Prereq: "2.4.3"
diff -cr --new-file /var/tmp/postfix-2.4.3/src/global/mail_version.h ./src/global/mail_version.h
*** /var/tmp/postfix-2.4.3/src/global/mail_version.h Thu May 31 14:20:10 2007
--- ./src/global/mail_version.h Tue Jul 31 12:46:23 2007
***************
*** 20,27 ****
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20070531"
! #define MAIL_VERSION_NUMBER "2.4.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
--- 20,27 ----
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
! #define MAIL_RELEASE_DATE "20070731"
! #define MAIL_VERSION_NUMBER "2.4.4"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -cr --new-file /var/tmp/postfix-2.4.3/HISTORY ./HISTORY
*** /var/tmp/postfix-2.4.3/HISTORY Thu May 31 11:19:10 2007
--- ./HISTORY Tue Jul 31 10:20:34 2007
***************
*** 13481,13483 ****
--- 13481,13536 ----
Portability: Victor helpfully pointed out that change
20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c,
qmqpd/qmqpd_peer.c.
+
+ 20070613
+
+ Bugfix: the Milter client assumed that a Milter application
+ does not modify the message header or envelope, after that
+ same Milter application has modified the message body of
+ that same email message. This is not a problem with updates
+ by different Milter applications. Problem was triggered
+ by Jose-Marcio Martins da Cruz. Also simplified the handling
+ of queue file update errors. File: milter/milter8.c.
+
+ 20070614
+
+ Workaround: some non-Cyrus SASL SMTP servers require SASL
+ login without authzid (authoriZation ID), i.e. the client
+ must send only the authcid (authentiCation ID) + the authcid's
+ password. In this case the server is supposed to derive
+ the authzid from the authcid. This works as expected when
+ authenticating to a Cyrus SASL SMTP server. To get the old
+ behavior specify "send_cyrus_sasl_authzid = yes", in which
+ case Postfix sends the (authzid, authcid, password), with
+ the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c.
+
+ 20070619
+
+ Portability: /dev/poll support for Solaris chroot jail setup
+ scripts. Files: examples/chroot-setup/Solaris8,
+ examples/chroot-setup/Solaris10.
+
+ 20070719
+
+ Cleanup: Milter client error handling, so that the (Postfix
+ SMTP server's Milter client) does not get out of sync with
+ Milter applications after the (cleanup server's Milter
+ client) encounters some non-recoverable problem. Files:
+ milter/milter8.c, smtpd/smtpd.c.
+
+ 20070729
+
+ Performance: workaround for poor TCP performance on loopback
+ (127.0.0.1) connections. Problem reported by Mark Martinec.
+ Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c,
+ smtpstone/*source.c.
+
+ 20070730
+
+ Bugfix: when a milter replied with ACCEPT at or before the
+ first RCPT command, the cleanup server would apply the
+ non_smtpd_milters setting as if the message was a local
+ submission. Problem reported by Jukka Salmi. Also, the
+ cleanup server would get out of sync with the milter when
+ a milter replied with ACCEPT at the DATA command. Files:
+ cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
diff -cr --new-file /var/tmp/postfix-2.4.3/README_FILES/RELEASE_NOTES ./README_FILES/RELEASE_NOTES
*** /var/tmp/postfix-2.4.3/README_FILES/RELEASE_NOTES Wed Mar 28 14:18:39 2007
--- ./README_FILES/RELEASE_NOTES Fri Jul 20 11:27:38 2007
***************
*** 11,16 ****
--- 11,30 ----
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
+ Incompatibility with Postfix 2.4.4
+ ==================================
+
+ By default, the Postfix Cyrus SASL client no longer sends a SASL
+ authoriZation ID (authzid); it sends only the SASL authentiCation
+ ID (authcid) plus the authcid's password. Specify "send_cyrus_sasl_authzid
+ = yes" to get the old behavior, which is to send the (authzid,
+ authcid, password), with the authzid equal to the authcid. This
+ workaround for non-Cyrus SASL servers is back-ported from Postfix
+ 2.5.
+
+ Release notes for Postfix 2.4.0
+ ===============================
+
Major changes - critical
------------------------
diff -cr --new-file /var/tmp/postfix-2.4.3/README_FILES/SASL_README ./README_FILES/SASL_README
*** /var/tmp/postfix-2.4.3/README_FILES/SASL_README Tue Mar 13 19:53:54 2007
--- ./README_FILES/SASL_README Tue Jul 10 13:36:34 2007
***************
*** 356,375 ****
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
! A�AU�UT�TH�H P�PL�LA�AI�IN�N d�dG�GV�Vz�zd�dA�AB�B0�0Z�ZX�XN�N0�0A�AH�HR�Rl�lc�c3�3R�Rw�wY�YX�XN�Nz�z
235 Authentication successful
! Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded form of
! username\0username\0password (the \0 is a null byte). The example above is for
! a user named `test' with password `testpass'.
In order to generate base64 encoded authentication information you can use one
of the following commands:
! % printf 'username\0username\0password' | mmencode
% perl -MMIME::Base64 -e \
! 'print encode_base64("username\0username\0password");'
The mmencode command is part of the metamail software. MIME::Base64 is
available from http://www.cpan.org/.
--- 356,375 ----
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
! A�AU�UT�TH�H P�PL�LA�AI�IN�N A�AH�HR�Rl�lc�c3�3Q�QA�Ad�dG�GV�Vz�zd�dH�HB�Bh�hc�c3�3M�M=�=
235 Authentication successful
! Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded form of
! \0username\0password (the \0 is a null byte). The example above is for a user
! named `test' with password `testpass'.
In order to generate base64 encoded authentication information you can use one
of the following commands:
! % printf '\0username\0password' | mmencode
% perl -MMIME::Base64 -e \
! 'print encode_base64("\0username\0password");'
The mmencode command is part of the metamail software. MIME::Base64 is
available from http://www.cpan.org/.
diff -cr --new-file /var/tmp/postfix-2.4.3/RELEASE_NOTES ./RELEASE_NOTES
*** /var/tmp/postfix-2.4.3/RELEASE_NOTES Wed Mar 28 14:18:39 2007
--- ./RELEASE_NOTES Fri Jul 20 11:27:38 2007
***************
*** 11,16 ****
--- 11,30 ----
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
+ Incompatibility with Postfix 2.4.4
+ ==================================
+
+ By default, the Postfix Cyrus SASL client no longer sends a SASL
+ authoriZation ID (authzid); it sends only the SASL authentiCation
+ ID (authcid) plus the authcid's password. Specify "send_cyrus_sasl_authzid
+ = yes" to get the old behavior, which is to send the (authzid,
+ authcid, password), with the authzid equal to the authcid. This
+ workaround for non-Cyrus SASL servers is back-ported from Postfix
+ 2.5.
+
+ Release notes for Postfix 2.4.0
+ ===============================
+
Major changes - critical
------------------------
diff -cr --new-file /var/tmp/postfix-2.4.3/examples/chroot-setup/Solaris10 ./examples/chroot-setup/Solaris10
*** /var/tmp/postfix-2.4.3/examples/chroot-setup/Solaris10 Sun Dec 12 10:34:18 2004
--- ./examples/chroot-setup/Solaris10 Tue Jun 19 06:19:55 2007
***************
*** 61,66 ****
--- 61,67 ----
/dev/tcp6
/dev/udp
/dev/tcp
+ /dev/poll
/dev/rawip
/dev/ticlts
/dev/ticotsord
***************
*** 71,76 ****
--- 72,78 ----
/devices/pseudo/tcp6@0:tcp6
/devices/pseudo/udp@0:udp
/devices/pseudo/tcp@0:tcp
+ /devices/pseudo/poll@0:poll
/devices/pseudo/icmp@0:icmp
/devices/pseudo/tl@0:ticlts
/devices/pseudo/tl@0:ticotsord
diff -cr --new-file /var/tmp/postfix-2.4.3/examples/chroot-setup/Solaris8 ./examples/chroot-setup/Solaris8
*** /var/tmp/postfix-2.4.3/examples/chroot-setup/Solaris8 Fri May 20 04:49:37 2005
--- ./examples/chroot-setup/Solaris8 Tue Jun 19 06:19:55 2007
***************
*** 61,66 ****
--- 61,67 ----
/dev/tcp6
/dev/udp
/dev/tcp
+ /dev/poll
/dev/rawip
/dev/ticlts
/dev/ticotsord
***************
*** 71,76 ****
--- 72,78 ----
/devices/pseudo/tcp6@0:tcp6
/devices/pseudo/udp@0:udp
/devices/pseudo/tcp@0:tcp
+ /devices/pseudo/poll@0:poll
/devices/pseudo/icmp@0:icmp
/devices/pseudo/tl@0:ticlts
/devices/pseudo/tl@0:ticotsord
diff -cr --new-file /var/tmp/postfix-2.4.3/html/SASL_README.html ./html/SASL_README.html
*** /var/tmp/postfix-2.4.3/html/SASL_README.html Tue Mar 13 19:53:54 2007
--- ./html/SASL_README.html Tue Jul 10 13:36:32 2007
***************
*** 537,549 ****
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
! AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz
235 Authentication successful
! Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded
! form of username\0username\0password (the \0 is a null byte). The
example above is for a user named `test' with password `testpass'.
