Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolve conflicts from last import.

This commit is contained in:
tron 2010-06-17 18:18:14 +00:00
parent 28e9a2d236
commit 6941d836af
22 changed files with 2254 additions and 817 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README vendored
View File

@ -4,10 +4,10 @@ PPoossttffiixx AAddddrreessss VVeerriiffiiccaattiioonn
WWAARRNNIINNGG
The sender/recipient address verification feature described in this document is
suitable only for low-traffic sites. It performs poorly under high load;
excessive sender address verification activity may even cause your site to be
blacklisted by some providers. See the "Limitations" section below for details.
Recipient address verification may cause an increased load on down-stream
servers in the case of a dictionary attack or a flood of backscatter bounces.
Sender address verification may cause your site to be blacklisted by some
providers. See also the "Limitations" section below for more.
WWhhaatt PPoossttffiixx aaddddrreessss vveerriiffiiccaattiioonn ccaann ddoo ffoorr yyoouu
@ -18,8 +18,8 @@ verified to be deliverable.
The technique has obvious uses to reject junk mail with an unreplyable sender
address.
The technique may also be useful to block mail for undeliverable recipients,
for example on a mail relay host that does not have a list of all the valid
The technique is also useful to block mail for undeliverable recipients, for
example on a mail relay host that does not have a list of all the valid
recipient addresses. This prevents undeliverable junk mail from entering the
queue, so that Postfix doesn't have to waste resources trying to send MAILER-
DAEMON messages back.
@ -47,18 +47,26 @@ the Postfix MTA itself, or it could be a remote MTA (SMTP interruptus). Probe
messages are like normal mail, except that they are never delivered, deferred
or bounced; probe messages are always discarded.
Postfix Postfix Address
Internet -> SMTP <-> verify <-> verification
server server database
probe Postfix
message -> mail
queue
Postfix Postfix ->
Internet -> SMTP <-> verify
server server |
v
| ^
probe delivery
messages status
v |
<- Postfix
probe <- delivery -> Local
status agents -> Remote
^
|
v
Postfix Postfix
queue -> delivery
agents
Address
verification
database
With Postfix address verification turned on, normal mail will suffer only a
short delay of up to 6 seconds while an address is being verified for the first
@ -77,7 +85,8 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi
address, without actually delivering mail to it. If the nearest MTA accepts
the address, then Postfix assumes that the address is deliverable. In
reality, mail for a remote address can bounce AFTER the nearest MTA accepts
the recipient address.
the recipient address, or AFTER the nearest MTA accepts the message
content.
* Some sites may blacklist you when you are probing them too often (a probe
is an SMTP session that does not deliver mail), or when you are probing
@ -95,30 +104,31 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi
* Postfix assumes that an address is undeliverable when the nearest MTA for
the address rejects the probe, regardless of the reason for rejection
(client rejected, HELO rejected, MAIL FROM rejected, etc.). Thus, Postfix
rejects mail when the sender's MTA rejects mail from your machine. This is
a good thing.
rejects an address when the nearest MTA for that address rejects mail from
your machine for any reason. This is not a limitation, but it is mentioned
here just in case people believe that it is a limitation.
* Unfortunately, some major sites such as YAHOO do not reject unknown
addresses in reply to the RCPT TO command, but report a delivery failure in
response to end of DATA after a message is transferred. Postfix address
verification does not work with such sites.
* Unfortunately, some sites do not reject unknown addresses in reply to the
RCPT TO command, but report a delivery failure in response to end of DATA
after a message is transferred. Postfix address verification does not work
with such sites.
* By default, Postfix probe messages have "double-bounce@$myorigin" as the
sender address (with Postfix versions before 2.5, the default is
* By default, Postfix probe messages have a sender address "double-
bounce@$myorigin" (with Postfix versions before 2.5, the default is
"postmaster@$myorigin"). This is SAFE because the Postfix SMTP server does
not reject mail for this address.
You can change this into the null address ("address_verify_sender ="). This
is UNSAFE because address probes will fail with mis-configured sites that
reject MAIL FROM: <>, while probes from "postmaster@$myorigin" would
succeed.
You can change the probe sender address into the null address
("address_verify_sender ="). This is UNSAFE because address probes will
fail with mis-configured sites that reject MAIL FROM: <>, while probes from
"postmaster@$myorigin" would succeed.
RReecciippiieenntt aaddddrreessss vveerriiffiiccaattiioonn
As mentioned earlier, recipient address verification may be useful to block
mail for undeliverable recipients on a mail relay host that does not have a
list of all valid recipient addresses. This can help to prevent the mail queue
from filling up with MAILER-DAEMON messages.
As mentioned earlier, recipient address verification is useful to block mail
for undeliverable recipients on a mail relay host that does not have a list of
all valid recipient addresses. This can help to prevent the mail queue from
filling up with MAILER-DAEMON messages.
Recipient address verification is relatively straightforward and there are no
surprises. If a recipient probe fails, then Postfix rejects mail for the
@ -127,9 +137,10 @@ the recipient address. However, recipient address verification probes can
increase the load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack.
By default, address verification results are not saved. To avoid probing the
same address repeatedly, you can store the result in a persistent database as
described later.
By default, address verification results are saved in a persistent database
(Postfix version 2.7 and later; with earlier versions, specify the database in
main.cf as described later). The persistent database helps to avoid probing the
same address repeatedly.
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
@ -177,11 +188,13 @@ verification for specific domains that often appear in forged email.
# Postfix 2.6 and later.
# unverified_sender_defer_code = 250
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
aol.com reject_unverified_sender
hotmail.com reject_unverified_sender
bigfoot.com reject_unverified_sender
@ -216,6 +229,7 @@ be blocked:
# Postfix 2.6 and later.
# unverified_sender_reject_reason = Address verification failed
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
@ -261,54 +275,61 @@ probe fails with some temporary error.
AAddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
NOTE: By default, address verification information is not stored in a
persistent file. You have to specify one in main.cf (see below). Persistent
storage is off by default because it may need more disk space than is available
in your file system.
Address verification information is cached by the Postfix verify daemon.
Postfix has a bunch of parameters that control the caching of positive and
negative results. Refer to the verify(8) manual page for details.
The address_verify_map (NOTE: singular) configuration parameter specifies an
optional database for sender or recipient address verification results. If you
don't specify a file, all address verification information is lost after
"postfix reload" or "postfix stop".
If your /var file system has sufficient space, try:
To improve performance, the Postfix verify(8) daemon can save address
verification results to a persistent database. This is enabled by default with
Postfix 2.7 and later. The address_verify_map (NOTE: singular) configuration
parameter specifies persistent storage for sender or recipient address
verification results. If you specify an empty value, all address verification
results are lost after "postfix reload" or "postfix stop".
/etc/postfix/main.cf:
# Default setting for Postfix 2.7 and later.
# Note: avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
address_verify_map = btree:$data_directory/verify_cache
NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening
this file. The file should now be stored under the Postfix-owned
data_directory. As a migration aid, an attempt to open the file under a non-
Postfix directory is redirected to the Postfix-owned data_directory, and a
warning is logged. If you wish to continue using a pre-existing database file,
move it to the data_directory, and change ownership to the account specified
with the mail_owner parameter.
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
address_verify_map =
NOTE 1: The database file should be stored under a Postfix-owned directory,
such as $data_directory.
As of version 2.5, Postfix no longer uses root privileges when opening this
file. To maintain backwards compatibility, an attempt to open the file
under a non-Postfix directory is redirected to the Postfix-owned
data_directory, and a warning is logged. If you wish to continue using a
pre-existing database file, change its file ownership to the account
specified with the mail_owner parameter, and either move the file to the
data_directory, or move it to some other Postfix-owned directory.
NOTE 2: Do not put this file in a file system that may run out of space. When
the address verification table gets corrupted the world comes to an end and YOU
will have to MANUALLY fix things as described in the next section. Meanwhile,
you will not receive mail via SMTP.
NOTE 3: The verify(8) daemon process will create a new database when none
exists, and will open/create the file before it enters the chroot jail.
NOTE 3: The verify(8) daemon will create a new database when none exists. It
will open or create the file before entering the chroot jail.
MMaannaaggiinngg tthhee aaddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
The verify(8) manual page describes parameters that control how long
information remains cached before it needs to be refreshed, and how long
information can remain "unrefreshed" before it expires. Postfix uses different
The verify(8) manual page describes parameters that control how long address
verification results are cached before they need to be refreshed, and how long
results can remain "unrefreshed" before they expire. Postfix uses different
controls for positive results (address was accepted) and for negative results
(address was rejected).
(address was rejected, or address verification failed for some other reason).
Right now, no tools are provided to manage the address verification database.
If the file gets too big, or if it gets corrupted, you can manually rename or
delete the file and run "postfix reload". The new verify daemon process will
then create a new database.
The verify(8) daemon will periodically remove expired entries from the address
verification database, and log the number of entries retained and dropped
(Postfix versions 2.7 and later). A cleanup run is logged as "partial" when the
daemon terminates early because of "postfix reload, "postfix stop", or because
the daemon received no requests for $max_idle seconds. Postfix versions 2.6 and
earlier do not implement automatic address verification database cleanup.
There, the database is managed manually as described next.
When the address verification database file becomes too big, or when it becomes
corrupted, the solution is to manually rename or delete (NOT: truncate) the
file and run "postfix reload". The verify(8) daemon will then create a new
database file.
CCoonnttrroolllliinngg tthhee rroouuttiinngg ooff aaddddrreessss vveerriiffiiccaattiioonn pprroobbeess

2
external/ibm-public/postfix/dist/README_FILES/TLS_README vendored
View File

@ -1659,7 +1659,7 @@ by the smtp_tls_mandatory_ciphers configuration parameter. This setting
controls the minimum acceptable SMTP client TLS cipher grade for use with
mandatory TLS encryption. The default value "medium" is suitable for most
destinations with which you may want to enforce TLS, and is beyond the reach of
today's crypt-analytic methods. See smtp_tls_policy_maps for information on how
today's cryptanalytic methods. See smtp_tls_policy_maps for information on how
to configure ciphers on a per-destination basis.
By default anonymous ciphers are allowed, and automatically disabled when

