Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolve conflicts from last import.

This commit is contained in:
tron 2010-06-17 18:18:14 +00:00
parent 28e9a2d236
commit 6941d836af
22 changed files with 2254 additions and 817 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README vendored
View File

@ -4,10 +4,10 @@ PPoossttffiixx AAddddrreessss VVeerriiffiiccaattiioonn
WWAARRNNIINNGG
The sender/recipient address verification feature described in this document is
suitable only for low-traffic sites. It performs poorly under high load;
excessive sender address verification activity may even cause your site to be
blacklisted by some providers. See the "Limitations" section below for details.
Recipient address verification may cause an increased load on down-stream
servers in the case of a dictionary attack or a flood of backscatter bounces.
Sender address verification may cause your site to be blacklisted by some
providers. See also the "Limitations" section below for more.
WWhhaatt PPoossttffiixx aaddddrreessss vveerriiffiiccaattiioonn ccaann ddoo ffoorr yyoouu
@ -18,8 +18,8 @@ verified to be deliverable.
The technique has obvious uses to reject junk mail with an unreplyable sender
address.
The technique may also be useful to block mail for undeliverable recipients,
for example on a mail relay host that does not have a list of all the valid
The technique is also useful to block mail for undeliverable recipients, for
example on a mail relay host that does not have a list of all the valid
recipient addresses. This prevents undeliverable junk mail from entering the
queue, so that Postfix doesn't have to waste resources trying to send MAILER-
DAEMON messages back.
@ -47,18 +47,26 @@ the Postfix MTA itself, or it could be a remote MTA (SMTP interruptus). Probe
messages are like normal mail, except that they are never delivered, deferred
or bounced; probe messages are always discarded.
Postfix Postfix Address
Internet -> SMTP <-> verify <-> verification
server server database
| ^
probe delivery
messages status
v |
probe Postfix
message -> mail
queue
Postfix Postfix ->
Internet -> SMTP <-> verify
server server |
v
Postfix Postfix
queue -> delivery
agents
<- Postfix
probe <- delivery -> Local
status agents -> Remote
^
|
v
Address
verification
database
With Postfix address verification turned on, normal mail will suffer only a
short delay of up to 6 seconds while an address is being verified for the first
@ -77,7 +85,8 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi
address, without actually delivering mail to it. If the nearest MTA accepts
the address, then Postfix assumes that the address is deliverable. In
reality, mail for a remote address can bounce AFTER the nearest MTA accepts
the recipient address.
the recipient address, or AFTER the nearest MTA accepts the message
content.
* Some sites may blacklist you when you are probing them too often (a probe
is an SMTP session that does not deliver mail), or when you are probing
@ -95,30 +104,31 @@ LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffi
* Postfix assumes that an address is undeliverable when the nearest MTA for
the address rejects the probe, regardless of the reason for rejection
(client rejected, HELO rejected, MAIL FROM rejected, etc.). Thus, Postfix
rejects mail when the sender's MTA rejects mail from your machine. This is
a good thing.
rejects an address when the nearest MTA for that address rejects mail from
your machine for any reason. This is not a limitation, but it is mentioned
here just in case people believe that it is a limitation.
* Unfortunately, some major sites such as YAHOO do not reject unknown
addresses in reply to the RCPT TO command, but report a delivery failure in
response to end of DATA after a message is transferred. Postfix address
verification does not work with such sites.
* Unfortunately, some sites do not reject unknown addresses in reply to the
RCPT TO command, but report a delivery failure in response to end of DATA
after a message is transferred. Postfix address verification does not work
with such sites.
* By default, Postfix probe messages have "double-bounce@$myorigin" as the
sender address (with Postfix versions before 2.5, the default is
* By default, Postfix probe messages have a sender address "double-
bounce@$myorigin" (with Postfix versions before 2.5, the default is
"postmaster@$myorigin"). This is SAFE because the Postfix SMTP server does
not reject mail for this address.
You can change this into the null address ("address_verify_sender ="). This
is UNSAFE because address probes will fail with mis-configured sites that
reject MAIL FROM: <>, while probes from "postmaster@$myorigin" would
succeed.
You can change the probe sender address into the null address
("address_verify_sender ="). This is UNSAFE because address probes will
fail with mis-configured sites that reject MAIL FROM: <>, while probes from
"postmaster@$myorigin" would succeed.
RReecciippiieenntt aaddddrreessss vveerriiffiiccaattiioonn
As mentioned earlier, recipient address verification may be useful to block
mail for undeliverable recipients on a mail relay host that does not have a
list of all valid recipient addresses. This can help to prevent the mail queue
from filling up with MAILER-DAEMON messages.
As mentioned earlier, recipient address verification is useful to block mail
for undeliverable recipients on a mail relay host that does not have a list of
all valid recipient addresses. This can help to prevent the mail queue from
filling up with MAILER-DAEMON messages.
Recipient address verification is relatively straightforward and there are no
surprises. If a recipient probe fails, then Postfix rejects mail for the
@ -127,9 +137,10 @@ the recipient address. However, recipient address verification probes can
increase the load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack.
By default, address verification results are not saved. To avoid probing the
same address repeatedly, you can store the result in a persistent database as
described later.
By default, address verification results are saved in a persistent database
(Postfix version 2.7 and later; with earlier versions, specify the database in
main.cf as described later). The persistent database helps to avoid probing the
same address repeatedly.
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
@ -177,11 +188,13 @@ verification for specific domains that often appear in forged email.
# Postfix 2.6 and later.
# unverified_sender_defer_code = 250
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
aol.com reject_unverified_sender
hotmail.com reject_unverified_sender
bigfoot.com reject_unverified_sender
@ -216,6 +229,7 @@ be blocked:
# Postfix 2.6 and later.
# unverified_sender_reject_reason = Address verification failed
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
@ -261,54 +275,61 @@ probe fails with some temporary error.
AAddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
NOTE: By default, address verification information is not stored in a
persistent file. You have to specify one in main.cf (see below). Persistent
storage is off by default because it may need more disk space than is available
in your file system.
Address verification information is cached by the Postfix verify daemon.
Postfix has a bunch of parameters that control the caching of positive and
negative results. Refer to the verify(8) manual page for details.
The address_verify_map (NOTE: singular) configuration parameter specifies an
optional database for sender or recipient address verification results. If you
don't specify a file, all address verification information is lost after
"postfix reload" or "postfix stop".
If your /var file system has sufficient space, try:
To improve performance, the Postfix verify(8) daemon can save address
verification results to a persistent database. This is enabled by default with
Postfix 2.7 and later. The address_verify_map (NOTE: singular) configuration
parameter specifies persistent storage for sender or recipient address
verification results. If you specify an empty value, all address verification
results are lost after "postfix reload" or "postfix stop".
/etc/postfix/main.cf:
# Default setting for Postfix 2.7 and later.
# Note: avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
address_verify_map = btree:$data_directory/verify_cache
NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening
this file. The file should now be stored under the Postfix-owned
data_directory. As a migration aid, an attempt to open the file under a non-
Postfix directory is redirected to the Postfix-owned data_directory, and a
warning is logged. If you wish to continue using a pre-existing database file,
move it to the data_directory, and change ownership to the account specified
with the mail_owner parameter.
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
address_verify_map =
NOTE 1: The database file should be stored under a Postfix-owned directory,
such as $data_directory.
As of version 2.5, Postfix no longer uses root privileges when opening this
file. To maintain backwards compatibility, an attempt to open the file
under a non-Postfix directory is redirected to the Postfix-owned
data_directory, and a warning is logged. If you wish to continue using a
pre-existing database file, change its file ownership to the account
specified with the mail_owner parameter, and either move the file to the
data_directory, or move it to some other Postfix-owned directory.
NOTE 2: Do not put this file in a file system that may run out of space. When
the address verification table gets corrupted the world comes to an end and YOU
will have to MANUALLY fix things as described in the next section. Meanwhile,
you will not receive mail via SMTP.
NOTE 3: The verify(8) daemon process will create a new database when none
exists, and will open/create the file before it enters the chroot jail.
NOTE 3: The verify(8) daemon will create a new database when none exists. It
will open or create the file before entering the chroot jail.
MMaannaaggiinngg tthhee aaddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee
The verify(8) manual page describes parameters that control how long
information remains cached before it needs to be refreshed, and how long
information can remain "unrefreshed" before it expires. Postfix uses different
The verify(8) manual page describes parameters that control how long address
verification results are cached before they need to be refreshed, and how long
results can remain "unrefreshed" before they expire. Postfix uses different
controls for positive results (address was accepted) and for negative results
(address was rejected).
(address was rejected, or address verification failed for some other reason).
Right now, no tools are provided to manage the address verification database.
If the file gets too big, or if it gets corrupted, you can manually rename or
delete the file and run "postfix reload". The new verify daemon process will
then create a new database.
The verify(8) daemon will periodically remove expired entries from the address
verification database, and log the number of entries retained and dropped
(Postfix versions 2.7 and later). A cleanup run is logged as "partial" when the
daemon terminates early because of "postfix reload, "postfix stop", or because
the daemon received no requests for $max_idle seconds. Postfix versions 2.6 and
earlier do not implement automatic address verification database cleanup.
There, the database is managed manually as described next.
When the address verification database file becomes too big, or when it becomes
corrupted, the solution is to manually rename or delete (NOT: truncate) the
file and run "postfix reload". The verify(8) daemon will then create a new
database file.
CCoonnttrroolllliinngg tthhee rroouuttiinngg ooff aaddddrreessss vveerriiffiiccaattiioonn pprroobbeess

2
external/ibm-public/postfix/dist/README_FILES/TLS_README vendored
View File

@ -1659,7 +1659,7 @@ by the smtp_tls_mandatory_ciphers configuration parameter. This setting
controls the minimum acceptable SMTP client TLS cipher grade for use with
mandatory TLS encryption. The default value "medium" is suitable for most
destinations with which you may want to enforce TLS, and is beyond the reach of
today's crypt-analytic methods. See smtp_tls_policy_maps for information on how
today's cryptanalytic methods. See smtp_tls_policy_maps for information on how
to configure ciphers on a per-destination basis.
By default anonymous ciphers are allowed, and automatically disabled when

19
external/ibm-public/postfix/dist/conf/master.cf vendored
View File

@ -1,4 +1,4 @@
# $NetBSD: master.cf,v 1.2 2009/06/23 11:41:06 tron Exp $
# $NetBSD: master.cf,v 1.3 2010/06/17 18:18:14 tron Exp $
#
#
# Postfix master process configuration file. For details on the format
@ -67,10 +67,14 @@ scache unix - - n - 1 scache
#
# ====================================================================
#
# The Cyrus deliver program has changed incompatibly, multiple times.
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
@ -82,6 +86,13 @@ scache unix - - n - 1 scache
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe

237
external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html vendored
View File