--- 537,549 ----
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
! AUTH PLAIN AHRlc3QAdGVzdHBhc3M=
235 Authentication successful
! Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded
! form of \0username\0password (the \0 is a null byte). The
example above is for a user named `test' with password `testpass'.
***************
*** 552,565 ****
! % printf 'username\0username\0password' | mmencode
% perl -MMIME::Base64 -e \
! 'print encode_base64("username\0username\0password");'
--- 552,565 ----
! % printf '\0username\0password' | mmencode
% perl -MMIME::Base64 -e \
! 'print encode_base64("\0username\0password");'
diff -cr --new-file /var/tmp/postfix-2.4.3/html/lmtp.8.html ./html/lmtp.8.html
*** /var/tmp/postfix-2.4.3/html/lmtp.8.html Sun Mar 25 18:46:38 2007
--- ./html/lmtp.8.html Fri Jul 20 11:25:24 2007
***************
*** 253,263 ****
will ignore in the LHLO response from a remote LMTP
server.
MIME PROCESSING CONTROLS
Available in Postfix version 2.0 and later:
disable_mime_output_conversion (no)
! Disable the conversion of 8BITMIME format to 7BIT
format.
mime_boundary_length_limit (2048)
--- 253,271 ----
will ignore in the LHLO response from a remote LMTP
server.
+ Available in Postfix version 2.4.4 and later:
+
+ send_cyrus_sasl_authzid (no)
+ When authenticating to a remote SMTP or LMTP server
+ with the default setting "no", send no SASL autho-
+ riZation ID (authzid); send only the SASL authenti-
+ Cation ID (authcid) plus the authcid's password.
+
MIME PROCESSING CONTROLS
Available in Postfix version 2.0 and later:
disable_mime_output_conversion (no)
! Disable the conversion of 8BITMIME format to 7BIT
format.
mime_boundary_length_limit (2048)
***************
*** 272,361 ****
Available in Postfix version 2.1 and later:
smtp_send_xforward_command (no)
! Send the non-standard XFORWARD command when the
! Postfix SMTP server EHLO response announces XFOR-
WARD support.
SASL AUTHENTICATION CONTROLS
smtp_sasl_auth_enable (no)
! Enable SASL authentication in the Postfix SMTP
client.
smtp_sasl_password_maps (empty)
! Optional SMTP client lookup tables with one user-
! name:password entry per remote hostname or domain,
or sender address when sender-dependent authentica-
tion is enabled.
smtp_sasl_security_options (noplaintext, noanonymous)
! SASL security options; as of Postfix 2.3 the list
! of available features depends on the SASL client
! implementation that is selected with
smtp_sasl_type.
Available in Postfix version 2.2 and later:
smtp_sasl_mechanism_filter (empty)
! If non-empty, a Postfix SMTP client filter for the
! remote SMTP server's list of offered SASL mecha-
nisms.
Available in Postfix version 2.3 and later:
smtp_sender_dependent_authentication (no)
Enable sender-dependent authentication in the Post-
! fix SMTP client; this is available only with SASL
! authentication, and disables SMTP connection
! caching to ensure that mail from different senders
will use the appropriate credentials.
smtp_sasl_path (empty)
! Implementation-specific information that is passed
! through to the SASL plug-in implementation that is
selected with smtp_sasl_type.
smtp_sasl_type (cyrus)
! The SASL plug-in type that the Postfix SMTP client
should use for authentication.
STARTTLS SUPPORT CONTROLS
! Detailed information about STARTTLS configuration may be
found in the TLS_README document.
smtp_tls_security_level (empty)
The default SMTP TLS security level for the Postfix
! SMTP client; when a non-empty value is specified,
! this overrides the obsolete parameters
smtp_use_tls, smtp_enforce_tls, and
smtp_tls_enforce_peername.
smtp_sasl_tls_security_options ($smtp_sasl_secu-
rity_options)
! The SASL authentication security options that the
! Postfix SMTP client uses for TLS encrypted SMTP
sessions.
smtp_starttls_timeout (300s)
! Time limit for Postfix SMTP client write and read
! operations during TLS startup and shutdown hand-
shake procedures.
smtp_tls_CAfile (empty)
! The file with the certificate of the certification
! authority (CA) that issued the Postfix SMTP client
certificate.
smtp_tls_CApath (empty)
! Directory with PEM format certificate authority
! certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
smtp_tls_cert_file (empty)
! File with the Postfix SMTP client RSA certificate
in PEM format.
smtp_tls_mandatory_ciphers (medium)
! The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
smtp_tls_exclude_ciphers (empty)
--- 280,369 ----
Available in Postfix version 2.1 and later:
smtp_send_xforward_command (no)
! Send the non-standard XFORWARD command when the
! Postfix SMTP server EHLO response announces XFOR-
WARD support.
SASL AUTHENTICATION CONTROLS
smtp_sasl_auth_enable (no)
! Enable SASL authentication in the Postfix SMTP
client.
smtp_sasl_password_maps (empty)
! Optional SMTP client lookup tables with one user-
! name:password entry per remote hostname or domain,
or sender address when sender-dependent authentica-
tion is enabled.
smtp_sasl_security_options (noplaintext, noanonymous)
! SASL security options; as of Postfix 2.3 the list
! of available features depends on the SASL client
! implementation that is selected with
smtp_sasl_type.
Available in Postfix version 2.2 and later:
smtp_sasl_mechanism_filter (empty)
! If non-empty, a Postfix SMTP client filter for the
! remote SMTP server's list of offered SASL mecha-
nisms.
Available in Postfix version 2.3 and later:
smtp_sender_dependent_authentication (no)
Enable sender-dependent authentication in the Post-
! fix SMTP client; this is available only with SASL
! authentication, and disables SMTP connection
! caching to ensure that mail from different senders
will use the appropriate credentials.
smtp_sasl_path (empty)
! Implementation-specific information that is passed
! through to the SASL plug-in implementation that is
selected with smtp_sasl_type.
smtp_sasl_type (cyrus)
! The SASL plug-in type that the Postfix SMTP client
should use for authentication.
STARTTLS SUPPORT CONTROLS
! Detailed information about STARTTLS configuration may be
found in the TLS_README document.
smtp_tls_security_level (empty)
The default SMTP TLS security level for the Postfix
! SMTP client; when a non-empty value is specified,
! this overrides the obsolete parameters
smtp_use_tls, smtp_enforce_tls, and
smtp_tls_enforce_peername.
smtp_sasl_tls_security_options ($smtp_sasl_secu-
rity_options)
! The SASL authentication security options that the
! Postfix SMTP client uses for TLS encrypted SMTP
sessions.
smtp_starttls_timeout (300s)
! Time limit for Postfix SMTP client write and read
! operations during TLS startup and shutdown hand-
shake procedures.
smtp_tls_CAfile (empty)
! The file with the certificate of the certification
! authority (CA) that issued the Postfix SMTP client
certificate.
smtp_tls_CApath (empty)
! Directory with PEM format certificate authority
! certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
smtp_tls_cert_file (empty)
! File with the Postfix SMTP client RSA certificate
in PEM format.
smtp_tls_mandatory_ciphers (medium)
! The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
smtp_tls_exclude_ciphers (empty)
***************
*** 364,406 ****
levels.
smtp_tls_mandatory_exclude_ciphers (empty)
! Additional list of ciphers or cipher types to
! exclude from the SMTP client cipher list at manda-
tory TLS security levels.
smtp_tls_dcert_file (empty)
! File with the Postfix SMTP client DSA certificate
in PEM format.
smtp_tls_dkey_file ($smtp_tls_dcert_file)
! File with the Postfix SMTP client DSA private key
in PEM format.
smtp_tls_key_file ($smtp_tls_cert_file)
! File with the Postfix SMTP client RSA private key
in PEM format.
smtp_tls_loglevel (0)
! Enable additional Postfix SMTP client logging of
TLS activity.
smtp_tls_note_starttls_offer (no)
! Log the hostname of a remote SMTP server that
! offers STARTTLS, when TLS is not already enabled
for that server.
smtp_tls_policy_maps (empty)
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
! non-empty value is specified, this overrides the
obsolete smtp_tls_per_site parameter.
smtp_tls_mandatory_protocols (SSLv3, TLSv1)
! List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
smtp_tls_scert_verifydepth (5)
! The verification depth for remote SMTP server cer-
tificates.
smtp_tls_secure_cert_match (nexthop, dot-nexthop)
--- 372,414 ----
levels.
smtp_tls_mandatory_exclude_ciphers (empty)
! Additional list of ciphers or cipher types to
! exclude from the SMTP client cipher list at manda-
tory TLS security levels.
smtp_tls_dcert_file (empty)
! File with the Postfix SMTP client DSA certificate
in PEM format.
smtp_tls_dkey_file ($smtp_tls_dcert_file)
! File with the Postfix SMTP client DSA private key
in PEM format.
smtp_tls_key_file ($smtp_tls_cert_file)
! File with the Postfix SMTP client RSA private key
in PEM format.
smtp_tls_loglevel (0)
! Enable additional Postfix SMTP client logging of
TLS activity.