21
external/ibm-public/postfix/dist/conf/master.cf vendored
View File

@ -1,4 +1,4 @@
# $NetBSD: master.cf,v 1.2 2009/06/23 11:41:06 tron Exp $
# $NetBSD: master.cf,v 1.3 2010/06/17 18:18:14 tron Exp $
#
#
# Postfix master process configuration file. For details on the format
@ -21,7 +21,7 @@
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
@ -67,10 +67,14 @@ scache unix - - n - 1 scache
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
@ -82,6 +86,13 @@ scache unix - - n - 1 scache
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe

217
external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html vendored
View File

@ -19,12 +19,11 @@
<h2>WARNING </h2>
<p> The sender/recipient address verification feature described in this
document is suitable only for low-traffic sites. It performs poorly
under high load; excessive sender address verification activity may
even cause your site to be blacklisted by some
providers. See the "<a href="#limitations">Limitations</a>" section
below for details. </p>
<p> Recipient address verification may cause an increased load on
down-stream servers in the case of a dictionary attack or a flood
of backscatter bounces. Sender address verification may cause your
site to be blacklisted by some providers. See also the "<a
href="#limitations">Limitations</a>" section below for more. </p>
<h2><a name="summary">What Postfix address verification can do for you</a></h2>
@ -35,7 +34,7 @@ until the address has been verified to be deliverable. </p>
<p> The technique has obvious uses to reject junk mail
with an unreplyable sender address. </p>
<p> The technique may also be useful to block mail for undeliverable
<p> The technique is also useful to block mail for undeliverable
recipients, for example on a mail <a href="postconf.5.html#relayhost">relay host</a> that does not have a
list of all the valid recipient addresses. This prevents undeliverable
junk mail from entering the queue, so that Postfix doesn't have to
@ -86,74 +85,96 @@ always discarded. </p>
<blockquote>
<table>
<table border="0">
<tr>
<td bgcolor="#f0f0ff" align="center" valign="middle"> Internet
<td rowspan="2" colspan="5" align="center" valign="middle">
&nbsp; </td>
<td rowspan="3" align="center" valign="bottom"> <tt> -&gt; </tt>
</td>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td rowspan="3" align="center" valign="middle"> probe<br>
message </td>
<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
</td>
<td colspan="2" align="center" valign="middle"> <tt> &lt;-&gt;
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> mail<br> queue </td>
</tr>
<tr> </tr>
<tr>
<td rowspan="3" align="center" valign="middle"> Internet </td>
<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
</td>
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
<a href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
<td rowspan="3" align="center" valign="middle"> <tt> &lt;-&gt;
</tt> </td>
<td bgcolor="#f0f0ff" colspan="3" align="center" valign="middle">
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
<a href="verify.8.html">Postfix<br> verify<br> server</a>
</td>
<td colspan="2" align="center" valign="middle"> <tt> &lt;-&gt;
</tt> </td>
</tr>
<td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
verification<br> database </td>
<tr>
<td rowspan="1" colspan="3"> </td>
<td rowspan="1" align="center" valign="middle"> <tt> |</tt><br>
<tt> v</tt> </td>
</tr>
<tr>
<td colspan="3"> </td>
<td rowspan="3" align="center" valign="top"> <tt> &lt;- </tt>
</td>
<td> &nbsp; &nbsp; </td>
<td rowspan="3" align="center" valign="middle"> probe<br>
status </td>
<td colspan="2" align="right" valign="middle"> <tt> |</tt><br>
probe<br> messages<br> <tt> v </tt> </td>
<td rowspan="3" align="center" valign="middle"> <tt> &lt;- </tt>
</td>
<td> </td>
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> delivery<br> agents </td>
<td colspan="2" align="left" valign="middle"> ^<br> delivery<br>
status<br> <tt> | </tt> </td>
<td> </td>
<td> </td>
<td rowspan="3" align="left" valign="middle"> <tt>-&gt;</tt>
Local<br> <tt>-&gt;</tt> Remote</td>
</tr>
<tr>
<td> </td>
<td rowspan="3" colspan="4" align="center" valign="middle">
&nbsp; </td>
<td> </td>
<td rowspan="3" align="center" valign="middle"> <tt>
^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
<td> </td>
</tr>
<td> </td>
<tr> </tr>
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> queue </td>
<tr> <td colspan="4"> &nbsp; </td> </tr>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<tr>
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> delivery<br> agents </td>
<td colspan="4" align="center" valign="middle"> &nbsp; </td>
<td> </td>
<td> </td>
<td bgcolor="#f0f0ff" align="center" valign="middle">
Address<br> verification<br> database </td>
</tr>
@ -181,7 +202,8 @@ details. </p>
MTA for that address, without actually delivering mail to it. If
the nearest MTA accepts the address, then Postfix assumes that the
address is deliverable. In reality, mail for a remote address can
bounce AFTER the nearest MTA accepts the recipient address. </p>
bounce AFTER the nearest MTA accepts the recipient address, or AFTER
the nearest MTA accepts the message content. </p>
<li> <p> Some sites may blacklist you when you are probing them
too often (a probe is an SMTP session that does not deliver mail),
@ -200,21 +222,25 @@ mail routing and for possible limitations when you have to do this.
<li> <p> Postfix assumes that an address is undeliverable when the
nearest MTA for the address rejects the probe, regardless of the
reason for rejection (client rejected, HELO rejected, MAIL FROM
rejected, etc.). Thus, Postfix rejects mail when the sender's MTA
rejects mail from your machine. This is a good thing. </p>
rejected, etc.). Thus, Postfix rejects an address when the nearest
MTA for that address rejects mail from your machine for any reason.
This is not a limitation, but it is mentioned here just in case
people believe that it is a limitation. </p>
<li> <p> Unfortunately, some major sites such as YAHOO do not reject
<li> <p> Unfortunately, some sites do not reject
unknown addresses in reply to the RCPT TO command, but report a
delivery failure in response to end of DATA after a message is
transferred. Postfix address verification does not work with such
sites. </p>
<li> <p> By default, Postfix probe messages have "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>"
as the sender address (with Postfix versions before 2.5, the default
<li> <p> By default, Postfix probe messages have a sender address
"double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>" (with Postfix versions before 2.5, the
default
is "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>"). This is SAFE because the Postfix SMTP
server does not reject mail for this address. </p>
<p> You can change this into the null address ("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
<p> You can change the probe sender address into the null address
("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
="). This is UNSAFE because address probes will fail with
mis-configured sites that reject MAIL FROM: &lt;&gt;, while
probes from "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>" would succeed. </p>
@ -223,7 +249,7 @@ probes from "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>" would
<h2><a name="recipient">Recipient address verification</a></h2>
<p> As mentioned earlier, recipient address verification may be
<p> As mentioned earlier, recipient address verification is
useful to block mail for undeliverable recipients on a mail relay
host that does not have a list of all valid recipient addresses.
This can help to prevent the mail queue from filling up with
@ -237,9 +263,11 @@ However, recipient address verification probes can increase the
load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
<a href="#caching">persistent database</a> as described later. </p>
<p> By default, address verification results are saved in a <a
href="#caching">persistent database</a> (Postfix version 2.7 and
later; with earlier versions, specify the database in <a href="postconf.5.html">main.cf</a> as
described later). The persistent database helps to avoid probing
the same address repeatedly. </p>
<blockquote>
<pre>
@ -299,11 +327,13 @@ in forged email. </p>
# Postfix 2.6 and later.
# <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> = 250
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
aol.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
hotmail.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
bigfoot.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
@ -344,6 +374,7 @@ you can see what mail would be blocked: </p>
# Postfix 2.6 and later.
# <a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Address verification failed
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
@ -402,40 +433,38 @@ sender address verification probe fails with some temporary error.
<h2><a name="caching">Address verification database</a></h2>
<p> NOTE: By default, address verification information is not stored
in a persistent file. You have to specify one in <a href="postconf.5.html">main.cf</a> (see
below). Persistent storage is off by default because it may need
more disk space than is available in your file system. </p>
<p> Address verification information is cached by the Postfix verify
daemon. Postfix has a bunch of parameters that control the caching
of positive and negative results. Refer to the <a href="verify.8.html">verify(8)</a> manual
page for details. </p>
<p> The <a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter
specifies an optional database for sender or recipient address
verification results. If you don't specify a file, all address
verification information is lost after "postfix reload" or "postfix
stop". </p>
<p> If your /var file system has sufficient space, try: </p>
<p> To improve performance, the Postfix <a href="verify.8.html">verify(8)</a> daemon can save
address verification results to a persistent database. This is
enabled by default with Postfix 2.7 and later. The
<a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter specifies
persistent storage for sender or recipient address verification
results. If you specify an empty value, all address verification
results are lost after "postfix reload" or "postfix stop". </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Default setting for Postfix 2.7 and later.
# Note: avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> =
</pre>
</blockquote>
<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
when opening this file. The file should now be stored under the
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
open the file under a non-Postfix directory is redirected to the
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If you wish
to continue using a pre-existing database file, move it to the
<a href="postconf.5.html#data_directory">data_directory</a>, and change ownership to the account specified with
the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter. </p>
<p> NOTE 1: The database file should be stored under a Postfix-owned
directory, such as $<a href="postconf.5.html#data_directory">data_directory</a>. </p>
<blockquote> As of version 2.5, Postfix no longer uses root privileges
when opening this file. To maintain backwards compatibility, an
attempt to open the file under a non-Postfix directory is redirected
to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If
you wish to continue using a pre-existing database file, change its
file ownership to the account specified with the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter,
and either move the file to the <a href="postconf.5.html#data_directory">data_directory</a>, or move it to some
other Postfix-owned directory. </blockquote>
<p> NOTE 2: Do not put this file in a file system that may run out
of space. When the address verification table gets corrupted the
@ -443,23 +472,33 @@ world comes to an end and YOU will have to MANUALLY fix things as
described in the next section. Meanwhile, you will not receive mail
via SMTP. </p>
<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon process will create a new database when
none exists, and will open/create the file before it enters the
<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon will create a new database when
none exists. It will open or create the file before entering the
chroot jail. </p>
<h2><a name="dirty_secret">Managing the address verification
database</a></h2>
<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control
how long information remains cached before it needs to be refreshed,
and how long information can remain "unrefreshed" before it expires.
Postfix uses different controls for positive results (address was
accepted) and for negative results (address was rejected). </p>
<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control how
long address verification results are cached before they need to
be refreshed, and how long results can remain "unrefreshed" before
they expire. Postfix uses different controls for positive results
(address was accepted) and for negative results (address was rejected,
or address verification failed for some other reason). </p>
<p> Right now, no tools are provided to manage the address verification
database. If the file gets too big, or if it gets corrupted, you
can manually rename or delete the file and run "postfix reload".
The new verify daemon process will then create a new database. </p>
<p> The <a href="verify.8.html">verify(8)</a> daemon will periodically remove expired entries
from the address verification database, and log the number of entries
retained and dropped (Postfix versions 2.7 and later). A cleanup
run is logged as "partial" when the daemon terminates early because
of "postfix reload, "postfix stop", or because the daemon received
no requests for $<a href="postconf.5.html#max_idle">max_idle</a> seconds. Postfix versions 2.6 and earlier
do not implement automatic address verification database cleanup.
There, the database is managed manually as described next. </p>
<p> When the address verification database file becomes too big,
or when it becomes corrupted, the solution is to manually rename
or delete (NOT: truncate) the file and run "postfix reload". The
<a href="verify.8.html">verify(8)</a> daemon will then create a new database file. </p>
<h2><a name="probe_routing">Controlling the routing of address
verification probes</a></h2>

