Resolve conflicts from last import.
This commit is contained in:
parent
28e9a2d236
commit
6941d836af
|
@ -4,10 +4,10 @@ PPoossttffiixx AAddddrreessss VVeerriiffiiccaattiioonn
|
|||
|
||||
WWAARRNNIINNGG
|
||||
|
||||
The sender/recipient address verification feature described in this document is
|
||||
suitable only for low-traffic sites. It performs poorly under high load;
|
||||
excessive sender address verification activity may even cause your site to be
|
||||
blacklisted by some providers. See the "Limitations" section below for details.
|
||||
Recipient address verification may cause an increased load on down-stream
|
||||
servers in the case of a dictionary attack or a flood of backscatter bounces.
|
||||
Sender address verification may cause your site to be blacklisted by some
|
||||
providers. See also the "Limitations" section below for more.
|
||||
|
||||
WWhhaatt PPoossttffiixx aaddddrreessss vveerriiffiiccaattiioonn ccaann ddoo ffoorr yyoouu
|
||||
|
||||
|
@ -18,8 +18,8 @@ verified to be deliverable.
|
|||
The technique has obvious uses to reject junk mail with an unreplyable sender
|
||||
address.
|
||||
|
||||
The technique may also be useful to block mail for undeliverable recipients,
|
||||
for example on a mail relay host that does not have a list of all the valid
|
||||
The technique is also useful to block mail for undeliverable recipients, for
|
||||
example on a mail relay host that does not have a list of all the valid
|
||||
recipient addresses. This prevents undeliverable junk mail from entering the
|
||||
queue, so that Postfix doesn't have to waste resources trying to send MAILER-
|
||||
DAEMON messages back.
|
||||
|
@ -47,18 +47,26 @@ the Postfix MTA itself, or it could be a remote MTA (SMTP interruptus). Probe
|
|||
messages are like normal mail, except that they are never delivered, deferred
|
||||
or bounced; probe messages are always discarded.
|
||||
|
||||
Postfix Postfix Address
|
||||
Internet -> SMTP <-> verify <-> verification
|
||||
server server database
|
||||
|
||||
probe Postfix
|
||||
message -> mail
|
||||
queue
|
||||
Postfix Postfix ->
|
||||
Internet -> SMTP <-> verify
|
||||
server server |
|
||||
v
|
||||
|
||||
| ^
|
||||
probe delivery
|
||||
messages status
|
||||
v |
|
||||
<- Postfix
|
||||
probe <- delivery -> Local
|
||||
status agents -> Remote
|
||||
^
|
||||
|
|
||||
v
|
||||
|
||||
|
||||
Postfix Postfix
|
||||
queue -> delivery
|
||||
agents
|
||||
Address
|
||||
verification
|
||||
database
|
||||
|
||||
With Postfix address verification turned on, normal mail will suffer only a
|
||||
short delay of up to 6 seconds while an address is being verified for the first
|
||||
|
@ -77,7 +85,8 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi
|
|||
address, without actually delivering mail to it. If the nearest MTA accepts
|
||||
the address, then Postfix assumes that the address is deliverable. In
|
||||
reality, mail for a remote address can bounce AFTER the nearest MTA accepts
|
||||
the recipient address.
|
||||
the recipient address, or AFTER the nearest MTA accepts the message
|
||||
content.
|
||||
|
||||
* Some sites may blacklist you when you are probing them too often (a probe
|
||||
is an SMTP session that does not deliver mail), or when you are probing
|
||||
|
@ -95,30 +104,31 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi
|
|||
* Postfix assumes that an address is undeliverable when the nearest MTA for
|
||||
the address rejects the probe, regardless of the reason for rejection
|
||||
(client rejected, HELO rejected, MAIL FROM rejected, etc.). Thus, Postfix
|
||||
rejects mail when the sender's MTA rejects mail from your machine. This is
|
||||
a good thing.
|
||||
rejects an address when the nearest MTA for that address rejects mail from
|
||||
your machine for any reason. This is not a limitation, but it is mentioned
|
||||
here just in case people believe that it is a limitation.
|
||||
|
||||
* Unfortunately, some major sites such as YAHOO do not reject unknown
|
||||
addresses in reply to the RCPT TO command, but report a delivery failure in
|
||||
response to end of DATA after a message is transferred. Postfix address
|
||||
verification does not work with such sites.
|
||||
* Unfortunately, some sites do not reject unknown addresses in reply to the
|
||||
RCPT TO command, but report a delivery failure in response to end of DATA
|
||||
after a message is transferred. Postfix address verification does not work
|
||||
with such sites.
|
||||
|
||||
* By default, Postfix probe messages have "double-bounce@$myorigin" as the
|
||||
sender address (with Postfix versions before 2.5, the default is
|
||||
* By default, Postfix probe messages have a sender address "double-
|
||||
bounce@$myorigin" (with Postfix versions before 2.5, the default is
|
||||
"postmaster@$myorigin"). This is SAFE because the Postfix SMTP server does
|
||||
not reject mail for this address.
|
||||
|
||||
You can change this into the null address ("address_verify_sender ="). This
|
||||
is UNSAFE because address probes will fail with mis-configured sites that
|
||||
reject MAIL FROM: <>, while probes from "postmaster@$myorigin" would
|
||||
succeed.
|
||||
You can change the probe sender address into the null address
|
||||
("address_verify_sender ="). This is UNSAFE because address probes will
|
||||
fail with mis-configured sites that reject MAIL FROM: <>, while probes from
|
||||
"postmaster@$myorigin" would succeed.
|
||||
|
||||
RReecciippiieenntt aaddddrreessss vveerriiffiiccaattiioonn
|
||||
|
||||
As mentioned earlier, recipient address verification may be useful to block
|
||||
mail for undeliverable recipients on a mail relay host that does not have a
|
||||
list of all valid recipient addresses. This can help to prevent the mail queue
|
||||
from filling up with MAILER-DAEMON messages.
|
||||
As mentioned earlier, recipient address verification is useful to block mail
|
||||
for undeliverable recipients on a mail relay host that does not have a list of
|
||||
all valid recipient addresses. This can help to prevent the mail queue from
|
||||
filling up with MAILER-DAEMON messages.
|
||||
|
||||
Recipient address verification is relatively straightforward and there are no
|
||||
surprises. If a recipient probe fails, then Postfix rejects mail for the
|
||||
|
@ -127,9 +137,10 @@ the recipient address. However, recipient address verification probes can
|
|||
increase the load on down-stream MTAs when you're being flooded by backscatter
|
||||
bounces, or when some spammer is mounting a dictionary attack.
|
||||
|
||||
By default, address verification results are not saved. To avoid probing the
|
||||
same address repeatedly, you can store the result in a persistent database as
|
||||
described later.
|
||||
By default, address verification results are saved in a persistent database
|
||||
(Postfix version 2.7 and later; with earlier versions, specify the database in
|
||||
main.cf as described later). The persistent database helps to avoid probing the
|
||||
same address repeatedly.
|
||||
|
||||
/etc/postfix/main.cf:
|
||||
smtpd_recipient_restrictions =
|
||||
|
@ -177,11 +188,13 @@ verification for specific domains that often appear in forged email.
|
|||
# Postfix 2.6 and later.
|
||||
# unverified_sender_defer_code = 250
|
||||
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note 1: Be sure to read the "Caching" section below!
|
||||
# Note 2: Avoid hash files here. Use btree instead.
|
||||
address_verify_map = btree:/var/db/postfix/verify
|
||||
|
||||
/etc/postfix/sender_access:
|
||||
# Don't do this when you handle lots of email.
|
||||
aol.com reject_unverified_sender
|
||||
hotmail.com reject_unverified_sender
|
||||
bigfoot.com reject_unverified_sender
|
||||
|
@ -216,6 +229,7 @@ be blocked:
|
|||
# Postfix 2.6 and later.
|
||||
# unverified_sender_reject_reason = Address verification failed
|
||||
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note 1: Be sure to read the "Caching" section below!
|
||||
# Note 2: Avoid hash files here. Use btree instead.
|
||||
address_verify_map = btree:/var/db/postfix/verify
|
||||
|
@ -261,54 +275,61 @@ probe fails with some temporary error.
|
|||
|
||||
AAddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
|
||||
|
||||
NOTE: By default, address verification information is not stored in a
|
||||
persistent file. You have to specify one in main.cf (see below). Persistent
|
||||
storage is off by default because it may need more disk space than is available
|
||||
in your file system.
|
||||
|
||||
Address verification information is cached by the Postfix verify daemon.
|
||||
Postfix has a bunch of parameters that control the caching of positive and
|
||||
negative results. Refer to the verify(8) manual page for details.
|
||||
|
||||
The address_verify_map (NOTE: singular) configuration parameter specifies an
|
||||
optional database for sender or recipient address verification results. If you
|
||||
don't specify a file, all address verification information is lost after
|
||||
"postfix reload" or "postfix stop".
|
||||
|
||||
If your /var file system has sufficient space, try:
|
||||
To improve performance, the Postfix verify(8) daemon can save address
|
||||
verification results to a persistent database. This is enabled by default with
|
||||
Postfix 2.7 and later. The address_verify_map (NOTE: singular) configuration
|
||||
parameter specifies persistent storage for sender or recipient address
|
||||
verification results. If you specify an empty value, all address verification
|
||||
results are lost after "postfix reload" or "postfix stop".
|
||||
|
||||
/etc/postfix/main.cf:
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note: avoid hash files here. Use btree instead.
|
||||
address_verify_map = btree:/var/db/postfix/verify
|
||||
address_verify_map = btree:$data_directory/verify_cache
|
||||
|
||||
NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening
|
||||
this file. The file should now be stored under the Postfix-owned
|
||||
data_directory. As a migration aid, an attempt to open the file under a non-
|
||||
Postfix directory is redirected to the Postfix-owned data_directory, and a
|
||||
warning is logged. If you wish to continue using a pre-existing database file,
|
||||
move it to the data_directory, and change ownership to the account specified
|
||||
with the mail_owner parameter.
|
||||
# Default setting for Postfix 2.6 and earlier.
|
||||
# This uses non-persistent storage only.
|
||||
address_verify_map =
|
||||
|
||||
NOTE 1: The database file should be stored under a Postfix-owned directory,
|
||||
such as $data_directory.
|
||||
|
||||
As of version 2.5, Postfix no longer uses root privileges when opening this
|
||||
file. To maintain backwards compatibility, an attempt to open the file
|
||||
under a non-Postfix directory is redirected to the Postfix-owned
|
||||
data_directory, and a warning is logged. If you wish to continue using a
|
||||
pre-existing database file, change its file ownership to the account
|
||||
specified with the mail_owner parameter, and either move the file to the
|
||||
data_directory, or move it to some other Postfix-owned directory.
|
||||
|
||||
NOTE 2: Do not put this file in a file system that may run out of space. When
|
||||
the address verification table gets corrupted the world comes to an end and YOU
|
||||
will have to MANUALLY fix things as described in the next section. Meanwhile,
|
||||
you will not receive mail via SMTP.
|
||||
|
||||
NOTE 3: The verify(8) daemon process will create a new database when none
|
||||
exists, and will open/create the file before it enters the chroot jail.
|
||||
NOTE 3: The verify(8) daemon will create a new database when none exists. It
|
||||
will open or create the file before entering the chroot jail.
|
||||
|
||||
MMaannaaggiinngg tthhee aaddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
|
||||
|
||||
The verify(8) manual page describes parameters that control how long
|
||||
information remains cached before it needs to be refreshed, and how long
|
||||
information can remain "unrefreshed" before it expires. Postfix uses different
|
||||
The verify(8) manual page describes parameters that control how long address
|
||||
verification results are cached before they need to be refreshed, and how long
|
||||
results can remain "unrefreshed" before they expire. Postfix uses different
|
||||
controls for positive results (address was accepted) and for negative results
|
||||
(address was rejected).
|
||||
(address was rejected, or address verification failed for some other reason).
|
||||
|
||||
Right now, no tools are provided to manage the address verification database.
|
||||
If the file gets too big, or if it gets corrupted, you can manually rename or
|
||||
delete the file and run "postfix reload". The new verify daemon process will
|
||||
then create a new database.
|
||||
The verify(8) daemon will periodically remove expired entries from the address
|
||||
verification database, and log the number of entries retained and dropped
|
||||
(Postfix versions 2.7 and later). A cleanup run is logged as "partial" when the
|
||||
daemon terminates early because of "postfix reload, "postfix stop", or because
|
||||
the daemon received no requests for $max_idle seconds. Postfix versions 2.6 and
|
||||
earlier do not implement automatic address verification database cleanup.
|
||||
There, the database is managed manually as described next.
|
||||
|
||||
When the address verification database file becomes too big, or when it becomes
|
||||
corrupted, the solution is to manually rename or delete (NOT: truncate) the
|
||||
file and run "postfix reload". The verify(8) daemon will then create a new
|
||||
database file.