@ -19,12 +19,11 @@
<h2>WARNING </h2>
<p> The sender/recipient address verification feature described in this
document is suitable only for low-traffic sites. It performs poorly
under high load; excessive sender address verification activity may
even cause your site to be blacklisted by some
providers. See the "<a href="#limitations">Limitations</a>" section
below for details. </p>
<p> Recipient address verification may cause an increased load on
down-stream servers in the case of a dictionary attack or a flood
of backscatter bounces. Sender address verification may cause your
site to be blacklisted by some providers. See also the "<a
href="#limitations">Limitations</a>" section below for more. </p>
<h2><a name="summary">What Postfix address verification can do for you</a></h2>
@ -35,7 +34,7 @@ until the address has been verified to be deliverable. </p>
<p> The technique has obvious uses to reject junk mail
with an unreplyable sender address. </p>
<p> The technique may also be useful to block mail for undeliverable
<p> The technique is also useful to block mail for undeliverable
recipients, for example on a mail <a href="postconf.5.html#relayhost">relay host</a> that does not have a
list of all the valid recipient addresses. This prevents undeliverable
junk mail from entering the queue, so that Postfix doesn't have to
@ -86,74 +85,96 @@ always discarded. </p>
<blockquote>
<table>
<table border="0">
<tr>
<td bgcolor="#f0f0ff" align="center" valign="middle"> Internet
<td rowspan="2" colspan="5" align="center" valign="middle">
&nbsp; </td>
<td rowspan="3" align="center" valign="bottom"> <tt> -&gt; </tt>
</td>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td rowspan="3" align="center" valign="middle"> probe<br>
message </td>
<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
</td>
<td colspan="2" align="center" valign="middle"> <tt> &lt;-&gt;
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> mail<br> queue </td>
</tr>
<tr> </tr>
<tr>
<td rowspan="3" align="center" valign="middle"> Internet </td>
<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
</td>
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
<a href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
<td rowspan="3" align="center" valign="middle"> <tt> &lt;-&gt;
</tt> </td>
<td bgcolor="#f0f0ff" colspan="3" align="center" valign="middle">
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
<a href="verify.8.html">Postfix<br> verify<br> server</a>
</td>
<td colspan="2" align="center" valign="middle"> <tt> &lt;-&gt;
</tt> </td>
</tr>
<td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
verification<br> database </td>
<tr>
<td rowspan="1" colspan="3"> </td>
<td rowspan="1" align="center" valign="middle"> <tt> |</tt><br>
<tt> v</tt> </td>
</tr>
<tr>
<td colspan="3"> </td>
<td rowspan="3" align="center" valign="top"> <tt> &lt;- </tt>
</td>
<td> &nbsp; &nbsp; </td>
<td rowspan="3" align="center" valign="middle"> probe<br>
status </td>
<td colspan="2" align="right" valign="middle"> <tt> |</tt><br>
probe<br> messages<br> <tt> v </tt> </td>
<td rowspan="3" align="center" valign="middle"> <tt> &lt;- </tt>
</td>
<td> </td>
<td colspan="2" align="left" valign="middle"> ^<br> delivery<br>
status<br> <tt> | </tt> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> queue </td>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> delivery<br> agents </td>
<td> </td>
<td rowspan="3" align="left" valign="middle"> <tt>-&gt;</tt>
Local<br> <tt>-&gt;</tt> Remote</td>
<td> </td>
</tr>
<tr>
<td rowspan="3" colspan="4" align="center" valign="middle">
&nbsp; </td>
<td rowspan="3" align="center" valign="middle"> <tt>
^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
</tr>
<tr> </tr>
<tr> <td colspan="4"> &nbsp; </td> </tr>
<tr>
<td colspan="4" align="center" valign="middle"> &nbsp; </td>
<td bgcolor="#f0f0ff" align="center" valign="middle">
Address<br> verification<br> database </td>
</tr>
@ -181,7 +202,8 @@ details. </p>
MTA for that address, without actually delivering mail to it. If
the nearest MTA accepts the address, then Postfix assumes that the
address is deliverable. In reality, mail for a remote address can
bounce AFTER the nearest MTA accepts the recipient address. </p>
bounce AFTER the nearest MTA accepts the recipient address, or AFTER
the nearest MTA accepts the message content. </p>
<li> <p> Some sites may blacklist you when you are probing them
too often (a probe is an SMTP session that does not deliver mail),
@ -200,21 +222,25 @@ mail routing and for possible limitations when you have to do this.
<li> <p> Postfix assumes that an address is undeliverable when the
nearest MTA for the address rejects the probe, regardless of the
reason for rejection (client rejected, HELO rejected, MAIL FROM
rejected, etc.). Thus, Postfix rejects mail when the sender's MTA
rejects mail from your machine. This is a good thing. </p>
rejected, etc.). Thus, Postfix rejects an address when the nearest
MTA for that address rejects mail from your machine for any reason.
This is not a limitation, but it is mentioned here just in case
people believe that it is a limitation. </p>
<li> <p> Unfortunately, some major sites such as YAHOO do not reject
<li> <p> Unfortunately, some sites do not reject
unknown addresses in reply to the RCPT TO command, but report a
delivery failure in response to end of DATA after a message is
transferred. Postfix address verification does not work with such
sites. </p>
<li> <p> By default, Postfix probe messages have "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>"
as the sender address (with Postfix versions before 2.5, the default
<li> <p> By default, Postfix probe messages have a sender address
"double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>" (with Postfix versions before 2.5, the
default
is "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>"). This is SAFE because the Postfix SMTP
server does not reject mail for this address. </p>
<p> You can change this into the null address ("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
<p> You can change the probe sender address into the null address
("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
="). This is UNSAFE because address probes will fail with
mis-configured sites that reject MAIL FROM: &lt;&gt;, while
probes from "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>" would succeed. </p>
@ -223,7 +249,7 @@ probes from "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>" would
<h2><a name="recipient">Recipient address verification</a></h2>
<p> As mentioned earlier, recipient address verification may be
<p> As mentioned earlier, recipient address verification is
useful to block mail for undeliverable recipients on a mail relay
host that does not have a list of all valid recipient addresses.
This can help to prevent the mail queue from filling up with
@ -237,9 +263,11 @@ However, recipient address verification probes can increase the
load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
<a href="#caching">persistent database</a> as described later. </p>
<p> By default, address verification results are saved in a <a
href="#caching">persistent database</a> (Postfix version 2.7 and
later; with earlier versions, specify the database in <a href="postconf.5.html">main.cf</a> as
described later). The persistent database helps to avoid probing
the same address repeatedly. </p>
<blockquote>
<pre>
@ -299,11 +327,13 @@ in forged email. </p>
# Postfix 2.6 and later.
# <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> = 250
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
aol.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
hotmail.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
bigfoot.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
@ -344,6 +374,7 @@ you can see what mail would be blocked: </p>
# Postfix 2.6 and later.
# <a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Address verification failed
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
@ -402,40 +433,38 @@ sender address verification probe fails with some temporary error.
<h2><a name="caching">Address verification database</a></h2>
<p> NOTE: By default, address verification information is not stored
in a persistent file. You have to specify one in <a href="postconf.5.html">main.cf</a> (see
below). Persistent storage is off by default because it may need
more disk space than is available in your file system. </p>
<p> Address verification information is cached by the Postfix verify
daemon. Postfix has a bunch of parameters that control the caching
of positive and negative results. Refer to the <a href="verify.8.html">verify(8)</a> manual
page for details. </p>
<p> The <a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter
specifies an optional database for sender or recipient address
verification results. If you don't specify a file, all address
verification information is lost after "postfix reload" or "postfix
stop". </p>
<p> If your /var file system has sufficient space, try: </p>
<p> To improve performance, the Postfix <a href="verify.8.html">verify(8)</a> daemon can save
address verification results to a persistent database. This is
enabled by default with Postfix 2.7 and later. The
<a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter specifies
persistent storage for sender or recipient address verification
results. If you specify an empty value, all address verification
results are lost after "postfix reload" or "postfix stop". </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Default setting for Postfix 2.7 and later.
# Note: avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/db/postfix/verify
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> =
</pre>
</blockquote>
<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
when opening this file. The file should now be stored under the
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
open the file under a non-Postfix directory is redirected to the
Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If you wish
to continue using a pre-existing database file, move it to the
<a href="postconf.5.html#data_directory">data_directory</a>, and change ownership to the account specified with
the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter. </p>
<p> NOTE 1: The database file should be stored under a Postfix-owned
directory, such as $<a href="postconf.5.html#data_directory">data_directory</a>. </p>
<blockquote> As of version 2.5, Postfix no longer uses root privileges
when opening this file. To maintain backwards compatibility, an
attempt to open the file under a non-Postfix directory is redirected
to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If
you wish to continue using a pre-existing database file, change its
file ownership to the account specified with the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter,
and either move the file to the <a href="postconf.5.html#data_directory">data_directory</a>, or move it to some
other Postfix-owned directory. </blockquote>
<p> NOTE 2: Do not put this file in a file system that may run out
of space. When the address verification table gets corrupted the
@ -443,23 +472,33 @@ world comes to an end and YOU will have to MANUALLY fix things as
described in the next section. Meanwhile, you will not receive mail
via SMTP. </p>
<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon process will create a new database when
none exists, and will open/create the file before it enters the
<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon will create a new database when
none exists. It will open or create the file before entering the
chroot jail. </p>
<h2><a name="dirty_secret">Managing the address verification
database</a></h2>
<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control
how long information remains cached before it needs to be refreshed,
and how long information can remain "unrefreshed" before it expires.
Postfix uses different controls for positive results (address was
accepted) and for negative results (address was rejected). </p>
<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control how
long address verification results are cached before they need to
be refreshed, and how long results can remain "unrefreshed" before
they expire. Postfix uses different controls for positive results
(address was accepted) and for negative results (address was rejected,
or address verification failed for some other reason). </p>
<p> Right now, no tools are provided to manage the address verification
database. If the file gets too big, or if it gets corrupted, you
can manually rename or delete the file and run "postfix reload".
The new verify daemon process will then create a new database. </p>
<p> The <a href="verify.8.html">verify(8)</a> daemon will periodically remove expired entries
from the address verification database, and log the number of entries
retained and dropped (Postfix versions 2.7 and later). A cleanup
run is logged as "partial" when the daemon terminates early because
of "postfix reload, "postfix stop", or because the daemon received
no requests for $<a href="postconf.5.html#max_idle">max_idle</a> seconds. Postfix versions 2.6 and earlier
do not implement automatic address verification database cleanup.
There, the database is managed manually as described next. </p>
<p> When the address verification database file becomes too big,
or when it becomes corrupted, the solution is to manually rename
or delete (NOT: truncate) the file and run "postfix reload". The
<a href="verify.8.html">verify(8)</a> daemon will then create a new database file. </p>
<h2><a name="probe_routing">Controlling the routing of address
verification probes</a></h2>

2
external/ibm-public/postfix/dist/html/TLS_README.html vendored
View File

@ -2237,7 +2237,7 @@ as specified by the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tl
parameter. This setting controls the minimum acceptable SMTP client
TLS cipher grade for use with mandatory TLS encryption. The default
value "medium" is suitable for most destinations with which you may
want to enforce TLS, and is beyond the reach of today's crypt-analytic
want to enforce TLS, and is beyond the reach of today's cryptanalytic
methods. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
ciphers on a per-destination basis. </p>

710
external/ibm-public/postfix/dist/html/postconf.5.html vendored
View File

File diff suppressed because it is too large Load Diff

608
external/ibm-public/postfix/dist/man/man5/postconf.5 vendored
View File

File diff suppressed because it is too large Load Diff

237
external/ibm-public/postfix/dist/proto/ADDRESS_VERIFICATION_README.html vendored
View File

