line_buf == 0) {
body_line_buf = vstring_alloc(var_line_limit);
@ -1350,35 +1424,20 @@ static const char *milter8_event(MILTER8 *milter, int event,
}
/*
* Finish message body replacement.
* Clean up after aborted message body replacement.
*/
if (body_line_buf != 0) {
if (edit_resp == 0) {
/* In case the last body replacement line didn't end in CRLF. */
if (LEN(body_line_buf) > 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_LINE,
body_line_buf);
if (edit_resp == 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_END,
(VSTRING *) 0);
}
if (body_line_buf)
vstring_free(body_line_buf);
/*
* Override a non-reject/discard result value after body replacement
* failure.
*
* XXX Some cleanup clients ask the cleanup server to bounce mail for
* them. In that case we must override a hard reject retval result
* after queue file update failure. This is not a big problem; the
* odds are small that a Milter application sends a hard reject after
* replacing the message body.
*/
if (edit_resp && (retval == 0 || strchr("DS4", retval[0]) == 0))
retval = edit_resp;
}
/*
* XXX Some cleanup clients ask the cleanup server to bounce mail for
* them. In that case we must override a hard reject retval result after
* queue file update failure. This is not a big problem; the odds are
* small that a Milter application sends a hard reject after replacing
* the message body.
*/
if (edit_resp && (retval == 0 || strchr("DS4", retval[0]) == 0))
retval = edit_resp;
return (retval);
}
@ -1534,6 +1593,9 @@ static void milter8_connect(MILTER8 *milter)
VSTREAM_CTL_DOUBLE,
VSTREAM_CTL_TIMEOUT, milter->cmd_timeout,
VSTREAM_CTL_END);
/* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
if (connect_fn == inet_connect)
vstream_tweak_tcp(milter->fp);
/*
* Open the negotiations by sending what actions the Milter may request
@ -2436,6 +2498,8 @@ MILTER *milter8_receive(VSTREAM *stream, MILTERS *parent)
msg_timeout, NO_PROTOCOL, STR(act_buf), parent);
milter->fp = vstream_fdopen(fd, O_RDWR);
vstream_control(milter->fp, VSTREAM_CTL_DOUBLE, VSTREAM_CTL_END);
/* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
vstream_tweak_sock(milter->fp);
milter->version = version;
milter->rq_mask = rq_mask;
milter->ev_mask = ev_mask;

4
gnu/dist/postfix/src/postconf/postconf.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: postconf.c,v 1.1.1.10 2007/05/19 16:28:26 heas Exp $ */
/* $NetBSD: postconf.c,v 1.1.1.11 2007/08/02 08:05:20 heas Exp $ */
/*++
/* NAME
@ -148,7 +148,7 @@
/* .IP "\fBtcp\fR (read-only)"
/* Perform lookups using a simple request-reply protocol that is
/* described in \fBtcp_table\fR(5).
/* This feature is not included with Postfix 2.2.
/* This feature is not included with the stable Postfix release.
/* .IP "\fBunix\fR (read-only)"
/* A limited way to query the UNIX authentication database. The
/* following tables are implemented:

10
gnu/dist/postfix/src/postdrop/postdrop.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: postdrop.c,v 1.1.1.9 2007/05/19 16:28:26 heas Exp $ */
/* $NetBSD: postdrop.c,v 1.1.1.10 2007/08/02 08:05:21 heas Exp $ */
/*++
/* NAME
@ -440,9 +440,11 @@ int main(int argc, char **argv)
if (REC_PUT_BUF(dst->stream, rec_type, buf) < 0) {
/* rec_get() errors must not clobber errno. */
saved_errno = errno;
while (rec_get_raw(VSTREAM_IN, buf, var_line_limit,
REC_FLAG_NONE) > 0)
/* void */ ;
while ((rec_type = rec_get_raw(VSTREAM_IN, buf, var_line_limit,
REC_FLAG_NONE)) != REC_TYPE_END
&& rec_type != REC_TYPE_EOF)
if (rec_type == REC_TYPE_ERROR)
msg_fatal("uid=%ld: malformed input", (long) uid);
errno = saved_errno;
break;
}

