one queue per rcpt hurts when delivering to agents that don't get stuck on shell commands or mailbox locks xxx: bounced as yyy (bounced mail); xxx forwarded as zzz (mail expanded via :include:). postconf -f filename more general relocated feature - perhaps better to bounce recipients at the SMTP port. use $mydomain when hostname is not FQDN. generic daemon that listens on fifo and runs command make sendmail/smtpd/cleanup output directory/fifo configurable if postdrop scrutinizes input, skip the overhead in the pickup daemon. luser relay add a threshold to sendmail etc. stderr logging, so that class "info" messages don't go to stderr. need a configurable mailbox locking method with system-specific default, so people don't have to recompile just to turn of fcntl() locks to work around SUN mailtool. implement an UCE control to accept mail if the sender domain sender lists us as MX host (rafal wiosna). By the same token, implement a control to accept mail when the client hostname/parent domain lists us as their MX host. with recipient delimiter enabled, append the unmatched recipient of @virtual.domain patterns as extension to right-hand recipient, for qmail-like virtual mapping. received: headers should be generated by the cleanup daemon, and client attributes ("with", "from", etc.) should be passed along with the message. This guarantees that forwarded/aliased mail gets stamped with the queue ID. trivial-rewrite etc.: after reload, close the listen socket and wait until all clients disconnect. In qmgr_entry.c, turn off random walk by default. toss double-bounce mail even when mail for the local machine is redirected to another box. See mail_addr_double_bounce(). represent peer as object, not as name + addr arguments ignore sender: header when different from envelope? smtp client: optionally log every MX host contacted remote showq access (cookie in maildrop or print some text to inform the user) defer: explain mail was bounced after N days multiple rewrite processes? log relay address in addition to host. gethostbyaddr() uses native name services, which can be slow. can we detect a client that ignores error responses? way to block inbound mail based on recipient suffix? when client begins with non-SMTP data, log warning when non-SMTP follows ".", log warning. On linux syslogd needs -/file/name can Postfix implement one switchboard instead of having all these little lookup tables? make canonical/virtual/etc. table lookup order configurable allow /file/name or maptype_mapname in $mydestination make protocol errors soft errore? There are a lot of broken mailers out there that sometimes croak and sometimes work. require @ in sender/rcpt (another restriction) figure out a way to pump recipients into qmgr before concurrency starts to drop. pass on client etc/ attributes along with message to delivery agent pass on configurable info into external process environment scrutinize file opens in delivery agents just like in qmgr (better: open the file and see if someone compromised the vmailer account and is racing against us). cleanup: don't run out of memory with large amounts of bcc addresses cleanup: permit non-empty extra segment, so that mail posting software can pass in bcc recipients. suspend/resume signals + master status (suspended/running) in PID file. Maybe use FIFO instead. But, that means requests do not arrive when the master is stuck. postedit queue-id command... more flexible mail queue list command multiple queues may make ETRN processing less painful because there is less delayed mail to plow through. qmgr: configurable incoming/deferred mixing ratio so we can prioritize new mail over old mail Replace [my.own.ip.addr] by domain name so that delivered-to has the desired effect. Received: header and bounce text will be configurable with ${name} macros. This requires that everything must cope with newlines in config parameters (including the SMTP greeting bannner, yuck). Pass along the client hostname/posting user with queue files, to be logged by the queue manager. showq: don't use mail_open_ok() - it assumes coordinated queue access. trivial-rewrite: optionally, use DNS to fully qualify hostnames. smtp: optionally deal with MX records containing an address instead of a name. pickup/cleanup/qmgr/local: add options record to control internal features such as canonical/virtual mapping, VERPs etcetera. smtpd: when deciding if a destination is local, also look at the virtual map. Perhaps we should move canonical and virtual lookups back into the rewrite service, but under a different name, so they do not get in the way if we do not want them. Queue manager: do not allocate queue slots when a destination already has more than some threshold. This is to prevent a dead or slow destination from filling up the queue manager's active queue, preventing delivery to other destinations. However, such `fairness' strategies should not cause Postfix to lose the benchmark race, so we must be fair and smart at the same time :-) Add hook