@ -19,12 +19,11 @@
<h2>WARNING </h2>
<p> The sender/recipient address verification feature described in this
document is suitable only for low-traffic sites. It performs poorly
under high load; excessive sender address verification activity may
even cause your site to be blacklisted by some
providers. See the "<a href="#limitations">Limitations</a>" section
below for details. </p>
<p> Recipient address verification may cause an increased load on
down-stream servers in the case of a dictionary attack or a flood
of backscatter bounces. Sender address verification may cause your
site to be blacklisted by some providers. See also the "<a
href="#limitations">Limitations</a>" section below for more. </p>
<h2><a name="summary">What Postfix address verification can do for you</a></h2>
@ -35,7 +34,7 @@ until the address has been verified to be deliverable. </p>
<p> The technique has obvious uses to reject junk mail
with an unreplyable sender address. </p>
<p> The technique may also be useful to block mail for undeliverable
<p> The technique is also useful to block mail for undeliverable
recipients, for example on a mail relay host that does not have a
list of all the valid recipient addresses. This prevents undeliverable
junk mail from entering the queue, so that Postfix doesn't have to
@ -86,74 +85,96 @@ always discarded. </p>
<blockquote>
<table>
<table border="0">
<tr>
<td bgcolor="#f0f0ff" align="center" valign="middle"> Internet
<td rowspan="2" colspan="5" align="center" valign="middle">
&nbsp; </td>
<td rowspan="3" align="center" valign="bottom"> <tt> -&gt; </tt>
</td>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td rowspan="3" align="center" valign="middle"> probe<br>
message </td>
<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
</td>
<td colspan="2" align="center" valign="middle"> <tt> &lt;-&gt;
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> mail<br> queue </td>
</tr>
<tr> </tr>
<tr>
<td rowspan="3" align="center" valign="middle"> Internet </td>
<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
</td>
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
<a href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
<td rowspan="3" align="center" valign="middle"> <tt> &lt;-&gt;
</tt> </td>
<td bgcolor="#f0f0ff" colspan="3" align="center" valign="middle">
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
<a href="verify.8.html">Postfix<br> verify<br> server</a>
</td>
<td colspan="2" align="center" valign="middle"> <tt> &lt;-&gt;
</tt> </td>
</tr>
<td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
verification<br> database </td>
<tr>
<td rowspan="1" colspan="3"> </td>
<td rowspan="1" align="center" valign="middle"> <tt> |</tt><br>
<tt> v</tt> </td>
</tr>
<tr>
<td colspan="3"> </td>
<td rowspan="3" align="center" valign="top"> <tt> &lt;- </tt>
</td>
<td> &nbsp; &nbsp; </td>
<td rowspan="3" align="center" valign="middle"> probe<br>
status </td>
<td colspan="2" align="right" valign="middle"> <tt> |</tt><br>
probe<br> messages<br> <tt> v </tt> </td>
<td rowspan="3" align="center" valign="middle"> <tt> &lt;- </tt>
</td>
<td> </td>
<td colspan="2" align="left" valign="middle"> ^<br> delivery<br>
status<br> <tt> | </tt> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> queue </td>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
<td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
Postfix<br> delivery<br> agents </td>
<td> </td>
<td rowspan="3" align="left" valign="middle"> <tt>-&gt;</tt>
Local<br> <tt>-&gt;</tt> Remote</td>
<td> </td>
</tr>
<tr>
<td rowspan="3" colspan="4" align="center" valign="middle">
&nbsp; </td>
<td rowspan="3" align="center" valign="middle"> <tt>
^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
</tr>
<tr> </tr>
<tr> <td colspan="4"> &nbsp; </td> </tr>
<tr>
<td colspan="4" align="center" valign="middle"> &nbsp; </td>
<td bgcolor="#f0f0ff" align="center" valign="middle">
Address<br> verification<br> database </td>
</tr>
@ -181,7 +202,8 @@ details. </p>
MTA for that address, without actually delivering mail to it. If
the nearest MTA accepts the address, then Postfix assumes that the
address is deliverable. In reality, mail for a remote address can
bounce AFTER the nearest MTA accepts the recipient address. </p>
bounce AFTER the nearest MTA accepts the recipient address, or AFTER
the nearest MTA accepts the message content. </p>
<li> <p> Some sites may blacklist you when you are probing them
too often (a probe is an SMTP session that does not deliver mail),
@ -200,21 +222,25 @@ mail routing and for possible limitations when you have to do this.
<li> <p> Postfix assumes that an address is undeliverable when the
nearest MTA for the address rejects the probe, regardless of the
reason for rejection (client rejected, HELO rejected, MAIL FROM
rejected, etc.). Thus, Postfix rejects mail when the sender's MTA
rejects mail from your machine. This is a good thing. </p>
rejected, etc.). Thus, Postfix rejects an address when the nearest
MTA for that address rejects mail from your machine for any reason.
This is not a limitation, but it is mentioned here just in case
people believe that it is a limitation. </p>
<li> <p> Unfortunately, some major sites such as YAHOO do not reject
<li> <p> Unfortunately, some sites do not reject
unknown addresses in reply to the RCPT TO command, but report a
delivery failure in response to end of DATA after a message is
transferred. Postfix address verification does not work with such
sites. </p>
<li> <p> By default, Postfix probe messages have "double-bounce@$myorigin"
as the sender address (with Postfix versions before 2.5, the default
<li> <p> By default, Postfix probe messages have a sender address
"double-bounce@$myorigin" (with Postfix versions before 2.5, the
default
is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP
server does not reject mail for this address. </p>
<p> You can change this into the null address ("address_verify_sender
<p> You can change the probe sender address into the null address
("address_verify_sender
="). This is UNSAFE because address probes will fail with
mis-configured sites that reject MAIL FROM: &lt;&gt;, while
probes from "postmaster@$myorigin" would succeed. </p>
@ -223,7 +249,7 @@ probes from "postmaster@$myorigin" would succeed. </p>
<h2><a name="recipient">Recipient address verification</a></h2>
<p> As mentioned earlier, recipient address verification may be
<p> As mentioned earlier, recipient address verification is
useful to block mail for undeliverable recipients on a mail relay
host that does not have a list of all valid recipient addresses.
This can help to prevent the mail queue from filling up with
@ -237,9 +263,11 @@ However, recipient address verification probes can increase the
load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
<a href="#caching">persistent database</a> as described later. </p>
<p> By default, address verification results are saved in a <a
href="#caching">persistent database</a> (Postfix version 2.7 and
later; with earlier versions, specify the database in main.cf as
described later). The persistent database helps to avoid probing
the same address repeatedly. </p>
<blockquote>
<pre>
@ -299,11 +327,13 @@ in forged email. </p>
# Postfix 2.6 and later.
# unverified_sender_defer_code = 250
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
/etc/postfix/sender_access:
# Don't do this when you handle lots of email.
aol.com reject_unverified_sender
hotmail.com reject_unverified_sender
bigfoot.com reject_unverified_sender
@ -344,6 +374,7 @@ you can see what mail would be blocked: </p>
# Postfix 2.6 and later.
# unverified_sender_reject_reason = Address verification failed
# Default setting for Postfix 2.7 and later.
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
@ -402,40 +433,38 @@ sender address verification probe fails with some temporary error.
<h2><a name="caching">Address verification database</a></h2>
<p> NOTE: By default, address verification information is not stored
in a persistent file. You have to specify one in main.cf (see
below). Persistent storage is off by default because it may need
more disk space than is available in your file system. </p>
<p> Address verification information is cached by the Postfix verify
daemon. Postfix has a bunch of parameters that control the caching
of positive and negative results. Refer to the verify(8) manual
page for details. </p>
<p> The address_verify_map (NOTE: singular) configuration parameter
specifies an optional database for sender or recipient address
verification results. If you don't specify a file, all address
verification information is lost after "postfix reload" or "postfix
stop". </p>
<p> If your /var file system has sufficient space, try: </p>
<p> To improve performance, the Postfix verify(8) daemon can save
address verification results to a persistent database. This is
enabled by default with Postfix 2.7 and later. The
address_verify_map (NOTE: singular) configuration parameter specifies
persistent storage for sender or recipient address verification
results. If you specify an empty value, all address verification
results are lost after "postfix reload" or "postfix stop". </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
# Default setting for Postfix 2.7 and later.
# Note: avoid hash files here. Use btree instead.
address_verify_map = btree:/var/db/postfix/verify
address_verify_map = btree:$data_directory/verify_cache
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
address_verify_map =
</pre>
</blockquote>
<p> NOTE 1: As of version 2.5, Postfix no longer uses root privileges
when opening this file. The file should now be stored under the
Postfix-owned data_directory. As a migration aid, an attempt to
open the file under a non-Postfix directory is redirected to the
Postfix-owned data_directory, and a warning is logged. If you wish
to continue using a pre-existing database file, move it to the
data_directory, and change ownership to the account specified with
the mail_owner parameter. </p>
<p> NOTE 1: The database file should be stored under a Postfix-owned
directory, such as $data_directory. </p>
<blockquote> As of version 2.5, Postfix no longer uses root privileges
when opening this file. To maintain backwards compatibility, an
attempt to open the file under a non-Postfix directory is redirected
to the Postfix-owned data_directory, and a warning is logged. If
you wish to continue using a pre-existing database file, change its
file ownership to the account specified with the mail_owner parameter,
and either move the file to the data_directory, or move it to some
other Postfix-owned directory. </blockquote>
<p> NOTE 2: Do not put this file in a file system that may run out
of space. When the address verification table gets corrupted the
@ -443,23 +472,33 @@ world comes to an end and YOU will have to MANUALLY fix things as
described in the next section. Meanwhile, you will not receive mail
via SMTP. </p>
<p> NOTE 3: The verify(8) daemon process will create a new database when
none exists, and will open/create the file before it enters the
<p> NOTE 3: The verify(8) daemon will create a new database when
none exists. It will open or create the file before entering the
chroot jail. </p>
<h2><a name="dirty_secret">Managing the address verification
database</a></h2>
<p> The verify(8) manual page describes parameters that control
how long information remains cached before it needs to be refreshed,
and how long information can remain "unrefreshed" before it expires.
Postfix uses different controls for positive results (address was
accepted) and for negative results (address was rejected). </p>
<p> The verify(8) manual page describes parameters that control how
long address verification results are cached before they need to
be refreshed, and how long results can remain "unrefreshed" before
they expire. Postfix uses different controls for positive results
(address was accepted) and for negative results (address was rejected,
or address verification failed for some other reason). </p>
<p> Right now, no tools are provided to manage the address verification
database. If the file gets too big, or if it gets corrupted, you
can manually rename or delete the file and run "postfix reload".
The new verify daemon process will then create a new database. </p>
<p> The verify(8) daemon will periodically remove expired entries
from the address verification database, and log the number of entries
retained and dropped (Postfix versions 2.7 and later). A cleanup
run is logged as "partial" when the daemon terminates early because
of "postfix reload, "postfix stop", or because the daemon received
no requests for $max_idle seconds. Postfix versions 2.6 and earlier
do not implement automatic address verification database cleanup.
There, the database is managed manually as described next. </p>
<p> When the address verification database file becomes too big,
or when it becomes corrupted, the solution is to manually rename
or delete (NOT: truncate) the file and run "postfix reload". The
verify(8) daemon will then create a new database file. </p>
<h2><a name="probe_routing">Controlling the routing of address
verification probes</a></h2>

2
external/ibm-public/postfix/dist/proto/TLS_README.html vendored
View File

@ -2237,7 +2237,7 @@ as specified by the smtp_tls_mandatory_ciphers configuration
parameter. This setting controls the minimum acceptable SMTP client
TLS cipher grade for use with mandatory TLS encryption. The default
value "medium" is suitable for most destinations with which you may
want to enforce TLS, and is beyond the reach of today's crypt-analytic
want to enforce TLS, and is beyond the reach of today's cryptanalytic
methods. See smtp_tls_policy_maps for information on how to configure
ciphers on a per-destination basis. </p>