|
||||
|
||||
CCoonnttrroolllliinngg tthhee rroouuttiinngg ooff aaddddrreessss vveerriiffiiccaattiioonn pprroobbeess
|
||||
|
||||
|
|
|
@ -1659,7 +1659,7 @@ by the smtp_tls_mandatory_ciphers configuration parameter. This setting
|
|||
controls the minimum acceptable SMTP client TLS cipher grade for use with
|
||||
mandatory TLS encryption. The default value "medium" is suitable for most
|
||||
destinations with which you may want to enforce TLS, and is beyond the reach of
|
||||
today's crypt-analytic methods. See smtp_tls_policy_maps for information on how
|
||||
today's cryptanalytic methods. See smtp_tls_policy_maps for information on how
|
||||
to configure ciphers on a per-destination basis.
|
||||
|
||||
By default anonymous ciphers are allowed, and automatically disabled when
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: master.cf,v 1.2 2009/06/23 11:41:06 tron Exp $
|
||||
# $NetBSD: master.cf,v 1.3 2010/06/17 18:18:14 tron Exp $
|
||||
#
|
||||
#
|
||||
# Postfix master process configuration file. For details on the format
|
||||
|
@ -21,7 +21,7 @@
|
|||
# -o smtpd_sasl_auth_enable=yes
|
||||
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
||||
# -o milter_macro_daemon_name=ORIGINATING
|
||||
#628 inet n - n - - qmqpd
|
||||
#628 inet n - n - - qmqpd
|
||||
pickup fifo n - n 60 1 pickup
|
||||
cleanup unix n - n - 0 cleanup
|
||||
qmgr unix n - n 300 1 qmgr
|
||||
|
@ -67,10 +67,14 @@ scache unix - - n - 1 scache
|
|||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# The Cyrus deliver program has changed incompatibly, multiple times.
|
||||
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
|
||||
#
|
||||
#old-cyrus unix - n n - - pipe
|
||||
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
|
||||
# Specify in cyrus.conf:
|
||||
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
|
||||
#
|
||||
# Specify in main.cf one or more of the following:
|
||||
# mailbox_transport = lmtp:inet:localhost
|
||||
# virtual_transport = lmtp:inet:localhost
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
|
@ -82,6 +86,13 @@ scache unix - - n - 1 scache
|
|||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# Old example of delivery via Cyrus.
|
||||
#
|
||||
#old-cyrus unix - n n - - pipe
|
||||
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
||||
# See the Postfix UUCP_README file for configuration details.
|
||||
#
|
||||
#uucp unix - n n - - pipe
|
||||
|
|
|
@ -19,12 +19,11 @@
|
|||
|
||||
<h2>WARNING </h2>
|
||||
|
||||
<p> The sender/recipient address verification feature described in this
|
||||
document is suitable only for low-traffic sites. It performs poorly
|
||||
under high load; excessive sender address verification activity may
|
||||
even cause your site to be blacklisted by some
|
||||
providers. See the "<a href="#limitations">Limitations</a>" section
|
||||
below for details. </p>
|
||||
<p> Recipient address verification may cause an increased load on
|
||||
down-stream servers in the case of a dictionary attack or a flood
|
||||
of backscatter bounces. Sender address verification may cause your
|
||||
site to be blacklisted by some providers. See also the "<a
|
||||
href="#limitations">Limitations</a>" section below for more. </p>
|
||||
|
||||
<h2><a name="summary">What Postfix address verification can do for you</a></h2>
|
||||
|
||||
|
@ -35,7 +34,7 @@ until the address has been verified to be deliverable. </p>
|
|||
<p> The technique has obvious uses to reject junk mail
|
||||
with an unreplyable sender address. </p>
|
||||
|
||||
<p> The technique may also be useful to block mail for undeliverable
|
||||
<p> The technique is also useful to block mail for undeliverable
|
||||
recipients, for example on a mail <a href="postconf.5.html#relayhost">relay host</a> that does not have a
|
||||
list of all the valid recipient addresses. This prevents undeliverable
|
||||
junk mail from entering the queue, so that Postfix doesn't have to
|
||||
|
@ -86,74 +85,96 @@ always discarded. </p>
|
|||
|
||||
<blockquote>
|
||||
|
||||
<table>
|
||||
<table border="0">
|
||||
|
||||
<tr>
|
||||
|
||||
<td bgcolor="#f0f0ff" align="center" valign="middle"> Internet
|
||||
<td rowspan="2" colspan="5" align="center" valign="middle">
|
||||
</td>
|
||||
|
||||
<td rowspan="3" align="center" valign="bottom"> <tt> -> </tt>
|
||||
</td>
|
||||
|
||||
<td align="center" valign="middle"> <tt> -> </tt> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> probe<br>
|
||||
message </td>
|
||||
|
||||
<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
|
||||
href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> <tt> -> </tt>
|
||||
</td>
|
||||
|
||||
<td colspan="2" align="center" valign="middle"> <tt> <->
|
||||
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Postfix<br> mail<br> queue </td>
|
||||
|
||||
</tr>
|
||||
|
||||
<tr> </tr>
|
||||
|
||||
<tr>
|
||||
|
||||
<td rowspan="3" align="center" valign="middle"> Internet </td>
|
||||
|
||||
<td rowspan="3" align="center" valign="middle"> <tt> -> </tt>
|
||||
</td>
|
||||
|
||||
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
<a href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
|
||||
|
||||
<td rowspan="3" align="center" valign="middle"> <tt> <->
|
||||
</tt> </td>
|
||||
|
||||
<td bgcolor="#f0f0ff" colspan="3" align="center" valign="middle">
|
||||
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
<a href="verify.8.html">Postfix<br> verify<br> server</a>
|
||||
</td>
|
||||
|
||||
<td colspan="2" align="center" valign="middle"> <tt> <->
|
||||
</tt> </td>
|
||||
</tr>
|
||||
|
||||
<td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
|
||||
verification<br> database </td>
|
||||
<tr>
|
||||
|
||||
<td rowspan="1" colspan="3"> </td>
|
||||
|
||||
<td rowspan="1" align="center" valign="middle"> <tt> |</tt><br>
|
||||
<tt> v</tt> </td>
|
||||
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
|
||||
<td colspan="3"> </td>
|
||||
<td rowspan="3" align="center" valign="top"> <tt> <- </tt>
|
||||
</td>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> probe<br>
|
||||
status </td>
|
||||
|
||||
<td colspan="2" align="right" valign="middle"> <tt> |</tt><br>
|
||||
probe<br> messages<br> <tt> v </tt> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> <tt> <- </tt>
|
||||
</td>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Postfix<br> delivery<br> agents </td>
|
||||
|
||||
<td colspan="2" align="left" valign="middle"> ^<br> delivery<br>
|
||||
status<br> <tt> | </tt> </td>
|
||||
|
||||
<td> </td>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" align="left" valign="middle"> <tt>-></tt>
|
||||
Local<br> <tt>-></tt> Remote</td>
|
||||
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" colspan="4" align="center" valign="middle">
|
||||
</td>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> <tt>
|
||||
^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
|
||||
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
<td> </td>
|
||||
<tr> </tr>
|
||||
|
||||
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Postfix<br> queue </td>
|
||||
<tr> <td colspan="4"> </td> </tr>
|
||||
|
||||
<td align="center" valign="middle"> <tt> -> </tt> </td>
|
||||
<tr>
|
||||
|
||||
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Postfix<br> delivery<br> agents </td>
|
||||
<td colspan="4" align="center" valign="middle"> </td>
|
||||
|
||||
<td> </td>
|
||||
|
||||
<td> </td>
|
||||
<td bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Address<br> verification<br> database </td>
|
||||
|
||||
</tr>
|
||||
|
||||
|
@ -181,7 +202,8 @@ details. </p>
|
|||
MTA for that address, without actually delivering mail to it. If
|
||||
the nearest MTA accepts the address, then Postfix assumes that the
|
||||
address is deliverable. In reality, mail for a remote address can
|
||||
bounce AFTER the nearest MTA accepts the recipient address. </p>
|
||||
bounce AFTER the nearest MTA accepts the recipient address, or AFTER
|
||||
the nearest MTA accepts the message content. </p>
|
||||
|
||||
<li> <p> Some sites may blacklist you when you are probing them
|
||||
too often (a probe is an SMTP session that does not deliver mail),
|
||||
|
@ -200,21 +222,25 @@ mail routing and for possible limitations when you have to do this.
|
|||
<li> <p> Postfix assumes that an address is undeliverable when the
|
||||
nearest MTA for the address rejects the probe, regardless of the
|
||||
reason for rejection (client rejected, HELO rejected, MAIL FROM
|
||||
rejected, etc.). Thus, Postfix rejects mail when the sender's MTA
|
||||
rejects mail from your machine. This is a good thing. </p>
|
||||
rejected, etc.). Thus, Postfix rejects an address when the nearest
|
||||
MTA for that address rejects mail from your machine for any reason.
|
||||
This is not a limitation, but it is mentioned here just in case
|
||||
people believe that it is a limitation. </p>
|
||||
|
||||
<li> <p> Unfortunately, some major sites such as YAHOO do not reject
|
||||
<li> <p> Unfortunately, some sites do not reject
|
||||
unknown addresses in reply to the RCPT TO command, but report a
|
||||
delivery failure in response to end of DATA after a message is
|
||||
transferred. Postfix address verification does not work with such
|
||||
sites. </p>
|
||||
|
||||
<li> <p> By default, Postfix probe messages have "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>"
|
||||
as the sender address (with Postfix versions before 2.5, the default
|
||||
<li> <p> By default, Postfix probe messages have a sender address
|
||||
"double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>" (with Postfix versions before 2.5, the
|
||||
default
|
||||
is "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>"). This is SAFE because the Postfix SMTP
|
||||
server does not reject mail for this address. </p>
|
||||
|
||||
<p> You can change this into the null address ("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
|
||||
<p> You can change the probe sender address into the null address
|
||||
("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
|
||||
="). This is UNSAFE because address probes will fail with
|
||||
mis-configured sites that reject MAIL FROM: <>, while
|
||||
probes from "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>" would succeed. </p>
|
||||
|
@ -223,7 +249,7 @@ probes from "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>" would
|
|||
|
||||
<h2><a name="recipient">Recipient address verification</a></h2>
|
||||
|
||||
<p> As mentioned earlier, recipient address verification may be
|
||||
<p> As mentioned earlier, recipient address verification is
|
||||
useful to block mail for undeliverable recipients on a mail relay
|
||||
host that does not have a list of all valid recipient addresses.
|
||||
This can help to prevent the mail queue from filling up with
|
||||
|
@ -237,9 +263,11 @@ However, recipient address verification probes can increase the
|
|||
load on down-stream MTAs when you're being flooded by backscatter
|
||||
bounces, or when some spammer is mounting a dictionary attack. </p>
|
||||
|
||||
<p> By default, address verification results are not saved. To avoid
|
||||
probing the same address repeatedly, you can store the result in a
|
||||
<a href="#caching">persistent database</a> as described later. </p>
|
||||
<p> By default, address verification results are saved in a <a
|
||||
href="#caching">persistent database</a> (Postfix version 2.7 and
|
||||
later; with earlier versions, specify the database in <a href="postconf.5.html">main.cf</a> as
|
||||
described later). The persistent database helps to avoid probing
|
||||
the same address repeatedly. </p>
|
||||
|
||||
<blockquote>
|
||||
<pre>
|
||||
|
@ -299,11 +327,13 @@ in forged email. </p>
|
|||
# Postfix 2.6 and later.
|
||||
# <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> = 250
|
||||
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
|
||||
# Note 2: Avoid hash files here. Use btree instead.
|
||||
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
|
||||
|
||||
/etc/postfix/sender_access:
|
||||
# Don't do this when you handle lots of email.
|
||||
aol.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
|
||||
hotmail.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
|
||||
bigfoot.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
|
||||
|
@ -344,6 +374,7 @@ you can see what mail would be blocked: </p>
|
|||
# Postfix 2.6 and later.
|
||||
# <a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Address verification failed
|
||||
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
|
||||
# Note 2: Avoid hash files here. Use btree instead.
|
||||
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
|
||||
|
@ -402,40 +433,38 @@ sender address verification probe fails with some temporary error.
|
|||
|
||||
<h2><a name="caching">Address verification database</a></h2>
|
||||
|
||||
<p> NOTE: By default, address verification information is not stored
|
||||
in a persistent file. You have to specify one in <a href="postconf.5.html">main.cf</a> (see
|
||||
below). Persistent storage is off by default because it may need
|
||||
more disk space than is available in your file system. </p>
|
||||
|
||||
<p> Address verification information is cached by the Postfix verify
|
||||
daemon. Postfix has a bunch of parameters that control the caching
|
||||
of positive and negative results. Refer to the <a href="verify.8.html">verify(8)</a> manual
|
||||
page for details. </p>
|
||||
|
||||
<p> The <a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter
|
||||
specifies an optional database for sender or recipient address
|
||||
verification results. If you don't specify a file, all address
|
||||
verification information is lost after "postfix reload" or "postfix
|
||||
stop". </p>
|
||||
|
||||
<p> If your /var file system has sufficient space, try: </p>
|
||||
<p> To improve performance, the Postfix <a href="verify.8.html">verify(8)</a> daemon can save
|
||||
address verification results to a persistent database. This is
|
||||
enabled by default with Postfix 2.7 and later. The
|
||||
<a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter specifies
|
||||
persistent storage for sender or recipient address verification
|
||||
results. If you specify an empty value, all address verification
|
||||
results are lost after "postfix reload" or "postfix stop". </p>
|
||||
|
||||
<blockquote>
|
||||
<pre>
|
||||
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note: avoid hash files here. Use btree instead.