2
external/ibm-public/postfix/dist/html/TLS_README.html vendored
View File

@ -2237,7 +2237,7 @@ as specified by the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tl
parameter. This setting controls the minimum acceptable SMTP client
TLS cipher grade for use with mandatory TLS encryption. The default
value "medium" is suitable for most destinations with which you may
want to enforce TLS, and is beyond the reach of today's crypt-analytic
want to enforce TLS, and is beyond the reach of today's cryptanalytic
methods. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
ciphers on a per-destination basis. </p>

710
external/ibm-public/postfix/dist/html/postconf.5.html vendored
View File

File diff suppressed because it is too large Load Diff

608
external/ibm-public/postfix/dist/man/man5/postconf.5 vendored
View File

File diff suppressed because it is too large Load Diff

217
external/ibm-public/postfix/dist/proto/ADDRESS_VERIFICATION_README.html vendored
View File

@ -19,12 +19,11 @@
<h2>WARNING </h2>
<p> The sender/recipient address verification feature described in this
document is suitable only for low-traffic sites. It performs poorly
under high load; excessive sender address verification activity may
even cause your site to be blacklisted by some
providers. See the "<a href="#limitations">Limitations</a>" section
below for details. </p>
<p> Recipient address verification may cause an increased load on
down-stream servers in the case of a dictionary attack or a flood
of backscatter bounces. Sender address verification may cause your
site to be blacklisted by some providers. See also the "<a
href="#limitations">Limitations</a>" section below for more. </p>
<h2><a name="summary">What Postfix address verification can do for you</a></h2>
@ -35,7 +34,7 @@ until the address has been verified to be deliverable. </p>
<p> The technique has obvious uses to reject junk mail
with an unreplyable sender address. </p>
<p> The technique may also be useful to block mail for undeliverable
<p> The technique is also useful to block mail for undeliverable
recipients, for example on a mail relay host that does not have a
list of all the valid recipient addresses. This prevents undeliverable
junk mail from entering the queue, so that Postfix doesn't have to
@ -86,74 +85,96 @@ always discarded. </p>
<blockquote>
<table>
<table border="0">
<tr>
<td bgcolor="#f0f0ff" align="center" valign="middle"> Internet
<td rowspan="2" colspan="5" align="center" valign="middle">
&nbsp; </td>
<td rowspan="3" align="center" valign="bottom"> <tt> -&gt; </tt>
</td>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td rowspan="3" align="center" valign="middle"> probe<br>
message </td>
<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
</td>
<td colspan="2" align="center" valign="middle"> <tt> &lt;-&gt;
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> mail<br> queue </td>
</tr>
<tr> </tr>
<tr>
<td rowspan="3" align="center" valign="middle"> Internet </td>
<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
</td>
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
<a href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
<td rowspan="3" align="center" valign="middle"> <tt> &lt;-&gt;
</tt> </td>
<td bgcolor="#f0f0ff" colspan="3" align="center" valign="middle">
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
<a href="verify.8.html">Postfix<br> verify<br> server</a>
</td>
<td colspan="2" align="center" valign="middle"> <tt> &lt;-&gt;
</tt> </td>
</tr>
<td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
verification<br> database </td>
<tr>
<td rowspan="1" colspan="3"> </td>
<td rowspan="1" align="center" valign="middle"> <tt> |</tt><br>
<tt> v</tt> </td>
</tr>
<tr>
<td colspan="3"> </td>
<td rowspan="3" align="center" valign="top"> <tt> &lt;- </tt>
</td>
<td> &nbsp; &nbsp; </td>
<td rowspan="3" align="center" valign="middle"> probe<br>
status </td>
<td colspan="2" align="right" valign="middle"> <tt> |</tt><br>
probe<br> messages<br> <tt> v </tt> </td>
<td rowspan="3" align="center" valign="middle"> <tt> &lt;- </tt>
</td>
<td> </td>
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> delivery<br> agents </td>
<td colspan="2" align="left" valign="middle"> ^<br> delivery<br>
status<br> <tt> | </tt> </td>
<td> </td>
<td> </td>
<td rowspan="3" align="left" valign="middle"> <tt>-&gt;</tt>
Local<br> <tt>-&gt;</tt> Remote</td>
</tr>
<tr>
<td> </td>
<td rowspan="3" colspan="4" align="center" valign="middle">
&nbsp; </td>
<td> </td>
<td rowspan="3" align="center" valign="middle"> <tt>
^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
<td> </td>
</tr>
<td> </td>
<tr> </tr>
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> queue </td>
<tr> <td colspan="4"> &nbsp; </td> </tr>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<tr>
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> delivery<br> agents </td>
<td colspan="4" align="center" valign="middle"> &nbsp; </td>
<td> </td>
<td> </td>
<td bgcolor="#f0f0ff" align="center" valign="middle">
Address<br> verification<br> database </td>
</tr>
@ -181,7 +202,8 @@ details. </p>
MTA for that address, without actually delivering mail to it. If
the nearest MTA accepts the address, then Postfix assumes that the
address is deliverable. In reality, mail for a remote address can
bounce AFTER the nearest MTA accepts the recipient address. </p>
bounce AFTER the nearest MTA accepts the recipient address, or AFTER
the nearest MTA accepts the message content. </p>
<li> <p> Some sites may blacklist you when you are probing them
too often (a probe is an SMTP session that does not deliver mail),
@ -200,21 +222,25 @@ mail routing and for possible limitations when you have to do this.
<li> <p> Postfix assumes that an address is undeliverable when the
nearest MTA for the address rejects the probe, regardless of the
reason for rejection (client rejected, HELO rejected, MAIL FROM
rejected, etc.). Thus, Postfix rejects mail when the sender's MTA
rejects mail from your machine. This is a good thing. </p>
rejected, etc.). Thus, Postfix rejects an address when the nearest
MTA for that address rejects mail from your machine for any reason.
This is not a limitation, but it is mentioned here just in case
people believe that it is a limitation. </p>
<li> <p> Unfortunately, some major sites such as YAHOO do not reject
<li> <p> Unfortunately, some sites do not reject
unknown addresses in reply to the RCPT TO command, but report a
delivery failure in response to end of DATA after a message is
transferred. Postfix address verification does not work with such
sites. </p>
<li> <p> By default, Postfix probe messages have "double-bounce@$myorigin"
as the sender address (with Postfix versions before 2.5, the default
<li> <p> By default, Postfix probe messages have a sender address
"double-bounce@$myorigin" (with Postfix versions before 2.5, the
default
is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP
server does not reject mail for this address. </p>
<p> You can change this into the null address ("address_verify_sender
<p> You can change the probe sender address into the null address
("address_verify_sender
="). This is UNSAFE because address probes will fail with
mis-configured sites that reject MAIL FROM: &lt;&gt;, while
probes from "postmaster@$myorigin" would succeed. </p>
@ -223,7 +249,7 @@ probes from "postmaster@$myorigin" would succeed. </p>
<h2><a name="recipient">Recipient address verification</a></h2>
<p> As mentioned earlier, recipient address verification may be
<p> As mentioned earlier, recipient address verification is
useful to block mail for undeliverable recipients on a mail relay
host that does not have a list of all valid recipient addresses.
This can help to prevent the mail queue from filling up with
@ -237,9 +263,11 @@ However, recipient address verification probes can increase the
load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
<a href="#caching">persistent database</a> as described later. </p>
<p> By default, address verification results are saved in a <a
href="#caching">persistent database</a> (Postfix version 2.7 and
later; with earlier versions, specify the database in main.cf as
described later). The persistent database helps to avoid probing
the same address repeatedly. </p>
<blockquote>
<pre>
@ -299,11 +327,13 @@ in forged email. </p>
# Postfix 2.6 and later.
# unverified_sender_defer_code = 250
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
aol.com reject_unverified_sender
hotmail.com reject_unverified_sender
bigfoot.com reject_unverified_sender
@ -344,6 +374,7 @@ you can see what mail would be blocked: </p>
# Postfix 2.6 and later.
# unverified_sender_reject_reason = Address verification failed
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
@ -402,40 +433,38 @@ sender address verification probe fails with some temporary error.
<h2><a name="caching">Address verification database</a></h2>
<p> NOTE: By default, address verification information is not stored
in a persistent file. You have to specify one in main.cf (see
below). Persistent storage is off by default because it may need
more disk space than is available in your file system. </p>
<p> Address verification information is cached by the Postfix verify
daemon. Postfix has a bunch of parameters that control the caching
of positive and negative results. Refer to the verify(8) manual
page for details. </p>
<p> The address_verify_map (NOTE: singular) configuration parameter
specifies an optional database for sender or recipient address
verification results. If you don't specify a file, all address
verification information is lost after "postfix reload" or "postfix
stop". </p>
<p> If your /var file system has sufficient space, try: </p>
<p> To improve performance, the Postfix verify(8) daemon can save
address verification results to a persistent database. This is
enabled by default with Postfix 2.7 and later. The
address_verify_map (NOTE: singular) configuration parameter specifies
persistent storage for sender or recipient address verification
results. If you specify an empty value, all address verification
results are lost after "postfix reload" or "postfix stop". </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
# Default setting for Postfix 2.7 and later.
# Note: avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
address_verify_map = btree:$data_directory/verify_cache
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
address_verify_map =
</pre>
</blockquote>
<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
when opening this file. The file should now be stored under the
Postfix-owned data_directory. As a migration aid, an attempt to
open the file under a non-Postfix directory is redirected to the
Postfix-owned data_directory, and a warning is logged. If you wish
to continue using a pre-existing database file, move it to the
data_directory, and change ownership to the account specified with
the mail_owner parameter. </p>
<p> NOTE 1: The database file should be stored under a Postfix-owned
directory, such as $data_directory. </p>
<blockquote> As of version 2.5, Postfix no longer uses root privileges
when opening this file. To maintain backwards compatibility, an
attempt to open the file under a non-Postfix directory is redirected
to the Postfix-owned data_directory, and a warning is logged. If
you wish to continue using a pre-existing database file, change its
file ownership to the account specified with the mail_owner parameter,
and either move the file to the data_directory, or move it to some
other Postfix-owned directory. </blockquote>
<p> NOTE 2: Do not put this file in a file system that may run out
of space. When the address verification table gets corrupted the
@ -443,23 +472,33 @@ world comes to an end and YOU will have to MANUALLY fix things as
described in the next section. Meanwhile, you will not receive mail
via SMTP. </p>
<p> NOTE 3: The verify(8) daemon process will create a new database when
none exists, and will open/create the file before it enters the
<p> NOTE 3: The verify(8) daemon will create a new database when
none exists. It will open or create the file before entering the
chroot jail. </p>
<h2><a name="dirty_secret">Managing the address verification
database</a></h2>
<p> The verify(8) manual page describes parameters that control
how long information remains cached before it needs to be refreshed,
and how long information can remain "unrefreshed" before it expires.
Postfix uses different controls for positive results (address was
accepted) and for negative results (address was rejected). </p>
<p> The verify(8) manual page describes parameters that control how
long address verification results are cached before they need to
be refreshed, and how long results can remain "unrefreshed" before
they expire. Postfix uses different controls for positive results
(address was accepted) and for negative results (address was rejected,
or address verification failed for some other reason). </p>
<p> Right now, no tools are provided to manage the address verification
database. If the file gets too big, or if it gets corrupted, you
can manually rename or delete the file and run "postfix reload".
The new verify daemon process will then create a new database. </p>
<p> The verify(8) daemon will periodically remove expired entries
from the address verification database, and log the number of entries
retained and dropped (Postfix versions 2.7 and later). A cleanup
run is logged as "partial" when the daemon terminates early because
of "postfix reload, "postfix stop", or because the daemon received
no requests for $max_idle seconds. Postfix versions 2.6 and earlier
do not implement automatic address verification database cleanup.
There, the database is managed manually as described next. </p>
<p> When the address verification database file becomes too big,
or when it becomes corrupted, the solution is to manually rename
or delete (NOT: truncate) the file and run "postfix reload". The
verify(8) daemon will then create a new database file. </p>
<h2><a name="probe_routing">Controlling the routing of address
verification probes</a></h2>