645
external/ibm-public/postfix/dist/proto/postconf.proto vendored
View File

@ -199,30 +199,33 @@ verification probes.
This feature is available in Postfix 2.1 and later.
</p>
%PARAM address_verify_map
%PARAM address_verify_map see "postconf -d" output
<p>
Optional lookup table for persistent address verification status
Lookup table for persistent address verification status
storage. The table is maintained by the verify(8) service, and
is opened before the process releases privileges.
</p>
<p>
By default, the information is kept in volatile memory, and is lost
after "<b>postfix reload</b>" or "<b>postfix stop</b>".
The lookup table is persistent by default (Postfix 2.7 and later).
Specify an empty table name to keep the information in volatile
memory which is lost after "<b>postfix reload</b>" or "<b>postfix
stop</b>". This is the default with Postfix version 2.6 and earlier.
</p>
<p>
Specify a location in a file system that will not fill up. If the
database becomes corrupted, the world comes to an end. To recover
delete the file and do "<b>postfix reload</b>".
delete (NOT: truncate) the file and do "<b>postfix reload</b>".
</p>
<p> As of version 2.5, Postfix no longer uses root privileges when
opening this file. The file should now be stored under the Postfix-owned
data_directory. As a migration aid, an attempt to open the file
under a non-Postfix directory is redirected to the Postfix-owned
data_directory, and a warning is logged. </p>
<p> Postfix daemon processes do not use root privileges when opening
this file (Postfix 2.5 and later). The file must therefore be
stored under a Postfix-owned directory such as the data_directory.
As a migration aid, an attempt to open the file under a non-Postfix
directory is redirected to the Postfix-owned data_directory, and a
warning is logged. </p>
<p>
Examples:
@ -280,7 +283,25 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
This feature is available in Postfix 2.1 and later.
</p>
%PARAM address_verify_poll_count 3
%PARAM address_verify_cache_cleanup_interval 12h
<p> The amount of time between verify(8) address verification
database cleanup runs. This feature requires that the database
supports the "delete" and "sequence" operators. Specify a zero
interval to disable database cleanup. </p>
<p> After each database cleanup run, the verify(8) daemon logs the
number of entries that were retained and dropped. A cleanup run is
logged as "partial" when the daemon terminates early after "<b>postfix
reload</b>", "<b>postfix stop</b>", or no requests for $max_idle
seconds. </p>
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). </p>
<p> This feature is available in Postfix 2.7. </p>
%PARAM address_verify_poll_count ${stress?1}${stress:3}
<p>
How many times to query the verify(8) service for the completion
@ -289,20 +310,23 @@ of an address verification request in progress.
<p> By default, the Postfix SMTP server polls the verify(8) service
up to three times under non-overload conditions, and only once when
under overload. With Postfix version 2.5 and earlier, the SMTP
under overload. With Postfix version 2.6 and earlier, the SMTP
server always polls the verify(8) service up to three times by
default. </p>
<p>
Specify 1 to implement a crude form of greylisting, that is, always
defer the first delivery request for a never seen before address.
defer the first delivery request for a new address.
</p>
<p>
Example:
Examples:
</p>
<pre>
# Postfix &le; 2.6 default
address_verify_poll_count = 3
# Poor man's greylisting
address_verify_poll_count = 1
</pre>
@ -728,11 +752,11 @@ This feature is available in Postfix 2.1 and later.
%PARAM bounce_size_limit 50000
<p> The maximal amount of original message text that is sent in a
non-delivery notification. Specify a byte count. With Postfix 2.4
and later, a message is returned as either message/rfc822 (the
complete original) or as text/rfc822-headers (the headers only).
With earlier Postfix versions, a message is always returned as
message/rfc822 and is truncated when it exceeds the size limit.
non-delivery notification. Specify a byte count. A message is
returned as either message/rfc822 (the complete original) or as
text/rfc822-headers (the headers only). With Postfix version 2.4
and earlier, a message is always returned as message/rfc822 and is
truncated when it exceeds the size limit.
</p>
<p> Notes: </p>
@ -1233,18 +1257,22 @@ name of the message delivery transport.
The default mail delivery transport and next-hop destination for
destinations that do not match $mydestination, $inet_interfaces,
$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
or $relay_domains. In order of decreasing precedence, the nexthop
destination is taken from $default_transport,
or $relay_domains. This information can be overruled with the
sender_dependent_default_transport_maps parameter and with the
transport(5) table. </p>
<p>
In order of decreasing precedence, the nexthop destination is taken
from $sender_dependent_default_transport_maps, $default_transport,
$sender_dependent_relayhost_maps, $relayhost, or from the recipient
domain. This information can be overruled with the transport(5)
table.
domain.
</p>
<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in master.cf.
The <i>:nexthop</i> part is optional. For more details see the
transport(5) manual page.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>
<p>
@ -2271,8 +2299,8 @@ which is just the name of a service that is defined the master.cf file.
<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in master.cf.
The <i>:nexthop</i> part is optional. For more details see the
transport(5) manual page.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>
<p>
@ -3197,8 +3225,9 @@ server to decide if it will accept any mail at all.
</p>
<p>
By default, the Postfix version 2.1 SMTP server rejects MAIL FROM commands
when the amount of free space is less than 1.5*$message_size_limit.
By default, the Postfix SMTP server rejects MAIL FROM commands when
the amount of free space is less than 1.5*$message_size_limit
(Postfix version 2.1 and later).
To specify a higher minimum free space limit, specify a queue_minfree
value that is at least 1.5*$message_size_limit.
</p>
@ -3483,7 +3512,8 @@ This feature is available in Postfix 2.0 and later.
<p>
The next-hop destination of non-local mail; overrides non-local
domains in recipient addresses. This information is overruled with
relay_transport, default_transport, sender_dependent_relayhost_maps
relay_transport, sender_dependent_default_transport_maps,
default_transport, sender_dependent_relayhost_maps
and with the transport(5) table.
</p>
@ -3541,10 +3571,10 @@ relocated_maps = hash:/etc/postfix/relocated
%PARAM require_home_directory no
<p>
Whether or not a local(8) recipient's home directory must exist
Require that a local(8) recipient's home directory exists
before mail delivery is attempted. By default this test is disabled.
It can be useful for environments that import home directories to
the mail server (NOT RECOMMENDED).
the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED).
</p>
%PARAM resolve_dequoted_address yes
@ -4048,8 +4078,9 @@ The default time unit is s (seconds).
%PARAM smtp_host_lookup dns
<p>
What mechanisms when the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled.
What mechanisms the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled
(see: disable_dns_lookups).
</p>
<p>
@ -4656,7 +4687,7 @@ with the anvil_rate_time_unit configuration parameter.
</p>
<p>
By default, a client can make as many recipient addresses per time
By default, a client can send as many recipient addresses per time
unit as Postfix can accept.
</p>
@ -4761,6 +4792,22 @@ Postfix version 2.5). This feature is available with Postfix version
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the access(5) manual page for details. </dd>
<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the MX hosts for the
client hostname, and execute the corresponding action. Note: a result
of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
to exclude specific hosts from blacklists. This feature is available
in Postfix 2.7 and later. </dd>
<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the DNS servers for
the client hostname, and execute the corresponding action. Note: a
result of "OK" is not allowed for safety reasons. Instead, use DUNNO
in order to exclude specific hosts from blacklists. This feature is
available in Postfix 2.7 and later. </dd>
<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access database for the unverified reverse
@ -4771,6 +4818,22 @@ safety reasons. Instead, use DUNNO in order to exclude specific
hosts from blacklists. This feature is available in Postfix 2.6
and later.</dd>
<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the MX hosts for the
unverified reverse client hostname, and execute the corresponding
action. Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from blacklists.
This feature is available in Postfix 2.7 and later. </dd>
<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the DNS servers for
the unverified reverse client hostname, and execute the corresponding
action. Note: a result of "OK" is not allowed for safety reasons.
Instead, use DUNNO in order to exclude specific hosts from blacklists.
This feature is available in Postfix 2.7 and later. </dd>
<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt>
<dd>Permit the request when the client IP address matches
@ -5179,8 +5242,9 @@ This feature is available in Postfix 2.2 and later.
%PARAM smtpd_helo_required no
<p>
Require that a remote SMTP client introduces itself at the beginning
of an SMTP session with the HELO or EHLO command.
Require that a remote SMTP client introduces itself with the HELO
or EHLO command before sending the MAIL command or other commands
that require EHLO negotiation.
</p>
<p>
@ -5331,6 +5395,35 @@ By default, the Postfix hostname is used.
This feature is available in Postfix 2.1 and later.
</p>
%PARAM smtpd_proxy_options
<p>
List of options that control how the Postfix SMTP server
communicates with a before-queue content filter. Specify zero or
more of the following, separated by comma or whitespace. </p>
<dl>
<dt><b>speed_adjust</b></dt>
<dd> <p> Do not connect to a before-queue content filter until an entire
message has been received. This reduces the number of simultaneous
before-queue content filter processes. </p>
<p> NOTE 1: A filter must not <i>selectively</i> reject recipients
of a multi-recipient message. Rejecting all recipients is OK, as
is accepting all recipients. </p>
<p> NOTE 2: This feature increases the minimum amount of free queue
space by $message_size_limit. The extra space is needed to save the
message to a temporary file. </p> </dd>
</dl>
<p>
This feature is available in Postfix 2.7 and later.
</p>
%CLASS smtpd-proxy SMTP Proxy filter
<p>
@ -6770,17 +6863,30 @@ allowed set are replaced by underscores.
%PARAM content_filter
<p>
The name of a mail delivery transport that filters mail after
it is queued.
</p>
<p> After the message is queued, send the entire message to the
specified <i>transport:destination</i>. The <i>transport</i> name
specifies the first field of a mail delivery agent definition in
master.cf; the syntax of the next-hop <i>destination</i> is described
in the manual page of the corresponding delivery agent. More
information about external content filters is in the Postfix
FILTER_README file. </p>
<p>
This parameter uses the same syntax as the right-hand side of a
Postfix transport(5) table. This setting has a lower precedence
than a content filter that is specified with an access(5) table or
in a header_checks(5) or body_checks(5) table.
</p>
<p> Notes: </p>
<ul>
<li> <p> This setting has lower precedence than a FILTER action
that is specified in an access(5), header_checks(5) or body_checks(5)
table. </p>
<li> <p> The meaning of an empty next-hop filter <i>destination</i>
is version dependent. Postfix 2.7 and later will use the recipient
domain; earlier versions will use $myhostname. Specify
"default_filter_nexthop = $myhostname" for compatibility with Postfix
2.6 or earlier, or specify a content_filter value with an explicit
next-hop <i>destination</i>. </p>
</ul>
%PARAM default_delivery_slot_discount 50
@ -7505,8 +7611,8 @@ the transport(5) table.
<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in master.cf.
The <i>:nexthop</i> part is optional. For more details see the
transport(5) manual page.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>
<p>
@ -7534,6 +7640,8 @@ This feature is available in Postfix 2.0 and later.
<p>
The name of the directory with example Postfix configuration files.
Starting with Postfix 2.1, these files have been replaced with the
postconf(5) manual page.
</p>
%PARAM sender_based_routing no
@ -7761,6 +7869,9 @@ access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER-DAEMON messages.
</p>
<p> An address is always considered "known" when it matches a
virtual(5) alias or a canonical(5) mapping.
<ul>
<li> The recipient domain matches $mydestination, $inet_interfaces
@ -7791,6 +7902,9 @@ sender addresses, even when no explicit reject_unlisted_sender
access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses. </p>
<p> An address is always considered "known" when it matches a
virtual(5) alias or a canonical(5) mapping.
<ul>
<li> The sender domain matches $mydestination, $inet_interfaces or
@ -8058,9 +8172,8 @@ value is backwards compatible with Postfix version 1.1.
%PARAM virtual_mailbox_limit 51200000
<p>
The maximal size in bytes of an individual mailbox or maildir file,
or zero (no limit).
</p>
The maximal size in bytes of an individual virtual(8) mailbox or
maildir file, or zero (no limit). </p>
%PARAM virtual_mailbox_lock see "postconf -d" output
@ -8147,8 +8260,8 @@ This information can be overruled with the transport(5) table.
<p>
Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
is the name of a mail delivery transport defined in master.cf.
The <i>:nexthop</i> part is optional. For more details see the
transport(5) manual page.
The <i>:nexthop</i> destination is optional; its syntax is documented
in the manual page of the corresponding delivery agent.
</p>
<p>
@ -8564,12 +8677,12 @@ inside the chroot jail. </p>
<p> By default (see smtpd_tls_ask_ccert), client certificates are
not requested, and smtpd_tls_CApath should remain empty. In contrast
to smtp_tls_CAfile, DNs of certificate authorities installed
to smtpd_tls_CAfile, DNs of certificate authorities installed
in $smtpd_tls_CApath are not included in the client certificate
request message. MUAs with multiple client certificates may use the
list of preferred certificate authorities to select the correct
client certificate. You may want to put your "preferred" CA or
CAs in $smtp_tls_CAfile, and install the remaining trusted CAs in
CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in
$smtpd_tls_CApath. </p>
<p> Example: </p>
@ -9405,7 +9518,7 @@ precision. </p>
<li> b = time from last active queue entry to connection setup
<li> c = time in connection setup, including DNS, EHLO and TLS
<li> c = time in connection setup, including DNS, EHLO and STARTTLS
<li> d = time in message transmission
@ -9435,7 +9548,8 @@ setting. The tables are searched by the envelope sender address and
@domain. A lookup result of DUNNO terminates the search without
overriding the global relayhost parameter setting (Postfix 2.6 and
later). This information is overruled with relay_transport,
default_transport and with the transport(5) table. </p>
sender_dependent_default_transport_maps, default_transport and with
the transport(5) table. </p>
<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
@ -10410,7 +10524,7 @@ smtp_tls_security_level = none
# Opportunistic TLS.
smtp_tls_security_level = may
# Postfix &ge; 2.6:
# Do not tweak opportunistic ciphers unless it is essential
# Do not tweak opportunistic ciphers or protocol unless it is essential
# to do so (if a security vulnerability is found in the SSL library that
# can be mitigated by disabling a particular protocol or raising the
# cipher grade from "export" to "low" or "medium").
@ -10657,65 +10771,46 @@ meanings. </p>
%PARAM smtpd_tls_mandatory_ciphers medium
<p> The minimum TLS cipher grade that the Postfix SMTP server
will use with mandatory TLS encryption. Cipher types listed in
smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
excluded from the base definition of the selected cipher grade. See
smtpd_tls_ciphers for cipher controls that apply to opportunistic
TLS. </p>
<p> The minimum TLS cipher grade that the Postfix SMTP server will
use with mandatory TLS encryption. The default grade ("medium") is
sufficiently strong that any benefit from globally restricting TLS
sessions to a more stringent grade is likely negligible, especially
given the fact that many implementations still do not offer any stronger
("high" grade) ciphers, while those that do, will always use "high"
grade ciphers. So insisting on "high" grade ciphers is generally
counter-productive. Allowing "export" or "low" ciphers is typically
not a good idea, as systems limited to just these are limited to
obsolete browsers. No known SMTP clients fail to support at least
one "medium" or "high" grade cipher. </p>
<p> The following cipher grades are supported: </p>
<dl>
<dt><b>export</b></dt>
<dd> Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers.
This is the most appropriate setting for public MX hosts, and is always
used with opportunistic TLS encryption. The underlying cipherlist
is specified via the tls_export_cipherlist configuration parameter,
which you are strongly encouraged to not change. The default value
of tls_export_cipherlist includes anonymous ciphers, but these are
automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers
only when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers =
aNULL". </dd>
which you are strongly encouraged to not change. </dd>
<dt><b>low</b></dt>
<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. The
<dd> Enable "LOW" grade or stronger OpenSSL ciphers. The
underlying cipherlist is specified via the tls_low_cipherlist
configuration parameter, which you are strongly encouraged to
not change. The default value of tls_low_cipherlist includes
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
not change. </dd>
<dt><b>medium</b></dt>
<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. These
are essentially the 128-bit or stronger ciphers. This is the default
minimum strength for mandatory TLS encryption. MSAs that enforce
TLS and have clients that do not support any "MEDIUM" or "HIGH"
grade ciphers, may need to configure a weaker ("low" or "export")
minimum cipher grade. The underlying cipherlist is specified via the
tls_medium_cipherlist configuration parameter, which you are strongly
encouraged to not change. The default value of tls_medium_cipherlist
includes anonymous ciphers, but these are automatically filtered out if
the server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit
or longer symmetric bulk-encryption keys. This is the default minimum
strength for mandatory TLS encryption. The underlying cipherlist is
specified via the tls_medium_cipherlist configuration parameter, which
you are strongly encouraged to not change. </dd>
<dt><b>high</b></dt>
<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. The
<dd> Enable only "HIGH" grade OpenSSL ciphers. The
underlying cipherlist is specified via the tls_high_cipherlist
configuration parameter, which you are strongly encouraged to
not change. The default value of tls_high_cipherlist includes
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
not change. </dd>
<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
@ -10723,12 +10818,25 @@ without encryption. This setting is only appropriate in the rare
case that all clients are prepared to use NULL ciphers (not normally
enabled in TLS clients). The underlying cipherlist is specified via the
tls_null_cipherlist configuration parameter, which you are strongly
encouraged to not change. The default value of tls_null_cipherlist
excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
data integrity without encryption or authentication). </dd>
encouraged to not change. </dd>
</dl>
<p> Cipher types listed in
smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
excluded from the base definition of the selected cipher grade. See
smtpd_tls_ciphers for cipher controls that apply to opportunistic
TLS. </p>
<p> The underlying cipherlists for grades other than "null" include
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. You are very
unlikely to need to take any steps to exclude anonymous ciphers, they
are excluded automatically as required. If you must exclude anonymous
ciphers even when Postfix does not need or use peer certificates, set
"smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only
when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers = aNULL". </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtpd_tls_exclude_ciphers
@ -10777,7 +10885,7 @@ works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
use with
mandatory TLS encryption. The default value "medium" is suitable
for most destinations with which you may want to enforce TLS, and
is beyond the reach of today's crypt-analytic methods. See
is beyond the reach of today's cryptanalytic methods. See
smtp_tls_policy_maps for information on how to configure ciphers
on a per-destination basis. </p>
@ -10785,47 +10893,32 @@ on a per-destination basis. </p>
<dl>
<dt><b>export</b></dt>
<dd> Enable the mainstream "EXPORT" grade or better OpenSSL
ciphers. This is always used for opportunistic encryption. It is
<dd> Enable "EXPORT" grade or better OpenSSL
ciphers. This is the default for opportunistic encryption. It is
not recommended for mandatory encryption unless you must enforce TLS
with "crippled" peers. The underlying cipherlist is specified via the
tls_export_cipherlist configuration parameter, which you are strongly
encouraged to not change. The default value of tls_export_cipherlist
includes anonymous ciphers, but these are automatically filtered out if
the client is configured to verify server certificates. If you must
exclude anonymous ciphers also at the "encrypt" security level, set
"smtp_tls_mandatory_exclude_ciphers = aNULL". </dd>
encouraged to not change. </dd>
<dt><b>low</b></dt>
<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. This
<dd> Enable "LOW" grade or better OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the tls_low_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_low_cipherlist includes anonymous ciphers, but these are
automatically filtered out if the client is configured to verify server
certificates. If you must exclude anonymous ciphers also at the "encrypt"
security level, set "smtp_tls_mandatory_exclude_ciphers = aNULL". </dd>
parameter, which you are strongly encouraged to not change. </dd>
<dt><b>medium</b></dt>
<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers.
<dd> Enable "MEDIUM" grade or better OpenSSL ciphers.
The underlying cipherlist is specified via the tls_medium_cipherlist
configuration parameter, which you are strongly encouraged to not change.
The default value of tls_medium_cipherlist includes anonymous ciphers,
but these are automatically filtered out if the client is configured to
verify server certificates. If you must exclude anonymous ciphers also
at the "encrypt" security level, set "smtp_tls_mandatory_exclude_ciphers
= aNULL". </dd>
</dd>
<dt><b>high</b></dt>
<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. This
setting is appropriate when all mandatory TLS destinations support
some of "HIGH" grade ciphers, this is not uncommon. The underlying
cipherlist is specified via the tls_high_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_high_cipherlist includes anonymous ciphers, but these are
automatically filtered out if the client is configured to verify server
certificates. If you must exclude anonymous ciphers also at the "encrypt"
security level, set "smtp_tls_mandatory_exclude_ciphers = aNULL". </dd>
<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may
be appropriate when all mandatory TLS destinations (e.g. when all
mail is routed to a suitably capable relayhost) support at least one
"HIGH" grade cipher. The underlying cipherlist is specified via the
tls_high_cipherlist configuration parameter, which you are strongly
encouraged to not change. </dd>
<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
@ -10835,12 +10928,20 @@ in TLS servers). A plausible use-case is an LMTP server listening on a
UNIX-domain socket that is configured to support "NULL" ciphers. The
underlying cipherlist is specified via the tls_null_cipherlist
configuration parameter, which you are strongly encouraged to not
change. The default value of tls_null_cipherlist excludes anonymous
ciphers (OpenSSL 0.9.8 has NULL ciphers that offer data integrity without
encryption or authentication). </dd>
change. </dd>
</dl>
<p> The underlying cipherlists for grades other than "null" include
anonymous ciphers, but these are automatically filtered out if the
Postfix SMTP client is configured to verify server certificates.
You are very unlikely to need to take any steps to exclude anonymous
ciphers, they are excluded automatically as necessary. If you must
exclude anonymous ciphers at the "may" or "encrypt" security levels,
when the Postfix SMTP client does not need or use peer certificates, set
"smtp_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only when
TLS is enforced, set "smtp_tls_mandatory_exclude_ciphers = aNULL". </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtp_tls_exclude_ciphers
@ -10891,7 +10992,11 @@ attribute. See smtp_tls_policy_maps for notes and examples. </p>
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting. </p>
strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
later the cipherlist may start with an "aNULL:" prefix, which restores
the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
list when they are enabled. This prefix is not needed with previous
OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -10903,7 +11008,10 @@ smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
certificates). You are strongly encouraged to not change this
setting. </p>
setting. With OpenSSL 1.0.0 and later the cipherlist may start with an
"aNULL:" prefix, which restores the 0.9.8-compatible ordering of the
aNULL ciphers to the top of the list when they are enabled. This prefix
is not needed with previous OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -10912,7 +11020,11 @@ setting. </p>
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting. </p>
strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
later the cipherlist may start with an "aNULL:" prefix, which restores
the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
list when they are enabled. This prefix is not needed with previous
OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -10923,7 +11035,11 @@ defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
strongly encouraged to not change this setting. </p>
strongly encouraged to not change this setting. With OpenSSL 1.0.0 and
later the cipherlist may start with an "aNULL:" prefix, which restores
the 0.9.8-compatible ordering of the aNULL ciphers to the top of the
list when they are enabled. This prefix is not needed with previous
OpenSSL releases. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -11449,7 +11565,7 @@ under the SECG name "secp256r1", but OpenSSL does not recognize the
latter name. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM tls_eecdh_ultra_curve secp384r1
@ -11468,7 +11584,7 @@ of RFC 4492. You should not generally change this setting. </p>
classified as TOP SECRET. </p>
<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtpd_tls_eecdh_grade see "postconf -d" output
@ -11498,7 +11614,7 @@ users. </dd>
</dl>
<p> This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtpd_tls_eccert_file
@ -11514,7 +11630,7 @@ smtpd_tls_eccert_file = /etc/postfix/ecdsa-scert.pem
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtpd_tls_eckey_file $smtpd_tls_eccert_file
@ -11528,7 +11644,7 @@ access to the system superuser account ("root"), and no access
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtp_tls_eccert_file
@ -11545,7 +11661,7 @@ smtp_tls_eccert_file = /etc/postfix/ecdsa-ccert.pem
</pre>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtp_tls_eckey_file $smtp_tls_eccert_file
@ -11559,7 +11675,7 @@ access to the system superuser account ("root"), and no access
to anyone else. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM lmtp_tls_eccert_file
@ -11567,7 +11683,7 @@ compiled and linked with OpenSSL 0.9.9 or later. </p>
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM lmtp_tls_eckey_file
@ -11575,7 +11691,7 @@ compiled and linked with OpenSSL 0.9.9 or later. </p>
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 0.9.9 or later. </p>
compiled and linked with OpenSSL 1.0.0 or later. </p>
%PARAM smtp_header_checks
@ -11876,7 +11992,8 @@ unit). </p>
(weeks). The default time unit is s (seconds). </p>
<p> NOTE: the delay is enforced by the queue manager. The delay
timer state does not survive "postfix reload" or "postfix stop".
timer state does not survive "<b>postfix reload</b>" or "<b>postfix
stop</b>".
</p>
<p> Use <i>transport</i>_destination_rate_delay to specify a
@ -12275,3 +12392,233 @@ when not present. Postfix 2.6 and later add these headers only
when clients match the local_header_rewrite_clients parameter
setting. Earlier Postfix versions always add these headers; this
may break DKIM signatures that cover non-existent headers. </p>
%PARAM lmtp_header_checks
<p> The LMTP-specific version of the smtp_header_checks configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM lmtp_mime_header_checks
<p> The LMTP-specific version of the smtp_mime_header_checks
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM lmtp_nested_header_checks
<p> The LMTP-specific version of the smtp_nested_header_checks
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM lmtp_body_checks
<p> The LMTP-specific version of the smtp_body_checks configuration
parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM milter_header_checks
<p> Optional lookup tables for content inspection of message headers
that are produced by Milter applications. See the header_checks(5)
manual page available actions. Currently, PREPEND is not implemented.
</p>
<p> The following example sends all mail that is marked as SPAM to
a spam handling machine. Note that matches are case-insensitive
by default. </p>
<pre>
/etc/postfix/main.cf:
milter_header_checks = pcre:/etc/postfix/milter_header_checks
</pre>
<pre>
/etc/postfix/milter_header_checks:
/^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25
</pre>
<p> The milter_header_checks mechanism could also be used for
whitelisting. For example it could be used to skip heavy content
inspection for DKIM-signed mail from known friendly domains. </p>
<p> This feature is available in Postfix 2.7, and as an optional
patch for Postfix 2.6. </p>
%PARAM smtpd_command_filter
<p> A mechanism to transform commands from remote SMTP clients.
This is a last-resort tool to work around client commands that break
inter-operability with the Postfix SMTP server. Other uses involve
fault injection to test Postfix's handling of invalid commands.
</p>
<p> Specify the name of a "type:table" lookup table. The search
string is the SMTP command as received from the remote SMTP client,
except that initial whitespace and the trailing &lt;CR&gt;&lt;LF&gt;
are removed. The result value is executed by the Postfix SMTP
server. </p>
<p> Postfix already implements a number of workarounds for malformed
client commands. </p>
<ul>
<li> <p> Use "resolve_numeric_domain = yes" to accept
"<i>user@ipaddress</i>". </p>
<li> <p> Postfix already accepts the correct form
"<i>user@[ipaddress]</i>". </p>
<li> <p> Use "strict_rfc821_envelopes = no" to accept "<i>User Name
&lt;user@example.com&gt;</i>". Postfix will ignore the "User Name"
part before delivering the mail. </p>
</ul>
<p> Examples: </p>
<pre>
/etc/postfix/main.cf:
smtpd_command_filter = pcre:/etc/postfix/command_filter
</pre>
<pre>
/etc/postfix/command_filter:
# Work around clients that send malformed HELO commands.
/^HELO\s*$/ HELO domain.invalid
</pre>
<pre>
# Work around clients that send empty lines.
/^\s*$/ NOOP
</pre>
<pre>
# Work around clients that send RCPT TO:&lt;'user@domain'&gt;.
# WARNING: do not lose the parameters that follow the address.
/^RCPT\s+TO:\s*&lt;'([^[:space:]]+)'&gt;(.*)/ RCPT TO:&lt;$1&gt;$2
</pre>
<p> This feature is available in Postfix 2.7. </p>
%PARAM smtp_reply_filter
<p> A mechanism to transform replies from remote SMTP servers one
line at a time. This is a last-resort tool to work around server
replies that break inter-operability with the Postfix SMTP client.
Other uses involve fault injection to test Postfix's handling of
invalid responses. </p>
<p> Notes: </p>
<ul>
<li> <p> In the case of a multi-line reply, the Postfix SMTP client
uses the final reply line's numerical SMTP reply code and enhanced
status code. </p>
<li> <p> The numerical SMTP reply code (XYZ) takes precedence over
the enhanced status code (X.Y.Z). When the enhanced status code
initial digit differs from the SMTP reply code initial digit, or
when no enhanced status code is present, the Postfix SMTP client
uses a generic enhanced status code (X.0.0) instead. </p>
</ul>
<p> Specify the name of a "type:table" lookup table. The search
string is a single SMTP reply line as received from the remote SMTP
server, except that the trailing &lt;CR&gt;&lt;LF&gt; are removed. </p>
<p> Examples: </p>
<pre>
/etc/postfix/main.cf:
smtp_reply_filter = pcre:/etc/postfix/reply_filter
</pre>
<pre>
/etc/postfix/reply_filter:
# Transform garbage into "250-filler..." so that it looks like
# one line from a multi-line reply. It does not matter what we
# substitute here as long it has the right syntax. The Postfix
# SMTP client will use the final line's numerical SMTP reply
# code and enhanced status code.
!/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage
</pre>
<p> This feature is available in Postfix 2.7. </p>
%PARAM lmtp_reply_filter
<p> The LMTP-specific version of the smtp_reply_filter
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
%PARAM smtp_tls_block_early_mail_reply no
<p> Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends malicious
HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
The attack would succeed with non-Postfix SMTP servers that reply
to the malicious HELO, MAIL, RCPT, DATA commands after negotiating
the Postfix SMTP client TLS session. </p>
<p> This feature is available in Postfix 2.7. </p>
%PARAM lmtp_tls_block_early_mail_reply
<p> The LMTP-specific version of the smtp_tls_block_early_mail_reply
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
%PARAM empty_address_default_transport_maps_lookup_key &lt;&gt;
<p> The sender_dependent_default_transport_maps search string that
will be used instead of the null sender address. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
%PARAM sender_dependent_default_transport_maps
<p> A sender-dependent override for the global default_transport
parameter setting. The tables are searched by the envelope sender
address and @domain. A lookup result of DUNNO terminates the search
without overriding the global default_transport parameter setting.
This information is overruled with the transport(5) table. </p>
<p> Note: this overrides default_transport, not transport_maps, and
therefore the expected syntax is that of default_transport, not the
syntax of transport_maps. Specifically, this does not support the
transport_maps syntax for null transport, null nexthop, or null
email addresses. </p>
<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
%PARAM address_verify_sender_dependent_default_transport_maps $sender_dependent_default_transport_maps
<p> Overrides the sender_dependent_default_transport_maps parameter
setting for address verification probes. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
%PARAM default_filter_nexthop
<p> When a content_filter or FILTER request specifies no explicit
next-hop destination, use $default_filter_nexthop instead; when
that value is empty, use the domain in the recipient address.
Specify "default_filter_nexthop = $myhostname" for compatibility
with Postfix version 2.6 and earlier, or specify an explicit next-hop
destination with each content_filter value or FILTER action. </p>
<p> This feature is available in Postfix 2.7 and later. </p>