26
gnu/dist/postfix/src/qmqpd/qmqpd_peer.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: qmqpd_peer.c,v 1.1.1.5 2006/07/19 01:17:40 rpaulo Exp $ */
/* $NetBSD: qmqpd_peer.c,v 1.1.1.6 2007/08/02 08:05:24 heas Exp $ */
/*++
/* NAME
@ -93,7 +93,7 @@ void qmqpd_peer_init(QMQPD_STATE *state)
/*
* If peer went away, give up.
*/
if (errno == ECONNRESET || errno == ECONNABORTED) {
if (errno != 0 && errno != ENOTSOCK) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
@ -102,14 +102,34 @@ void qmqpd_peer_init(QMQPD_STATE *state)
/*
* Convert the client address to printable address and hostname.
*
* XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
* Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
* else clause, pretend the origin is localhost[127.0.0.1], and become an
* open relay).
*/
else if (errno == 0
&& strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
&& (sa->sa_family == AF_INET
#ifdef AF_INET6
|| sa->sa_family == AF_INET6
#endif
)) {
MAI_HOSTNAME_STR client_name;
MAI_HOSTADDR_STR client_addr;
int aierr;
char *colonp;
/*
* Sanity check: we can't use sockets that we're not configured for.
*/
if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
msg_fatal("cannot handle socket type %s with \"%s = %s\"",
#ifdef AF_INET6
sa->sa_family == AF_INET6 ? "AF_INET6" :
#endif
sa->sa_family == AF_INET ? "AF_INET" :
"other", VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* Sorry, but there are some things that we just cannot do while
* connected to the network.

8
gnu/dist/postfix/src/smtp/smtp.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: smtp.c,v 1.1.1.13 2007/05/19 16:28:33 heas Exp $ */
/* $NetBSD: smtp.c,v 1.1.1.14 2007/08/02 08:05:26 heas Exp $ */
/*++
/* NAME
@ -206,6 +206,12 @@
/* A case insensitive list of LHLO keywords (pipelining, starttls,
/* auth, etc.) that the LMTP client will ignore in the LHLO response
/* from a remote LMTP server.
/* .PP
/* Available in Postfix version 2.4.4 and later:
/* .IP "\fBsend_cyrus_sasl_authzid (no)\fR"
/* When authenticating to a remote SMTP or LMTP server with the
/* default setting "no", send no SASL authoriZation ID (authzid); send
/* only the SASL authentiCation ID (authcid) plus the authcid's password.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi

9
gnu/dist/postfix/src/smtpstone/qmqp-source.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: qmqp-source.c,v 1.1.1.7 2007/05/19 16:28:41 heas Exp $ */
/* $NetBSD: qmqp-source.c,v 1.1.1.8 2007/08/02 08:05:31 heas Exp $ */
/*++
/* NAME
@ -358,6 +358,13 @@ static void connect_done(int unused_event, char *context)
dequeue_connect(session);
non_blocking(fd, BLOCKING);
event_disable_readwrite(fd);
/* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
if (sa->sa_family == AF_INET
#ifdef AF_INET6
|| sa->sa_family == AF_INET6
#endif
)
vstream_tweak_tcp(session->stream);
send_data(session);
}
}

9
gnu/dist/postfix/src/smtpstone/smtp-source.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: smtp-source.c,v 1.1.1.9 2007/05/19 16:28:41 heas Exp $ */
/* $NetBSD: smtp-source.c,v 1.1.1.10 2007/08/02 08:05:32 heas Exp $ */
/*++
/* NAME
@ -474,6 +474,13 @@ static void connect_done(int unused_event, char *context)
event_disable_readwrite(fd);
event_enable_read(fd, read_banner, (char *) session);
dequeue_connect(session);
/* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
if (sa->sa_family == AF_INET
#ifdef AF_INET6
|| sa->sa_family == AF_INET6
#endif
)
vstream_tweak_tcp(session->stream);
}
}