2
external/ibm-public/postfix/dist/proto/TLS_README.html vendored
View File

@ -2237,7 +2237,7 @@ as specified by the smtp_tls_mandatory_ciphers configuration
parameter. This setting controls the minimum acceptable SMTP client
TLS cipher grade for use with mandatory TLS encryption. The default
value "medium" is suitable for most destinations with which you may
want to enforce TLS, and is beyond the reach of today's crypt-analytic
want to enforce TLS, and is beyond the reach of today's cryptanalytic
methods. See smtp_tls_policy_maps for information on how to configure
ciphers on a per-destination basis. </p>

651
external/ibm-public/postfix/dist/proto/postconf.proto vendored
View File

File diff suppressed because it is too large Load Diff

14
external/ibm-public/postfix/dist/src/cleanup/cleanup.c vendored
View File

@ -1,6 +1,4 @@
/* $NetBSD: cleanup.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -50,8 +48,10 @@
/* RFC 822 (ARPA Internet Text Messages)
/* RFC 2045 (MIME: Format of Internet Message Bodies)
/* RFC 2046 (MIME: Media Types)
/* RFC 2822 (Internet Message Format)
/* RFC 3463 (Enhanced Status Codes)
/* RFC 3464 (Delivery status notifications)
/* RFC 5322 (Internet Message Format)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* BUGS
@ -174,6 +174,11 @@
/* .IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR"
/* The macros that are sent to Milter (mail filter) applications
/* after the end of the message header.
/* .PP
/* Available in Postfix version 2.7 and later:
/* .IP "\fBmilter_header_checks (empty)\fR"
/* Optional lookup tables for content inspection of message headers
/* that are produced by Milter applications.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
@ -466,8 +471,7 @@ static void cleanup_service(VSTREAM *src, char *unused_service, char **argv)
state->errs |= CLEANUP_STAT_BAD;
break;
}
if (type == REC_TYPE_PTR || type == REC_TYPE_DTXT
|| type == REC_TYPE_DRCP) {
if (REC_GET_HIDDEN_TYPE(type)) {
msg_warn("%s: record type %d not allowed - discarding this message",
state->queue_id, type);
state->errs |= CLEANUP_STAT_BAD;

9
external/ibm-public/postfix/dist/src/cleanup/cleanup.h vendored
View File

@ -1,6 +1,4 @@
/* $NetBSD: cleanup.h,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup.h,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup.h,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -36,6 +34,7 @@
#include <mime_state.h>
#include <string_list.h>
#include <cleanup_user.h>
#include <header_body_checks.h>
/*
* Milter library.
@ -82,6 +81,8 @@ typedef struct CLEANUP_STATE {
off_t append_rcpt_pt_target; /* target of above record */
off_t append_hdr_pt_offset; /* append header here */
off_t append_hdr_pt_target; /* target of above record */
off_t append_meta_pt_offset; /* append meta record here */
off_t append_meta_pt_target; /* target of above record */
ssize_t rcpt_count; /* recipient count */
char *reason; /* failure reason */
char *smtp_reply; /* failure reason, SMTP-style */
@ -112,6 +113,8 @@ typedef struct CLEANUP_STATE {
VSTRING *milter_ext_from; /* externalized sender */
VSTRING *milter_ext_rcpt; /* externalized recipient */
VSTRING *milter_err_text; /* milter call-back reply */
HBC_CHECKS *milter_hbc_checks; /* Milter header checks */
VSTRING *milter_hbc_reply; /* Milter header checks reply */
/*
* Support for Milter body replacement requests.

7
external/ibm-public/postfix/dist/src/cleanup/cleanup_envelope.c vendored
View File

@ -1,6 +1,4 @@
/* $NetBSD: cleanup_envelope.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup_envelope.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup_envelope.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -389,7 +387,8 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
cleanup_addr_sender(state, buf);
if (state->milters || cleanup_milters) {
/* Make room to replace sender. */
rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE);
if ((len = strlen(state->sender)) < REC_TYPE_PTR_PAYL_SIZE)
rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len);
/* Remember the after-sender record offset. */
if ((state->sender_pt_target = vstream_ftell(state->dst)) < 0)
msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path);

6
external/ibm-public/postfix/dist/src/cleanup/cleanup_init.c vendored
View File

@ -1,6 +1,4 @@
/* $NetBSD: cleanup_init.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup_init.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup_init.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -168,6 +166,7 @@ char *var_milt_eoh_macros; /* end-of-header macros */
char *var_milt_eod_macros; /* end-of-data macros */
char *var_milt_unk_macros; /* unknown command macros */
char *var_cleanup_milters; /* non-SMTP mail */
char *var_milt_head_checks; /* post-Milter header checks */
int var_auto_8bit_enc_hdr; /* auto-detect 8bit encoding header */
int var_always_add_hdrs; /* always add missing headers */
@ -234,6 +233,7 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_MILT_EOD_MACROS, DEF_MILT_EOD_MACROS, &var_milt_eod_macros, 0, 0,
VAR_MILT_UNK_MACROS, DEF_MILT_UNK_MACROS, &var_milt_unk_macros, 0, 0,
VAR_CLEANUP_MILTERS, DEF_CLEANUP_MILTERS, &var_cleanup_milters, 0, 0,
VAR_MILT_HEAD_CHECKS, DEF_MILT_HEAD_CHECKS, &var_milt_head_checks, 0, 0,
0,
};