14
external/ibm-public/postfix/dist/src/cleanup/cleanup.c vendored
View File

@ -1,6 +1,4 @@
/* $NetBSD: cleanup.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -50,8 +48,10 @@
/* RFC 822 (ARPA Internet Text Messages)
/* RFC 2045 (MIME: Format of Internet Message Bodies)
/* RFC 2046 (MIME: Media Types)
/* RFC 2822 (Internet Message Format)
/* RFC 3463 (Enhanced Status Codes)
/* RFC 3464 (Delivery status notifications)
/* RFC 5322 (Internet Message Format)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* BUGS
@ -174,6 +174,11 @@
/* .IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR"
/* The macros that are sent to Milter (mail filter) applications
/* after the end of the message header.
/* .PP
/* Available in Postfix version 2.7 and later:
/* .IP "\fBmilter_header_checks (empty)\fR"
/* Optional lookup tables for content inspection of message headers
/* that are produced by Milter applications.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
@ -466,8 +471,7 @@ static void cleanup_service(VSTREAM *src, char *unused_service, char **argv)
state->errs |= CLEANUP_STAT_BAD;
break;
}
if (type == REC_TYPE_PTR || type == REC_TYPE_DTXT
|| type == REC_TYPE_DRCP) {
if (REC_GET_HIDDEN_TYPE(type)) {
msg_warn("%s: record type %d not allowed - discarding this message",
state->queue_id, type);
state->errs |= CLEANUP_STAT_BAD;

9
external/ibm-public/postfix/dist/src/cleanup/cleanup.h vendored
View File

@ -1,6 +1,4 @@
/* $NetBSD: cleanup.h,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup.h,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup.h,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -36,6 +34,7 @@
#include <mime_state.h>
#include <string_list.h>
#include <cleanup_user.h>
#include <header_body_checks.h>
/*
* Milter library.
@ -82,6 +81,8 @@ typedef struct CLEANUP_STATE {
off_t append_rcpt_pt_target; /* target of above record */
off_t append_hdr_pt_offset; /* append header here */
off_t append_hdr_pt_target; /* target of above record */
off_t append_meta_pt_offset; /* append meta record here */
off_t append_meta_pt_target; /* target of above record */
ssize_t rcpt_count; /* recipient count */
char *reason; /* failure reason */
char *smtp_reply; /* failure reason, SMTP-style */
@ -112,6 +113,8 @@ typedef struct CLEANUP_STATE {
VSTRING *milter_ext_from; /* externalized sender */
VSTRING *milter_ext_rcpt; /* externalized recipient */
VSTRING *milter_err_text; /* milter call-back reply */
HBC_CHECKS *milter_hbc_checks; /* Milter header checks */
VSTRING *milter_hbc_reply; /* Milter header checks reply */
/*
* Support for Milter body replacement requests.