smtp_tls_note_starttls_offer (no)
! Log the hostname of a remote SMTP server that
! offers STARTTLS, when TLS is not already enabled
for that server.
smtp_tls_policy_maps (empty)
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
! non-empty value is specified, this overrides the
obsolete smtp_tls_per_site parameter.
smtp_tls_mandatory_protocols (SSLv3, TLSv1)
! List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
smtp_tls_scert_verifydepth (5)
! The verification depth for remote SMTP server cer-
tificates.
smtp_tls_secure_cert_match (nexthop, dot-nexthop)
***************
*** 408,414 ****
for the "secure" TLS security level.
smtp_tls_session_cache_database (empty)
! Name of the file containing the optional Postfix
SMTP client TLS session cache.
smtp_tls_session_cache_timeout (3600s)
--- 416,422 ----
for the "secure" TLS security level.
smtp_tls_session_cache_database (empty)
! Name of the file containing the optional Postfix
SMTP client TLS session cache.
smtp_tls_session_cache_timeout (3600s)
***************
*** 420,428 ****
for the "verify" TLS security level.
tls_daemon_random_bytes (32)
! The number of pseudo-random bytes that an smtp(8)
! or smtpd(8) process requests from the tlsmgr(8)
! server in order to seed its internal pseudo random
number generator (PRNG).
tls_high_cipherlist
--- 428,436 ----
for the "verify" TLS security level.
tls_daemon_random_bytes (32)
! The number of pseudo-random bytes that an smtp(8)
! or smtpd(8) process requests from the tlsmgr(8)
! server in order to seed its internal pseudo random
number generator (PRNG).
tls_high_cipherlist
***************
*** 434,440 ****
ciphers.
tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
! The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
tls_export_cipherlist (ALL:+RC4:@STRENGTH)
--- 442,448 ----
ciphers.
tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
! The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
tls_export_cipherlist (ALL:+RC4:@STRENGTH)
***************
*** 442,481 ****
ciphers.
tls_null_cipherlist (eNULL:!aNULL)
! The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
smtp_sasl_tls_verified_security_options
($smtp_sasl_tls_security_options)
! The SASL authentication security options that the
! Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
OBSOLETE STARTTLS CONTROLS
! The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
smtp_use_tls (no)
! Opportunistic mode: use TLS when a remote SMTP
! server announces STARTTLS support, otherwise send
the mail in the clear.
smtp_enforce_tls (no)
! Enforcement mode: require that remote SMTP servers
! use TLS encryption, and never send mail in the
clear.
smtp_tls_enforce_peername (yes)
! With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
smtp_tls_per_site (empty)
Optional lookup tables with the Postfix SMTP client
! TLS usage policy by next-hop destination and by
remote SMTP server hostname.
smtp_tls_cipherlist (empty)
--- 450,489 ----
ciphers.
tls_null_cipherlist (eNULL:!aNULL)
! The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
smtp_sasl_tls_verified_security_options
($smtp_sasl_tls_security_options)
! The SASL authentication security options that the
! Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
OBSOLETE STARTTLS CONTROLS
! The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
smtp_use_tls (no)
! Opportunistic mode: use TLS when a remote SMTP
! server announces STARTTLS support, otherwise send
the mail in the clear.
smtp_enforce_tls (no)
! Enforcement mode: require that remote SMTP servers
! use TLS encryption, and never send mail in the
clear.
smtp_tls_enforce_peername (yes)
! With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
smtp_tls_per_site (empty)
Optional lookup tables with the Postfix SMTP client
! TLS usage policy by next-hop destination and by
remote SMTP server hostname.
smtp_tls_cipherlist (empty)
***************
*** 485,511 ****
RESOURCE AND RATE CONTROLS
smtp_destination_concurrency_limit ($default_destina-
tion_concurrency_limit)
! The maximal number of parallel deliveries to the
! same destination via the smtp message delivery
transport.
smtp_destination_recipient_limit ($default_destina-
tion_recipient_limit)
! The maximal number of recipients per delivery via
the smtp message delivery transport.
smtp_connect_timeout (30s)
! The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
smtp_helo_timeout (300s)
! The SMTP client time limit for sending the HELO or
! EHLO command, and for receiving the initial server
response.
lmtp_lhlo_timeout (300s)
! The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
--- 493,519 ----
RESOURCE AND RATE CONTROLS
smtp_destination_concurrency_limit ($default_destina-
tion_concurrency_limit)
! The maximal number of parallel deliveries to the
! same destination via the smtp message delivery
transport.
smtp_destination_recipient_limit ($default_destina-
tion_recipient_limit)
! The maximal number of recipients per delivery via
the smtp message delivery transport.
smtp_connect_timeout (30s)
! The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
smtp_helo_timeout (300s)
! The SMTP client time limit for sending the HELO or
! EHLO command, and for receiving the initial server
response.
lmtp_lhlo_timeout (300s)
! The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
***************
*** 514,543 ****
command, and for receiving the server response.
smtp_mail_timeout (300s)
! The SMTP client time limit for sending the MAIL
! FROM command, and for receiving the server
response.
smtp_rcpt_timeout (300s)
! The SMTP client time limit for sending the SMTP
! RCPT TO command, and for receiving the server
response.
smtp_data_init_timeout (120s)
! The SMTP client time limit for sending the SMTP
! DATA command, and for receiving the server
response.
smtp_data_xfer_timeout (180s)
! The SMTP client time limit for sending the SMTP
message content.
smtp_data_done_timeout (600s)
! The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
smtp_quit_timeout (300s)
! The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
--- 522,551 ----
command, and for receiving the server response.
smtp_mail_timeout (300s)
! The SMTP client time limit for sending the MAIL
! FROM command, and for receiving the server
response.
smtp_rcpt_timeout (300s)
! The SMTP client time limit for sending the SMTP
! RCPT TO command, and for receiving the server
response.
smtp_data_init_timeout (120s)
! The SMTP client time limit for sending the SMTP
! DATA command, and for receiving the server
response.
smtp_data_xfer_timeout (180s)
! The SMTP client time limit for sending the SMTP
message content.
smtp_data_done_timeout (600s)
! The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
smtp_quit_timeout (300s)
! The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
***************
*** 548,559 ****
lookups, or zero (no limit).
smtp_mx_session_limit (2)
! The maximal number of SMTP sessions per delivery
! request before giving up or delivering to a fall-
back relay host, or zero (no limit).
smtp_rset_timeout (20s)
! The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
--- 556,567 ----
lookups, or zero (no limit).
smtp_mx_session_limit (2)
! The maximal number of SMTP sessions per delivery
! request before giving up or delivering to a fall-
back relay host, or zero (no limit).
smtp_rset_timeout (20s)
! The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
***************
*** 565,575 ****
Available in Postfix version 2.2 and later:
smtp_connection_cache_destinations (empty)
! Permanently enable SMTP connection caching for the
specified destinations.
smtp_connection_cache_on_demand (yes)
! Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
--- 573,583 ----
Available in Postfix version 2.2 and later:
smtp_connection_cache_destinations (empty)
! Permanently enable SMTP connection caching for the
specified destinations.
smtp_connection_cache_on_demand (yes)
! Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
***************
*** 579,640 ****
smtp_connection_cache_time_limit (2s)
When SMTP connection caching is enabled, the amount
! of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
connection_cache_protocol_timeout (5s)
! Time limit for connection cache connect, send or
receive operations.
TROUBLE SHOOTING CONTROLS
debug_peer_level (2)
! The increment in verbose logging level when a
! remote client or server matches a pattern in the
debug_peer_list parameter.
debug_peer_list (empty)
! Optional list of remote client or server hostname
! or network address patterns that cause the verbose
! logging level to increase by the amount specified
in $debug_peer_level.
error_notice_recipient (postmaster)
! The recipient of postmaster notifications about
! mail delivery problems that are caused by policy,
resource, software or protocol errors.
internal_mail_filter_classes (empty)
! What categories of Postfix-generated mail are sub-
! ject to before-queue content inspection by
non_smtpd_milters, header_checks and body_checks.
notify_classes (resource, software)
! The list of error classes that are reported to the
postmaster.
MISCELLANEOUS CONTROLS
best_mx_transport (empty)
! Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
config_directory (see 'postconf -d' output)
! The default location of the Postfix main.cf and
master.cf configuration files.
daemon_timeout (18000s)
! How much time a Postfix daemon process may take to
! handle a request before it is terminated by a
built-in watchdog timer.
delay_logging_resolution_limit (2)
! The maximal number of digits after the decimal
point when logging sub-second delay values.
disable_dns_lookups (no)
! Disable DNS lookups in the Postfix SMTP and LMTP
clients.
inet_interfaces (all)
--- 587,648 ----
smtp_connection_cache_time_limit (2s)
When SMTP connection caching is enabled, the amount
! of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
connection_cache_protocol_timeout (5s)
! Time limit for connection cache connect, send or
receive operations.