|
||||
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
|
||||
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
|
||||
|
||||
# Default setting for Postfix 2.6 and earlier.
|
||||
# This uses non-persistent storage only.
|
||||
<a href="postconf.5.html#address_verify_map">address_verify_map</a> =
|
||||
</pre>
|
||||
</blockquote>
|
||||
|
||||
<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
|
||||
when opening this file. The file should now be stored under the
|
||||
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
|
||||
open the file under a non-Postfix directory is redirected to the
|
||||
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If you wish
|
||||
to continue using a pre-existing database file, move it to the
|
||||
<a href="postconf.5.html#data_directory">data_directory</a>, and change ownership to the account specified with
|
||||
the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter. </p>
|
||||
<p> NOTE 1: The database file should be stored under a Postfix-owned
|
||||
directory, such as $<a href="postconf.5.html#data_directory">data_directory</a>. </p>
|
||||
|
||||
<blockquote> As of version 2.5, Postfix no longer uses root privileges
|
||||
when opening this file. To maintain backwards compatibility, an
|
||||
attempt to open the file under a non-Postfix directory is redirected
|
||||
to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If
|
||||
you wish to continue using a pre-existing database file, change its
|
||||
file ownership to the account specified with the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter,
|
||||
and either move the file to the <a href="postconf.5.html#data_directory">data_directory</a>, or move it to some
|
||||
other Postfix-owned directory. </blockquote>
|
||||
|
||||
<p> NOTE 2: Do not put this file in a file system that may run out
|
||||
of space. When the address verification table gets corrupted the
|
||||
|
@ -443,23 +472,33 @@ world comes to an end and YOU will have to MANUALLY fix things as
|
|||
described in the next section. Meanwhile, you will not receive mail
|
||||
via SMTP. </p>
|
||||
|
||||
<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon process will create a new database when
|
||||
none exists, and will open/create the file before it enters the
|
||||
<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon will create a new database when
|
||||
none exists. It will open or create the file before entering the
|
||||
chroot jail. </p>
|
||||
|
||||
<h2><a name="dirty_secret">Managing the address verification
|
||||
database</a></h2>
|
||||
|
||||
<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control
|
||||
how long information remains cached before it needs to be refreshed,
|
||||
and how long information can remain "unrefreshed" before it expires.
|
||||
Postfix uses different controls for positive results (address was
|
||||
accepted) and for negative results (address was rejected). </p>
|
||||
<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control how
|
||||
long address verification results are cached before they need to
|
||||
be refreshed, and how long results can remain "unrefreshed" before
|
||||
they expire. Postfix uses different controls for positive results
|
||||
(address was accepted) and for negative results (address was rejected,
|
||||
or address verification failed for some other reason). </p>
|
||||
|
||||
<p> Right now, no tools are provided to manage the address verification
|
||||
database. If the file gets too big, or if it gets corrupted, you
|
||||
can manually rename or delete the file and run "postfix reload".
|
||||
The new verify daemon process will then create a new database. </p>
|
||||
<p> The <a href="verify.8.html">verify(8)</a> daemon will periodically remove expired entries
|
||||
from the address verification database, and log the number of entries
|
||||
retained and dropped (Postfix versions 2.7 and later). A cleanup
|
||||
run is logged as "partial" when the daemon terminates early because
|
||||
of "postfix reload, "postfix stop", or because the daemon received
|
||||
no requests for $<a href="postconf.5.html#max_idle">max_idle</a> seconds. Postfix versions 2.6 and earlier
|
||||
do not implement automatic address verification database cleanup.
|
||||
There, the database is managed manually as described next. </p>
|
||||
|
||||
<p> When the address verification database file becomes too big,
|
||||
or when it becomes corrupted, the solution is to manually rename
|
||||
or delete (NOT: truncate) the file and run "postfix reload". The
|
||||
<a href="verify.8.html">verify(8)</a> daemon will then create a new database file. </p>
|
||||
|
||||
<h2><a name="probe_routing">Controlling the routing of address
|
||||
verification probes</a></h2>
|
||||
|
|
|
@ -2237,7 +2237,7 @@ as specified by the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tl
|
|||
parameter. This setting controls the minimum acceptable SMTP client
|
||||
TLS cipher grade for use with mandatory TLS encryption. The default
|
||||
value "medium" is suitable for most destinations with which you may
|
||||
want to enforce TLS, and is beyond the reach of today's crypt-analytic
|
||||
want to enforce TLS, and is beyond the reach of today's cryptanalytic
|
||||
methods. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
|
||||
ciphers on a per-destination basis. </p>
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -19,12 +19,11 @@
|
|||
|
||||
<h2>WARNING </h2>
|
||||
|
||||
<p> The sender/recipient address verification feature described in this
|
||||
document is suitable only for low-traffic sites. It performs poorly
|
||||
under high load; excessive sender address verification activity may
|
||||
even cause your site to be blacklisted by some
|
||||
providers. See the "<a href="#limitations">Limitations</a>" section
|
||||
below for details. </p>
|
||||
<p> Recipient address verification may cause an increased load on
|
||||
down-stream servers in the case of a dictionary attack or a flood
|
||||
of backscatter bounces. Sender address verification may cause your
|
||||
site to be blacklisted by some providers. See also the "<a
|
||||
href="#limitations">Limitations</a>" section below for more. </p>
|
||||
|
||||
<h2><a name="summary">What Postfix address verification can do for you</a></h2>
|
||||
|
||||
|
@ -35,7 +34,7 @@ until the address has been verified to be deliverable. </p>
|
|||
<p> The technique has obvious uses to reject junk mail
|
||||
with an unreplyable sender address. </p>
|
||||
|
||||
<p> The technique may also be useful to block mail for undeliverable
|
||||
<p> The technique is also useful to block mail for undeliverable
|
||||
recipients, for example on a mail relay host that does not have a
|
||||
list of all the valid recipient addresses. This prevents undeliverable
|
||||
junk mail from entering the queue, so that Postfix doesn't have to
|
||||
|
@ -86,74 +85,96 @@ always discarded. </p>
|
|||
|
||||
<blockquote>
|
||||
|
||||
<table>
|
||||
<table border="0">
|
||||
|
||||
<tr>
|
||||
|
||||
<td bgcolor="#f0f0ff" align="center" valign="middle"> Internet
|
||||
<td rowspan="2" colspan="5" align="center" valign="middle">
|
||||
</td>
|
||||
|
||||
<td rowspan="3" align="center" valign="bottom"> <tt> -> </tt>
|
||||
</td>
|
||||
|
||||
<td align="center" valign="middle"> <tt> -> </tt> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> probe<br>
|
||||
message </td>
|
||||
|
||||
<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
|
||||
href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> <tt> -> </tt>
|
||||
</td>
|
||||
|
||||
<td colspan="2" align="center" valign="middle"> <tt> <->
|
||||
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Postfix<br> mail<br> queue </td>
|
||||
|
||||
</tr>
|
||||
|
||||
<tr> </tr>
|
||||
|
||||
<tr>
|
||||
|
||||
<td rowspan="3" align="center" valign="middle"> Internet </td>
|
||||
|
||||
<td rowspan="3" align="center" valign="middle"> <tt> -> </tt>
|
||||
</td>
|
||||
|
||||
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
<a href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
|
||||
|
||||
<td rowspan="3" align="center" valign="middle"> <tt> <->
|
||||
</tt> </td>
|
||||
|
||||
<td bgcolor="#f0f0ff" colspan="3" align="center" valign="middle">
|
||||
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
<a href="verify.8.html">Postfix<br> verify<br> server</a>
|
||||
</td>
|
||||
|
||||
<td colspan="2" align="center" valign="middle"> <tt> <->
|
||||
</tt> </td>
|
||||
</tr>
|
||||
|
||||
<td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
|
||||
verification<br> database </td>
|
||||
<tr>
|
||||
|
||||
<td rowspan="1" colspan="3"> </td>
|
||||
|
||||
<td rowspan="1" align="center" valign="middle"> <tt> |</tt><br>
|
||||
<tt> v</tt> </td>
|
||||
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
|
||||
<td colspan="3"> </td>
|
||||
<td rowspan="3" align="center" valign="top"> <tt> <- </tt>
|
||||
</td>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> probe<br>
|
||||
status </td>
|
||||
|
||||
<td colspan="2" align="right" valign="middle"> <tt> |</tt><br>
|
||||
probe<br> messages<br> <tt> v </tt> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> <tt> <- </tt>
|
||||
</td>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Postfix<br> delivery<br> agents </td>
|
||||
|
||||
<td colspan="2" align="left" valign="middle"> ^<br> delivery<br>
|
||||
status<br> <tt> | </tt> </td>
|
||||
|
||||
<td> </td>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" align="left" valign="middle"> <tt>-></tt>
|
||||
Local<br> <tt>-></tt> Remote</td>
|
||||
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" colspan="4" align="center" valign="middle">
|
||||
</td>
|
||||
|
||||
<td> </td>
|
||||
<td rowspan="3" align="center" valign="middle"> <tt>
|
||||
^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
|
||||
|
||||
<td> </td>
|
||||
</tr>
|
||||
|
||||
<td> </td>
|
||||
<tr> </tr>
|
||||
|
||||
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Postfix<br> queue </td>
|
||||
<tr> <td colspan="4"> </td> </tr>
|
||||
|
||||
<td align="center" valign="middle"> <tt> -> </tt> </td>
|
||||
<tr>
|
||||
|
||||
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Postfix<br> delivery<br> agents </td>
|
||||
<td colspan="4" align="center" valign="middle"> </td>
|
||||
|
||||
<td> </td>
|
||||
|
||||
<td> </td>
|
||||
<td bgcolor="#f0f0ff" align="center" valign="middle">
|
||||
Address<br> verification<br> database </td>
|
||||
|
||||
</tr>
|
||||
|
||||
|
@ -181,7 +202,8 @@ details. </p>
|
|||
MTA for that address, without actually delivering mail to it. If
|
||||
the nearest MTA accepts the address, then Postfix assumes that the
|
||||
address is deliverable. In reality, mail for a remote address can
|
||||
bounce AFTER the nearest MTA accepts the recipient address. </p>
|
||||
bounce AFTER the nearest MTA accepts the recipient address, or AFTER
|
||||
the nearest MTA accepts the message content. </p>
|
||||
|
||||
<li> <p> Some sites may blacklist you when you are probing them
|
||||
too often (a probe is an SMTP session that does not deliver mail),
|
||||
|
@ -200,21 +222,25 @@ mail routing and for possible limitations when you have to do this.
|
|||
<li> <p> Postfix assumes that an address is undeliverable when the
|
||||
nearest MTA for the address rejects the probe, regardless of the
|
||||
reason for rejection (client rejected, HELO rejected, MAIL FROM
|
||||
rejected, etc.). Thus, Postfix rejects mail when the sender's MTA
|
||||
rejects mail from your machine. This is a good thing. </p>
|
||||
rejected, etc.). Thus, Postfix rejects an address when the nearest
|
||||
MTA for that address rejects mail from your machine for any reason.
|
||||
This is not a limitation, but it is mentioned here just in case
|
||||
people believe that it is a limitation. </p>
|
||||
|
||||
<li> <p> Unfortunately, some major sites such as YAHOO do not reject
|
||||
<li> <p> Unfortunately, some sites do not reject
|
||||
unknown addresses in reply to the RCPT TO command, but report a
|
||||
delivery failure in response to end of DATA after a message is
|
||||
transferred. Postfix address verification does not work with such
|
||||
sites. </p>
|
||||
|
||||
<li> <p> By default, Postfix probe messages have "double-bounce@$myorigin"
|
||||
as the sender address (with Postfix versions before 2.5, the default
|
||||
<li> <p> By default, Postfix probe messages have a sender address
|
||||
"double-bounce@$myorigin" (with Postfix versions before 2.5, the
|
||||
default
|
||||
is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP
|
||||
server does not reject mail for this address. </p>
|
||||
|
||||
<p> You can change this into the null address ("address_verify_sender
|
||||
<p> You can change the probe sender address into the null address
|
||||
("address_verify_sender
|
||||
="). This is UNSAFE because address probes will fail with
|
||||
mis-configured sites that reject MAIL FROM: <>, while
|
||||
probes from "postmaster@$myorigin" would succeed. </p>
|
||||
|
@ -223,7 +249,7 @@ probes from "postmaster@$myorigin" would succeed. </p>
|
|||
|
||||
<h2><a name="recipient">Recipient address verification</a></h2>
|
||||
|
||||
<p> As mentioned earlier, recipient address verification may be
|
||||
<p> As mentioned earlier, recipient address verification is
|
||||
useful to block mail for undeliverable recipients on a mail relay
|
||||
host that does not have a list of all valid recipient addresses.