12
gnu/dist/postfix/src/util/get_hostname.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: get_hostname.c,v 1.1.1.2 2004/05/31 00:24:59 heas Exp $ */
/* $NetBSD: get_hostname.c,v 1.1.1.3 2007/08/02 08:05:36 heas Exp $ */
/*++
/* NAME
@ -63,13 +63,23 @@ const char *get_hostname(void)
* part of the socket interface library. We avoid the more politically-
* correct uname() routine because that has no portable way of dealing
* with long (FQDN) hostnames.
*
* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION. IT BREAKS MAILDIR DELIVERY
* AND OTHER THINGS WHEN THE MACHINE NAME IS NOT FOUND IN /ETC/HOSTS OR
* CAUSES PROCESSES TO HANG WHEN THE NETWORK IS DISCONNECTED.
*
* POSTFIX NO LONGER NEEDS A FULLY QUALIFIED HOSTNAME. INSTEAD POSTFIX WILL
* USE A DEFAULT DOMAIN NAME "LOCALDOMAIN".
*/
if (my_host_name == 0) {
/* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */
if (gethostname(namebuf, sizeof(namebuf)) < 0)
msg_fatal("gethostname: %m");
namebuf[MAXHOSTNAMELEN] = 0;
/* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */
if (valid_hostname(namebuf, DO_GRIPE) == 0)
msg_fatal("unable to use my own hostname");
/* DO NOT CALL GETHOSTBYNAME FROM THIS FUNCTION */
my_host_name = mystrdup(namebuf);
}
return (my_host_name);

8
gnu/dist/postfix/src/util/vstream.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: vstream.h,v 1.1.1.7 2007/05/19 16:28:50 heas Exp $ */
/* $NetBSD: vstream.h,v 1.1.1.8 2007/08/02 08:05:40 heas Exp $ */
#ifndef _VSTREAM_H_INCLUDED_
#define _VSTREAM_H_INCLUDED_
@ -155,6 +155,12 @@ extern ssize_t vstream_peek(VSTREAM *);
#define vstream_setjmp(stream) setjmp((stream)->jbuf[0])
#define vstream_longjmp(stream, val) longjmp((stream)->jbuf[0], (val))
/*
* Tweaks and workarounds.
*/
extern int vstream_tweak_sock(VSTREAM *);
extern int vstream_tweak_tcp(VSTREAM *);
/* LICENSE
/* .ad
/* .fi