TROUBLE SHOOTING CONTROLS
debug_peer_level (2)
! The increment in verbose logging level when a
! remote client or server matches a pattern in the
debug_peer_list parameter.
debug_peer_list (empty)
! Optional list of remote client or server hostname
! or network address patterns that cause the verbose
! logging level to increase by the amount specified
in $debug_peer_level.
error_notice_recipient (postmaster)
! The recipient of postmaster notifications about
! mail delivery problems that are caused by policy,
resource, software or protocol errors.
internal_mail_filter_classes (empty)
! What categories of Postfix-generated mail are sub-
! ject to before-queue content inspection by
non_smtpd_milters, header_checks and body_checks.
notify_classes (resource, software)
! The list of error classes that are reported to the
postmaster.
MISCELLANEOUS CONTROLS
best_mx_transport (empty)
! Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
config_directory (see 'postconf -d' output)
! The default location of the Postfix main.cf and
master.cf configuration files.
daemon_timeout (18000s)
! How much time a Postfix daemon process may take to
! handle a request before it is terminated by a
built-in watchdog timer.
delay_logging_resolution_limit (2)
! The maximal number of digits after the decimal
point when logging sub-second delay values.
disable_dns_lookups (no)
! Disable DNS lookups in the Postfix SMTP and LMTP
clients.
inet_interfaces (all)
***************
*** 642,648 ****
tem receives mail on.
inet_protocols (ipv4)
! The Internet protocols Postfix will attempt to use
when making or accepting connections.
ipc_timeout (3600s)
--- 650,656 ----
tem receives mail on.
inet_protocols (ipv4)
! The Internet protocols Postfix will attempt to use
when making or accepting connections.
ipc_timeout (3600s)
***************
*** 650,724 ****
over an internal communication channel.
lmtp_tcp_port (24)
! The default TCP port that the Postfix LMTP client
connects to.
max_idle (100s)
! The maximum amount of time that an idle Postfix
! daemon process waits for an incoming connection
before terminating voluntarily.
max_use (100)
! The maximal number of incoming connections that a
! Postfix daemon process will service before termi-
nating voluntarily.
process_id (read-only)
! The process ID of a Postfix command or daemon
process.
process_name (read-only)
! The process name of a Postfix command or daemon
process.
proxy_interfaces (empty)
The network interface addresses that this mail sys-
! tem receives mail on by way of a proxy or network
address translation unit.
smtp_bind_address (empty)
! An optional numerical network address that the
! Postfix SMTP client should bind to when making an
IPv4 connection.
smtp_bind_address6 (empty)
! An optional numerical network address that the
! Postfix SMTP client should bind to when making an
IPv6 connection.
smtp_helo_name ($myhostname)
! The hostname to send in the SMTP EHLO or HELO com-
mand.
lmtp_lhlo_name ($myhostname)
The hostname to send in the LMTP LHLO command.
smtp_host_lookup (dns)
! What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
smtp_randomize_addresses (yes)
! Randomize the order of equal-preference MX host
addresses.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (postfix)
! The mail system name that is prepended to the
! process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
fallback_relay (empty)
! Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
smtp_fallback_relay ($fallback_relay)
! Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
SEE ALSO
--- 658,732 ----
over an internal communication channel.
lmtp_tcp_port (24)
! The default TCP port that the Postfix LMTP client
connects to.
max_idle (100s)
! The maximum amount of time that an idle Postfix
! daemon process waits for an incoming connection
before terminating voluntarily.
max_use (100)
! The maximal number of incoming connections that a
! Postfix daemon process will service before termi-
nating voluntarily.
process_id (read-only)
! The process ID of a Postfix command or daemon
process.
process_name (read-only)
! The process name of a Postfix command or daemon
process.
proxy_interfaces (empty)
The network interface addresses that this mail sys-
! tem receives mail on by way of a proxy or network
address translation unit.
smtp_bind_address (empty)
! An optional numerical network address that the
! Postfix SMTP client should bind to when making an
IPv4 connection.
smtp_bind_address6 (empty)
! An optional numerical network address that the
! Postfix SMTP client should bind to when making an
IPv6 connection.
smtp_helo_name ($myhostname)
! The hostname to send in the SMTP EHLO or HELO com-
mand.
lmtp_lhlo_name ($myhostname)
The hostname to send in the LMTP LHLO command.
smtp_host_lookup (dns)
! What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
smtp_randomize_addresses (yes)
! Randomize the order of equal-preference MX host
addresses.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (postfix)
! The mail system name that is prepended to the
! process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
fallback_relay (empty)
! Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
smtp_fallback_relay ($fallback_relay)
! Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
SEE ALSO
***************
*** 736,742 ****
TLS_README, Postfix STARTTLS howto
LICENSE
! The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
--- 744,750 ----
TLS_README, Postfix STARTTLS howto
LICENSE
! The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
diff -cr --new-file /var/tmp/postfix-2.4.3/html/postconf.5.html ./html/postconf.5.html
*** /var/tmp/postfix-2.4.3/html/postconf.5.html Mon Apr 2 19:15:49 2007
--- ./html/postconf.5.html Fri Jul 20 11:25:24 2007
***************
*** 53,58 ****
--- 53,60 ----
"$name" is empty. This form is supported with Postfix version 2.2
and later.
+ Specify "$$" to produce a single "$" character.
+
When the same parameter is defined multiple times, only
***************
*** 6682,6687 ****
--- 6684,6707 ----
The name of the directory with example Postfix configuration files.
+
+
+
+
+ send_cyrus_sasl_authzid
+ (default: no)
+
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid); send
+ only the SASL authentiCation ID (authcid) plus the authcid's password.
+
+
+ The non-default setting "yes" enables the behavior of older
+ Postfix versions. These always send a SASL authzid that is equal
+ to the SASL authcid, but this causes inter-operability problems
+ with some SMTP servers.
+
+ This feature is available in Postfix 2.4.4 and later.
diff -cr --new-file /var/tmp/postfix-2.4.3/html/smtp.8.html ./html/smtp.8.html
*** /var/tmp/postfix-2.4.3/html/smtp.8.html Sun Mar 25 18:46:38 2007
--- ./html/smtp.8.html Fri Jul 20 11:25:24 2007
***************
*** 253,263 ****
will ignore in the LHLO response from a remote LMTP
server.
MIME PROCESSING CONTROLS
Available in Postfix version 2.0 and later:
disable_mime_output_conversion (no)
! Disable the conversion of 8BITMIME format to 7BIT
format.
mime_boundary_length_limit (2048)
--- 253,271 ----
will ignore in the LHLO response from a remote LMTP
server.
+ Available in Postfix version 2.4.4 and later:
+
+ send_cyrus_sasl_authzid (no)
+ When authenticating to a remote SMTP or LMTP server
+ with the default setting "no", send no SASL autho-
+ riZation ID (authzid); send only the SASL authenti-
+ Cation ID (authcid) plus the authcid's password.
+
MIME PROCESSING CONTROLS
Available in Postfix version 2.0 and later:
disable_mime_output_conversion (no)
! Disable the conversion of 8BITMIME format to 7BIT
format.
mime_boundary_length_limit (2048)
***************
*** 272,361 ****
Available in Postfix version 2.1 and later:
smtp_send_xforward_command (no)
! Send the non-standard XFORWARD command when the
! Postfix SMTP server EHLO response announces XFOR-
WARD support.
SASL AUTHENTICATION CONTROLS
smtp_sasl_auth_enable (no)
! Enable SASL authentication in the Postfix SMTP
client.
smtp_sasl_password_maps (empty)
! Optional SMTP client lookup tables with one user-
! name:password entry per remote hostname or domain,
or sender address when sender-dependent authentica-
tion is enabled.
smtp_sasl_security_options (noplaintext, noanonymous)
! SASL security options; as of Postfix 2.3 the list
! of available features depends on the SASL client
! implementation that is selected with
smtp_sasl_type.
Available in Postfix version 2.2 and later:
smtp_sasl_mechanism_filter (empty)
! If non-empty, a Postfix SMTP client filter for the
! remote SMTP server's list of offered SASL mecha-
nisms.
Available in Postfix version 2.3 and later:
smtp_sender_dependent_authentication (no)
Enable sender-dependent authentication in the Post-
! fix SMTP client; this is available only with SASL
! authentication, and disables SMTP connection
! caching to ensure that mail from different senders
will use the appropriate credentials.
smtp_sasl_path (empty)
! Implementation-specific information that is passed
! through to the SASL plug-in implementation that is
selected with smtp_sasl_type.
smtp_sasl_type (cyrus)
! The SASL plug-in type that the Postfix SMTP client
should use for authentication.
STARTTLS SUPPORT CONTROLS
! Detailed information about STARTTLS configuration may be
found in the TLS_README document.
smtp_tls_security_level (empty)
The default SMTP TLS security level for the Postfix
! SMTP client; when a non-empty value is specified,
! this overrides the obsolete parameters
smtp_use_tls, smtp_enforce_tls, and
smtp_tls_enforce_peername.
smtp_sasl_tls_security_options ($smtp_sasl_secu-
rity_options)
! The SASL authentication security options that the
! Postfix SMTP client uses for TLS encrypted SMTP
sessions.
smtp_starttls_timeout (300s)
! Time limit for Postfix SMTP client write and read
! operations during TLS startup and shutdown hand-
shake procedures.
smtp_tls_CAfile (empty)
! The file with the certificate of the certification
! authority (CA) that issued the Postfix SMTP client
certificate.
smtp_tls_CApath (empty)
! Directory with PEM format certificate authority
! certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
smtp_tls_cert_file (empty)
! File with the Postfix SMTP client RSA certificate
in PEM format.
smtp_tls_mandatory_ciphers (medium)
! The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
smtp_tls_exclude_ciphers (empty)
--- 280,369 ----
Available in Postfix version 2.1 and later:
smtp_send_xforward_command (no)
! Send the non-standard XFORWARD command when the
! Postfix SMTP server EHLO response announces XFOR-
WARD support.