|
||||
This can help to prevent the mail queue from filling up with
|
||||
|
@ -237,9 +263,11 @@ However, recipient address verification probes can increase the
|
|||
load on down-stream MTAs when you're being flooded by backscatter
|
||||
bounces, or when some spammer is mounting a dictionary attack. </p>
|
||||
|
||||
<p> By default, address verification results are not saved. To avoid
|
||||
probing the same address repeatedly, you can store the result in a
|
||||
<a href="#caching">persistent database</a> as described later. </p>
|
||||
<p> By default, address verification results are saved in a <a
|
||||
href="#caching">persistent database</a> (Postfix version 2.7 and
|
||||
later; with earlier versions, specify the database in main.cf as
|
||||
described later). The persistent database helps to avoid probing
|
||||
the same address repeatedly. </p>
|
||||
|
||||
<blockquote>
|
||||
<pre>
|
||||
|
@ -299,11 +327,13 @@ in forged email. </p>
|
|||
# Postfix 2.6 and later.
|
||||
# unverified_sender_defer_code = 250
|
||||
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
|
||||
# Note 2: Avoid hash files here. Use btree instead.
|
||||
address_verify_map = btree:/var/db/postfix/verify
|
||||
|
||||
/etc/postfix/sender_access:
|
||||
# Don't do this when you handle lots of email.
|
||||
aol.com reject_unverified_sender
|
||||
hotmail.com reject_unverified_sender
|
||||
bigfoot.com reject_unverified_sender
|
||||
|
@ -344,6 +374,7 @@ you can see what mail would be blocked: </p>
|
|||
# Postfix 2.6 and later.
|
||||
# unverified_sender_reject_reason = Address verification failed
|
||||
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
|
||||
# Note 2: Avoid hash files here. Use btree instead.
|
||||
address_verify_map = btree:/var/db/postfix/verify
|
||||
|
@ -402,40 +433,38 @@ sender address verification probe fails with some temporary error.
|
|||
|
||||
<h2><a name="caching">Address verification database</a></h2>
|
||||
|
||||
<p> NOTE: By default, address verification information is not stored
|
||||
in a persistent file. You have to specify one in main.cf (see
|
||||
below). Persistent storage is off by default because it may need
|
||||
more disk space than is available in your file system. </p>
|
||||
|
||||
<p> Address verification information is cached by the Postfix verify
|
||||
daemon. Postfix has a bunch of parameters that control the caching
|
||||
of positive and negative results. Refer to the verify(8) manual
|
||||
page for details. </p>
|
||||
|
||||
<p> The address_verify_map (NOTE: singular) configuration parameter
|
||||
specifies an optional database for sender or recipient address
|
||||
verification results. If you don't specify a file, all address
|
||||
verification information is lost after "postfix reload" or "postfix
|
||||
stop". </p>
|
||||
|
||||
<p> If your /var file system has sufficient space, try: </p>
|
||||
<p> To improve performance, the Postfix verify(8) daemon can save
|
||||
address verification results to a persistent database. This is
|
||||
enabled by default with Postfix 2.7 and later. The
|
||||
address_verify_map (NOTE: singular) configuration parameter specifies
|
||||
persistent storage for sender or recipient address verification
|
||||
results. If you specify an empty value, all address verification
|
||||
results are lost after "postfix reload" or "postfix stop". </p>
|
||||
|
||||
<blockquote>
|
||||
<pre>
|
||||
/etc/postfix/main.cf:
|
||||
# Default setting for Postfix 2.7 and later.
|
||||
# Note: avoid hash files here. Use btree instead.
|
||||
address_verify_map = btree:/var/db/postfix/verify
|
||||
address_verify_map = btree:$data_directory/verify_cache
|
||||
|
||||
# Default setting for Postfix 2.6 and earlier.
|
||||
# This uses non-persistent storage only.
|
||||
address_verify_map =
|
||||
</pre>
|
||||
</blockquote>
|
||||
|
||||
<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
|
||||
when opening this file. The file should now be stored under the
|
||||
Postfix-owned data_directory. As a migration aid, an attempt to
|
||||
open the file under a non-Postfix directory is redirected to the
|
||||
Postfix-owned data_directory, and a warning is logged. If you wish
|
||||
to continue using a pre-existing database file, move it to the
|
||||
data_directory, and change ownership to the account specified with
|
||||
the mail_owner parameter. </p>
|
||||
<p> NOTE 1: The database file should be stored under a Postfix-owned
|
||||
directory, such as $data_directory. </p>
|
||||
|
||||
<blockquote> As of version 2.5, Postfix no longer uses root privileges
|
||||
when opening this file. To maintain backwards compatibility, an
|
||||
attempt to open the file under a non-Postfix directory is redirected
|
||||
to the Postfix-owned data_directory, and a warning is logged. If
|
||||
you wish to continue using a pre-existing database file, change its
|
||||
file ownership to the account specified with the mail_owner parameter,
|
||||
and either move the file to the data_directory, or move it to some
|
||||
other Postfix-owned directory. </blockquote>
|
||||
|
||||
<p> NOTE 2: Do not put this file in a file system that may run out
|
||||
of space. When the address verification table gets corrupted the
|
||||
|
@ -443,23 +472,33 @@ world comes to an end and YOU will have to MANUALLY fix things as
|
|||
described in the next section. Meanwhile, you will not receive mail
|
||||
via SMTP. </p>
|
||||
|
||||
<p> NOTE 3: The verify(8) daemon process will create a new database when
|
||||
none exists, and will open/create the file before it enters the
|
||||
<p> NOTE 3: The verify(8) daemon will create a new database when
|
||||
none exists. It will open or create the file before entering the
|
||||
chroot jail. </p>
|
||||
|
||||
<h2><a name="dirty_secret">Managing the address verification
|
||||
database</a></h2>
|
||||
|
||||
<p> The verify(8) manual page describes parameters that control
|
||||
how long information remains cached before it needs to be refreshed,
|
||||
and how long information can remain "unrefreshed" before it expires.
|
||||
Postfix uses different controls for positive results (address was
|
||||
accepted) and for negative results (address was rejected). </p>
|
||||
<p> The verify(8) manual page describes parameters that control how
|
||||
long address verification results are cached before they need to
|
||||
be refreshed, and how long results can remain "unrefreshed" before
|
||||
they expire. Postfix uses different controls for positive results
|
||||
(address was accepted) and for negative results (address was rejected,
|
||||
or address verification failed for some other reason). </p>
|
||||
|
||||
<p> Right now, no tools are provided to manage the address verification
|
||||
database. If the file gets too big, or if it gets corrupted, you
|
||||
can manually rename or delete the file and run "postfix reload".
|
||||
The new verify daemon process will then create a new database. </p>
|
||||
<p> The verify(8) daemon will periodically remove expired entries
|
||||
from the address verification database, and log the number of entries
|
||||
retained and dropped (Postfix versions 2.7 and later). A cleanup
|
||||
run is logged as "partial" when the daemon terminates early because
|
||||
of "postfix reload, "postfix stop", or because the daemon received
|
||||
no requests for $max_idle seconds. Postfix versions 2.6 and earlier
|
||||
do not implement automatic address verification database cleanup.
|
||||
There, the database is managed manually as described next. </p>
|
||||
|
||||
<p> When the address verification database file becomes too big,
|
||||
or when it becomes corrupted, the solution is to manually rename
|
||||
or delete (NOT: truncate) the file and run "postfix reload". The
|
||||
verify(8) daemon will then create a new database file. </p>
|
||||
|
||||
<h2><a name="probe_routing">Controlling the routing of address
|
||||
verification probes</a></h2>
|
||||
|
|
|
@ -2237,7 +2237,7 @@ as specified by the smtp_tls_mandatory_ciphers configuration
|
|||
parameter. This setting controls the minimum acceptable SMTP client
|
||||
TLS cipher grade for use with mandatory TLS encryption. The default
|
||||
value "medium" is suitable for most destinations with which you may
|
||||
want to enforce TLS, and is beyond the reach of today's crypt-analytic
|
||||
want to enforce TLS, and is beyond the reach of today's cryptanalytic
|
||||
methods. See smtp_tls_policy_maps for information on how to configure
|
||||
ciphers on a per-destination basis. </p>
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,4 @@
|
|||
/* $NetBSD: cleanup.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
|
||||
|
||||
/* $NetBSD: cleanup.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
|
||||
/* $NetBSD: cleanup.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -50,8 +48,10 @@
|
|||
/* RFC 822 (ARPA Internet Text Messages)
|
||||
/* RFC 2045 (MIME: Format of Internet Message Bodies)
|
||||
/* RFC 2046 (MIME: Media Types)
|
||||
/* RFC 2822 (Internet Message Format)
|
||||
/* RFC 3463 (Enhanced Status Codes)
|
||||
/* RFC 3464 (Delivery status notifications)
|
||||
/* RFC 5322 (Internet Message Format)
|
||||
/* DIAGNOSTICS
|
||||
/* Problems and transactions are logged to \fBsyslogd\fR(8).
|
||||
/* BUGS
|
||||
|
@ -174,6 +174,11 @@
|
|||
/* .IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR"
|
||||
/* The macros that are sent to Milter (mail filter) applications
|
||||
/* after the end of the message header.
|
||||
/* .PP
|
||||
/* Available in Postfix version 2.7 and later:
|
||||
/* .IP "\fBmilter_header_checks (empty)\fR"
|
||||
/* Optional lookup tables for content inspection of message headers
|
||||
/* that are produced by Milter applications.
|
||||
/* MIME PROCESSING CONTROLS
|
||||
/* .ad
|
||||
/* .fi
|
||||
|
@ -466,8 +471,7 @@ static void cleanup_service(VSTREAM *src, char *unused_service, char **argv)
|
|||
state->errs |= CLEANUP_STAT_BAD;
|
||||
break;
|
||||
}
|
||||
if (type == REC_TYPE_PTR || type == REC_TYPE_DTXT
|
||||
|| type == REC_TYPE_DRCP) {
|
||||
if (REC_GET_HIDDEN_TYPE(type)) {
|
||||
msg_warn("%s: record type %d not allowed - discarding this message",
|
||||
state->queue_id, type);
|
||||
state->errs |= CLEANUP_STAT_BAD;
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
/* $NetBSD: cleanup.h,v 1.2 2009/06/23 11:41:06 tron Exp $ */
|
||||
|
||||
/* $NetBSD: cleanup.h,v 1.2 2009/06/23 11:41:06 tron Exp $ */
|
||||
/* $NetBSD: cleanup.h,v 1.3 2010/06/17 18:18:15 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -36,6 +34,7 @@
|
|||
#include <mime_state.h>
|
||||
#include <string_list.h>
|
||||
#include <cleanup_user.h>
|
||||
#include <header_body_checks.h>
|
||||
|
||||
/*
|
||||
* Milter library.
|
||||
|
@ -82,6 +81,8 @@ typedef struct CLEANUP_STATE {
|
|||
off_t append_rcpt_pt_target; /* target of above record */
|
||||
off_t append_hdr_pt_offset; /* append header here */
|
||||
off_t append_hdr_pt_target; /* target of above record */
|
||||
off_t append_meta_pt_offset; /* append meta record here */
|
||||
off_t append_meta_pt_target; /* target of above record */
|
||||
ssize_t rcpt_count; /* recipient count */
|
||||
char *reason; /* failure reason */
|
||||
char *smtp_reply; /* failure reason, SMTP-style */
|
||||
|
@ -112,6 +113,8 @@ typedef struct CLEANUP_STATE {
|
|||
VSTRING *milter_ext_from; /* externalized sender */
|
||||
VSTRING *milter_ext_rcpt; /* externalized recipient */
|
||||
VSTRING *milter_err_text; /* milter call-back reply */
|
||||
HBC_CHECKS *milter_hbc_checks; /* Milter header checks */
|
||||
VSTRING *milter_hbc_reply; /* Milter header checks reply */
|
||||
|
||||
/*
|
||||
* Support for Milter body replacement requests.