138
external/ibm-public/postfix/dist/src/global/mail_params.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: mail_params.h,v 1.3 2010/04/17 10:29:18 tron Exp $ */
/* $NetBSD: mail_params.h,v 1.4 2010/06/17 18:18:15 tron Exp $ */
#ifndef _MAIL_PARAMS_H_INCLUDED_
#define _MAIL_PARAMS_H_INCLUDED_
@ -430,6 +430,14 @@ extern char *var_transport_maps;
#define DEF_DEF_TRANSPORT MAIL_SERVICE_SMTP
extern char *var_def_transport;
#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_" VAR_DEF_TRANSPORT "_maps"
#define DEF_SND_DEF_XPORT_MAPS ""
extern char *var_snd_def_xport_maps;
#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
#define DEF_NULL_DEF_XPORT_MAPS_KEY "<>"
extern char *var_null_def_xport_maps_key;
/*
* trivial rewrite/resolve service: rewriting controls.
*/
@ -1021,6 +1029,12 @@ extern bool var_smtp_always_ehlo;
#define DEF_SMTP_NEVER_EHLO 0
extern bool var_smtp_never_ehlo;
#define VAR_SMTP_RESP_FILTER "smtp_reply_filter"
#define DEF_SMTP_RESP_FILTER ""
#define VAR_LMTP_RESP_FILTER "lmtp_reply_filter"
#define DEF_LMTP_RESP_FILTER ""
extern char *var_smtp_resp_filter;
#define VAR_SMTP_BIND_ADDR "smtp_bind_address"
#define DEF_SMTP_BIND_ADDR ""
#define VAR_LMTP_BIND_ADDR "lmtp_bind_address"
@ -1150,6 +1164,10 @@ extern char *var_smtpd_noop_cmds;
#define DEF_SMTPD_FORBID_CMDS "CONNECT GET POST"
extern char *var_smtpd_forbid_cmds;
#define VAR_SMTPD_CMD_FILTER "smtpd_command_filter"
#define DEF_SMTPD_CMD_FILTER ""
extern char *var_smtpd_cmd_filter;
#define VAR_SMTPD_TLS_WRAPPER "smtpd_tls_wrappermode"
#define DEF_SMTPD_TLS_WRAPPER 0
extern bool var_smtpd_tls_wrappermode;
@ -1463,6 +1481,12 @@ extern char *var_smtp_tls_sec_cmatch;
#define DEF_LMTP_TLS_FPT_CMATCH ""
extern char *var_smtp_tls_fpt_cmatch;
#define VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY "smtp_tls_block_early_mail_reply"
#define DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY 0
#define VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY "lmtp_tls_block_early_mail_reply"
#define DEF_LMTP_TLS_BLK_EARLY_MAIL_REPLY 0
extern bool var_smtp_tls_blk_early_mail_reply;
/*
* SASL authentication support, SMTP server side.
*/
@ -2086,9 +2110,13 @@ extern int var_map_defer_code;
#define CHECK_RECIP_ACL "check_recipient_access"
#define CHECK_ETRN_ACL "check_etrn_access"
#define CHECK_CLIENT_MX_ACL "check_client_mx_access"
#define CHECK_REVERSE_CLIENT_MX_ACL "check_reverse_client_hostname_mx_access"
#define CHECK_HELO_MX_ACL "check_helo_mx_access"
#define CHECK_SENDER_MX_ACL "check_sender_mx_access"
#define CHECK_RECIP_MX_ACL "check_recipient_mx_access"
#define CHECK_CLIENT_NS_ACL "check_client_ns_access"
#define CHECK_REVERSE_CLIENT_NS_ACL "check_reverse_client_hostname_ns_access"
#define CHECK_HELO_NS_ACL "check_helo_ns_access"
#define CHECK_SENDER_NS_ACL "check_sender_ns_access"
#define CHECK_RECIP_NS_ACL "check_recipient_ns_access"
@ -2227,6 +2255,10 @@ extern void mail_params_init(void);
#define DEF_FILTER_XPORT ""
extern char *var_filter_xport;
#define VAR_DEF_FILTER_NEXTHOP "default_filter_nexthop"
#define DEF_DEF_FILTER_NEXTHOP ""
extern char *var_def_filter_nexthop;
/*
* Fast flush service support.
*/
@ -2526,7 +2558,7 @@ extern int var_scache_stat_time;
extern char *var_verify_service;
#define VAR_VERIFY_MAP "address_verify_map"
#define DEF_VERIFY_MAP ""
#define DEF_VERIFY_MAP "btree:$data_directory/verify_cache"
extern char *var_verify_map;
#define VAR_VERIFY_POS_EXP "address_verify_positive_expire_time"
@ -2549,6 +2581,10 @@ extern int var_verify_neg_try;
#define DEF_VERIFY_NEG_CACHE 1
extern bool var_verify_neg_cache;
#define VAR_VERIFY_SCAN_CACHE "address_verify_cache_cleanup_interval"
#define DEF_VERIFY_SCAN_CACHE "12h"
extern int var_verify_scan_cache;
#define VAR_VERIFY_SENDER "address_verify_sender"
#define DEF_VERIFY_SENDER "$" VAR_DOUBLE_BOUNCE
extern char *var_verify_sender;
@ -2577,6 +2613,10 @@ extern char *var_vrfy_relay_xport;
#define DEF_VRFY_DEF_XPORT "$" VAR_DEF_TRANSPORT
extern char *var_vrfy_def_xport;
#define VAR_VRFY_SND_DEF_XPORT_MAPS "address_verify_" VAR_SND_DEF_XPORT_MAPS
#define DEF_VRFY_SND_DEF_XPORT_MAPS "$" VAR_SND_DEF_XPORT_MAPS
extern char *var_snd_def_xport_maps;
#define VAR_VRFY_RELAYHOST "address_verify_relayhost"
#define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST
extern char *var_vrfy_relayhost;
@ -2708,6 +2748,10 @@ extern char *var_smtpd_proxy_ehlo;
#define DEF_SMTPD_PROXY_TMOUT "100s"
extern int var_smtpd_proxy_tmout;
#define VAR_SMTPD_PROXY_OPTS "smtpd_proxy_options"
#define DEF_SMTPD_PROXY_OPTS ""
extern char *var_smtpd_proxy_opts;
/*
* Transparency options for mail input interfaces and for the cleanup server
* behind them. These should turn off stuff we don't want to happen, because
@ -2877,20 +2921,31 @@ extern bool var_smtp_cname_overr;
/*
* TLS cipherlists
*/
#ifdef USE_TLS
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
#define PREFER_aNULL "aNULL:-aNULL:"
#else
#define PREFER_aNULL ""
#endif
#else
#define PREFER_aNULL ""
#endif
#define VAR_TLS_HIGH_CLIST "tls_high_cipherlist"
#define DEF_TLS_HIGH_CLIST "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
#define DEF_TLS_HIGH_CLIST PREFER_aNULL "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
extern char *var_tls_high_clist;
#define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist"
#define DEF_TLS_MEDIUM_CLIST "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
#define DEF_TLS_MEDIUM_CLIST PREFER_aNULL "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
extern char *var_tls_medium_clist;
#define VAR_TLS_LOW_CLIST "tls_low_cipherlist"
#define DEF_TLS_LOW_CLIST "ALL:!EXPORT:+RC4:@STRENGTH"
#define DEF_TLS_LOW_CLIST PREFER_aNULL "ALL:!EXPORT:+RC4:@STRENGTH"
extern char *var_tls_low_clist;
#define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist"
#define DEF_TLS_EXPORT_CLIST "ALL:+RC4:@STRENGTH"
#define DEF_TLS_EXPORT_CLIST PREFER_aNULL "ALL:+RC4:@STRENGTH"
extern char *var_tls_export_clist;
#define VAR_TLS_NULL_CLIST "tls_null_cipherlist"
@ -2984,6 +3039,10 @@ extern char *var_milt_daemon_name;
#define DEF_MILT_V "$" VAR_MAIL_NAME " $" VAR_MAIL_VERSION
extern char *var_milt_v;
#define VAR_MILT_HEAD_CHECKS "milter_header_checks"
#define DEF_MILT_HEAD_CHECKS ""
extern char *var_milt_head_checks;
/*
* What internal mail do we inspect/stamp/etc.? This is not yet safe enough
* to enable world-wide.
@ -3125,6 +3184,73 @@ extern char *var_multi_stop_cmds;
#define DEF_MULTI_CNTRL_CMDS "reload flush"
extern char *var_multi_cntrl_cmds;
/*
* postscreen(8)
*/
#define VAR_PS_CACHE_MAP "postscreen_cache_map"
#define DEF_PS_CACHE_MAP "btree:$data_directory/ps_cache"
extern char *var_ps_cache_map;
#define VAR_SMTPD_SERVICE "smtpd_service"
#define DEF_SMTPD_SERVICE "smtpd"
extern char *var_smtpd_service;
#define VAR_PS_POST_QLIMIT "postscreen_post_queue_limit"
#define DEF_PS_POST_QLIMIT "$" VAR_PROC_LIMIT
extern int var_ps_post_queue_limit;
#define VAR_PS_PRE_QLIMIT "postscreen_pre_queue_limit"
#define DEF_PS_PRE_QLIMIT "$" VAR_PROC_LIMIT
extern int var_ps_pre_queue_limit;
#define VAR_PS_CACHE_TTL "postscreen_cache_ttl"
#define DEF_PS_CACHE_TTL "1d"
extern int var_ps_cache_ttl;
#define VAR_PS_CACHE_RET "postscreen_cache_retention_time"
#define DEF_PS_CACHE_RET "1d"
extern int var_ps_cache_ret;
#define VAR_PS_CACHE_SCAN "postscreen_cache_cleanup_interval"
#define DEF_PS_CACHE_SCAN "12h"
extern int var_ps_cache_scan;
#define VAR_PS_GREET_WAIT "postscreen_greet_wait"
#define DEF_PS_GREET_WAIT "4s"
extern int var_ps_greet_wait;
#define VAR_PS_GREET_ACTION "postscreen_greet_action"
#define DEF_PS_GREET_ACTION "continue"
extern char *var_ps_greet_action;
#define VAR_PS_DNSBL_SITES "postscreen_dnsbl_sites"
#define DEF_PS_DNSBL_SITES ""
extern char *var_ps_dnsbl_sites;
#define VAR_PS_DNSBL_ACTION "postscreen_dnsbl_action"
#define DEF_PS_DNSBL_ACTION "continue"
extern char *var_ps_dnsbl_action;
#define VAR_PS_HUP_ACTION "postscreen_hangup_action"
#define DEF_PS_HUP_ACTION "continue"
extern char *var_ps_hangup_action;
#define VAR_PS_WLIST_NETS "postscreen_whitelist_networks"
#define DEF_PS_WLIST_NETS "$" VAR_MYNETWORKS
extern char *var_ps_wlist_nets;
#define VAR_PS_BLIST_NETS "postscreen_blacklist_networks"
#define DEF_PS_BLIST_NETS ""
extern char *var_ps_blist_nets;
#define VAR_PS_BLIST_ACTION "postscreen_blacklist_action"
#define DEF_PS_BLIST_ACTION "continue"
extern char *var_ps_blist_nets;
#define VAR_PS_GREET_BANNER "postscreen_greet_banner"
#define DEF_PS_GREET_BANNER "$" VAR_SMTPD_BANNER
extern char *var_ps_banner;
/* LICENSE
/* .ad
/* .fi