SASL AUTHENTICATION CONTROLS
smtp_sasl_auth_enable (no)
! Enable SASL authentication in the Postfix SMTP
client.
smtp_sasl_password_maps (empty)
! Optional SMTP client lookup tables with one user-
! name:password entry per remote hostname or domain,
or sender address when sender-dependent authentica-
tion is enabled.
smtp_sasl_security_options (noplaintext, noanonymous)
! SASL security options; as of Postfix 2.3 the list
! of available features depends on the SASL client
! implementation that is selected with
smtp_sasl_type.
Available in Postfix version 2.2 and later:
smtp_sasl_mechanism_filter (empty)
! If non-empty, a Postfix SMTP client filter for the
! remote SMTP server's list of offered SASL mecha-
nisms.
Available in Postfix version 2.3 and later:
smtp_sender_dependent_authentication (no)
Enable sender-dependent authentication in the Post-
! fix SMTP client; this is available only with SASL
! authentication, and disables SMTP connection
! caching to ensure that mail from different senders
will use the appropriate credentials.
smtp_sasl_path (empty)
! Implementation-specific information that is passed
! through to the SASL plug-in implementation that is
selected with smtp_sasl_type.
smtp_sasl_type (cyrus)
! The SASL plug-in type that the Postfix SMTP client
should use for authentication.
STARTTLS SUPPORT CONTROLS
! Detailed information about STARTTLS configuration may be
found in the TLS_README document.
smtp_tls_security_level (empty)
The default SMTP TLS security level for the Postfix
! SMTP client; when a non-empty value is specified,
! this overrides the obsolete parameters
smtp_use_tls, smtp_enforce_tls, and
smtp_tls_enforce_peername.
smtp_sasl_tls_security_options ($smtp_sasl_secu-
rity_options)
! The SASL authentication security options that the
! Postfix SMTP client uses for TLS encrypted SMTP
sessions.
smtp_starttls_timeout (300s)
! Time limit for Postfix SMTP client write and read
! operations during TLS startup and shutdown hand-
shake procedures.
smtp_tls_CAfile (empty)
! The file with the certificate of the certification
! authority (CA) that issued the Postfix SMTP client
certificate.
smtp_tls_CApath (empty)
! Directory with PEM format certificate authority
! certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
smtp_tls_cert_file (empty)
! File with the Postfix SMTP client RSA certificate
in PEM format.
smtp_tls_mandatory_ciphers (medium)
! The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
smtp_tls_exclude_ciphers (empty)
***************
*** 364,406 ****
levels.
smtp_tls_mandatory_exclude_ciphers (empty)
! Additional list of ciphers or cipher types to
! exclude from the SMTP client cipher list at manda-
tory TLS security levels.
smtp_tls_dcert_file (empty)
! File with the Postfix SMTP client DSA certificate
in PEM format.
smtp_tls_dkey_file ($smtp_tls_dcert_file)
! File with the Postfix SMTP client DSA private key
in PEM format.
smtp_tls_key_file ($smtp_tls_cert_file)
! File with the Postfix SMTP client RSA private key
in PEM format.
smtp_tls_loglevel (0)
! Enable additional Postfix SMTP client logging of
TLS activity.
smtp_tls_note_starttls_offer (no)
! Log the hostname of a remote SMTP server that
! offers STARTTLS, when TLS is not already enabled
for that server.
smtp_tls_policy_maps (empty)
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
! non-empty value is specified, this overrides the
obsolete smtp_tls_per_site parameter.
smtp_tls_mandatory_protocols (SSLv3, TLSv1)
! List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
smtp_tls_scert_verifydepth (5)
! The verification depth for remote SMTP server cer-
tificates.
smtp_tls_secure_cert_match (nexthop, dot-nexthop)
--- 372,414 ----
levels.
smtp_tls_mandatory_exclude_ciphers (empty)
! Additional list of ciphers or cipher types to
! exclude from the SMTP client cipher list at manda-
tory TLS security levels.
smtp_tls_dcert_file (empty)
! File with the Postfix SMTP client DSA certificate
in PEM format.
smtp_tls_dkey_file ($smtp_tls_dcert_file)
! File with the Postfix SMTP client DSA private key
in PEM format.
smtp_tls_key_file ($smtp_tls_cert_file)
! File with the Postfix SMTP client RSA private key
in PEM format.
smtp_tls_loglevel (0)
! Enable additional Postfix SMTP client logging of
TLS activity.
smtp_tls_note_starttls_offer (no)
! Log the hostname of a remote SMTP server that
! offers STARTTLS, when TLS is not already enabled
for that server.
smtp_tls_policy_maps (empty)
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
! non-empty value is specified, this overrides the
obsolete smtp_tls_per_site parameter.
smtp_tls_mandatory_protocols (SSLv3, TLSv1)
! List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
smtp_tls_scert_verifydepth (5)
! The verification depth for remote SMTP server cer-
tificates.
smtp_tls_secure_cert_match (nexthop, dot-nexthop)
***************
*** 408,414 ****
for the "secure" TLS security level.
smtp_tls_session_cache_database (empty)
! Name of the file containing the optional Postfix
SMTP client TLS session cache.
smtp_tls_session_cache_timeout (3600s)
--- 416,422 ----
for the "secure" TLS security level.
smtp_tls_session_cache_database (empty)
! Name of the file containing the optional Postfix
SMTP client TLS session cache.
smtp_tls_session_cache_timeout (3600s)
***************
*** 420,428 ****
for the "verify" TLS security level.
tls_daemon_random_bytes (32)
! The number of pseudo-random bytes that an smtp(8)
! or smtpd(8) process requests from the tlsmgr(8)
! server in order to seed its internal pseudo random
number generator (PRNG).
tls_high_cipherlist
--- 428,436 ----
for the "verify" TLS security level.
tls_daemon_random_bytes (32)
! The number of pseudo-random bytes that an smtp(8)
! or smtpd(8) process requests from the tlsmgr(8)
! server in order to seed its internal pseudo random
number generator (PRNG).
tls_high_cipherlist
***************
*** 434,440 ****
ciphers.
tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
! The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
tls_export_cipherlist (ALL:+RC4:@STRENGTH)
--- 442,448 ----
ciphers.
tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)
! The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
tls_export_cipherlist (ALL:+RC4:@STRENGTH)
***************
*** 442,481 ****
ciphers.
tls_null_cipherlist (eNULL:!aNULL)
! The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
smtp_sasl_tls_verified_security_options
($smtp_sasl_tls_security_options)
! The SASL authentication security options that the
! Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
OBSOLETE STARTTLS CONTROLS
! The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
smtp_use_tls (no)
! Opportunistic mode: use TLS when a remote SMTP
! server announces STARTTLS support, otherwise send
the mail in the clear.
smtp_enforce_tls (no)
! Enforcement mode: require that remote SMTP servers
! use TLS encryption, and never send mail in the
clear.
smtp_tls_enforce_peername (yes)
! With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
smtp_tls_per_site (empty)
Optional lookup tables with the Postfix SMTP client
! TLS usage policy by next-hop destination and by
remote SMTP server hostname.
smtp_tls_cipherlist (empty)
--- 450,489 ----
ciphers.
tls_null_cipherlist (eNULL:!aNULL)
! The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
smtp_sasl_tls_verified_security_options
($smtp_sasl_tls_security_options)
! The SASL authentication security options that the
! Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
OBSOLETE STARTTLS CONTROLS
! The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
smtp_use_tls (no)
! Opportunistic mode: use TLS when a remote SMTP
! server announces STARTTLS support, otherwise send
the mail in the clear.
smtp_enforce_tls (no)
! Enforcement mode: require that remote SMTP servers
! use TLS encryption, and never send mail in the
clear.
smtp_tls_enforce_peername (yes)
! With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
smtp_tls_per_site (empty)
Optional lookup tables with the Postfix SMTP client
! TLS usage policy by next-hop destination and by
remote SMTP server hostname.
smtp_tls_cipherlist (empty)
***************
*** 485,511 ****
RESOURCE AND RATE CONTROLS
smtp_destination_concurrency_limit ($default_destina-
tion_concurrency_limit)
! The maximal number of parallel deliveries to the
! same destination via the smtp message delivery
transport.
smtp_destination_recipient_limit ($default_destina-
tion_recipient_limit)
! The maximal number of recipients per delivery via
the smtp message delivery transport.
smtp_connect_timeout (30s)
! The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
smtp_helo_timeout (300s)
! The SMTP client time limit for sending the HELO or
! EHLO command, and for receiving the initial server
response.
lmtp_lhlo_timeout (300s)
! The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
--- 493,519 ----
RESOURCE AND RATE CONTROLS
smtp_destination_concurrency_limit ($default_destina-
tion_concurrency_limit)
! The maximal number of parallel deliveries to the
! same destination via the smtp message delivery
transport.