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
/* $NetBSD: cleanup_envelope.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
|
||||
|
||||
/* $NetBSD: cleanup_envelope.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
|
||||
/* $NetBSD: cleanup_envelope.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -389,7 +387,8 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
|
|||
cleanup_addr_sender(state, buf);
|
||||
if (state->milters || cleanup_milters) {
|
||||
/* Make room to replace sender. */
|
||||
rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE);
|
||||
if ((len = strlen(state->sender)) < REC_TYPE_PTR_PAYL_SIZE)
|
||||
rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len);
|
||||
/* Remember the after-sender record offset. */
|
||||
if ((state->sender_pt_target = vstream_ftell(state->dst)) < 0)
|
||||
msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path);
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
/* $NetBSD: cleanup_init.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
|
||||
|
||||
/* $NetBSD: cleanup_init.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
|
||||
/* $NetBSD: cleanup_init.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -168,6 +166,7 @@ char *var_milt_eoh_macros; /* end-of-header macros */
|
|||
char *var_milt_eod_macros; /* end-of-data macros */
|
||||
char *var_milt_unk_macros; /* unknown command macros */
|
||||
char *var_cleanup_milters; /* non-SMTP mail */
|
||||
char *var_milt_head_checks; /* post-Milter header checks */
|
||||
int var_auto_8bit_enc_hdr; /* auto-detect 8bit encoding header */
|
||||
int var_always_add_hdrs; /* always add missing headers */
|
||||
|
||||
|
@ -234,6 +233,7 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
|
|||
VAR_MILT_EOD_MACROS, DEF_MILT_EOD_MACROS, &var_milt_eod_macros, 0, 0,
|
||||
VAR_MILT_UNK_MACROS, DEF_MILT_UNK_MACROS, &var_milt_unk_macros, 0, 0,
|
||||
VAR_CLEANUP_MILTERS, DEF_CLEANUP_MILTERS, &var_cleanup_milters, 0, 0,
|
||||
VAR_MILT_HEAD_CHECKS, DEF_MILT_HEAD_CHECKS, &var_milt_head_checks, 0, 0,
|
||||
0,
|
||||
};
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: mail_params.h,v 1.3 2010/04/17 10:29:18 tron Exp $ */
|
||||
/* $NetBSD: mail_params.h,v 1.4 2010/06/17 18:18:15 tron Exp $ */
|
||||
|
||||
#ifndef _MAIL_PARAMS_H_INCLUDED_
|
||||
#define _MAIL_PARAMS_H_INCLUDED_
|
||||
|
@ -430,6 +430,14 @@ extern char *var_transport_maps;
|
|||
#define DEF_DEF_TRANSPORT MAIL_SERVICE_SMTP
|
||||
extern char *var_def_transport;
|
||||
|
||||
#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_" VAR_DEF_TRANSPORT "_maps"
|
||||
#define DEF_SND_DEF_XPORT_MAPS ""
|
||||
extern char *var_snd_def_xport_maps;
|
||||
|
||||
#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
|
||||
#define DEF_NULL_DEF_XPORT_MAPS_KEY "<>"
|
||||
extern char *var_null_def_xport_maps_key;
|
||||
|
||||
/*
|
||||
* trivial rewrite/resolve service: rewriting controls.
|
||||
*/
|
||||
|
@ -1021,6 +1029,12 @@ extern bool var_smtp_always_ehlo;
|
|||
#define DEF_SMTP_NEVER_EHLO 0
|
||||
extern bool var_smtp_never_ehlo;
|
||||
|
||||
#define VAR_SMTP_RESP_FILTER "smtp_reply_filter"
|
||||
#define DEF_SMTP_RESP_FILTER ""
|
||||
#define VAR_LMTP_RESP_FILTER "lmtp_reply_filter"
|
||||
#define DEF_LMTP_RESP_FILTER ""
|
||||
extern char *var_smtp_resp_filter;
|
||||
|
||||
#define VAR_SMTP_BIND_ADDR "smtp_bind_address"
|
||||
#define DEF_SMTP_BIND_ADDR ""
|
||||
#define VAR_LMTP_BIND_ADDR "lmtp_bind_address"
|
||||
|
@ -1150,6 +1164,10 @@ extern char *var_smtpd_noop_cmds;
|
|||
#define DEF_SMTPD_FORBID_CMDS "CONNECT GET POST"
|
||||
extern char *var_smtpd_forbid_cmds;
|
||||
|
||||
#define VAR_SMTPD_CMD_FILTER "smtpd_command_filter"
|
||||
#define DEF_SMTPD_CMD_FILTER ""
|
||||
extern char *var_smtpd_cmd_filter;
|
||||
|
||||
#define VAR_SMTPD_TLS_WRAPPER "smtpd_tls_wrappermode"
|
||||
#define DEF_SMTPD_TLS_WRAPPER 0
|
||||
extern bool var_smtpd_tls_wrappermode;
|
||||
|
@ -1463,6 +1481,12 @@ extern char *var_smtp_tls_sec_cmatch;
|
|||
#define DEF_LMTP_TLS_FPT_CMATCH ""
|
||||
extern char *var_smtp_tls_fpt_cmatch;
|
||||
|
||||
#define VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY "smtp_tls_block_early_mail_reply"
|
||||
#define DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY 0
|
||||
#define VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY "lmtp_tls_block_early_mail_reply"
|
||||
#define DEF_LMTP_TLS_BLK_EARLY_MAIL_REPLY 0
|
||||
extern bool var_smtp_tls_blk_early_mail_reply;
|
||||
|
||||
/*
|
||||
* SASL authentication support, SMTP server side.
|
||||
*/
|
||||
|
@ -2086,9 +2110,13 @@ extern int var_map_defer_code;
|
|||
#define CHECK_RECIP_ACL "check_recipient_access"
|
||||
#define CHECK_ETRN_ACL "check_etrn_access"
|
||||
|
||||
#define CHECK_CLIENT_MX_ACL "check_client_mx_access"
|
||||
#define CHECK_REVERSE_CLIENT_MX_ACL "check_reverse_client_hostname_mx_access"
|
||||
#define CHECK_HELO_MX_ACL "check_helo_mx_access"
|
||||
#define CHECK_SENDER_MX_ACL "check_sender_mx_access"
|
||||
#define CHECK_RECIP_MX_ACL "check_recipient_mx_access"
|
||||
#define CHECK_CLIENT_NS_ACL "check_client_ns_access"
|
||||
#define CHECK_REVERSE_CLIENT_NS_ACL "check_reverse_client_hostname_ns_access"
|
||||
#define CHECK_HELO_NS_ACL "check_helo_ns_access"
|
||||
#define CHECK_SENDER_NS_ACL "check_sender_ns_access"
|
||||
#define CHECK_RECIP_NS_ACL "check_recipient_ns_access"
|
||||
|
@ -2227,6 +2255,10 @@ extern void mail_params_init(void);
|
|||
#define DEF_FILTER_XPORT ""
|
||||
extern char *var_filter_xport;
|
||||
|
||||
#define VAR_DEF_FILTER_NEXTHOP "default_filter_nexthop"
|
||||
#define DEF_DEF_FILTER_NEXTHOP ""
|
||||
extern char *var_def_filter_nexthop;
|
||||
|
||||
/*
|
||||
* Fast flush service support.
|
||||
*/
|
||||
|
@ -2526,7 +2558,7 @@ extern int var_scache_stat_time;
|
|||
extern char *var_verify_service;
|
||||
|
||||
#define VAR_VERIFY_MAP "address_verify_map"
|
||||
#define DEF_VERIFY_MAP ""
|
||||
#define DEF_VERIFY_MAP "btree:$data_directory/verify_cache"
|
||||
extern char *var_verify_map;
|
||||
|
||||
#define VAR_VERIFY_POS_EXP "address_verify_positive_expire_time"
|
||||
|
@ -2549,6 +2581,10 @@ extern int var_verify_neg_try;
|
|||
#define DEF_VERIFY_NEG_CACHE 1
|
||||
extern bool var_verify_neg_cache;
|
||||
|
||||
#define VAR_VERIFY_SCAN_CACHE "address_verify_cache_cleanup_interval"
|
||||
#define DEF_VERIFY_SCAN_CACHE "12h"
|
||||
extern int var_verify_scan_cache;
|
||||
|
||||
#define VAR_VERIFY_SENDER "address_verify_sender"
|
||||
#define DEF_VERIFY_SENDER "$" VAR_DOUBLE_BOUNCE
|
||||
extern char *var_verify_sender;
|
||||
|
@ -2577,6 +2613,10 @@ extern char *var_vrfy_relay_xport;
|
|||
#define DEF_VRFY_DEF_XPORT "$" VAR_DEF_TRANSPORT
|
||||
extern char *var_vrfy_def_xport;
|
||||
|
||||
#define VAR_VRFY_SND_DEF_XPORT_MAPS "address_verify_" VAR_SND_DEF_XPORT_MAPS
|
||||
#define DEF_VRFY_SND_DEF_XPORT_MAPS "$" VAR_SND_DEF_XPORT_MAPS
|
||||
extern char *var_snd_def_xport_maps;
|
||||
|
||||
#define VAR_VRFY_RELAYHOST "address_verify_relayhost"
|
||||
#define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST
|
||||
extern char *var_vrfy_relayhost;
|
||||
|
@ -2708,6 +2748,10 @@ extern char *var_smtpd_proxy_ehlo;
|
|||
#define DEF_SMTPD_PROXY_TMOUT "100s"
|
||||
extern int var_smtpd_proxy_tmout;
|
||||
|
||||
#define VAR_SMTPD_PROXY_OPTS "smtpd_proxy_options"
|
||||
#define DEF_SMTPD_PROXY_OPTS ""
|
||||
extern char *var_smtpd_proxy_opts;
|
||||
|
||||
/*
|
||||
* Transparency options for mail input interfaces and for the cleanup server
|
||||
* behind them. These should turn off stuff we don't want to happen, because
|
||||
|
@ -2877,20 +2921,31 @@ extern bool var_smtp_cname_overr;
|
|||
/*
|
||||
* TLS cipherlists
|
||||
*/
|
||||
#ifdef USE_TLS
|
||||
#include <openssl/opensslv.h>
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
|
||||
#define PREFER_aNULL "aNULL:-aNULL:"
|
||||
#else
|
||||
#define PREFER_aNULL ""
|
||||
#endif
|
||||
#else
|
||||
#define PREFER_aNULL ""
|
||||
#endif
|
||||
|
||||
#define VAR_TLS_HIGH_CLIST "tls_high_cipherlist"
|
||||
#define DEF_TLS_HIGH_CLIST "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
|
||||
#define DEF_TLS_HIGH_CLIST PREFER_aNULL "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
|
||||
extern char *var_tls_high_clist;
|
||||
|
||||
#define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist"
|
||||
#define DEF_TLS_MEDIUM_CLIST "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
|
||||
#define DEF_TLS_MEDIUM_CLIST PREFER_aNULL "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
|
||||
extern char *var_tls_medium_clist;
|
||||
|
||||
#define VAR_TLS_LOW_CLIST "tls_low_cipherlist"
|
||||
#define DEF_TLS_LOW_CLIST "ALL:!EXPORT:+RC4:@STRENGTH"
|
||||
#define DEF_TLS_LOW_CLIST PREFER_aNULL "ALL:!EXPORT:+RC4:@STRENGTH"
|
||||
extern char *var_tls_low_clist;
|
||||
|
||||
#define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist"
|
||||
#define DEF_TLS_EXPORT_CLIST "ALL:+RC4:@STRENGTH"
|
||||
#define DEF_TLS_EXPORT_CLIST PREFER_aNULL "ALL:+RC4:@STRENGTH"
|
||||
extern char *var_tls_export_clist;
|
||||
|
||||
#define VAR_TLS_NULL_CLIST "tls_null_cipherlist"
|
||||
|
@ -2984,6 +3039,10 @@ extern char *var_milt_daemon_name;
|
|||
#define DEF_MILT_V "$" VAR_MAIL_NAME " $" VAR_MAIL_VERSION
|
||||
extern char *var_milt_v;
|
||||
|
||||
#define VAR_MILT_HEAD_CHECKS "milter_header_checks"
|
||||
#define DEF_MILT_HEAD_CHECKS ""
|
||||
extern char *var_milt_head_checks;
|
||||
|
||||
/*
|
||||
* What internal mail do we inspect/stamp/etc.? This is not yet safe enough
|
||||
* to enable world-wide.