7
external/ibm-public/postfix/dist/src/cleanup/cleanup_envelope.c vendored
View File

@ -1,6 +1,4 @@
/* $NetBSD: cleanup_envelope.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup_envelope.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup_envelope.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -389,7 +387,8 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
cleanup_addr_sender(state, buf);
if (state->milters || cleanup_milters) {
/* Make room to replace sender. */
rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE);
if ((len = strlen(state->sender)) < REC_TYPE_PTR_PAYL_SIZE)
rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len);
/* Remember the after-sender record offset. */
if ((state->sender_pt_target = vstream_ftell(state->dst)) < 0)
msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path);

6
external/ibm-public/postfix/dist/src/cleanup/cleanup_init.c vendored
View File

@ -1,6 +1,4 @@
/* $NetBSD: cleanup_init.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup_init.c,v 1.2 2009/06/23 11:41:06 tron Exp $ */
/* $NetBSD: cleanup_init.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -168,6 +166,7 @@ char *var_milt_eoh_macros; /* end-of-header macros */
char *var_milt_eod_macros; /* end-of-data macros */
char *var_milt_unk_macros; /* unknown command macros */
char *var_cleanup_milters; /* non-SMTP mail */
char *var_milt_head_checks; /* post-Milter header checks */
int var_auto_8bit_enc_hdr; /* auto-detect 8bit encoding header */
int var_always_add_hdrs; /* always add missing headers */
@ -234,6 +233,7 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_MILT_EOD_MACROS, DEF_MILT_EOD_MACROS, &var_milt_eod_macros, 0, 0,
VAR_MILT_UNK_MACROS, DEF_MILT_UNK_MACROS, &var_milt_unk_macros, 0, 0,
VAR_CLEANUP_MILTERS, DEF_CLEANUP_MILTERS, &var_cleanup_milters, 0, 0,
VAR_MILT_HEAD_CHECKS, DEF_MILT_HEAD_CHECKS, &var_milt_head_checks, 0, 0,
0,
};

138
external/ibm-public/postfix/dist/src/global/mail_params.h vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: mail_params.h,v 1.3 2010/04/17 10:29:18 tron Exp $ */
/* $NetBSD: mail_params.h,v 1.4 2010/06/17 18:18:15 tron Exp $ */
#ifndef _MAIL_PARAMS_H_INCLUDED_
#define _MAIL_PARAMS_H_INCLUDED_
@ -430,6 +430,14 @@ extern char *var_transport_maps;
#define DEF_DEF_TRANSPORT MAIL_SERVICE_SMTP
extern char *var_def_transport;
#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_" VAR_DEF_TRANSPORT "_maps"
#define DEF_SND_DEF_XPORT_MAPS ""
extern char *var_snd_def_xport_maps;
#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
#define DEF_NULL_DEF_XPORT_MAPS_KEY "<>"
extern char *var_null_def_xport_maps_key;
/*
* trivial rewrite/resolve service: rewriting controls.
*/
@ -1021,6 +1029,12 @@ extern bool var_smtp_always_ehlo;
#define DEF_SMTP_NEVER_EHLO 0
extern bool var_smtp_never_ehlo;
#define VAR_SMTP_RESP_FILTER "smtp_reply_filter"
#define DEF_SMTP_RESP_FILTER ""
#define VAR_LMTP_RESP_FILTER "lmtp_reply_filter"
#define DEF_LMTP_RESP_FILTER ""
extern char *var_smtp_resp_filter;
#define VAR_SMTP_BIND_ADDR "smtp_bind_address"
#define DEF_SMTP_BIND_ADDR ""
#define VAR_LMTP_BIND_ADDR "lmtp_bind_address"
@ -1150,6 +1164,10 @@ extern char *var_smtpd_noop_cmds;
#define DEF_SMTPD_FORBID_CMDS "CONNECT GET POST"
extern char *var_smtpd_forbid_cmds;
#define VAR_SMTPD_CMD_FILTER "smtpd_command_filter"
#define DEF_SMTPD_CMD_FILTER ""
extern char *var_smtpd_cmd_filter;
#define VAR_SMTPD_TLS_WRAPPER "smtpd_tls_wrappermode"
#define DEF_SMTPD_TLS_WRAPPER 0
extern bool var_smtpd_tls_wrappermode;
@ -1463,6 +1481,12 @@ extern char *var_smtp_tls_sec_cmatch;
#define DEF_LMTP_TLS_FPT_CMATCH ""
extern char *var_smtp_tls_fpt_cmatch;
#define VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY "smtp_tls_block_early_mail_reply"
#define DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY 0
#define VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY "lmtp_tls_block_early_mail_reply"
#define DEF_LMTP_TLS_BLK_EARLY_MAIL_REPLY 0
extern bool var_smtp_tls_blk_early_mail_reply;
/*
* SASL authentication support, SMTP server side.
*/
@ -2086,9 +2110,13 @@ extern int var_map_defer_code;
#define CHECK_RECIP_ACL "check_recipient_access"
#define CHECK_ETRN_ACL "check_etrn_access"
#define CHECK_CLIENT_MX_ACL "check_client_mx_access"
#define CHECK_REVERSE_CLIENT_MX_ACL "check_reverse_client_hostname_mx_access"
#define CHECK_HELO_MX_ACL "check_helo_mx_access"
#define CHECK_SENDER_MX_ACL "check_sender_mx_access"
#define CHECK_RECIP_MX_ACL "check_recipient_mx_access"
#define CHECK_CLIENT_NS_ACL "check_client_ns_access"
#define CHECK_REVERSE_CLIENT_NS_ACL "check_reverse_client_hostname_ns_access"
#define CHECK_HELO_NS_ACL "check_helo_ns_access"
#define CHECK_SENDER_NS_ACL "check_sender_ns_access"
#define CHECK_RECIP_NS_ACL "check_recipient_ns_access"
@ -2227,6 +2255,10 @@ extern void mail_params_init(void);
#define DEF_FILTER_XPORT ""
extern char *var_filter_xport;
#define VAR_DEF_FILTER_NEXTHOP "default_filter_nexthop"
#define DEF_DEF_FILTER_NEXTHOP ""
extern char *var_def_filter_nexthop;
/*
* Fast flush service support.
*/
@ -2526,7 +2558,7 @@ extern int var_scache_stat_time;
extern char *var_verify_service;
#define VAR_VERIFY_MAP "address_verify_map"
#define DEF_VERIFY_MAP ""
#define DEF_VERIFY_MAP "btree:$data_directory/verify_cache"
extern char *var_verify_map;
#define VAR_VERIFY_POS_EXP "address_verify_positive_expire_time"
@ -2549,6 +2581,10 @@ extern int var_verify_neg_try;
#define DEF_VERIFY_NEG_CACHE 1
extern bool var_verify_neg_cache;
#define VAR_VERIFY_SCAN_CACHE "address_verify_cache_cleanup_interval"
#define DEF_VERIFY_SCAN_CACHE "12h"
extern int var_verify_scan_cache;
#define VAR_VERIFY_SENDER "address_verify_sender"
#define DEF_VERIFY_SENDER "$" VAR_DOUBLE_BOUNCE
extern char *var_verify_sender;
@ -2577,6 +2613,10 @@ extern char *var_vrfy_relay_xport;
#define DEF_VRFY_DEF_XPORT "$" VAR_DEF_TRANSPORT
extern char *var_vrfy_def_xport;
#define VAR_VRFY_SND_DEF_XPORT_MAPS "address_verify_" VAR_SND_DEF_XPORT_MAPS
#define DEF_VRFY_SND_DEF_XPORT_MAPS "$" VAR_SND_DEF_XPORT_MAPS
extern char *var_snd_def_xport_maps;
#define VAR_VRFY_RELAYHOST "address_verify_relayhost"
#define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST
extern char *var_vrfy_relayhost;
@ -2708,6 +2748,10 @@ extern char *var_smtpd_proxy_ehlo;
#define DEF_SMTPD_PROXY_TMOUT "100s"
extern int var_smtpd_proxy_tmout;
#define VAR_SMTPD_PROXY_OPTS "smtpd_proxy_options"
#define DEF_SMTPD_PROXY_OPTS ""
extern char *var_smtpd_proxy_opts;
/*
* Transparency options for mail input interfaces and for the cleanup server
* behind them. These should turn off stuff we don't want to happen, because
@ -2877,20 +2921,31 @@ extern bool var_smtp_cname_overr;
/*
* TLS cipherlists
*/
#ifdef USE_TLS
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
#define PREFER_aNULL "aNULL:-aNULL:"
#else
#define PREFER_aNULL ""
#endif
#else
#define PREFER_aNULL ""
#endif
#define VAR_TLS_HIGH_CLIST "tls_high_cipherlist"
#define DEF_TLS_HIGH_CLIST "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
#define DEF_TLS_HIGH_CLIST PREFER_aNULL "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
extern char *var_tls_high_clist;
#define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist"
#define DEF_TLS_MEDIUM_CLIST "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
#define DEF_TLS_MEDIUM_CLIST PREFER_aNULL "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
extern char *var_tls_medium_clist;
#define VAR_TLS_LOW_CLIST "tls_low_cipherlist"
#define DEF_TLS_LOW_CLIST "ALL:!EXPORT:+RC4:@STRENGTH"
#define DEF_TLS_LOW_CLIST PREFER_aNULL "ALL:!EXPORT:+RC4:@STRENGTH"
extern char *var_tls_low_clist;
#define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist"
#define DEF_TLS_EXPORT_CLIST "ALL:+RC4:@STRENGTH"
#define DEF_TLS_EXPORT_CLIST PREFER_aNULL "ALL:+RC4:@STRENGTH"
extern char *var_tls_export_clist;
#define VAR_TLS_NULL_CLIST "tls_null_cipherlist"
@ -2984,6 +3039,10 @@ extern char *var_milt_daemon_name;
#define DEF_MILT_V "$" VAR_MAIL_NAME " $" VAR_MAIL_VERSION
extern char *var_milt_v;
#define VAR_MILT_HEAD_CHECKS "milter_header_checks"
#define DEF_MILT_HEAD_CHECKS ""
extern char *var_milt_head_checks;
/*
* What internal mail do we inspect/stamp/etc.? This is not yet safe enough
* to enable world-wide.
@ -3125,6 +3184,73 @@ extern char *var_multi_stop_cmds;
#define DEF_MULTI_CNTRL_CMDS "reload flush"
extern char *var_multi_cntrl_cmds;
/*
* postscreen(8)
*/
#define VAR_PS_CACHE_MAP "postscreen_cache_map"
#define DEF_PS_CACHE_MAP "btree:$data_directory/ps_cache"
extern char *var_ps_cache_map;
#define VAR_SMTPD_SERVICE "smtpd_service"
#define DEF_SMTPD_SERVICE "smtpd"
extern char *var_smtpd_service;
#define VAR_PS_POST_QLIMIT "postscreen_post_queue_limit"
#define DEF_PS_POST_QLIMIT "$" VAR_PROC_LIMIT
extern int var_ps_post_queue_limit;
#define VAR_PS_PRE_QLIMIT "postscreen_pre_queue_limit"
#define DEF_PS_PRE_QLIMIT "$" VAR_PROC_LIMIT
extern int var_ps_pre_queue_limit;
#define VAR_PS_CACHE_TTL "postscreen_cache_ttl"
#define DEF_PS_CACHE_TTL "1d"
extern int var_ps_cache_ttl;
#define VAR_PS_CACHE_RET "postscreen_cache_retention_time"
#define DEF_PS_CACHE_RET "1d"
extern int var_ps_cache_ret;
#define VAR_PS_CACHE_SCAN "postscreen_cache_cleanup_interval"
#define DEF_PS_CACHE_SCAN "12h"
extern int var_ps_cache_scan;
#define VAR_PS_GREET_WAIT "postscreen_greet_wait"
#define DEF_PS_GREET_WAIT "4s"
extern int var_ps_greet_wait;
#define VAR_PS_GREET_ACTION "postscreen_greet_action"
#define DEF_PS_GREET_ACTION "continue"
extern char *var_ps_greet_action;
#define VAR_PS_DNSBL_SITES "postscreen_dnsbl_sites"
#define DEF_PS_DNSBL_SITES ""
extern char *var_ps_dnsbl_sites;
#define VAR_PS_DNSBL_ACTION "postscreen_dnsbl_action"
#define DEF_PS_DNSBL_ACTION "continue"
extern char *var_ps_dnsbl_action;
#define VAR_PS_HUP_ACTION "postscreen_hangup_action"
#define DEF_PS_HUP_ACTION "continue"
extern char *var_ps_hangup_action;
#define VAR_PS_WLIST_NETS "postscreen_whitelist_networks"
#define DEF_PS_WLIST_NETS "$" VAR_MYNETWORKS
extern char *var_ps_wlist_nets;
#define VAR_PS_BLIST_NETS "postscreen_blacklist_networks"
#define DEF_PS_BLIST_NETS ""
extern char *var_ps_blist_nets;
#define VAR_PS_BLIST_ACTION "postscreen_blacklist_action"
#define DEF_PS_BLIST_ACTION "continue"
extern char *var_ps_blist_nets;
#define VAR_PS_GREET_BANNER "postscreen_greet_banner"
#define DEF_PS_GREET_BANNER "$" VAR_SMTPD_BANNER
extern char *var_ps_banner;
/* LICENSE
/* .ad
/* .fi