smtp_destination_recipient_limit ($default_destina-
tion_recipient_limit)
! The maximal number of recipients per delivery via
the smtp message delivery transport.
smtp_connect_timeout (30s)
! The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
smtp_helo_timeout (300s)
! The SMTP client time limit for sending the HELO or
! EHLO command, and for receiving the initial server
response.
lmtp_lhlo_timeout (300s)
! The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
***************
*** 514,543 ****
command, and for receiving the server response.
smtp_mail_timeout (300s)
! The SMTP client time limit for sending the MAIL
! FROM command, and for receiving the server
response.
smtp_rcpt_timeout (300s)
! The SMTP client time limit for sending the SMTP
! RCPT TO command, and for receiving the server
response.
smtp_data_init_timeout (120s)
! The SMTP client time limit for sending the SMTP
! DATA command, and for receiving the server
response.
smtp_data_xfer_timeout (180s)
! The SMTP client time limit for sending the SMTP
message content.
smtp_data_done_timeout (600s)
! The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
smtp_quit_timeout (300s)
! The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
--- 522,551 ----
command, and for receiving the server response.
smtp_mail_timeout (300s)
! The SMTP client time limit for sending the MAIL
! FROM command, and for receiving the server
response.
smtp_rcpt_timeout (300s)
! The SMTP client time limit for sending the SMTP
! RCPT TO command, and for receiving the server
response.
smtp_data_init_timeout (120s)
! The SMTP client time limit for sending the SMTP
! DATA command, and for receiving the server
response.
smtp_data_xfer_timeout (180s)
! The SMTP client time limit for sending the SMTP
message content.
smtp_data_done_timeout (600s)
! The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
smtp_quit_timeout (300s)
! The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
***************
*** 548,559 ****
lookups, or zero (no limit).
smtp_mx_session_limit (2)
! The maximal number of SMTP sessions per delivery
! request before giving up or delivering to a fall-
back relay host, or zero (no limit).
smtp_rset_timeout (20s)
! The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
--- 556,567 ----
lookups, or zero (no limit).
smtp_mx_session_limit (2)
! The maximal number of SMTP sessions per delivery
! request before giving up or delivering to a fall-
back relay host, or zero (no limit).
smtp_rset_timeout (20s)
! The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
***************
*** 565,575 ****
Available in Postfix version 2.2 and later:
smtp_connection_cache_destinations (empty)
! Permanently enable SMTP connection caching for the
specified destinations.
smtp_connection_cache_on_demand (yes)
! Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
--- 573,583 ----
Available in Postfix version 2.2 and later:
smtp_connection_cache_destinations (empty)
! Permanently enable SMTP connection caching for the
specified destinations.
smtp_connection_cache_on_demand (yes)
! Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
***************
*** 579,640 ****
smtp_connection_cache_time_limit (2s)
When SMTP connection caching is enabled, the amount
! of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
connection_cache_protocol_timeout (5s)
! Time limit for connection cache connect, send or
receive operations.
TROUBLE SHOOTING CONTROLS
debug_peer_level (2)
! The increment in verbose logging level when a
! remote client or server matches a pattern in the
debug_peer_list parameter.
debug_peer_list (empty)
! Optional list of remote client or server hostname
! or network address patterns that cause the verbose
! logging level to increase by the amount specified
in $debug_peer_level.
error_notice_recipient (postmaster)
! The recipient of postmaster notifications about
! mail delivery problems that are caused by policy,
resource, software or protocol errors.
internal_mail_filter_classes (empty)
! What categories of Postfix-generated mail are sub-
! ject to before-queue content inspection by
non_smtpd_milters, header_checks and body_checks.
notify_classes (resource, software)
! The list of error classes that are reported to the
postmaster.
MISCELLANEOUS CONTROLS
best_mx_transport (empty)
! Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
config_directory (see 'postconf -d' output)
! The default location of the Postfix main.cf and
master.cf configuration files.
daemon_timeout (18000s)
! How much time a Postfix daemon process may take to
! handle a request before it is terminated by a
built-in watchdog timer.
delay_logging_resolution_limit (2)
! The maximal number of digits after the decimal
point when logging sub-second delay values.
disable_dns_lookups (no)
! Disable DNS lookups in the Postfix SMTP and LMTP
clients.
inet_interfaces (all)
--- 587,648 ----
smtp_connection_cache_time_limit (2s)
When SMTP connection caching is enabled, the amount
! of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
connection_cache_protocol_timeout (5s)
! Time limit for connection cache connect, send or
receive operations.
TROUBLE SHOOTING CONTROLS
debug_peer_level (2)
! The increment in verbose logging level when a
! remote client or server matches a pattern in the
debug_peer_list parameter.
debug_peer_list (empty)
! Optional list of remote client or server hostname
! or network address patterns that cause the verbose
! logging level to increase by the amount specified
in $debug_peer_level.
error_notice_recipient (postmaster)
! The recipient of postmaster notifications about
! mail delivery problems that are caused by policy,
resource, software or protocol errors.
internal_mail_filter_classes (empty)
! What categories of Postfix-generated mail are sub-
! ject to before-queue content inspection by
non_smtpd_milters, header_checks and body_checks.
notify_classes (resource, software)
! The list of error classes that are reported to the
postmaster.
MISCELLANEOUS CONTROLS
best_mx_transport (empty)
! Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
config_directory (see 'postconf -d' output)
! The default location of the Postfix main.cf and
master.cf configuration files.
daemon_timeout (18000s)
! How much time a Postfix daemon process may take to
! handle a request before it is terminated by a
built-in watchdog timer.
delay_logging_resolution_limit (2)
! The maximal number of digits after the decimal
point when logging sub-second delay values.
disable_dns_lookups (no)
! Disable DNS lookups in the Postfix SMTP and LMTP
clients.
inet_interfaces (all)
***************
*** 642,648 ****
tem receives mail on.
inet_protocols (ipv4)
! The Internet protocols Postfix will attempt to use
when making or accepting connections.
ipc_timeout (3600s)
--- 650,656 ----
tem receives mail on.
inet_protocols (ipv4)
! The Internet protocols Postfix will attempt to use
when making or accepting connections.
ipc_timeout (3600s)
***************
*** 650,724 ****
over an internal communication channel.
lmtp_tcp_port (24)
! The default TCP port that the Postfix LMTP client
connects to.
max_idle (100s)
! The maximum amount of time that an idle Postfix
! daemon process waits for an incoming connection
before terminating voluntarily.
max_use (100)
! The maximal number of incoming connections that a
! Postfix daemon process will service before termi-
nating voluntarily.
process_id (read-only)
! The process ID of a Postfix command or daemon
process.
process_name (read-only)
! The process name of a Postfix command or daemon
process.
proxy_interfaces (empty)
The network interface addresses that this mail sys-
! tem receives mail on by way of a proxy or network
address translation unit.
smtp_bind_address (empty)
! An optional numerical network address that the
! Postfix SMTP client should bind to when making an
IPv4 connection.
smtp_bind_address6 (empty)
! An optional numerical network address that the
! Postfix SMTP client should bind to when making an
IPv6 connection.
smtp_helo_name ($myhostname)
! The hostname to send in the SMTP EHLO or HELO com-
mand.
lmtp_lhlo_name ($myhostname)
The hostname to send in the LMTP LHLO command.
smtp_host_lookup (dns)
! What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
smtp_randomize_addresses (yes)
! Randomize the order of equal-preference MX host
addresses.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (postfix)
! The mail system name that is prepended to the
! process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
fallback_relay (empty)
! Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
smtp_fallback_relay ($fallback_relay)
! Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
SEE ALSO
--- 658,732 ----
over an internal communication channel.
lmtp_tcp_port (24)
! The default TCP port that the Postfix LMTP client
connects to.
max_idle (100s)
! The maximum amount of time that an idle Postfix
! daemon process waits for an incoming connection
before terminating voluntarily.
max_use (100)
! The maximal number of incoming connections that a
! Postfix daemon process will service before termi-
nating voluntarily.
process_id (read-only)
! The process ID of a Postfix command or daemon
process.
process_name (read-only)
! The process name of a Postfix command or daemon
process.
proxy_interfaces (empty)
The network interface addresses that this mail sys-
! tem receives mail on by way of a proxy or network
address translation unit.
smtp_bind_address (empty)
! An optional numerical network address that the
! Postfix SMTP client should bind to when making an
IPv4 connection.
smtp_bind_address6 (empty)
! An optional numerical network address that the
! Postfix SMTP client should bind to when making an
IPv6 connection.
smtp_helo_name ($myhostname)
! The hostname to send in the SMTP EHLO or HELO com-
mand.
lmtp_lhlo_name ($myhostname)
The hostname to send in the LMTP LHLO command.
smtp_host_lookup (dns)
! What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
smtp_randomize_addresses (yes)
! Randomize the order of equal-preference MX host
addresses.
syslog_facility (mail)
The syslog facility of Postfix logging.
syslog_name (postfix)
! The mail system name that is prepended to the
! process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
fallback_relay (empty)
! Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
smtp_fallback_relay ($fallback_relay)
! Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
SEE ALSO
***************
*** 736,742 ****
TLS_README, Postfix STARTTLS howto
LICENSE
! The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
--- 744,750 ----
TLS_README, Postfix STARTTLS howto
LICENSE
! The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
diff -cr --new-file /var/tmp/postfix-2.4.3/man/man5/postconf.5 ./man/man5/postconf.5
*** /var/tmp/postfix-2.4.3/man/man5/postconf.5 Sun Mar 25 11:18:47 2007
--- ./man/man5/postconf.5 Fri Jul 20 11:25:24 2007
***************
*** 42,47 ****
--- 42,49 ----
The expression "${name:value}" expands to "value" when
"$name" is empty. This form is supported with Postfix
version 2.2 and later.