|
||||
|
@ -3125,6 +3184,73 @@ extern char *var_multi_stop_cmds;
|
|||
#define DEF_MULTI_CNTRL_CMDS "reload flush"
|
||||
extern char *var_multi_cntrl_cmds;
|
||||
|
||||
/*
|
||||
* postscreen(8)
|
||||
*/
|
||||
#define VAR_PS_CACHE_MAP "postscreen_cache_map"
|
||||
#define DEF_PS_CACHE_MAP "btree:$data_directory/ps_cache"
|
||||
extern char *var_ps_cache_map;
|
||||
|
||||
#define VAR_SMTPD_SERVICE "smtpd_service"
|
||||
#define DEF_SMTPD_SERVICE "smtpd"
|
||||
extern char *var_smtpd_service;
|
||||
|
||||
#define VAR_PS_POST_QLIMIT "postscreen_post_queue_limit"
|
||||
#define DEF_PS_POST_QLIMIT "$" VAR_PROC_LIMIT
|
||||
extern int var_ps_post_queue_limit;
|
||||
|
||||
#define VAR_PS_PRE_QLIMIT "postscreen_pre_queue_limit"
|
||||
#define DEF_PS_PRE_QLIMIT "$" VAR_PROC_LIMIT
|
||||
extern int var_ps_pre_queue_limit;
|
||||
|
||||
#define VAR_PS_CACHE_TTL "postscreen_cache_ttl"
|
||||
#define DEF_PS_CACHE_TTL "1d"
|
||||
extern int var_ps_cache_ttl;
|
||||
|
||||
#define VAR_PS_CACHE_RET "postscreen_cache_retention_time"
|
||||
#define DEF_PS_CACHE_RET "1d"
|
||||
extern int var_ps_cache_ret;
|
||||
|
||||
#define VAR_PS_CACHE_SCAN "postscreen_cache_cleanup_interval"
|
||||
#define DEF_PS_CACHE_SCAN "12h"
|
||||
extern int var_ps_cache_scan;
|
||||
|
||||
#define VAR_PS_GREET_WAIT "postscreen_greet_wait"
|
||||
#define DEF_PS_GREET_WAIT "4s"
|
||||
extern int var_ps_greet_wait;
|
||||
|
||||
#define VAR_PS_GREET_ACTION "postscreen_greet_action"
|
||||
#define DEF_PS_GREET_ACTION "continue"
|
||||
extern char *var_ps_greet_action;
|
||||
|
||||
#define VAR_PS_DNSBL_SITES "postscreen_dnsbl_sites"
|
||||
#define DEF_PS_DNSBL_SITES ""
|
||||
extern char *var_ps_dnsbl_sites;
|
||||
|
||||
#define VAR_PS_DNSBL_ACTION "postscreen_dnsbl_action"
|
||||
#define DEF_PS_DNSBL_ACTION "continue"
|
||||
extern char *var_ps_dnsbl_action;
|
||||
|
||||
#define VAR_PS_HUP_ACTION "postscreen_hangup_action"
|
||||
#define DEF_PS_HUP_ACTION "continue"
|
||||
extern char *var_ps_hangup_action;
|
||||
|
||||
#define VAR_PS_WLIST_NETS "postscreen_whitelist_networks"
|
||||
#define DEF_PS_WLIST_NETS "$" VAR_MYNETWORKS
|
||||
extern char *var_ps_wlist_nets;
|
||||
|
||||
#define VAR_PS_BLIST_NETS "postscreen_blacklist_networks"
|
||||
#define DEF_PS_BLIST_NETS ""
|
||||
extern char *var_ps_blist_nets;
|
||||
|
||||
#define VAR_PS_BLIST_ACTION "postscreen_blacklist_action"
|
||||
#define DEF_PS_BLIST_ACTION "continue"
|
||||
extern char *var_ps_blist_nets;
|
||||
|
||||
#define VAR_PS_GREET_BANNER "postscreen_greet_banner"
|
||||
#define DEF_PS_GREET_BANNER "$" VAR_SMTPD_BANNER
|
||||
extern char *var_ps_banner;
|
||||
|
||||
/* LICENSE
|
||||
/* .ad
|
||||
/* .fi
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: smtp.c,v 1.2 2010/06/10 17:06:01 riz Exp $ */
|
||||
/* $NetBSD: smtp.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -165,6 +165,9 @@
|
|||
/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
|
||||
/* Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
|
||||
/* by RFC 2821.
|
||||
/* .IP "\fBsmtp_reply_filter (empty)\fR"
|
||||
/* A mechanism to transform replies from remote SMTP servers one
|
||||
/* line at a time.
|
||||
/* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
|
||||
/* Skip SMTP servers that greet with a 5XX status code (go away, do
|
||||
/* not try again later).
|
||||
|
@ -402,6 +405,12 @@
|
|||
/* File with the Postfix SMTP client ECDSA certificate in PEM format.
|
||||
/* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
|
||||
/* File with the Postfix SMTP client ECDSA private key in PEM format.
|
||||
/* .PP
|
||||
/* Available in Postfix version 2.7 and later:
|
||||
/* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
|
||||
/* Try to detect a mail hijacking attack based on a TLS protocol
|
||||
/* vulnerability (CVE-2009-3555), where an attacker prepends malicious
|
||||
/* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
|
||||
/* OBSOLETE STARTTLS CONTROLS
|
||||
/* .ad
|
||||
/* .fi
|
||||
|
@ -574,7 +583,7 @@
|
|||
/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
|
||||
/* The hostname to send in the LMTP LHLO command.
|
||||
/* .IP "\fBsmtp_host_lookup (dns)\fR"
|
||||
/* What mechanisms when the Postfix SMTP client uses to look up a host's IP
|
||||
/* What mechanisms the Postfix SMTP client uses to look up a host's IP
|
||||
/* address.
|
||||
/* .IP "\fBsmtp_randomize_addresses (yes)\fR"
|
||||
/* Randomize the order of equal-preference MX host addresses.
|
||||
|
@ -771,6 +780,7 @@ char *var_smtp_tls_proto;
|
|||
char *var_smtp_tls_ciph;
|
||||
char *var_smtp_tls_eccert_file;
|
||||
char *var_smtp_tls_eckey_file;
|
||||
bool var_smtp_tls_blk_early_mail_reply;
|
||||
|
||||
#endif
|
||||
|
||||
|
@ -787,6 +797,7 @@ char *var_smtp_head_chks;
|
|||
char *var_smtp_mime_chks;
|
||||
char *var_smtp_nest_chks;
|
||||
char *var_smtp_body_chks;
|
||||
char *var_smtp_resp_filter;
|
||||
bool var_lmtp_assume_final;
|
||||
|
||||
/* Special handling of 535 AUTH errors. */
|
||||
|
@ -1057,6 +1068,14 @@ static void pre_init(char *unused_name, char **unused_argv)
|
|||
smtp_body_checks = hbc_body_checks_create(
|
||||
VAR_SMTP_BODY_CHKS, var_smtp_body_chks,
|
||||
smtp_hbc_callbacks);
|
||||
|
||||
/*
|
||||
* Server reply filter.
|
||||
*/
|
||||
if (*var_smtp_resp_filter)
|
||||
smtp_chat_resp_filter =
|
||||
dict_open(var_smtp_resp_filter, O_RDONLY,
|
||||
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
|
||||
}
|
||||
|
||||
/* pre_accept - see if tables have changed */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: smtpd.c,v 1.3 2010/04/17 10:29:18 tron Exp $ */
|
||||
/* $NetBSD: smtpd.c,v 1.4 2010/06/17 18:18:15 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -125,6 +125,10 @@
|
|||
/* Available in Postfix version 2.6 and later:
|
||||
/* .IP "\fBtcp_windowsize (0)\fR"
|
||||
/* An optional workaround for routers that break TCP window scaling.
|
||||
/* .PP
|
||||
/* Available in Postfix version 2.7 and later:
|
||||
/* .IP "\fBsmtpd_command_filter (empty)\fR"
|
||||
/* A mechanism to transform commands from remote SMTP clients.
|
||||
/* ADDRESS REWRITING CONTROLS
|
||||
/* .ad
|
||||
/* .fi
|
||||
|
@ -150,8 +154,8 @@
|
|||
/* filter is expected to inject mail back into a (Postfix or other)
|
||||
/* MTA for further delivery. See the FILTER_README document for details.
|
||||
/* .IP "\fBcontent_filter (empty)\fR"
|
||||
/* The name of a mail delivery transport that filters mail after
|
||||
/* it is queued.
|
||||
/* After the message is queued, send the entire message to the
|
||||
/* specified \fItransport:destination\fR.
|
||||
/* BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
|
||||
/* .ad
|
||||
/* .fi
|
||||
|
@ -164,6 +168,9 @@
|
|||
/* The hostname and TCP port of the mail filtering proxy server.
|
||||
/* .IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR"
|
||||
/* How the Postfix SMTP server announces itself to the proxy filter.
|
||||
/* .IP "\fBsmtpd_proxy_options (empty)\fR"
|
||||
/* List of options that control how the Postfix SMTP server
|
||||
/* communicates with a before-queue content filter.
|
||||
/* .IP "\fBsmtpd_proxy_timeout (100s)\fR"
|
||||
/* The time limit for connecting to a proxy filter and for sending or
|
||||
/* receiving information.
|
||||
|
@ -347,8 +354,8 @@
|
|||
/* .IP "\fBsmtpd_tls_loglevel (0)\fR"
|
||||
/* Enable additional Postfix SMTP server logging of TLS activity.
|
||||
/* .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
|
||||
/* The minimum TLS cipher grade that the Postfix SMTP server
|
||||
/* will use with mandatory TLS encryption.
|
||||
/* The minimum TLS cipher grade that the Postfix SMTP server will
|
||||
/* use with mandatory TLS encryption.
|
||||
/* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
|
||||
/* Additional list of ciphers or cipher types to exclude from the
|
||||
/* SMTP server cipher list at mandatory TLS security levels.
|
||||
|
@ -678,8 +685,9 @@
|
|||
/* Optional SMTP server access restrictions in the context of a client
|
||||
/* SMTP connection request.
|
||||
/* .IP "\fBsmtpd_helo_required (no)\fR"
|
||||
/* Require that a remote SMTP client introduces itself at the beginning
|
||||
/* of an SMTP session with the HELO or EHLO command.
|
||||
/* Require that a remote SMTP client introduces itself with the HELO
|
||||
/* or EHLO command before sending the MAIL command or other commands
|
||||
/* that require EHLO negotiation.
|
||||
/* .IP "\fBsmtpd_helo_restrictions (empty)\fR"
|
||||
/* Optional restrictions that the Postfix SMTP server applies in the
|
||||
/* context of the SMTP HELO command.
|
||||
|
@ -738,7 +746,7 @@
|
|||
/* See the file ADDRESS_VERIFICATION_README for information
|
||||
/* about how to configure and operate the Postfix sender/recipient
|
||||
/* address verification service.
|
||||
/* .IP "\fBaddress_verify_poll_count (3)\fR"
|
||||
/* .IP "\fBaddress_verify_poll_count (${stress?1}${stress:3})\fR"
|
||||
/* How many times to query the \fBverify\fR(8) service for the completion
|
||||
/* of an address verification request in progress.
|
||||
/* .IP "\fBaddress_verify_poll_delay (3s)\fR"
|
||||
|
@ -1142,6 +1150,7 @@ int var_verify_poll_delay;
|
|||
char *var_smtpd_proxy_filt;
|
||||
int var_smtpd_proxy_tmout;
|
||||
char *var_smtpd_proxy_ehlo;
|
||||
char *var_smtpd_proxy_opts;
|
||||
char *var_input_transp;
|
||||
int var_smtpd_policy_tmout;
|
||||
int var_smtpd_policy_idle;
|
||||
|
@ -1166,6 +1175,7 @@ bool var_smtpd_use_tls;
|
|||
bool var_smtpd_enforce_tls;
|
||||
bool var_smtpd_tls_wrappermode;
|
||||
bool var_smtpd_tls_auth_only;
|
||||
char *var_smtpd_cmd_filter;
|
||||
|
||||
#ifdef USE_TLS
|
||||
char *var_smtpd_relay_ccerts;
|
||||
|
@ -1227,6 +1237,8 @@ char *var_unk_addr_tf_act;
|
|||
char *var_unv_rcpt_tf_act;
|
||||
char *var_unv_from_tf_act;
|
||||
|
||||
int smtpd_proxy_opts;
|
||||
|
||||
/*
|
||||
* Silly little macros.
|
||||
*/
|
||||
|
@ -1308,6 +1320,11 @@ static int ask_client_cert;
|
|||
|
||||
static int enforce_tls;
|
||||
|
||||
/*
|
||||
* SMTP command mapping for broken clients.
|
||||
*/
|
||||
static DICT *smtpd_cmd_filter;
|
||||
|
||||
#ifdef USE_SASL_AUTH
|
||||
|
||||
/*
|
||||
|
@ -1341,6 +1358,27 @@ static int sasl_client_exception(SMTPD_STATE *state)
|
|||
|
||||
#endif
|
||||
|
||||
/* smtpd_whatsup - gather available evidence for logging */
|
||||
|
||||
static const char *smtpd_whatsup(SMTPD_STATE *state)
|
||||
{
|
||||
static VSTRING *buf = 0;
|
||||
|
||||
if (buf == 0)
|
||||
buf = vstring_alloc(100);
|
||||
else
|
||||
VSTRING_RESET(buf);
|
||||
if (state->sender)
|
||||
vstring_sprintf_append(buf, " from=<%s>", state->sender);
|
||||
if (state->recipient)
|
||||
vstring_sprintf_append(buf, " to=<%s>", state->recipient);
|
||||
if (state->protocol)
|
||||
vstring_sprintf_append(buf, " proto=%s", state->protocol);
|
||||
if (state->helo_name)
|
||||
vstring_sprintf_append(buf, " helo=<%s>", state->helo_name);
|
||||
return (STR(buf));
|
||||
}
|
||||
|
||||
/* collapse_args - put arguments together again */
|
||||
|
||||
static void collapse_args(int argc, SMTPD_TOKEN *argv)
|
||||
|
@ -1359,23 +1397,9 @@ static void collapse_args(int argc, SMTPD_TOKEN *argv)
|
|||
static const char *check_milter_reply(SMTPD_STATE *state, const char *reply)
|
||||
{
|
||||
const char *queue_id = state->queue_id ? state->queue_id : "NOQUEUE";
|
||||
VSTRING *buf = vstring_alloc(100);
|
||||
const char *action;
|
||||
const char *text;
|
||||
|
||||
/*
|
||||
* XXX Copied from log_whatsup(). Needs to be changed into a reusable
|
||||
* function.