23
external/ibm-public/postfix/dist/src/smtp/smtp.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: smtp.c,v 1.2 2010/06/10 17:06:01 riz Exp $ */
/* $NetBSD: smtp.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -165,6 +165,9 @@
/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
/* Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
/* by RFC 2821.
/* .IP "\fBsmtp_reply_filter (empty)\fR"
/* A mechanism to transform replies from remote SMTP servers one
/* line at a time.
/* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
/* Skip SMTP servers that greet with a 5XX status code (go away, do
/* not try again later).
@ -402,6 +405,12 @@
/* File with the Postfix SMTP client ECDSA certificate in PEM format.
/* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
/* File with the Postfix SMTP client ECDSA private key in PEM format.
/* .PP
/* Available in Postfix version 2.7 and later:
/* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
/* Try to detect a mail hijacking attack based on a TLS protocol
/* vulnerability (CVE-2009-3555), where an attacker prepends malicious
/* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
@ -574,7 +583,7 @@
/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
/* The hostname to send in the LMTP LHLO command.
/* .IP "\fBsmtp_host_lookup (dns)\fR"
/* What mechanisms when the Postfix SMTP client uses to look up a host's IP
/* What mechanisms the Postfix SMTP client uses to look up a host's IP
/* address.
/* .IP "\fBsmtp_randomize_addresses (yes)\fR"
/* Randomize the order of equal-preference MX host addresses.
@ -771,6 +780,7 @@ char *var_smtp_tls_proto;
char *var_smtp_tls_ciph;
char *var_smtp_tls_eccert_file;
char *var_smtp_tls_eckey_file;
bool var_smtp_tls_blk_early_mail_reply;
#endif
@ -787,6 +797,7 @@ char *var_smtp_head_chks;
char *var_smtp_mime_chks;
char *var_smtp_nest_chks;
char *var_smtp_body_chks;
char *var_smtp_resp_filter;
bool var_lmtp_assume_final;
/* Special handling of 535 AUTH errors. */
@ -1057,6 +1068,14 @@ static void pre_init(char *unused_name, char **unused_argv)
smtp_body_checks = hbc_body_checks_create(
VAR_SMTP_BODY_CHKS, var_smtp_body_chks,
smtp_hbc_callbacks);
/*
* Server reply filter.
*/
if (*var_smtp_resp_filter)
smtp_chat_resp_filter =
dict_open(var_smtp_resp_filter, O_RDONLY,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
}
/* pre_accept - see if tables have changed */