141
gnu/dist/postfix/src/util/vstream_tweak.c vendored Normal file
View File

@ -0,0 +1,141 @@
/* $NetBSD: vstream_tweak.c,v 1.1.1.1 2007/08/02 08:05:40 heas Exp $ */
/*++
/* NAME
/* vstream_tweak 3
/* SUMMARY
/* performance tweaks
/* SYNOPSIS
/* #include <vstream.h>
/*
/* VSTREAM *vstream_tweak_sock(stream)
/* VSTREAM *stream;
/*
/* VSTREAM *vstream_tweak_tcp(stream)
/* VSTREAM *stream;
/* DESCRIPTION
/* vstream_tweak_sock() does a best effort to boost your
/* network performance on the specified generic stream.
/*
/* vstream_tweak_tcp() does a best effort to boost your
/* Internet performance on the specified TCP stream.
/*
/* Arguments:
/* .IP stream
/* The stream being boosted.
/* DIAGNOSTICS
/* Panics: interface violations.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include <sys_defs.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
/* Utility library. */
#include <msg.h>
#include <vstream.h>
/* Application-specific. */
#ifdef HAS_IPV6
#define SOCKADDR_STORAGE struct sockaddr_storage
#else
#define SOCKADDR_STORAGE struct sockaddr
#endif
/* vstream_tweak_sock - boost your generic network performance */
int vstream_tweak_sock(VSTREAM *fp)
{
SOCKADDR_STORAGE ss;
struct sockaddr *sa = (struct sockaddr *) & ss;
SOCKADDR_SIZE sa_length = sizeof(ss);
int ret;
/*
* If the caller doesn't know if this socket is AF_LOCAL, AF_INET, etc.,
* figure it out for them.
*/
if ((ret = getsockname(vstream_fileno(fp), sa, &sa_length)) >= 0) {
switch (sa->sa_family) {
#ifdef AF_INET6
case AF_INET6:
#endif
case AF_INET:
ret = vstream_tweak_tcp(fp);
break;
}
}
return (ret);
}
/* vstream_tweak_tcp - boost your TCP performance */
int vstream_tweak_tcp(VSTREAM *fp)
{
const char *myname = "vstream_tweak_tcp";
int mss;
SOCKOPT_SIZE mss_len = sizeof(mss);
int err;
/*
* Avoid Nagle delays when VSTREAM buffers are smaller than the MSS.
*
* Forcing TCP_NODELAY to be "always on" would hurt performance in the
* common case where VSTREAM buffers are larger than the MSS.
*
* Instead we ask the kernel what the current MSS is, and take appropriate
* action. Linux <= 2.2 getsockopt(TCP_MAXSEG) always returns zero (or
* whatever value was stored last with setsockopt()).
*/
if ((err = getsockopt(vstream_fileno(fp), IPPROTO_TCP, TCP_MAXSEG,
(char *) &mss, &mss_len)) < 0) {
msg_warn("%s: getsockopt TCP_MAXSEG: %m", myname);
return (err);
}
if (msg_verbose)
msg_info("%s: TCP_MAXSEG %d", myname, mss);
/*
* Fix for recent Postfix versions: increase the VSTREAM buffer size if
* the VSTREAM buffer is smaller than the MSS. Note: the MSS may change
* when the route changes and IP path MTU discovery is turned on, so we
* choose a somewhat larger buffer.
*/
#ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) {
if (mss < __MAXINT__(ssize_t) /2)
mss *= 2;
vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss,
VSTREAM_CTL_END);
}
/*
* Workaround for older Postfix versions: turn on TCP_NODELAY if the
* VSTREAM buffer size is smaller than the MSS.
*/
#else
if (mss > VSTREAM_BUFSIZE) {
int nodelay = 1;
if ((err = setsockopt(vstream_fileno(fp), IPPROTO_TCP, TCP_NODELAY,
(char *) &nodelay, sizeof(nodelay))) < 0)
msg_warn("%s: setsockopt TCP_NODELAY: %m", myname);
}
#endif
return (err);
}

10
gnu/dist/postfix/src/xsasl/xsasl_cyrus_client.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: xsasl_cyrus_client.c,v 1.1.1.2 2007/05/19 16:28:51 heas Exp $ */
/* $NetBSD: xsasl_cyrus_client.c,v 1.1.1.3 2007/08/02 08:05:41 heas Exp $ */
/*++
/* NAME
@ -67,6 +67,11 @@
#include <mymalloc.h>
#include <stringops.h>
/*
* Global library
*/
#include <mail_params.h>
/*
* Application-specific
*/
@ -331,7 +336,8 @@ XSASL_CLIENT *xsasl_cyrus_client_create(XSASL_CLIENT_IMPL *unused_impl,
if ((sasl_status = SASL_CLIENT_NEW(service, server,
NULL_CLIENT_ADDR, NULL_SERVER_ADDR,
custom_callbacks, NULL_SECFLAGS,
var_cyrus_sasl_authzid ? custom_callbacks :
custom_callbacks + 1, NULL_SECFLAGS,
&sasl_conn)) != SASL_OK) {
msg_warn("per-session SASL client initialization: %s",
xsasl_cyrus_strerror(sasl_status));