for (domain, user database) support. This is needed if you have lots of real domains and can't afford a separate master.cf delivery agent entry for each domain. Add support for DBZ databases, using the code from INN. Reportedly, GDB handles large numbers of keys poorly. Make the number of time bits in the queue ID configurable, or at least a little larger. Change the front-end to cleanup protocol so that the front-end sends the expected message size, and so that the cleanup service can report if there is enough space. This is useful only for the SMTP server, because pickup can't produce bounce requests: the bounce service can't read the maildrop file. On systems with functional UNIX-domain sockets, use that instead of FIFOs to trigger the pickup and qmgr services. This allows for some coupling between front-end programs and queue manager, so that a burst of inbound mail does not lock out the queue manager from accessing the queue, causing outbound delivery to stop. There is a need to run `master' services outside the "master" environment, either for testing (new config files) or for production. For consistency reasons, programs file names should be taken from the master.cf file. - The showq service. Used by the super user when the mail system is down. - The smtpd service for "sendmail -bs" emulation. Used by some mail posting agents. Output to the maildrop, so that messages can be posted even when the mail system is down. - The rewrite engine for "sendmail -bt" emulation, for off-line testing of configuration files. Requires a method to override the location of the rewriting rules file. Or, perhaps there should be an official place (/etc/vmailer/testbed?) for playing with config files. postfix-script: detect and/or build missing alias database. In order to do this we must extract the alias_maps parameter from the main.cf file, and create any missing files with the right ownerships. SunOS 5.4 sendmail seems to include the null byte in alias keys and values, like almost every UNIX system; SunOS 5.5 sendmail does not include these nulls. Need to add support for SunOS 5.4. NIS alias maps always include the null terminator... implement the return-receipt-to notification service. Implement real address rewriting. default alias for mail to non-existent users. How useful is this when the postmaster already gets notices of mail that could not be delivered by the local mail system? And how do we pass around the original envelope recipient once it has been "aliased" to the address for non-existent users? owner-default alias to capture all mailing list errors. Or perhaps they should just set up the appropriate owner-foo aliases in their alias database? make mail_params module the main config interface; no calls from config.c to routines in mail_params.c resolve/rewrite clients should share connection postfix-script: make sure permissions of queue (and anything below) are sane. bounce/defer: provide attribute-value interface, for better logging (expanded-from etc.) and non-delivery reports. Postfix-Options: header, to turn on qmail-like VERPs. But, these must be accessible only for locally-posted mail (not mail that arrives via UUCP). Maintain per-client short-term host status, so we can slow down unreasonable clients Make archiving delivered mail a REAL option (queue manager). What about one archive per day. The magic could be put into the mail queue name routines. Just make it aware of the date. Will the mail system be faster when we avoid moving new messages incoming->active? How would one detect the arrival of new files? pickup: pass file descriptor to cleanup instead of copying data. This violates the principle that all front-end programs protect the mail system against unreasonably-long inputs. True ETRN means kick the host out of the queue manager's "dead hosts" table & move mail from the "hold" queue for that site to the incoming queue. Option to make a copy of all mail passing through the mail system. The message ID is built by concatenating the time of day in seconds with the queue id. We must ensure that a queue id is unique for at least one second, otherwise multiple messages will have the same message ID. Queue ids will always collide after a while. The NFS generation number for the queue file would be useful, but there is no portable interface to get it, and we cannot depend on the system having NFS support enabled. If a 1-microsecond resolution is sufficient, we could compose the queue ID from the inode number plus 6 decimal digits or 5 hex ones for the time in microseconds. Or, use a smarter encoding with more bits per character. postfix-script: make sure that each queue file matches its file id or we might lose mail. postfix-script: do database fixups as the unprivileged user Put a version file in the conf directory or add option to vmail control command to print the version (requires vmconf tool that can query main.cf.). Maintain a pool of pre-allocated queue files, to eliminate file creation and deletion overhead.