198
external/ibm-public/postfix/dist/src/smtpd/smtpd.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: smtpd.c,v 1.3 2010/04/17 10:29:18 tron Exp $ */
/* $NetBSD: smtpd.c,v 1.4 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -125,6 +125,10 @@
/* Available in Postfix version 2.6 and later:
/* .IP "\fBtcp_windowsize (0)\fR"
/* An optional workaround for routers that break TCP window scaling.
/* .PP
/* Available in Postfix version 2.7 and later:
/* .IP "\fBsmtpd_command_filter (empty)\fR"
/* A mechanism to transform commands from remote SMTP clients.
/* ADDRESS REWRITING CONTROLS
/* .ad
/* .fi
@ -150,8 +154,8 @@
/* filter is expected to inject mail back into a (Postfix or other)
/* MTA for further delivery. See the FILTER_README document for details.
/* .IP "\fBcontent_filter (empty)\fR"
/* The name of a mail delivery transport that filters mail after
/* it is queued.
/* After the message is queued, send the entire message to the
/* specified \fItransport:destination\fR.
/* BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
/* .ad
/* .fi
@ -164,6 +168,9 @@
/* The hostname and TCP port of the mail filtering proxy server.
/* .IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR"
/* How the Postfix SMTP server announces itself to the proxy filter.
/* .IP "\fBsmtpd_proxy_options (empty)\fR"
/* List of options that control how the Postfix SMTP server
/* communicates with a before-queue content filter.
/* .IP "\fBsmtpd_proxy_timeout (100s)\fR"
/* The time limit for connecting to a proxy filter and for sending or
/* receiving information.
@ -347,8 +354,8 @@
/* .IP "\fBsmtpd_tls_loglevel (0)\fR"
/* Enable additional Postfix SMTP server logging of TLS activity.
/* .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
/* The minimum TLS cipher grade that the Postfix SMTP server
/* will use with mandatory TLS encryption.
/* The minimum TLS cipher grade that the Postfix SMTP server will
/* use with mandatory TLS encryption.
/* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
/* Additional list of ciphers or cipher types to exclude from the
/* SMTP server cipher list at mandatory TLS security levels.
@ -678,8 +685,9 @@
/* Optional SMTP server access restrictions in the context of a client
/* SMTP connection request.
/* .IP "\fBsmtpd_helo_required (no)\fR"
/* Require that a remote SMTP client introduces itself at the beginning
/* of an SMTP session with the HELO or EHLO command.
/* Require that a remote SMTP client introduces itself with the HELO
/* or EHLO command before sending the MAIL command or other commands
/* that require EHLO negotiation.
/* .IP "\fBsmtpd_helo_restrictions (empty)\fR"
/* Optional restrictions that the Postfix SMTP server applies in the
/* context of the SMTP HELO command.
@ -738,7 +746,7 @@
/* See the file ADDRESS_VERIFICATION_README for information
/* about how to configure and operate the Postfix sender/recipient
/* address verification service.
/* .IP "\fBaddress_verify_poll_count (3)\fR"
/* .IP "\fBaddress_verify_poll_count (${stress?1}${stress:3})\fR"
/* How many times to query the \fBverify\fR(8) service for the completion
/* of an address verification request in progress.
/* .IP "\fBaddress_verify_poll_delay (3s)\fR"
@ -1142,6 +1150,7 @@ int var_verify_poll_delay;
char *var_smtpd_proxy_filt;
int var_smtpd_proxy_tmout;
char *var_smtpd_proxy_ehlo;
char *var_smtpd_proxy_opts;
char *var_input_transp;
int var_smtpd_policy_tmout;
int var_smtpd_policy_idle;
@ -1166,6 +1175,7 @@ bool var_smtpd_use_tls;
bool var_smtpd_enforce_tls;
bool var_smtpd_tls_wrappermode;
bool var_smtpd_tls_auth_only;
char *var_smtpd_cmd_filter;
#ifdef USE_TLS
char *var_smtpd_relay_ccerts;
@ -1227,6 +1237,8 @@ char *var_unk_addr_tf_act;
char *var_unv_rcpt_tf_act;
char *var_unv_from_tf_act;
int smtpd_proxy_opts;
/*
* Silly little macros.
*/
@ -1308,6 +1320,11 @@ static int ask_client_cert;
static int enforce_tls;
/*
* SMTP command mapping for broken clients.
*/
static DICT *smtpd_cmd_filter;
#ifdef USE_SASL_AUTH
/*
@ -1341,6 +1358,27 @@ static int sasl_client_exception(SMTPD_STATE *state)
#endif
/* smtpd_whatsup - gather available evidence for logging */
static const char *smtpd_whatsup(SMTPD_STATE *state)
{
static VSTRING *buf = 0;
if (buf == 0)
buf = vstring_alloc(100);
else
VSTRING_RESET(buf);
if (state->sender)
vstring_sprintf_append(buf, " from=<%s>", state->sender);
if (state->recipient)
vstring_sprintf_append(buf, " to=<%s>", state->recipient);
if (state->protocol)
vstring_sprintf_append(buf, " proto=%s", state->protocol);
if (state->helo_name)
vstring_sprintf_append(buf, " helo=<%s>", state->helo_name);
return (STR(buf));
}
/* collapse_args - put arguments together again */
static void collapse_args(int argc, SMTPD_TOKEN *argv)
@ -1359,23 +1397,9 @@ static void collapse_args(int argc, SMTPD_TOKEN *argv)
static const char *check_milter_reply(SMTPD_STATE *state, const char *reply)
{
const char *queue_id = state->queue_id ? state->queue_id : "NOQUEUE";
VSTRING *buf = vstring_alloc(100);
const char *action;
const char *text;
/*
* XXX Copied from log_whatsup(). Needs to be changed into a reusable
* function.
*/
if (state->sender)
vstring_sprintf_append(buf, " from=<%s>", state->sender);
if (state->recipient)
vstring_sprintf_append(buf, " to=<%s>", state->recipient);
if (state->protocol)
vstring_sprintf_append(buf, " proto=%s", state->protocol);
if (state->helo_name)
vstring_sprintf_append(buf, " helo=<%s>", state->helo_name);
/*
* The syntax of user-specified SMTP replies is checked by the Milter
* module, because the replies are also used in the cleanup server.
@ -1418,8 +1442,7 @@ static const char *check_milter_reply(SMTPD_STATE *state, const char *reply)
break;
}
msg_info("%s: %s: %s from %s: %s;%s", queue_id, action, state->where,
state->namaddr, reply ? reply : text, STR(buf));
vstring_free(buf);
state->namaddr, reply ? reply : text, smtpd_whatsup(state));
return (reply);
}
@ -1687,10 +1710,11 @@ static int mail_open_stream(SMTPD_STATE *state)
*/
if (state->proxy_mail) {
smtpd_check_rewrite(state);
if (smtpd_proxy_open(state, var_smtpd_proxy_filt,
var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
state->proxy_mail) != 0) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
if (smtpd_proxy_create(state, smtpd_proxy_opts, var_smtpd_proxy_filt,
var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
state->proxy_mail) != 0) {
smtpd_chat_reply(state, "%s", STR(state->proxy->buffer));
smtpd_proxy_free(state);
return (-1);
}
}
@ -2212,9 +2236,13 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
}
/*
* Check the queue file space, if applicable.
* Check the queue file space, if applicable. The optional before-filter
* speed-adjust buffers use disk space. However, we don't know if they
* compete for storage space with the after-filter queue, so we can't
* simply bump up the free space requirement to 2.5 * message_size_limit.
*/
if (!USE_SMTPD_PROXY(state)) {
if (!USE_SMTPD_PROXY(state)
|| (smtpd_proxy_opts & SMTPD_PROXY_FLAG_SPEED_ADJUST)) {
if (SMTPD_STAND_ALONE(state) == 0
&& (err = smtpd_check_queue(state)) != 0) {
/* XXX Reset access map side effects. */
@ -2308,14 +2336,8 @@ static void mail_reset(SMTPD_STATE *state)
VSTRING_RESET(state->instance);
VSTRING_TERMINATE(state->instance);
/*
* Try to be nice. Don't bother when we lost the connection. Don't bother
* waiting for a reply, it just increases latency.
*/
if (state->proxy) {
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_NONE, SMTPD_CMD_QUIT);
smtpd_proxy_close(state);
}
if (state->proxy)
smtpd_proxy_free(state);
if (state->xforward.flags)
smtpd_xforward_reset(state);
if (state->prepend)
@ -2335,6 +2357,7 @@ static void mail_reset(SMTPD_STATE *state)
static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
{
SMTPD_PROXY *proxy;
const char *err;
int narg;
char *arg;
@ -2478,9 +2501,10 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
* the recipient then we can have a proxy connection without having
* accepted a recipient.
*/
if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK,
"%s", STR(state->buffer)) != 0) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
proxy = state->proxy;
if (proxy != 0 && proxy->cmd(state, SMTPD_PROX_WANT_OK,
"%s", STR(state->buffer)) != 0) {
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
return (-1);
}
@ -2667,6 +2691,7 @@ static void comment_sanitize(VSTRING *comment_string)
static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
{
SMTPD_PROXY *proxy;
const char *err;
char *start;
int len;
@ -2725,9 +2750,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
smtpd_chat_reply(state, "%s", err);
return (-1);
}
if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_MORE,
"%s", STR(state->buffer)) != 0) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
proxy = state->proxy;
if (proxy != 0 && proxy->cmd(state, SMTPD_PROX_WANT_MORE,
"%s", STR(state->buffer)) != 0) {
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
return (-1);
}
@ -2736,10 +2762,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
* operation. We want to avoid massive code duplication within tons of
* if-else clauses.
*/
if (state->proxy) {
out_stream = state->proxy;
out_record = smtpd_proxy_rec_put;
out_fprintf = smtpd_proxy_rec_fprintf;
if (proxy) {
out_stream = proxy->stream;
out_record = proxy->rec_put;
out_fprintf = proxy->rec_fprintf;
out_error = CLEANUP_STAT_PROXY;
} else {
out_stream = state->cleanup;
@ -2781,7 +2807,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
* Suppress our own Received: header in the unlikely case that we are an
* intermediate proxy.
*/
if (!state->proxy || state->xforward.flags == 0) {
if (!proxy || state->xforward.flags == 0) {
out_fprintf(out_stream, REC_TYPE_NORM,
"Received: from %s (%s [%s])",
state->helo_name ? state->helo_name : state->name,
@ -2900,7 +2926,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
out_record(out_stream, REC_TYPE_NORM, "", 0);
}
if (prev_rec_type != REC_TYPE_CONT && *start == '.'
&& (state->proxy == 0 ? (++start, --len) == 0 : len == 1))
&& (proxy == 0 ? (++start, --len) == 0 : len == 1))
break;
if (state->err == CLEANUP_STAT_OK) {
if (var_message_limit > 0 && var_message_limit - state->act_size < len + 2) {
@ -2919,7 +2945,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
&& SMTPD_STAND_ALONE(state) == 0
&& (err = smtpd_check_eod(state)) != 0) {
smtpd_chat_reply(state, "%s", err);
if (state->proxy) {
if (proxy) {
smtpd_proxy_close(state);
} else {
mail_stream_cleanup(state->dest);
@ -2932,23 +2958,13 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
/*
* Send the end of DATA and finish the proxy connection. Set the
* CLEANUP_STAT_PROXY error flag in case of trouble.
*
* XXX The low-level proxy output routines should set "state" error
* attributes. This requires making "state" a context attribute of the
* VSTREAM.
*/
if (state->proxy) {
if (proxy) {
if (state->err == CLEANUP_STAT_OK) {
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, ".");
(void) proxy->cmd(state, SMTPD_PROX_WANT_ANY, ".");
if (state->err == CLEANUP_STAT_OK &&
*STR(state->proxy_buffer) != '2')
*STR(proxy->buffer) != '2')
state->err = CLEANUP_STAT_CONT;
} else if (state->err != CLEANUP_STAT_SIZE) {
state->err |= CLEANUP_STAT_PROXY;
detail = cleanup_stat_detail(CLEANUP_STAT_PROXY);
vstring_sprintf(state->proxy_buffer,
"%d %s Error: %s",
detail->smtp, detail->dsn, detail->text);
}
}
@ -3031,11 +3047,11 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
state->error_count = 0;
state->error_mask = 0;
state->junk_cmds = 0;
if (state->queue_id)
if (proxy)
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
else
smtpd_chat_reply(state,
"250 2.0.0 Ok: queued as %s", state->queue_id);
else
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
} else if (why && IS_SMTP_REJECT(STR(why))) {
state->error_mask |= MAIL_ERROR_POLICY;
smtpd_chat_reply(state, "%s", STR(why));
@ -3067,8 +3083,8 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
} else if ((state->err & CLEANUP_STAT_CONT) != 0) {
state->error_mask |= MAIL_ERROR_POLICY;
detail = cleanup_stat_detail(CLEANUP_STAT_CONT);
if (state->proxy_buffer) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
if (proxy) {
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
} else if (why && LEN(why) > 0) {
/* Allow address-specific DSN status in header/body_checks. */
smtpd_chat_reply(state, "%d %s", detail->smtp, STR(why));
@ -3083,7 +3099,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
detail->smtp, detail->dsn, detail->text);
} else if ((state->err & CLEANUP_STAT_PROXY) != 0) {
state->error_mask |= MAIL_ERROR_SOFTWARE;
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
} else {
state->error_mask |= MAIL_ERROR_SOFTWARE;
detail = cleanup_stat_detail(CLEANUP_STAT_BAD);
@ -3091,6 +3107,14 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
detail->smtp, detail->dsn, state->err);
}
/*
* By popular command: the proxy's end-of-data reply.
*/
if (proxy)
msg_info("proxy-%s: %s: %s;%s",
(state->err == CLEANUP_STAT_OK) ? "accept" : "reject",
state->where, STR(proxy->buffer), smtpd_whatsup(state));
/*
* Cleanup. The client may send another MAIL command.
*/
@ -3217,8 +3241,8 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
/*
* XXX 2821 new feature: Section 3.5.1 requires that the VRFY response is
* either "full name <user@domain>" or "user@domain". Postfix replies
* with the address that was provided by the client, whether or not it is
* in fully qualified domain form or not.
* with the string that was provided by the client, whether or not it is
* in fully qualified domain form and the address is in <>.
*
* Reply code 250 is reserved for the case where the address is verified;
* reply code 252 should be used when no definitive certainty exists.
@ -4130,8 +4154,8 @@ typedef struct SMTPD_CMD {
#define SMTPD_CMD_FLAG_LAST (1<<2) /* last in PIPELINING command group */
static SMTPD_CMD smtpd_cmd_table[] = {
SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS,
SMTPD_CMD_EHLO, ehlo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS,
SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,
SMTPD_CMD_EHLO, ehlo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,
#ifdef USE_TLS
SMTPD_CMD_STARTTLS, starttls_cmd, SMTPD_CMD_FLAG_PRE_TLS,
#endif
@ -4165,6 +4189,7 @@ static void smtpd_proto(SMTPD_STATE *state)
const char *ehlo_words;
const char *err;
int status;
const char *cp;
/*
* Print a greeting banner and run the state machine. Read SMTP commands
@ -4425,6 +4450,16 @@ static void smtpd_proto(SMTPD_STATE *state)
}
watchdog_pat();
smtpd_chat_query(state);
/* Move into smtpd_chat_query() and update session transcript. */
if (smtpd_cmd_filter != 0) {
for (cp = STR(state->buffer); *cp && IS_SPACE_TAB(*cp); cp++)
/* void */ ;
if ((cp = dict_get(smtpd_cmd_filter, cp)) != 0) {
msg_info("%s: replacing client command \"%s\" with \"%s\"",
state->namaddr, STR(state->buffer), cp);
vstring_strcpy(state->buffer, cp);
}
}
if ((argc = smtpd_token(vstring_str(state->buffer), &argv)) == 0) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "500 5.5.2 Error: bad syntax");
@ -4699,6 +4734,10 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
#endif
#ifdef USE_TLS
if (*var_smtpd_cmd_filter)
smtpd_cmd_filter = dict_open(var_smtpd_cmd_filter, O_RDONLY,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
/*
* XXX Temporary fix to pretend that we consistently implement TLS
* security levels. We implement only a subset for now. If we implement
@ -4843,6 +4882,15 @@ static void post_jail_init(char *unused_name, char **unused_argv)
smtpd_input_transp_mask =
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
/*
* Initialize before-queue filter options: do we want speed-matching
* support so that the entire message is received before we contact a
* before-queue content filter?
*/
if (*var_smtpd_proxy_filt)
smtpd_proxy_opts =
smtpd_proxy_parse_opts(VAR_SMTPD_PROXY_OPTS, var_smtpd_proxy_opts);
/*
* Sendmail mail filters.
*
@ -5023,6 +5071,7 @@ int main(int argc, char **argv)
VAR_VERP_CLIENTS, DEF_VERP_CLIENTS, &var_verp_clients, 0, 0,
VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0,
VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0,
VAR_SMTPD_PROXY_OPTS, DEF_SMTPD_PROXY_OPTS, &var_smtpd_proxy_opts, 0, 0,
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
VAR_XCLIENT_HOSTS, DEF_XCLIENT_HOSTS, &var_xclient_hosts, 0, 0,
VAR_XFORWARD_HOSTS, DEF_XFORWARD_HOSTS, &var_xforward_hosts, 0, 0,
@ -5075,6 +5124,7 @@ int main(int argc, char **argv)
VAR_UNK_ADDR_TF_ACT, DEF_UNK_ADDR_TF_ACT, &var_unk_addr_tf_act, 1, 0,
VAR_UNV_RCPT_TF_ACT, DEF_UNV_RCPT_TF_ACT, &var_unv_rcpt_tf_act, 1, 0,
VAR_UNV_FROM_TF_ACT, DEF_UNV_FROM_TF_ACT, &var_unv_from_tf_act, 1, 0,
VAR_SMTPD_CMD_FILTER, DEF_SMTPD_CMD_FILTER, &var_smtpd_cmd_filter, 0, 0,
0,
};
static const CONFIG_RAW_TABLE raw_table[] = {