|
||||
*/
|
||||
if (state->sender)
|
||||
vstring_sprintf_append(buf, " from=<%s>", state->sender);
|
||||
if (state->recipient)
|
||||
vstring_sprintf_append(buf, " to=<%s>", state->recipient);
|
||||
if (state->protocol)
|
||||
vstring_sprintf_append(buf, " proto=%s", state->protocol);
|
||||
if (state->helo_name)
|
||||
vstring_sprintf_append(buf, " helo=<%s>", state->helo_name);
|
||||
|
||||
/*
|
||||
* The syntax of user-specified SMTP replies is checked by the Milter
|
||||
* module, because the replies are also used in the cleanup server.
|
||||
|
@ -1418,8 +1442,7 @@ static const char *check_milter_reply(SMTPD_STATE *state, const char *reply)
|
|||
break;
|
||||
}
|
||||
msg_info("%s: %s: %s from %s: %s;%s", queue_id, action, state->where,
|
||||
state->namaddr, reply ? reply : text, STR(buf));
|
||||
vstring_free(buf);
|
||||
state->namaddr, reply ? reply : text, smtpd_whatsup(state));
|
||||
return (reply);
|
||||
}
|
||||
|
||||
|
@ -1687,10 +1710,11 @@ static int mail_open_stream(SMTPD_STATE *state)
|
|||
*/
|
||||
if (state->proxy_mail) {
|
||||
smtpd_check_rewrite(state);
|
||||
if (smtpd_proxy_open(state, var_smtpd_proxy_filt,
|
||||
var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
|
||||
state->proxy_mail) != 0) {
|
||||
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
|
||||
if (smtpd_proxy_create(state, smtpd_proxy_opts, var_smtpd_proxy_filt,
|
||||
var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
|
||||
state->proxy_mail) != 0) {
|
||||
smtpd_chat_reply(state, "%s", STR(state->proxy->buffer));
|
||||
smtpd_proxy_free(state);
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
@ -2212,9 +2236,13 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
|||
}
|
||||
|
||||
/*
|
||||
* Check the queue file space, if applicable.
|
||||
* Check the queue file space, if applicable. The optional before-filter
|
||||
* speed-adjust buffers use disk space. However, we don't know if they
|
||||
* compete for storage space with the after-filter queue, so we can't
|
||||
* simply bump up the free space requirement to 2.5 * message_size_limit.
|
||||
*/
|
||||
if (!USE_SMTPD_PROXY(state)) {
|
||||
if (!USE_SMTPD_PROXY(state)
|
||||
|| (smtpd_proxy_opts & SMTPD_PROXY_FLAG_SPEED_ADJUST)) {
|
||||
if (SMTPD_STAND_ALONE(state) == 0
|
||||
&& (err = smtpd_check_queue(state)) != 0) {
|
||||
/* XXX Reset access map side effects. */
|
||||
|
@ -2308,14 +2336,8 @@ static void mail_reset(SMTPD_STATE *state)
|
|||
VSTRING_RESET(state->instance);
|
||||
VSTRING_TERMINATE(state->instance);
|
||||
|
||||
/*
|
||||
* Try to be nice. Don't bother when we lost the connection. Don't bother
|
||||
* waiting for a reply, it just increases latency.
|
||||
*/
|
||||
if (state->proxy) {
|
||||
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_NONE, SMTPD_CMD_QUIT);
|
||||
smtpd_proxy_close(state);
|
||||
}
|
||||
if (state->proxy)
|
||||
smtpd_proxy_free(state);
|
||||
if (state->xforward.flags)
|
||||
smtpd_xforward_reset(state);
|
||||
if (state->prepend)
|
||||
|
@ -2335,6 +2357,7 @@ static void mail_reset(SMTPD_STATE *state)
|
|||
|
||||
static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
||||
{
|
||||
SMTPD_PROXY *proxy;
|
||||
const char *err;
|
||||
int narg;
|
||||
char *arg;
|
||||
|
@ -2478,9 +2501,10 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
|||
* the recipient then we can have a proxy connection without having
|
||||
* accepted a recipient.
|
||||
*/
|
||||
if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK,
|
||||
"%s", STR(state->buffer)) != 0) {
|
||||
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
|
||||
proxy = state->proxy;
|
||||
if (proxy != 0 && proxy->cmd(state, SMTPD_PROX_WANT_OK,
|
||||
"%s", STR(state->buffer)) != 0) {
|
||||
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
@ -2667,6 +2691,7 @@ static void comment_sanitize(VSTRING *comment_string)
|
|||
|
||||
static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
||||
{
|
||||
SMTPD_PROXY *proxy;
|
||||
const char *err;
|
||||
char *start;
|
||||
int len;
|
||||
|
@ -2725,9 +2750,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
smtpd_chat_reply(state, "%s", err);
|
||||
return (-1);
|
||||
}
|
||||
if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_MORE,
|
||||
"%s", STR(state->buffer)) != 0) {
|
||||
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
|
||||
proxy = state->proxy;
|
||||
if (proxy != 0 && proxy->cmd(state, SMTPD_PROX_WANT_MORE,
|
||||
"%s", STR(state->buffer)) != 0) {
|
||||
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
@ -2736,10 +2762,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
* operation. We want to avoid massive code duplication within tons of
|
||||
* if-else clauses.
|
||||
*/
|
||||
if (state->proxy) {
|
||||
out_stream = state->proxy;
|
||||
out_record = smtpd_proxy_rec_put;
|
||||
out_fprintf = smtpd_proxy_rec_fprintf;
|
||||
if (proxy) {
|
||||
out_stream = proxy->stream;
|
||||
out_record = proxy->rec_put;
|
||||
out_fprintf = proxy->rec_fprintf;
|
||||
out_error = CLEANUP_STAT_PROXY;
|
||||
} else {
|
||||
out_stream = state->cleanup;
|
||||
|
@ -2781,7 +2807,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
* Suppress our own Received: header in the unlikely case that we are an
|
||||
* intermediate proxy.
|
||||
*/
|
||||
if (!state->proxy || state->xforward.flags == 0) {
|
||||
if (!proxy || state->xforward.flags == 0) {
|
||||
out_fprintf(out_stream, REC_TYPE_NORM,
|
||||
"Received: from %s (%s [%s])",
|
||||
state->helo_name ? state->helo_name : state->name,
|
||||
|
@ -2900,7 +2926,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
out_record(out_stream, REC_TYPE_NORM, "", 0);
|
||||
}
|
||||
if (prev_rec_type != REC_TYPE_CONT && *start == '.'
|
||||
&& (state->proxy == 0 ? (++start, --len) == 0 : len == 1))
|
||||
&& (proxy == 0 ? (++start, --len) == 0 : len == 1))
|
||||
break;
|
||||
if (state->err == CLEANUP_STAT_OK) {
|
||||
if (var_message_limit > 0 && var_message_limit - state->act_size < len + 2) {
|
||||
|
@ -2919,7 +2945,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
&& SMTPD_STAND_ALONE(state) == 0
|
||||
&& (err = smtpd_check_eod(state)) != 0) {
|
||||
smtpd_chat_reply(state, "%s", err);
|
||||
if (state->proxy) {
|
||||
if (proxy) {
|
||||
smtpd_proxy_close(state);
|
||||
} else {
|
||||
mail_stream_cleanup(state->dest);
|
||||
|
@ -2932,23 +2958,13 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
/*
|
||||
* Send the end of DATA and finish the proxy connection. Set the
|
||||
* CLEANUP_STAT_PROXY error flag in case of trouble.
|
||||
*
|
||||
* XXX The low-level proxy output routines should set "state" error
|
||||
* attributes. This requires making "state" a context attribute of the
|
||||
* VSTREAM.
|
||||
*/
|
||||
if (state->proxy) {
|
||||
if (proxy) {
|
||||
if (state->err == CLEANUP_STAT_OK) {
|
||||
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, ".");
|
||||
(void) proxy->cmd(state, SMTPD_PROX_WANT_ANY, ".");
|
||||
if (state->err == CLEANUP_STAT_OK &&
|
||||
*STR(state->proxy_buffer) != '2')
|
||||
*STR(proxy->buffer) != '2')
|
||||
state->err = CLEANUP_STAT_CONT;
|
||||
} else if (state->err != CLEANUP_STAT_SIZE) {
|
||||
state->err |= CLEANUP_STAT_PROXY;
|
||||
detail = cleanup_stat_detail(CLEANUP_STAT_PROXY);
|
||||
vstring_sprintf(state->proxy_buffer,
|
||||
"%d %s Error: %s",
|
||||
detail->smtp, detail->dsn, detail->text);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -3031,11 +3047,11 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
state->error_count = 0;
|
||||
state->error_mask = 0;
|
||||
state->junk_cmds = 0;
|
||||
if (state->queue_id)
|
||||
if (proxy)
|
||||
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
|
||||
else
|
||||
smtpd_chat_reply(state,
|
||||
"250 2.0.0 Ok: queued as %s", state->queue_id);
|
||||
else
|
||||
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
|
||||
} else if (why && IS_SMTP_REJECT(STR(why))) {
|
||||
state->error_mask |= MAIL_ERROR_POLICY;
|
||||
smtpd_chat_reply(state, "%s", STR(why));
|
||||
|
@ -3067,8 +3083,8 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
} else if ((state->err & CLEANUP_STAT_CONT) != 0) {
|
||||
state->error_mask |= MAIL_ERROR_POLICY;
|
||||
detail = cleanup_stat_detail(CLEANUP_STAT_CONT);
|
||||
if (state->proxy_buffer) {
|
||||
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
|
||||
if (proxy) {
|
||||
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
|
||||
} else if (why && LEN(why) > 0) {
|
||||
/* Allow address-specific DSN status in header/body_checks. */
|
||||
smtpd_chat_reply(state, "%d %s", detail->smtp, STR(why));
|
||||
|
@ -3083,7 +3099,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
detail->smtp, detail->dsn, detail->text);
|
||||
} else if ((state->err & CLEANUP_STAT_PROXY) != 0) {
|
||||
state->error_mask |= MAIL_ERROR_SOFTWARE;
|
||||
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
|
||||
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
|
||||
} else {
|
||||
state->error_mask |= MAIL_ERROR_SOFTWARE;
|
||||
detail = cleanup_stat_detail(CLEANUP_STAT_BAD);
|
||||
|
@ -3091,6 +3107,14 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||
detail->smtp, detail->dsn, state->err);
|
||||
}
|
||||
|
||||
/*
|
||||
* By popular command: the proxy's end-of-data reply.
|
||||
*/
|
||||
if (proxy)
|
||||
msg_info("proxy-%s: %s: %s;%s",
|
||||
(state->err == CLEANUP_STAT_OK) ? "accept" : "reject",
|
||||
state->where, STR(proxy->buffer), smtpd_whatsup(state));
|
||||
|
||||
/*
|
||||
* Cleanup. The client may send another MAIL command.
|
||||
*/
|
||||
|
@ -3217,8 +3241,8 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
|||
/*
|
||||
* XXX 2821 new feature: Section 3.5.1 requires that the VRFY response is
|
||||
* either "full name <user@domain>" or "user@domain". Postfix replies
|
||||
* with the address that was provided by the client, whether or not it is
|
||||
* in fully qualified domain form or not.
|
||||
* with the string that was provided by the client, whether or not it is
|
||||
* in fully qualified domain form and the address is in <>.
|
||||
*
|
||||
* Reply code 250 is reserved for the case where the address is verified;
|
||||
* reply code 252 should be used when no definitive certainty exists.