+ .IP \(bu
+ Specify "$$" to produce a single "$" character.
.RE
.IP \(bu
When the same parameter is defined multiple times, only the last
***************
*** 3709,3714 ****
--- 3711,3727 ----
This feature is available in Postfix 2.0 and later.
.SH sample_directory (default: /etc/postfix)
The name of the directory with example Postfix configuration files.
+ .SH send_cyrus_sasl_authzid (default: no)
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid); send
+ only the SASL authentiCation ID (authcid) plus the authcid's password.
+ .PP
+ The non-default setting "yes" enables the behavior of older
+ Postfix versions. These always send a SASL authzid that is equal
+ to the SASL authcid, but this causes inter-operability problems
+ with some SMTP servers.
+ .PP
+ This feature is available in Postfix 2.4.4 and later.
.SH sender_based_routing (default: no)
This parameter should not be used. It was replaced by sender_dependent_relayhost_maps
in Postfix version 2.3.
diff -cr --new-file /var/tmp/postfix-2.4.3/man/man8/smtp.8 ./man/man8/smtp.8
*** /var/tmp/postfix-2.4.3/man/man8/smtp.8 Sun Mar 25 18:46:38 2007
--- ./man/man8/smtp.8 Fri Jul 20 11:25:24 2007
***************
*** 226,231 ****
--- 226,237 ----
A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the LMTP client will ignore in the LHLO response
from a remote LMTP server.
+ .PP
+ Available in Postfix version 2.4.4 and later:
+ .IP "\fBsend_cyrus_sasl_authzid (no)\fR"
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid); send
+ only the SASL authentiCation ID (authcid) plus the authcid's password.
.SH "MIME PROCESSING CONTROLS"
.na
.nf
diff -cr --new-file /var/tmp/postfix-2.4.3/mantools/postlink ./mantools/postlink
*** /var/tmp/postfix-2.4.3/mantools/postlink Mon Apr 2 19:10:27 2007
--- ./mantools/postlink Tue Jul 10 13:27:12 2007
***************
*** 364,369 ****
--- 364,370 ----
s;\bresolve_dequoted_address\b;$&;g;
s;\brewrite_service_name\b;$&;g;
s;\bsample_directory\b;$&;g;
+ s;\bsend_cyrus_sasl_authzid\b;$&;g;
s;\bsender_based_routing\b;$&;g;
s;\bsender_bcc_maps\b;$&;g;
s;\bsender_canonical_classes\b;$&;g;
diff -cr --new-file /var/tmp/postfix-2.4.3/proto/SASL_README.html ./proto/SASL_README.html
*** /var/tmp/postfix-2.4.3/proto/SASL_README.html Mon Mar 12 20:40:22 2007
--- ./proto/SASL_README.html Tue Jul 10 13:36:23 2007
***************
*** 537,549 ****
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
! AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz
235 Authentication successful
! Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded
! form of username\0username\0password (the \0 is a null byte). The
example above is for a user named `test' with password `testpass'.
--- 537,549 ----
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
! AUTH PLAIN AHRlc3QAdGVzdHBhc3M=
235 Authentication successful
! Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded
! form of \0username\0password (the \0 is a null byte). The
example above is for a user named `test' with password `testpass'.
***************
*** 552,565 ****
! % printf 'username\0username\0password' | mmencode
% perl -MMIME::Base64 -e \
! 'print encode_base64("username\0username\0password");'
--- 552,565 ----
! % printf '\0username\0password' | mmencode
% perl -MMIME::Base64 -e \
! 'print encode_base64("\0username\0password");'
diff -cr --new-file /var/tmp/postfix-2.4.3/proto/postconf.html.prolog ./proto/postconf.html.prolog
*** /var/tmp/postfix-2.4.3/proto/postconf.html.prolog Tue Feb 8 17:18:11 2005
--- ./proto/postconf.html.prolog Wed Jun 13 20:47:33 2007
***************
*** 53,58 ****
--- 53,60 ----
"$name" is empty. This form is supported with Postfix version 2.2
and later.
+ Specify "$$" to produce a single "$" character.
+
When the same parameter is defined multiple times, only
diff -cr --new-file /var/tmp/postfix-2.4.3/proto/postconf.man.prolog ./proto/postconf.man.prolog
*** /var/tmp/postfix-2.4.3/proto/postconf.man.prolog Tue Feb 8 17:18:47 2005
--- ./proto/postconf.man.prolog Wed Jun 13 20:47:59 2007
***************
*** 42,47 ****
--- 42,49 ----
The expression "${name:value}" expands to "value" when
"$name" is empty. This form is supported with Postfix
version 2.2 and later.
+ .IP \(bu
+ Specify "$$" to produce a single "$" character.
.RE
.IP \(bu
When the same parameter is defined multiple times, only the last
diff -cr --new-file /var/tmp/postfix-2.4.3/proto/postconf.proto ./proto/postconf.proto
*** /var/tmp/postfix-2.4.3/proto/postconf.proto Sun Mar 25 11:18:40 2007
--- ./proto/postconf.proto Fri Jul 20 11:24:56 2007
***************
*** 10572,10574 ****
--- 10572,10588 ----
configuration parameter. See there for details.
This feature is available in Postfix 2.4 and later.
+
+ %PARAM send_cyrus_sasl_authzid no
+
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid); send
+ only the SASL authentiCation ID (authcid) plus the authcid's password.
+
+
+ The non-default setting "yes" enables the behavior of older
+ Postfix versions. These always send a SASL authzid that is equal
+ to the SASL authcid, but this causes inter-operability problems
+ with some SMTP servers.
+
+ This feature is available in Postfix 2.4.4 and later.
diff -cr --new-file /var/tmp/postfix-2.4.3/src/cleanup/cleanup_envelope.c ./src/cleanup/cleanup_envelope.c
*** /var/tmp/postfix-2.4.3/src/cleanup/cleanup_envelope.c Tue Jan 16 14:08:07 2007
--- ./src/cleanup/cleanup_envelope.c Mon Jul 30 20:41:04 2007
***************
*** 148,160 ****
#endif
if (type == REC_TYPE_MILT_COUNT) {
/* Not part of queue file format. */
! if (state->milters != 0) {
! msg_warn("%s: message rejected: too many milter instances",
! state->queue_id);
! state->errs |= CLEANUP_STAT_BAD;
! return;
! }
! if ((milter_count = atoi(buf)) > 0)
cleanup_milter_receive(state, milter_count);
return;
}
--- 148,154 ----
#endif
if (type == REC_TYPE_MILT_COUNT) {
/* Not part of queue file format. */
! if ((milter_count = atoi(buf)) >= 0)
cleanup_milter_receive(state, milter_count);
return;
}
diff -cr --new-file /var/tmp/postfix-2.4.3/src/cleanup/cleanup_milter.c ./src/cleanup/cleanup_milter.c
*** /var/tmp/postfix-2.4.3/src/cleanup/cleanup_milter.c Mon Jan 22 08:45:33 2007
--- ./src/cleanup/cleanup_milter.c Mon Jul 30 20:39:41 2007
***************
*** 1314,1319 ****
--- 1314,1321 ----
void cleanup_milter_receive(CLEANUP_STATE *state, int count)
{
+ if (state->milters)
+ milter_free(state->milters);
state->milters = milter_receive(state->src, count);
milter_macro_callback(state->milters, cleanup_milter_eval, (void *) state);
milter_edit_callback(state->milters,
diff -cr --new-file /var/tmp/postfix-2.4.3/src/global/mail_params.c ./src/global/mail_params.c
*** /var/tmp/postfix-2.4.3/src/global/mail_params.c Mon Jul 10 17:29:30 2006
--- ./src/global/mail_params.c Tue Jul 10 13:27:12 2007
***************
*** 106,111 ****
--- 106,112 ----
/* int var_oldlog_compat;
/* int var_delay_max_res;
/* char *var_int_filt_classes;
+ /* int var_cyrus_sasl_authzid;
/*
/* void mail_params_init()
/*
***************
*** 275,280 ****
--- 276,282 ----
int var_oldlog_compat;
int var_delay_max_res;
char *var_int_filt_classes;
+ int var_cyrus_sasl_authzid;
const char null_format_string[1] = "";
***************
*** 543,548 ****
--- 545,551 ----
VAR_VERIFY_NEG_CACHE, DEF_VERIFY_NEG_CACHE, &var_verify_neg_cache,
VAR_OLDLOG_COMPAT, DEF_OLDLOG_COMPAT, &var_oldlog_compat,
VAR_HELPFUL_WARNINGS, DEF_HELPFUL_WARNINGS, &var_helpful_warnings,
+ VAR_CYRUS_SASL_AUTHZID, DEF_CYRUS_SASL_AUTHZID, &var_cyrus_sasl_authzid,
0,
};
const char *cp;
diff -cr --new-file /var/tmp/postfix-2.4.3/src/global/mail_params.h ./src/global/mail_params.h
*** /var/tmp/postfix-2.4.3/src/global/mail_params.h Sat Feb 24 21:15:42 2007
--- ./src/global/mail_params.h Tue Jul 10 19:47:45 2007
***************
*** 41,49 ****
* What problem classes should be reported to the postmaster via email.