2
external/ibm-public/postfix/dist/src/tls/tls_client.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: tls_client.c,v 1.2 2009/07/20 17:17:56 christos Exp $ */
/* $NetBSD: tls_client.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME

2
external/ibm-public/postfix/dist/src/tls/tls_server.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: tls_server.c,v 1.2 2009/07/20 17:17:56 christos Exp $ */
/* $NetBSD: tls_server.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME

13
external/ibm-public/postfix/dist/src/util/inet_addr_local.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: inet_addr_local.c,v 1.2 2010/02/23 16:41:01 jnemeth Exp $ */
/* $NetBSD: inet_addr_local.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME
@ -186,9 +186,15 @@ static int ial_getifaddrs(INET_ADDR_LIST *addr_list,
if (!(ifa->ifa_flags & IFF_UP) || ifa->ifa_addr == 0)
continue;
sa = ifa->ifa_addr;
sam = ifa->ifa_netmask;
if (af != AF_UNSPEC && sa->sa_family != af)
continue;
sam = ifa->ifa_netmask;
if (sam == 0) {
/* XXX In mynetworks, a null netmask would match everyone. */
msg_warn("ignoring interface with null netmask, address family %d",
sa->sa_family);
continue;
}
switch (sa->sa_family) {
case AF_INET:
if (SOCK_ADDR_IN_ADDR(sa).s_addr == INADDR_ANY)
@ -586,7 +592,8 @@ int main(int unused_argc, char **argv)
msg_vstream_init(argv[0], VSTREAM_ERR);
msg_verbose = 1;
proto_info = inet_proto_init(argv[0], INET_PROTO_NAME_ALL);
proto_info = inet_proto_init(argv[0],
argv[1] ? argv[1] : INET_PROTO_NAME_ALL);
inet_addr_list_init(&addr_list);
inet_addr_list_init(&mask_list);
inet_addr_local(&addr_list, &mask_list, proto_info->ai_family_list);

18
external/ibm-public/postfix/dist/src/util/unix_recv_fd.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: unix_recv_fd.c,v 1.2 2009/06/23 11:41:07 tron Exp $ */
/* $NetBSD: unix_recv_fd.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME
@ -65,7 +65,7 @@ int unix_recv_fd(int fd)
/*
* Adapted from: W. Richard Stevens, UNIX Network Programming, Volume 1,
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE, for
* portability to LP64 environments.
* portability to some LP64 environments. See also unix_send_fd.c.
*/
#if defined(CMSG_SPACE) && !defined(NO_MSGHDR_MSG_CONTROL)
union {
@ -76,7 +76,11 @@ int unix_recv_fd(int fd)
memset((char *) &msg, 0, sizeof(msg)); /* Fix 200512 */
msg.msg_control = control_un.control;
msg.msg_controllen = sizeof(control_un.control); /* Fix 200506 */
if (unix_pass_fd_fix & UNIX_PASS_FD_FIX_CMSG_LEN) {
msg.msg_controllen = CMSG_LEN(sizeof(newfd)); /* Fix 200506 */
} else {
msg.msg_controllen = sizeof(control_un.control); /* normal */
}
#else
msg.msg_accrights = (char *) &newfd;
msg.msg_accrightslen = sizeof(newfd);
@ -143,10 +147,10 @@ int main(int argc, char **argv)
ssize_t read_count;
char buf[1024];
if (argc != 2
if (argc < 2 || argc > 3
|| (endpoint = split_at(transport = argv[1], ':')) == 0
|| *endpoint == 0 || *transport == 0)
msg_fatal("usage: %s transport:endpoint", argv[0]);
msg_fatal("usage: %s transport:endpoint [workaround]", argv[0]);
if (strcmp(transport, "unix") == 0) {
listen_sock = unix_listen(endpoint, 10, BLOCKING);
@ -160,8 +164,10 @@ int main(int argc, char **argv)
if (client_sock < 0)
msg_fatal("accept: %m");
set_unix_pass_fd_fix(argv[2] ? argv[2] : "");
while ((client_fd = unix_recv_fd(client_sock)) >= 0) {
msg_info("client_fd = %d", client_fd);
msg_info("client_fd = %d, fix=%d", client_fd, unix_pass_fd_fix);
while ((read_count = read(client_fd, buf, sizeof(buf))) > 0)
write(1, buf, read_count);
if (read_count < 0)

52
external/ibm-public/postfix/dist/src/util/unix_send_fd.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: unix_send_fd.c,v 1.2 2009/06/23 11:41:07 tron Exp $ */
/* $NetBSD: unix_send_fd.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME
@ -66,8 +66,8 @@ int unix_send_fd(int fd, int sendfd)
/*
* Adapted from: W. Richard Stevens, UNIX Network Programming, Volume 1,
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE; the
* latter breaks on LP64 systems.
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE, for
* portability to some LP64 environments. See also unix_recv_fd.c.
*/
#if defined(CMSG_SPACE) && !defined(NO_MSGHDR_MSG_CONTROL)
union {
@ -76,10 +76,13 @@ int unix_send_fd(int fd, int sendfd)
} control_un;
struct cmsghdr *cmptr;
memset((char *) &msg, 0, sizeof(msg)); /* Fix 200512 */
memset((char *) &msg, 0, sizeof(msg)); /* Fix 200512 */
msg.msg_control = control_un.control;
msg.msg_controllen = sizeof(control_un.control); /* Fix 200506 */
if (unix_pass_fd_fix & UNIX_PASS_FD_FIX_CMSG_LEN) {
msg.msg_controllen = CMSG_LEN(sizeof(sendfd)); /* Fix 200506 */
} else {
msg.msg_controllen = sizeof(control_un.control); /* normal */
}
cmptr = CMSG_FIRSTHDR(&msg);
cmptr->cmsg_len = CMSG_LEN(sizeof(sendfd));
cmptr->cmsg_level = SOL_SOCKET;
@ -103,7 +106,40 @@ int unix_send_fd(int fd, int sendfd)
msg.msg_iov = iov;
msg.msg_iovlen = 1;
return (sendmsg(fd, &msg, 0));
/*
* The CMSG_LEN send/receive workaround was originally developed for
* OpenBSD 3.6 on SPARC64. After the workaround was verified to not break
* Solaris 8 on SPARC64, it was hard-coded with Postfix 2.3 for all
* platforms because of increasing pressure to work on other things. The
* workaround does nothing for 32-bit systems.
*
* The investigation was reopened with Postfix 2.7 because the workaround
* broke with NetBSD 5.0 on 64-bit architectures. This time it was found
* that OpenBSD <= 4.3 on AMD64 and SPARC64 needed the workaround for
* sending only. The following platforms worked with and without the
* workaround: OpenBSD 4.5 on AMD64 and SPARC64, FreeBSD 7.2 on AMD64,
* Solaris 8 on SPARC64, and Linux 2.6-11 on x86_64.
*
* As this appears to have been an OpenBSD-specific problem, we revert to
* the Postfix 2.2 behavior. Instead of hard-coding the workaround for
* all platforms, we now detect sendmsg() errors at run time and turn on
* the workaround dynamically.
*
* The workaround was made run-time configurable to investigate the problem
* on multiple platforms. Though set_unix_pass_fd_fix() is over-kill for
* this specific problem, it is left in place so that it can serve as an
* example of how to add run-time configurable workarounds to Postfix.
*/
if (sendmsg(fd, &msg, 0) >= 0)
return (0);
if (unix_pass_fd_fix == 0) {
if (msg_verbose)
msg_info("sendmsg error (%m). Trying CMSG_LEN workaround.");
unix_pass_fd_fix = UNIX_PASS_FD_FIX_CMSG_LEN;
return (unix_send_fd(fd, sendfd));
} else {
return (-1);
}
#endif
}
@ -128,6 +164,8 @@ int main(int argc, char **argv)
int server_sock;
int client_fd;
msg_verbose = 1;
if (argc < 3
|| (endpoint = split_at(transport = argv[1], ':')) == 0
|| *endpoint == 0 || *transport == 0)