Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/gnu/dist/postfix/TODO

275 lines
9.9 KiB
Plaintext
Raw Blame History

one queue per rcpt hurts when delivering to agents that don't
get stuck on shell commands or mailbox locks
xxx: bounced as yyy (bounced mail); xxx forwarded as zzz (mail
expanded via :include:).
postconf -f filename
more general relocated feature - perhaps better to bounce recipients
at the SMTP port.
use $mydomain when hostname is not FQDN.
generic daemon that listens on fifo and runs command
make sendmail/smtpd/cleanup output directory/fifo configurable
if postdrop scrutinizes input, skip the overhead in the pickup
daemon.
luser relay
add a threshold to sendmail etc. stderr logging, so that class
"info" messages don't go to stderr.
need a configurable mailbox locking method with system-specific
default, so people don't have to recompile just to turn of fcntl()
locks to work around SUN mailtool.
implement an UCE control to accept mail if the sender domain sender
lists us as MX host (rafal wiosna). By the same token, implement
a control to accept mail when the client hostname/parent domain
lists us as their MX host.
with recipient delimiter enabled, append the unmatched recipient
of @virtual.domain patterns as extension to right-hand recipient,
for qmail-like virtual mapping.
received: headers should be generated by the cleanup daemon, and
client attributes ("with", "from", etc.) should be passed along
with the message. This guarantees that forwarded/aliased mail gets
stamped with the queue ID.
trivial-rewrite etc.: after reload, close the listen socket and
wait until all clients disconnect.
In qmgr_entry.c, turn off random walk by default.
toss double-bounce mail even when mail for the local machine is
redirected to another box. See mail_addr_double_bounce().
represent peer as object, not as name + addr arguments
ignore sender: header when different from envelope?
smtp client: optionally log every MX host contacted
remote showq access (cookie in maildrop or print some text to inform
the user)
defer: explain mail was bounced after N days
multiple rewrite processes?
log relay address in addition to host.
gethostbyaddr() uses native name services, which can be slow.
can we detect a client that ignores error responses?
way to block inbound mail based on recipient suffix?
when client begins with non-SMTP data, log warning
when non-SMTP follows ".", log warning.
On linux syslogd needs -/file/name
can Postfix implement one switchboard instead of having all these
little lookup tables?
make canonical/virtual/etc. table lookup order configurable
allow /file/name or maptype_mapname in $mydestination
make protocol errors soft errore? There are a lot of broken mailers
out there that sometimes croak and sometimes work.
require @ in sender/rcpt (another restriction)
figure out a way to pump recipients into qmgr before concurrency
starts to drop.
pass on client etc/ attributes along with message to delivery agent
pass on configurable info into external process environment
scrutinize file opens in delivery agents just like in qmgr (better:
open the file and see if someone compromised the vmailer account
and is racing against us).
cleanup: don't run out of memory with large amounts of bcc addresses
cleanup: permit non-empty extra segment, so that mail posting
software can pass in bcc recipients.
suspend/resume signals + master status (suspended/running) in PID
file. Maybe use FIFO instead. But, that means requests do not
arrive when the master is stuck.
postedit queue-id command...
more flexible mail queue list command
multiple queues may make ETRN processing less painful because there
is less delayed mail to plow through.
qmgr: configurable incoming/deferred mixing ratio so we can prioritize
new mail over old mail
Replace [my.own.ip.addr] by domain name so that delivered-to has
the desired effect.
Received: header and bounce text will be configurable with ${name}
macros. This requires that everything must cope with newlines in
config parameters (including the SMTP greeting bannner, yuck).
Pass along the client hostname/posting user with queue files, to
be logged by the queue manager.
showq: don't use mail_open_ok() - it assumes coordinated queue
access.
trivial-rewrite: optionally, use DNS to fully qualify hostnames.
smtp: optionally deal with MX records containing an address instead
of a name.
pickup/cleanup/qmgr/local: add options record to control internal
features such as canonical/virtual mapping, VERPs etcetera.
smtpd: when deciding if a destination is local, also look at the
virtual map. Perhaps we should move canonical and virtual lookups
back into the rewrite service, but under a different name, so they
do not get in the way if we do not want them.