23
external/ibm-public/postfix/dist/src/smtp/smtp.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: smtp.c,v 1.2 2010/06/10 17:06:01 riz Exp $ */
/* $NetBSD: smtp.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -165,6 +165,9 @@
/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
/* Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
/* by RFC 2821.
/* .IP "\fBsmtp_reply_filter (empty)\fR"
/* A mechanism to transform replies from remote SMTP servers one
/* line at a time.
/* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
/* Skip SMTP servers that greet with a 5XX status code (go away, do
/* not try again later).
@ -402,6 +405,12 @@
/* File with the Postfix SMTP client ECDSA certificate in PEM format.
/* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
/* File with the Postfix SMTP client ECDSA private key in PEM format.
/* .PP
/* Available in Postfix version 2.7 and later:
/* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
/* Try to detect a mail hijacking attack based on a TLS protocol
/* vulnerability (CVE-2009-3555), where an attacker prepends malicious
/* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
@ -574,7 +583,7 @@
/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
/* The hostname to send in the LMTP LHLO command.
/* .IP "\fBsmtp_host_lookup (dns)\fR"
/* What mechanisms when the Postfix SMTP client uses to look up a host's IP
/* What mechanisms the Postfix SMTP client uses to look up a host's IP
/* address.
/* .IP "\fBsmtp_randomize_addresses (yes)\fR"
/* Randomize the order of equal-preference MX host addresses.
@ -771,6 +780,7 @@ char *var_smtp_tls_proto;
char *var_smtp_tls_ciph;
char *var_smtp_tls_eccert_file;
char *var_smtp_tls_eckey_file;
bool var_smtp_tls_blk_early_mail_reply;
#endif
@ -787,6 +797,7 @@ char *var_smtp_head_chks;
char *var_smtp_mime_chks;
char *var_smtp_nest_chks;
char *var_smtp_body_chks;
char *var_smtp_resp_filter;
bool var_lmtp_assume_final;
/* Special handling of 535 AUTH errors. */
@ -1057,6 +1068,14 @@ static void pre_init(char *unused_name, char **unused_argv)
smtp_body_checks = hbc_body_checks_create(
VAR_SMTP_BODY_CHKS, var_smtp_body_chks,
smtp_hbc_callbacks);
/*
* Server reply filter.
*/
if (*var_smtp_resp_filter)
smtp_chat_resp_filter =
dict_open(var_smtp_resp_filter, O_RDONLY,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
}
/* pre_accept - see if tables have changed */

190
external/ibm-public/postfix/dist/src/smtpd/smtpd.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: smtpd.c,v 1.3 2010/04/17 10:29:18 tron Exp $ */
/* $NetBSD: smtpd.c,v 1.4 2010/06/17 18:18:15 tron Exp $ */
/*++
/* NAME
@ -125,6 +125,10 @@
/* Available in Postfix version 2.6 and later:
/* .IP "\fBtcp_windowsize (0)\fR"
/* An optional workaround for routers that break TCP window scaling.
/* .PP
/* Available in Postfix version 2.7 and later:
/* .IP "\fBsmtpd_command_filter (empty)\fR"
/* A mechanism to transform commands from remote SMTP clients.
/* ADDRESS REWRITING CONTROLS
/* .ad
/* .fi
@ -150,8 +154,8 @@
/* filter is expected to inject mail back into a (Postfix or other)
/* MTA for further delivery. See the FILTER_README document for details.
/* .IP "\fBcontent_filter (empty)\fR"
/* The name of a mail delivery transport that filters mail after
/* it is queued.
/* After the message is queued, send the entire message to the
/* specified \fItransport:destination\fR.
/* BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
/* .ad
/* .fi
@ -164,6 +168,9 @@
/* The hostname and TCP port of the mail filtering proxy server.
/* .IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR"
/* How the Postfix SMTP server announces itself to the proxy filter.
/* .IP "\fBsmtpd_proxy_options (empty)\fR"
/* List of options that control how the Postfix SMTP server
/* communicates with a before-queue content filter.
/* .IP "\fBsmtpd_proxy_timeout (100s)\fR"
/* The time limit for connecting to a proxy filter and for sending or
/* receiving information.
@ -347,8 +354,8 @@
/* .IP "\fBsmtpd_tls_loglevel (0)\fR"
/* Enable additional Postfix SMTP server logging of TLS activity.
/* .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
/* The minimum TLS cipher grade that the Postfix SMTP server
/* will use with mandatory TLS encryption.
/* The minimum TLS cipher grade that the Postfix SMTP server will
/* use with mandatory TLS encryption.
/* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
/* Additional list of ciphers or cipher types to exclude from the
/* SMTP server cipher list at mandatory TLS security levels.
@ -678,8 +685,9 @@
/* Optional SMTP server access restrictions in the context of a client
/* SMTP connection request.
/* .IP "\fBsmtpd_helo_required (no)\fR"
/* Require that a remote SMTP client introduces itself at the beginning
/* of an SMTP session with the HELO or EHLO command.
/* Require that a remote SMTP client introduces itself with the HELO
/* or EHLO command before sending the MAIL command or other commands
/* that require EHLO negotiation.
/* .IP "\fBsmtpd_helo_restrictions (empty)\fR"
/* Optional restrictions that the Postfix SMTP server applies in the
/* context of the SMTP HELO command.
@ -738,7 +746,7 @@
/* See the file ADDRESS_VERIFICATION_README for information
/* about how to configure and operate the Postfix sender/recipient
/* address verification service.
/* .IP "\fBaddress_verify_poll_count (3)\fR"
/* .IP "\fBaddress_verify_poll_count (${stress?1}${stress:3})\fR"
/* How many times to query the \fBverify\fR(8) service for the completion
/* of an address verification request in progress.
/* .IP "\fBaddress_verify_poll_delay (3s)\fR"
@ -1142,6 +1150,7 @@ int var_verify_poll_delay;
char *var_smtpd_proxy_filt;
int var_smtpd_proxy_tmout;
char *var_smtpd_proxy_ehlo;
char *var_smtpd_proxy_opts;
char *var_input_transp;
int var_smtpd_policy_tmout;
int var_smtpd_policy_idle;
@ -1166,6 +1175,7 @@ bool var_smtpd_use_tls;
bool var_smtpd_enforce_tls;
bool var_smtpd_tls_wrappermode;
bool var_smtpd_tls_auth_only;
char *var_smtpd_cmd_filter;
#ifdef USE_TLS
char *var_smtpd_relay_ccerts;
@ -1227,6 +1237,8 @@ char *var_unk_addr_tf_act;
char *var_unv_rcpt_tf_act;
char *var_unv_from_tf_act;
int smtpd_proxy_opts;
/*
* Silly little macros.
*/
@ -1308,6 +1320,11 @@ static int ask_client_cert;
static int enforce_tls;
/*
* SMTP command mapping for broken clients.
*/
static DICT *smtpd_cmd_filter;
#ifdef USE_SASL_AUTH
/*
@ -1341,6 +1358,27 @@ static int sasl_client_exception(SMTPD_STATE *state)
#endif
/* smtpd_whatsup - gather available evidence for logging */
static const char *smtpd_whatsup(SMTPD_STATE *state)
{
static VSTRING *buf = 0;
if (buf == 0)
buf = vstring_alloc(100);
else
VSTRING_RESET(buf);
if (state->sender)
vstring_sprintf_append(buf, " from=<%s>", state->sender);
if (state->recipient)
vstring_sprintf_append(buf, " to=<%s>", state->recipient);
if (state->protocol)
vstring_sprintf_append(buf, " proto=%s", state->protocol);
if (state->helo_name)
vstring_sprintf_append(buf, " helo=<%s>", state->helo_name);
return (STR(buf));
}
/* collapse_args - put arguments together again */
static void collapse_args(int argc, SMTPD_TOKEN *argv)
@ -1359,23 +1397,9 @@ static void collapse_args(int argc, SMTPD_TOKEN *argv)
static const char *check_milter_reply(SMTPD_STATE *state, const char *reply)
{
const char *queue_id = state->queue_id ? state->queue_id : "NOQUEUE";
VSTRING *buf = vstring_alloc(100);
const char *action;
const char *text;
/*
* XXX Copied from log_whatsup(). Needs to be changed into a reusable
* function.
*/
if (state->sender)
vstring_sprintf_append(buf, " from=<%s>", state->sender);
if (state->recipient)
vstring_sprintf_append(buf, " to=<%s>", state->recipient);
if (state->protocol)
vstring_sprintf_append(buf, " proto=%s", state->protocol);
if (state->helo_name)
vstring_sprintf_append(buf, " helo=<%s>", state->helo_name);
/*
* The syntax of user-specified SMTP replies is checked by the Milter
* module, because the replies are also used in the cleanup server.
@ -1418,8 +1442,7 @@ static const char *check_milter_reply(SMTPD_STATE *state, const char *reply)
break;
}
msg_info("%s: %s: %s from %s: %s;%s", queue_id, action, state->where,
state->namaddr, reply ? reply : text, STR(buf));
vstring_free(buf);
state->namaddr, reply ? reply : text, smtpd_whatsup(state));
return (reply);
}
@ -1687,10 +1710,11 @@ static int mail_open_stream(SMTPD_STATE *state)
*/
if (state->proxy_mail) {
smtpd_check_rewrite(state);
if (smtpd_proxy_open(state, var_smtpd_proxy_filt,
if (smtpd_proxy_create(state, smtpd_proxy_opts, var_smtpd_proxy_filt,
var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
state->proxy_mail) != 0) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
smtpd_chat_reply(state, "%s", STR(state->proxy->buffer));
smtpd_proxy_free(state);
return (-1);
}
}
@ -2212,9 +2236,13 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
}
/*
* Check the queue file space, if applicable.
* Check the queue file space, if applicable. The optional before-filter
* speed-adjust buffers use disk space. However, we don't know if they
* compete for storage space with the after-filter queue, so we can't
* simply bump up the free space requirement to 2.5 * message_size_limit.
*/
if (!USE_SMTPD_PROXY(state)) {
if (!USE_SMTPD_PROXY(state)
|| (smtpd_proxy_opts & SMTPD_PROXY_FLAG_SPEED_ADJUST)) {
if (SMTPD_STAND_ALONE(state) == 0
&& (err = smtpd_check_queue(state)) != 0) {
/* XXX Reset access map side effects. */
@ -2308,14 +2336,8 @@ static void mail_reset(SMTPD_STATE *state)
VSTRING_RESET(state->instance);
VSTRING_TERMINATE(state->instance);
/*
* Try to be nice. Don't bother when we lost the connection. Don't bother
* waiting for a reply, it just increases latency.
*/
if (state->proxy) {
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_NONE, SMTPD_CMD_QUIT);
smtpd_proxy_close(state);
}
if (state->proxy)
smtpd_proxy_free(state);
if (state->xforward.flags)
smtpd_xforward_reset(state);
if (state->prepend)
@ -2335,6 +2357,7 @@ static void mail_reset(SMTPD_STATE *state)
static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
{
SMTPD_PROXY *proxy;
const char *err;
int narg;
char *arg;
@ -2478,9 +2501,10 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
* the recipient then we can have a proxy connection without having
* accepted a recipient.
*/
if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK,
proxy = state->proxy;
if (proxy != 0 && proxy->cmd(state, SMTPD_PROX_WANT_OK,
"%s", STR(state->buffer)) != 0) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
return (-1);
}
@ -2667,6 +2691,7 @@ static void comment_sanitize(VSTRING *comment_string)
static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
{
SMTPD_PROXY *proxy;
const char *err;
char *start;
int len;
@ -2725,9 +2750,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
smtpd_chat_reply(state, "%s", err);
return (-1);
}
if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_MORE,
proxy = state->proxy;
if (proxy != 0 && proxy->cmd(state, SMTPD_PROX_WANT_MORE,
"%s", STR(state->buffer)) != 0) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
return (-1);
}
@ -2736,10 +2762,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
* operation. We want to avoid massive code duplication within tons of
* if-else clauses.
*/
if (state->proxy) {
out_stream = state->proxy;
out_record = smtpd_proxy_rec_put;
out_fprintf = smtpd_proxy_rec_fprintf;
if (proxy) {
out_stream = proxy->stream;
out_record = proxy->rec_put;
out_fprintf = proxy->rec_fprintf;
out_error = CLEANUP_STAT_PROXY;
} else {
out_stream = state->cleanup;
@ -2781,7 +2807,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
* Suppress our own Received: header in the unlikely case that we are an
* intermediate proxy.
*/
if (!state->proxy || state->xforward.flags == 0) {
if (!proxy || state->xforward.flags == 0) {
out_fprintf(out_stream, REC_TYPE_NORM,
"Received: from %s (%s [%s])",
state->helo_name ? state->helo_name : state->name,
@ -2900,7 +2926,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
out_record(out_stream, REC_TYPE_NORM, "", 0);
}
if (prev_rec_type != REC_TYPE_CONT && *start == '.'
&& (state->proxy == 0 ? (++start, --len) == 0 : len == 1))
&& (proxy == 0 ? (++start, --len) == 0 : len == 1))
break;
if (state->err == CLEANUP_STAT_OK) {
if (var_message_limit > 0 && var_message_limit - state->act_size < len + 2) {
@ -2919,7 +2945,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
&& SMTPD_STAND_ALONE(state) == 0
&& (err = smtpd_check_eod(state)) != 0) {
smtpd_chat_reply(state, "%s", err);
if (state->proxy) {
if (proxy) {
smtpd_proxy_close(state);
} else {
mail_stream_cleanup(state->dest);
@ -2932,23 +2958,13 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
/*
* Send the end of DATA and finish the proxy connection. Set the
* CLEANUP_STAT_PROXY error flag in case of trouble.
*
* XXX The low-level proxy output routines should set "state" error
* attributes. This requires making "state" a context attribute of the
* VSTREAM.
*/
if (state->proxy) {
if (proxy) {
if (state->err == CLEANUP_STAT_OK) {
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, ".");
(void) proxy->cmd(state, SMTPD_PROX_WANT_ANY, ".");
if (state->err == CLEANUP_STAT_OK &&
*STR(state->proxy_buffer) != '2')
*STR(proxy->buffer) != '2')
state->err = CLEANUP_STAT_CONT;
} else if (state->err != CLEANUP_STAT_SIZE) {
state->err |= CLEANUP_STAT_PROXY;
detail = cleanup_stat_detail(CLEANUP_STAT_PROXY);
vstring_sprintf(state->proxy_buffer,
"%d %s Error: %s",
detail->smtp, detail->dsn, detail->text);
}
}
@ -3031,11 +3047,11 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
state->error_count = 0;
state->error_mask = 0;
state->junk_cmds = 0;
if (state->queue_id)
if (proxy)
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
else
smtpd_chat_reply(state,
"250 2.0.0 Ok: queued as %s", state->queue_id);
else
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
} else if (why && IS_SMTP_REJECT(STR(why))) {
state->error_mask |= MAIL_ERROR_POLICY;
smtpd_chat_reply(state, "%s", STR(why));
@ -3067,8 +3083,8 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
} else if ((state->err & CLEANUP_STAT_CONT) != 0) {
state->error_mask |= MAIL_ERROR_POLICY;
detail = cleanup_stat_detail(CLEANUP_STAT_CONT);
if (state->proxy_buffer) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
if (proxy) {
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
} else if (why && LEN(why) > 0) {
/* Allow address-specific DSN status in header/body_checks. */
smtpd_chat_reply(state, "%d %s", detail->smtp, STR(why));
@ -3083,7 +3099,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
detail->smtp, detail->dsn, detail->text);
} else if ((state->err & CLEANUP_STAT_PROXY) != 0) {
state->error_mask |= MAIL_ERROR_SOFTWARE;
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
smtpd_chat_reply(state, "%s", STR(proxy->buffer));
} else {
state->error_mask |= MAIL_ERROR_SOFTWARE;
detail = cleanup_stat_detail(CLEANUP_STAT_BAD);
@ -3091,6 +3107,14 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
detail->smtp, detail->dsn, state->err);
}
/*
* By popular command: the proxy's end-of-data reply.
*/
if (proxy)
msg_info("proxy-%s: %s: %s;%s",
(state->err == CLEANUP_STAT_OK) ? "accept" : "reject",
state->where, STR(proxy->buffer), smtpd_whatsup(state));
/*
* Cleanup. The client may send another MAIL command.
*/
@ -3217,8 +3241,8 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
/*
* XXX 2821 new feature: Section 3.5.1 requires that the VRFY response is
* either "full name <user@domain>" or "user@domain". Postfix replies
* with the address that was provided by the client, whether or not it is
* in fully qualified domain form or not.
* with the string that was provided by the client, whether or not it is
* in fully qualified domain form and the address is in <>.
*
* Reply code 250 is reserved for the case where the address is verified;
* reply code 252 should be used when no definitive certainty exists.
@ -4130,8 +4154,8 @@ typedef struct SMTPD_CMD {
#define SMTPD_CMD_FLAG_LAST (1<<2) /* last in PIPELINING command group */
static SMTPD_CMD smtpd_cmd_table[] = {
SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS,
SMTPD_CMD_EHLO, ehlo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS,
SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,
SMTPD_CMD_EHLO, ehlo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,
#ifdef USE_TLS
SMTPD_CMD_STARTTLS, starttls_cmd, SMTPD_CMD_FLAG_PRE_TLS,
#endif
@ -4165,6 +4189,7 @@ static void smtpd_proto(SMTPD_STATE *state)
const char *ehlo_words;
const char *err;
int status;
const char *cp;
/*
* Print a greeting banner and run the state machine. Read SMTP commands
@ -4425,6 +4450,16 @@ static void smtpd_proto(SMTPD_STATE *state)
}
watchdog_pat();
smtpd_chat_query(state);
/* Move into smtpd_chat_query() and update session transcript. */
if (smtpd_cmd_filter != 0) {
for (cp = STR(state->buffer); *cp && IS_SPACE_TAB(*cp); cp++)
/* void */ ;
if ((cp = dict_get(smtpd_cmd_filter, cp)) != 0) {
msg_info("%s: replacing client command \"%s\" with \"%s\"",
state->namaddr, STR(state->buffer), cp);
vstring_strcpy(state->buffer, cp);
}
}
if ((argc = smtpd_token(vstring_str(state->buffer), &argv)) == 0) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "500 5.5.2 Error: bad syntax");
@ -4699,6 +4734,10 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
#endif
#ifdef USE_TLS
if (*var_smtpd_cmd_filter)
smtpd_cmd_filter = dict_open(var_smtpd_cmd_filter, O_RDONLY,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
/*
* XXX Temporary fix to pretend that we consistently implement TLS
* security levels. We implement only a subset for now. If we implement
@ -4843,6 +4882,15 @@ static void post_jail_init(char *unused_name, char **unused_argv)
smtpd_input_transp_mask =
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
/*
* Initialize before-queue filter options: do we want speed-matching
* support so that the entire message is received before we contact a
* before-queue content filter?
*/
if (*var_smtpd_proxy_filt)
smtpd_proxy_opts =
smtpd_proxy_parse_opts(VAR_SMTPD_PROXY_OPTS, var_smtpd_proxy_opts);
/*
* Sendmail mail filters.
*
@ -5023,6 +5071,7 @@ int main(int argc, char **argv)
VAR_VERP_CLIENTS, DEF_VERP_CLIENTS, &var_verp_clients, 0, 0,
VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0,
VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0,
VAR_SMTPD_PROXY_OPTS, DEF_SMTPD_PROXY_OPTS, &var_smtpd_proxy_opts, 0, 0,
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
VAR_XCLIENT_HOSTS, DEF_XCLIENT_HOSTS, &var_xclient_hosts, 0, 0,
VAR_XFORWARD_HOSTS, DEF_XFORWARD_HOSTS, &var_xforward_hosts, 0, 0,
@ -5075,6 +5124,7 @@ int main(int argc, char **argv)
VAR_UNK_ADDR_TF_ACT, DEF_UNK_ADDR_TF_ACT, &var_unk_addr_tf_act, 1, 0,
VAR_UNV_RCPT_TF_ACT, DEF_UNV_RCPT_TF_ACT, &var_unv_rcpt_tf_act, 1, 0,
VAR_UNV_FROM_TF_ACT, DEF_UNV_FROM_TF_ACT, &var_unv_from_tf_act, 1, 0,
VAR_SMTPD_CMD_FILTER, DEF_SMTPD_CMD_FILTER, &var_smtpd_cmd_filter, 0, 0,
0,
};
static const CONFIG_RAW_TABLE raw_table[] = {