|
||||
|
@ -4130,8 +4154,8 @@ typedef struct SMTPD_CMD {
|
|||
#define SMTPD_CMD_FLAG_LAST (1<<2) /* last in PIPELINING command group */
|
||||
|
||||
static SMTPD_CMD smtpd_cmd_table[] = {
|
||||
SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS,
|
||||
SMTPD_CMD_EHLO, ehlo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS,
|
||||
SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,
|
||||
SMTPD_CMD_EHLO, ehlo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,
|
||||
#ifdef USE_TLS
|
||||
SMTPD_CMD_STARTTLS, starttls_cmd, SMTPD_CMD_FLAG_PRE_TLS,
|
||||
#endif
|
||||
|
@ -4165,6 +4189,7 @@ static void smtpd_proto(SMTPD_STATE *state)
|
|||
const char *ehlo_words;
|
||||
const char *err;
|
||||
int status;
|
||||
const char *cp;
|
||||
|
||||
/*
|
||||
* Print a greeting banner and run the state machine. Read SMTP commands
|
||||
|
@ -4425,6 +4450,16 @@ static void smtpd_proto(SMTPD_STATE *state)
|
|||
}
|
||||
watchdog_pat();
|
||||
smtpd_chat_query(state);
|
||||
/* Move into smtpd_chat_query() and update session transcript. */
|
||||
if (smtpd_cmd_filter != 0) {
|
||||
for (cp = STR(state->buffer); *cp && IS_SPACE_TAB(*cp); cp++)
|
||||
/* void */ ;
|
||||
if ((cp = dict_get(smtpd_cmd_filter, cp)) != 0) {
|
||||
msg_info("%s: replacing client command \"%s\" with \"%s\"",
|
||||
state->namaddr, STR(state->buffer), cp);
|
||||
vstring_strcpy(state->buffer, cp);
|
||||
}
|
||||
}
|
||||
if ((argc = smtpd_token(vstring_str(state->buffer), &argv)) == 0) {
|
||||
state->error_mask |= MAIL_ERROR_PROTOCOL;
|
||||
smtpd_chat_reply(state, "500 5.5.2 Error: bad syntax");
|
||||
|
@ -4699,6 +4734,10 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
|
|||
#endif
|
||||
|
||||
#ifdef USE_TLS
|
||||
if (*var_smtpd_cmd_filter)
|
||||
smtpd_cmd_filter = dict_open(var_smtpd_cmd_filter, O_RDONLY,
|
||||
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
|
||||
|
||||
/*
|
||||
* XXX Temporary fix to pretend that we consistently implement TLS
|
||||
* security levels. We implement only a subset for now. If we implement
|
||||
|
@ -4843,6 +4882,15 @@ static void post_jail_init(char *unused_name, char **unused_argv)
|
|||
smtpd_input_transp_mask =
|
||||
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
|
||||
|
||||
/*
|
||||
* Initialize before-queue filter options: do we want speed-matching
|
||||
* support so that the entire message is received before we contact a
|
||||
* before-queue content filter?
|
||||
*/
|
||||
if (*var_smtpd_proxy_filt)
|
||||
smtpd_proxy_opts =
|
||||
smtpd_proxy_parse_opts(VAR_SMTPD_PROXY_OPTS, var_smtpd_proxy_opts);
|
||||
|
||||
/*
|
||||
* Sendmail mail filters.
|
||||
*
|
||||
|
@ -5023,6 +5071,7 @@ int main(int argc, char **argv)
|
|||
VAR_VERP_CLIENTS, DEF_VERP_CLIENTS, &var_verp_clients, 0, 0,
|
||||
VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0,
|
||||
VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0,
|
||||
VAR_SMTPD_PROXY_OPTS, DEF_SMTPD_PROXY_OPTS, &var_smtpd_proxy_opts, 0, 0,
|
||||
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
|
||||
VAR_XCLIENT_HOSTS, DEF_XCLIENT_HOSTS, &var_xclient_hosts, 0, 0,
|
||||
VAR_XFORWARD_HOSTS, DEF_XFORWARD_HOSTS, &var_xforward_hosts, 0, 0,
|
||||
|
@ -5075,6 +5124,7 @@ int main(int argc, char **argv)
|
|||
VAR_UNK_ADDR_TF_ACT, DEF_UNK_ADDR_TF_ACT, &var_unk_addr_tf_act, 1, 0,
|
||||
VAR_UNV_RCPT_TF_ACT, DEF_UNV_RCPT_TF_ACT, &var_unv_rcpt_tf_act, 1, 0,
|
||||
VAR_UNV_FROM_TF_ACT, DEF_UNV_FROM_TF_ACT, &var_unv_from_tf_act, 1, 0,
|
||||
VAR_SMTPD_CMD_FILTER, DEF_SMTPD_CMD_FILTER, &var_smtpd_cmd_filter, 0, 0,
|
||||
0,
|
||||
};
|
||||
static const CONFIG_RAW_TABLE raw_table[] = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: tls_client.c,v 1.2 2009/07/20 17:17:56 christos Exp $ */
|
||||
/* $NetBSD: tls_client.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: tls_server.c,v 1.2 2009/07/20 17:17:56 christos Exp $ */
|
||||
/* $NetBSD: tls_server.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: inet_addr_local.c,v 1.2 2010/02/23 16:41:01 jnemeth Exp $ */
|
||||
/* $NetBSD: inet_addr_local.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -186,9 +186,15 @@ static int ial_getifaddrs(INET_ADDR_LIST *addr_list,
|
|||
if (!(ifa->ifa_flags & IFF_UP) || ifa->ifa_addr == 0)
|
||||
continue;
|
||||
sa = ifa->ifa_addr;
|
||||
sam = ifa->ifa_netmask;
|
||||
if (af != AF_UNSPEC && sa->sa_family != af)
|
||||
continue;
|
||||
sam = ifa->ifa_netmask;
|
||||
if (sam == 0) {
|
||||
/* XXX In mynetworks, a null netmask would match everyone. */
|
||||
msg_warn("ignoring interface with null netmask, address family %d",
|
||||
sa->sa_family);
|
||||
continue;
|
||||
}
|
||||
switch (sa->sa_family) {
|
||||
case AF_INET:
|
||||
if (SOCK_ADDR_IN_ADDR(sa).s_addr == INADDR_ANY)
|
||||
|
@ -586,7 +592,8 @@ int main(int unused_argc, char **argv)
|
|||
msg_vstream_init(argv[0], VSTREAM_ERR);
|
||||
msg_verbose = 1;
|
||||
|
||||
proto_info = inet_proto_init(argv[0], INET_PROTO_NAME_ALL);
|
||||
proto_info = inet_proto_init(argv[0],
|
||||
argv[1] ? argv[1] : INET_PROTO_NAME_ALL);
|
||||
inet_addr_list_init(&addr_list);
|
||||
inet_addr_list_init(&mask_list);
|
||||
inet_addr_local(&addr_list, &mask_list, proto_info->ai_family_list);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: unix_recv_fd.c,v 1.2 2009/06/23 11:41:07 tron Exp $ */
|
||||
/* $NetBSD: unix_recv_fd.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -65,7 +65,7 @@ int unix_recv_fd(int fd)
|
|||
/*
|
||||
* Adapted from: W. Richard Stevens, UNIX Network Programming, Volume 1,
|
||||
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE, for
|
||||
* portability to LP64 environments.
|
||||
* portability to some LP64 environments. See also unix_send_fd.c.
|
||||
*/
|
||||
#if defined(CMSG_SPACE) && !defined(NO_MSGHDR_MSG_CONTROL)
|
||||
union {
|
||||
|
@ -76,7 +76,11 @@ int unix_recv_fd(int fd)
|
|||
|
||||
memset((char *) &msg, 0, sizeof(msg)); /* Fix 200512 */
|
||||
msg.msg_control = control_un.control;
|
||||
msg.msg_controllen = sizeof(control_un.control); /* Fix 200506 */
|
||||
if (unix_pass_fd_fix & UNIX_PASS_FD_FIX_CMSG_LEN) {
|
||||
msg.msg_controllen = CMSG_LEN(sizeof(newfd)); /* Fix 200506 */
|
||||
} else {
|
||||
msg.msg_controllen = sizeof(control_un.control); /* normal */
|
||||
}
|
||||
#else
|
||||
msg.msg_accrights = (char *) &newfd;
|
||||
msg.msg_accrightslen = sizeof(newfd);
|
||||
|
@ -143,10 +147,10 @@ int main(int argc, char **argv)
|
|||
ssize_t read_count;
|
||||
char buf[1024];
|
||||
|
||||
if (argc != 2
|
||||
if (argc < 2 || argc > 3
|
||||
|| (endpoint = split_at(transport = argv[1], ':')) == 0
|
||||
|| *endpoint == 0 || *transport == 0)
|
||||
msg_fatal("usage: %s transport:endpoint", argv[0]);
|
||||
msg_fatal("usage: %s transport:endpoint [workaround]", argv[0]);
|
||||
|
||||
if (strcmp(transport, "unix") == 0) {
|
||||
listen_sock = unix_listen(endpoint, 10, BLOCKING);
|
||||
|
@ -160,8 +164,10 @@ int main(int argc, char **argv)
|
|||
if (client_sock < 0)
|
||||
msg_fatal("accept: %m");
|
||||
|
||||
set_unix_pass_fd_fix(argv[2] ? argv[2] : "");
|
||||
|
||||
while ((client_fd = unix_recv_fd(client_sock)) >= 0) {
|
||||
msg_info("client_fd = %d", client_fd);
|
||||
msg_info("client_fd = %d, fix=%d", client_fd, unix_pass_fd_fix);
|
||||
while ((read_count = read(client_fd, buf, sizeof(buf))) > 0)
|
||||
write(1, buf, read_count);
|
||||
if (read_count < 0)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: unix_send_fd.c,v 1.2 2009/06/23 11:41:07 tron Exp $ */
|
||||
/* $NetBSD: unix_send_fd.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
|
||||
|
||||
/*++
|
||||
/* NAME
|
||||
|
@ -66,8 +66,8 @@ int unix_send_fd(int fd, int sendfd)
|
|||
|
||||
/*
|
||||
* Adapted from: W. Richard Stevens, UNIX Network Programming, Volume 1,
|
||||
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE; the
|
||||
* latter breaks on LP64 systems.
|
||||
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE, for
|
||||
* portability to some LP64 environments. See also unix_recv_fd.c.
|
||||
*/
|
||||
#if defined(CMSG_SPACE) && !defined(NO_MSGHDR_MSG_CONTROL)
|
||||
union {
|
||||
|
@ -76,10 +76,13 @@ int unix_send_fd(int fd, int sendfd)
|
|||
} control_un;
|
||||
struct cmsghdr *cmptr;
|
||||
|
||||
memset((char *) &msg, 0, sizeof(msg)); /* Fix 200512 */
|
||||
memset((char *) &msg, 0, sizeof(msg)); /* Fix 200512 */
|
||||
msg.msg_control = control_un.control;
|
||||
msg.msg_controllen = sizeof(control_un.control); /* Fix 200506 */
|
||||
|
||||
if (unix_pass_fd_fix & UNIX_PASS_FD_FIX_CMSG_LEN) {
|
||||
msg.msg_controllen = CMSG_LEN(sizeof(sendfd)); /* Fix 200506 */
|
||||
} else {
|
||||
msg.msg_controllen = sizeof(control_un.control); /* normal */
|
||||
}
|
||||
cmptr = CMSG_FIRSTHDR(&msg);
|
||||
cmptr->cmsg_len = CMSG_LEN(sizeof(sendfd));
|
||||
cmptr->cmsg_level = SOL_SOCKET;
|
||||
|
@ -103,7 +106,40 @@ int unix_send_fd(int fd, int sendfd)
|
|||
msg.msg_iov = iov;
|
||||
msg.msg_iovlen = 1;
|
||||
|
||||
return (sendmsg(fd, &msg, 0));
|
||||
/*
|
||||
* The CMSG_LEN send/receive workaround was originally developed for
|
||||
* OpenBSD 3.6 on SPARC64. After the workaround was verified to not break
|
||||
* Solaris 8 on SPARC64, it was hard-coded with Postfix 2.3 for all
|
||||
* platforms because of increasing pressure to work on other things. The
|
||||
* workaround does nothing for 32-bit systems.
|
||||
*
|
||||
* The investigation was reopened with Postfix 2.7 because the workaround
|
||||
* broke with NetBSD 5.0 on 64-bit architectures. This time it was found
|
||||
* that OpenBSD <= 4.3 on AMD64 and SPARC64 needed the workaround for
|
||||
* sending only. The following platforms worked with and without the
|
||||
* workaround: OpenBSD 4.5 on AMD64 and SPARC64, FreeBSD 7.2 on AMD64,
|
||||
* Solaris 8 on SPARC64, and Linux 2.6-11 on x86_64.
|
||||
*
|
||||
* As this appears to have been an OpenBSD-specific problem, we revert to
|
||||
* the Postfix 2.2 behavior. Instead of hard-coding the workaround for
|
||||
* all platforms, we now detect sendmsg() errors at run time and turn on
|
||||
* the workaround dynamically.
|
||||
*
|
||||
* The workaround was made run-time configurable to investigate the problem
|
||||
* on multiple platforms. Though set_unix_pass_fd_fix() is over-kill for
|
||||
* this specific problem, it is left in place so that it can serve as an
|
||||
* example of how to add run-time configurable workarounds to Postfix.
|
||||
*/
|
||||
if (sendmsg(fd, &msg, 0) >= 0)
|
||||
return (0);
|
||||
if (unix_pass_fd_fix == 0) {
|
||||
if (msg_verbose)
|
||||
msg_info("sendmsg error (%m). Trying CMSG_LEN workaround.");
|
||||
unix_pass_fd_fix = UNIX_PASS_FD_FIX_CMSG_LEN;
|
||||
return (unix_send_fd(fd, sendfd));
|
||||
} else {
|
||||
return (-1);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -128,6 +164,8 @@ int main(int argc, char **argv)
|
|||
int server_sock;
|
||||
int client_fd;
|
||||
|
||||
msg_verbose = 1;
|
||||
|
||||
if (argc < 3
|
||||
|| (endpoint = split_at(transport = argv[1], ':')) == 0
|
||||
|| *endpoint == 0 || *transport == 0)
|
||||
|
|
Loading…
Reference in New Issue