Queue manager: do not allocate queue slots when a destination
already has more than some threshold. This is to prevent a dead or
slow destination from filling up the queue manager's active queue,
preventing delivery to other destinations. However, such `fairness'
strategies should not cause Postfix to lose the benchmark race, so
we must be fair and smart at the same time :-)
Add hook for (domain, user database) support. This is needed if
you have lots of real domains and can't afford a separate master.cf
delivery agent entry for each domain.
Add support for DBZ databases, using the code from INN. Reportedly,
GDB handles large numbers of keys poorly.
Make the number of time bits in the queue ID configurable, or at
least a little larger.
Change the front-end to cleanup protocol so that the front-end
sends the expected message size, and so that the cleanup service
can report if there is enough space. This is useful only for the
SMTP server, because pickup can't produce bounce requests: the
bounce service can't read the maildrop file.
On systems with functional UNIX-domain sockets, use that instead
of FIFOs to trigger the pickup and qmgr services. This allows for
some coupling between front-end programs and queue manager, so that
a burst of inbound mail does not lock out the queue manager from
accessing the queue, causing outbound delivery to stop.
There is a need to run `master' services outside the "master"
environment, either for testing (new config files) or for production.
For consistency reasons, programs file names should be taken from
the master.cf file.
- The showq service. Used by the super user when the mail system
is down.
- The smtpd service for "sendmail -bs" emulation. Used by some
mail posting agents. Output to the maildrop, so that messages
can be posted even when the mail system is down.
- The rewrite engine for "sendmail -bt" emulation, for off-line
testing of configuration files. Requires a method to override
the location of the rewriting rules file. Or, perhaps there
should be an official place (/etc/vmailer/testbed?) for playing
with config files.
postfix-script: detect and/or build missing alias database. In
order to do this we must extract the alias_maps parameter from the
main.cf file, and create any missing files with the right ownerships.
SunOS 5.4 sendmail seems to include the null byte in alias keys
and values, like almost every UNIX system; SunOS 5.5 sendmail does
not include these nulls. Need to add support for SunOS 5.4. NIS
alias maps always include the null terminator...
implement the return-receipt-to notification service.
Implement real address rewriting.
default alias for mail to non-existent users. How useful is this
when the postmaster already gets notices of mail that could not be
delivered by the local mail system? And how do we pass around the
original envelope recipient once it has been "aliased" to the
address for non-existent users?
owner-default alias to capture all mailing list errors. Or perhaps
they should just set up the appropriate owner-foo aliases in their
alias database?
make mail_params module the main config interface; no calls from
config.c to routines in mail_params.c
resolve/rewrite clients should share connection
postfix-script: make sure permissions of queue (and anything below)
are sane.
bounce/defer: provide attribute-value interface, for better logging
(expanded-from etc.) and non-delivery reports.
Postfix-Options: header, to turn on qmail-like VERPs. But, these
must be accessible only for locally-posted mail (not mail that
arrives via UUCP).
Maintain per-client short-term host status, so we can slow down
unreasonable clients
Make archiving delivered mail a REAL option (queue manager). What
about one archive per day. The magic could be put into the mail
queue name routines. Just make it aware of the date.
Will the mail system be faster when we avoid moving new messages
incoming->active? How would one detect the arrival of new files?
pickup: pass file descriptor to cleanup instead of copying data.
This violates the principle that all front-end programs protect
the mail system against unreasonably-long inputs.
True ETRN means kick the host out of the queue manager's "dead
hosts" table & move mail from the "hold" queue for that site to
the incoming queue.
Option to make a copy of all mail passing through the mail system.
The message ID is built by concatenating the time of day in seconds
with the queue id. We must ensure that a queue id is unique for at
least one second, otherwise multiple messages will have the same
message ID. Queue ids will always collide after a while. The NFS
generation number for the queue file would be useful, but there is
no portable interface to get it, and we cannot depend on the system
having NFS support enabled. If a 1-microsecond resolution is
sufficient, we could compose the queue ID from the inode number
plus 6 decimal digits or 5 hex ones for the time in microseconds.
Or, use a smarter encoding with more bits per character.
postfix-script: make sure that each queue file matches its file id
or we might lose mail.
postfix-script: do database fixups as the unprivileged user
Put a version file in the conf directory or add option to vmail
control command to print the version (requires vmconf tool that
can query main.cf.).
Maintain a pool of pre-allocated queue files, to eliminate file
creation and deletion overhead.
Reference in New Issue View Git Blame Copy Permalink