2
external/ibm-public/postfix/dist/src/tls/tls_client.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: tls_client.c,v 1.2 2009/07/20 17:17:56 christos Exp $ */
/* $NetBSD: tls_client.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME

2
external/ibm-public/postfix/dist/src/tls/tls_server.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: tls_server.c,v 1.2 2009/07/20 17:17:56 christos Exp $ */
/* $NetBSD: tls_server.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME

13
external/ibm-public/postfix/dist/src/util/inet_addr_local.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: inet_addr_local.c,v 1.2 2010/02/23 16:41:01 jnemeth Exp $ */
/* $NetBSD: inet_addr_local.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME
@ -186,9 +186,15 @@ static int ial_getifaddrs(INET_ADDR_LIST *addr_list,
if (!(ifa->ifa_flags & IFF_UP) || ifa->ifa_addr == 0)
continue;
sa = ifa->ifa_addr;
sam = ifa->ifa_netmask;
if (af != AF_UNSPEC && sa->sa_family != af)
continue;
sam = ifa->ifa_netmask;
if (sam == 0) {
/* XXX In mynetworks, a null netmask would match everyone. */
msg_warn("ignoring interface with null netmask, address family %d",
sa->sa_family);
continue;
}
switch (sa->sa_family) {
case AF_INET:
if (SOCK_ADDR_IN_ADDR(sa).s_addr == INADDR_ANY)
@ -586,7 +592,8 @@ int main(int unused_argc, char **argv)
msg_vstream_init(argv[0], VSTREAM_ERR);
msg_verbose = 1;
proto_info = inet_proto_init(argv[0], INET_PROTO_NAME_ALL);
proto_info = inet_proto_init(argv[0],
argv[1] ? argv[1] : INET_PROTO_NAME_ALL);
inet_addr_list_init(&addr_list);
inet_addr_list_init(&mask_list);
inet_addr_local(&addr_list, &mask_list, proto_info->ai_family_list);

18
external/ibm-public/postfix/dist/src/util/unix_recv_fd.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: unix_recv_fd.c,v 1.2 2009/06/23 11:41:07 tron Exp $ */
/* $NetBSD: unix_recv_fd.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME
@ -65,7 +65,7 @@ int unix_recv_fd(int fd)
/*
* Adapted from: W. Richard Stevens, UNIX Network Programming, Volume 1,
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE, for
* portability to LP64 environments.
* portability to some LP64 environments. See also unix_send_fd.c.
*/
#if defined(CMSG_SPACE) && !defined(NO_MSGHDR_MSG_CONTROL)
union {
@ -76,7 +76,11 @@ int unix_recv_fd(int fd)
memset((char *) &msg, 0, sizeof(msg)); /* Fix 200512 */
msg.msg_control = control_un.control;
msg.msg_controllen = sizeof(control_un.control); /* Fix 200506 */
if (unix_pass_fd_fix & UNIX_PASS_FD_FIX_CMSG_LEN) {
msg.msg_controllen = CMSG_LEN(sizeof(newfd)); /* Fix 200506 */
} else {
msg.msg_controllen = sizeof(control_un.control); /* normal */
}
#else
msg.msg_accrights = (char *) &newfd;
msg.msg_accrightslen = sizeof(newfd);
@ -143,10 +147,10 @@ int main(int argc, char **argv)
ssize_t read_count;
char buf[1024];
if (argc != 2
if (argc < 2 || argc > 3
|| (endpoint = split_at(transport = argv[1], ':')) == 0
|| *endpoint == 0 || *transport == 0)
msg_fatal("usage: %s transport:endpoint", argv[0]);
msg_fatal("usage: %s transport:endpoint [workaround]", argv[0]);
if (strcmp(transport, "unix") == 0) {
listen_sock = unix_listen(endpoint, 10, BLOCKING);
@ -160,8 +164,10 @@ int main(int argc, char **argv)
if (client_sock < 0)
msg_fatal("accept: %m");
set_unix_pass_fd_fix(argv[2] ? argv[2] : "");
while ((client_fd = unix_recv_fd(client_sock)) >= 0) {
msg_info("client_fd = %d", client_fd);
msg_info("client_fd = %d, fix=%d", client_fd, unix_pass_fd_fix);
while ((read_count = read(client_fd, buf, sizeof(buf))) > 0)
write(1, buf, read_count);
if (read_count < 0)

50
external/ibm-public/postfix/dist/src/util/unix_send_fd.c vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: unix_send_fd.c,v 1.2 2009/06/23 11:41:07 tron Exp $ */
/* $NetBSD: unix_send_fd.c,v 1.3 2010/06/17 18:18:16 tron Exp $ */
/*++
/* NAME
@ -66,8 +66,8 @@ int unix_send_fd(int fd, int sendfd)
/*
* Adapted from: W. Richard Stevens, UNIX Network Programming, Volume 1,
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE; the
* latter breaks on LP64 systems.
* Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE, for
* portability to some LP64 environments. See also unix_recv_fd.c.
*/
#if defined(CMSG_SPACE) && !defined(NO_MSGHDR_MSG_CONTROL)
union {
@ -78,8 +78,11 @@ int unix_send_fd(int fd, int sendfd)
memset((char *) &msg, 0, sizeof(msg)); /* Fix 200512 */
msg.msg_control = control_un.control;
msg.msg_controllen = sizeof(control_un.control); /* Fix 200506 */
if (unix_pass_fd_fix & UNIX_PASS_FD_FIX_CMSG_LEN) {
msg.msg_controllen = CMSG_LEN(sizeof(sendfd)); /* Fix 200506 */
} else {
msg.msg_controllen = sizeof(control_un.control); /* normal */
}
cmptr = CMSG_FIRSTHDR(&msg);
cmptr->cmsg_len = CMSG_LEN(sizeof(sendfd));
cmptr->cmsg_level = SOL_SOCKET;
@ -103,7 +106,40 @@ int unix_send_fd(int fd, int sendfd)
msg.msg_iov = iov;
msg.msg_iovlen = 1;
return (sendmsg(fd, &msg, 0));
/*
* The CMSG_LEN send/receive workaround was originally developed for
* OpenBSD 3.6 on SPARC64. After the workaround was verified to not break
* Solaris 8 on SPARC64, it was hard-coded with Postfix 2.3 for all
* platforms because of increasing pressure to work on other things. The
* workaround does nothing for 32-bit systems.
*
* The investigation was reopened with Postfix 2.7 because the workaround
* broke with NetBSD 5.0 on 64-bit architectures. This time it was found
* that OpenBSD <= 4.3 on AMD64 and SPARC64 needed the workaround for
* sending only. The following platforms worked with and without the
* workaround: OpenBSD 4.5 on AMD64 and SPARC64, FreeBSD 7.2 on AMD64,
* Solaris 8 on SPARC64, and Linux 2.6-11 on x86_64.
*
* As this appears to have been an OpenBSD-specific problem, we revert to
* the Postfix 2.2 behavior. Instead of hard-coding the workaround for
* all platforms, we now detect sendmsg() errors at run time and turn on
* the workaround dynamically.
*
* The workaround was made run-time configurable to investigate the problem
* on multiple platforms. Though set_unix_pass_fd_fix() is over-kill for
* this specific problem, it is left in place so that it can serve as an
* example of how to add run-time configurable workarounds to Postfix.
*/
if (sendmsg(fd, &msg, 0) >= 0)
return (0);
if (unix_pass_fd_fix == 0) {
if (msg_verbose)
msg_info("sendmsg error (%m). Trying CMSG_LEN workaround.");
unix_pass_fd_fix = UNIX_PASS_FD_FIX_CMSG_LEN;
return (unix_send_fd(fd, sendfd));
} else {
return (-1);
}
#endif
}
@ -128,6 +164,8 @@ int main(int argc, char **argv)
int server_sock;
int client_fd;
msg_verbose = 1;
if (argc < 3
|| (endpoint = split_at(transport = argv[1], ':')) == 0
|| *endpoint == 0 || *transport == 0)