* Default is bad problems only. See mail_error(3). Even when mail notices
* are disabled, problems are still logged to the syslog daemon.
*/
#define VAR_NOTIFY_CLASSES "notify_classes"
! #define DEF_NOTIFY_CLASSES "resource, software"
extern char *var_notify_classes;
/*
--- 41,52 ----
* What problem classes should be reported to the postmaster via email.
* Default is bad problems only. See mail_error(3). Even when mail notices
* are disabled, problems are still logged to the syslog daemon.
+ *
+ * Do not add "protocol" to the default setting. It gives Postfix a bad
+ * reputation: people get mail whenever spam software makes a mistake.
*/
#define VAR_NOTIFY_CLASSES "notify_classes"
! #define DEF_NOTIFY_CLASSES "resource, software" /* Not: "protocol" */
extern char *var_notify_classes;
/*
***************
*** 1531,1536 ****
--- 1534,1543 ----
* SASL-based relay etc. control.
*/
#define PERMIT_SASL_AUTH "permit_sasl_authenticated"
+
+ #define VAR_CYRUS_SASL_AUTHZID "send_cyrus_sasl_authzid"
+ #define DEF_CYRUS_SASL_AUTHZID 0
+ extern int var_cyrus_sasl_authzid;
/*
* LMTP client. Timeouts inspired by RFC 1123. The LMTP recipient limit
diff -cr --new-file /var/tmp/postfix-2.4.3/src/milter/milter.c ./src/milter/milter.c
*** /var/tmp/postfix-2.4.3/src/milter/milter.c Wed Mar 14 20:46:12 2007
--- ./src/milter/milter.c Mon Jul 30 20:42:56 2007
***************
*** 97,102 ****
--- 97,106 ----
/* MILTERS *milter_receive(fp, count)
/* VSTREAM *fp;
/* int count;
+ /*
+ /* int milter_dummy(milters, fp)
+ /* MILTERS *milters;
+ /* VSTREAM *fp;
/* DESCRIPTION
/* The functions in this module manage one or more milter (mail
/* filter) clients. Currently, only the Sendmail 8 filter
***************
*** 192,197 ****
--- 196,204 ----
/* milter_receive() receives the specified number of mail
/* filters over the specified stream. The result is a null
/* pointer when no milters were sent, or when an error happened.
+ /*
+ /* milter_dummy() is like milter_send(), except that it sends
+ /* a dummy, but entirely valid, mail filter list.
/* SEE ALSO
/* milter8(3) Sendmail 8 Milter protocol
/* DIAGNOSTICS
***************
*** 587,592 ****
--- 594,609 ----
#define MAIL_ATTR_MILT_EOD "eod_macros"
#define MAIL_ATTR_MILT_UNK "unk_macros"
+ /* milter_dummy - send empty milter list */
+
+ int milter_dummy(MILTERS *milters, VSTREAM *stream)
+ {
+ MILTERS dummy = *milters;
+
+ dummy.milter_list = 0;
+ return (milter_send(&dummy, stream));
+ }
+
/* milter_send - send Milter instances over stream */
int milter_send(MILTERS *milters, VSTREAM *stream)
***************
*** 606,613 ****
for (m = milters->milter_list; m != 0; m = m->next)
if (m->active(m))
count++;
- if (count == 0)
- return (0);
(void) rec_fprintf(stream, REC_TYPE_MILT_COUNT, "%d", count);
/*
--- 623,628 ----
***************
*** 655,663 ****
VSTRING *data_macros;
VSTRING *eod_macros;
VSTRING *unk_macros;
-
- if (count == 0)
- return (0);
/*
* Receive filter macros.
--- 670,675 ----
diff -cr --new-file /var/tmp/postfix-2.4.3/src/milter/milter.h ./src/milter/milter.h
*** /var/tmp/postfix-2.4.3/src/milter/milter.h Tue Jan 9 20:55:23 2007
--- ./src/milter/milter.h Tue Jul 31 13:10:17 2007
***************
*** 99,104 ****
--- 99,105 ----
extern const char *milter_other_event(MILTERS *);
extern void milter_abort(MILTERS *);
extern void milter_disc_event(MILTERS *);
+ extern int milter_dummy(MILTERS *, VSTREAM *);
extern int milter_send(MILTERS *, VSTREAM *);
extern MILTERS *milter_receive(VSTREAM *, int);
extern void milter_free(MILTERS *);
diff -cr --new-file /var/tmp/postfix-2.4.3/src/milter/milter8.c ./src/milter/milter8.c
*** /var/tmp/postfix-2.4.3/src/milter/milter8.c Tue Jan 16 20:08:01 2007
--- ./src/milter/milter8.c Tue Jul 31 13:12:10 2007
***************
*** 64,69 ****
--- 64,73 ----
#include
#include
+ #ifndef SHUT_RDWR
+ #define SHUT_RDWR 2
+ #endif
+
/* Sendmail 8 Milter protocol. */
#ifdef USE_LIBMILTER_INCLUDES
***************
*** 437,443 ****
--- 441,456 ----
{
const char *reply;
+ /*
+ * XXX When the cleanup server closes its end of the Milter socket while
+ * editing a queue file, the SMTP server is left out of sync with the
+ * Milter. Sending an ABORT to the Milters will not restore
+ * synchronization, because there may be any number of Milter replies
+ * already in flight. Workaround: poison the socket and force the SMTP
+ * server to abandon it.
+ */
if (milter->fp != 0) {
+ (void) shutdown(vstream_fileno(milter->fp), SHUT_RDWR);
(void) vstream_fclose(milter->fp);
milter->fp = 0;
}
***************
*** 456,462 ****
--- 469,484 ----
{
const char *reply;
+ /*
+ * XXX When the cleanup server closes its end of the Milter socket while
+ * editing a queue file, the SMTP server is left out of sync with the
+ * Milter. Sending an ABORT to the Milters will not restore
+ * synchronization, because there may be any number of Milter replies
+ * already in flight. Workaround: poison the socket and force the SMTP
+ * server to abandon it.
+ */
if (milter->fp != 0) {
+ (void) shutdown(vstream_fileno(milter->fp), SHUT_RDWR);
(void) vstream_fclose(milter->fp);
milter->fp = 0;
}
***************
*** 873,878 ****
--- 895,901 ----
const char *retval = 0;
VSTRING *body_line_buf = 0;
int done = 0;
+ int body_edit_lockout = 0;
#define DONT_SKIP_REPLY 0
***************
*** 974,983 ****
/*
* Receive the reply or replies.
*
! * Intercept all loop exits so that we can do post body replacement
* processing.
*
* XXX Bound the loop iteration count.
*/
#define IN_CONNECT_EVENT(e) ((e) == SMFIC_CONNECT || (e) == SMFIC_HELO)
--- 997,1017 ----
/*
* Receive the reply or replies.
*
! * Intercept all loop exits so that we can do post header/body edit
* processing.
*
* XXX Bound the loop iteration count.
+ *
+ * In the end-of-body stage, the Milter may reply with one or more queue
+ * file edit requests before it replies with its final decision: accept,
+ * reject, etc. After a local queue file edit error (file too big, media
+ * write error), do not close the Milter socket in the cleanup server.
+ * Instead skip all further Milter replies until the final decision. This
+ * way the Postfix SMTP server stays in sync with the Milter, and Postfix
+ * doesn't have to lose the ability to handle multiple deliveries within
+ * the same SMTP session. This requires that the Postfix SMTP server uses
+ * something other than CLEANUP_STAT_WRITE when it loses contact with the
+ * cleanup server.
*/
#define IN_CONNECT_EVENT(e) ((e) == SMFIC_CONNECT || (e) == SMFIC_HELO)
***************
*** 1002,1007 ****
--- 1036,1067 ----
msg_info("reply: %s data %ld bytes",
(smfir_name = str_name_code(smfir_table, cmd)) != 0 ?
smfir_name : "unknown", (long) data_size);
+
+ /*
+ * Handle unfinished message body replacement first.
+ *
+ * XXX When SMFIR_REPLBODY is followed by some different request, we
+ * assume that the body replacement operation is complete. The queue
+ * file editing implementation currently does not support sending
+ * part 1 of the body replacement text, doing some other queue file
+ * updates, and then sending part 2 of the body replacement text. To
+ * avoid loss of data, we log an error when SMFIR_REPLBODY requests
+ * are alternated with other requests.
+ */
+ if (body_line_buf != 0 && cmd != SMFIR_REPLBODY) {
+ /* In case the last body replacement line didn't end in CRLF. */
+ if (edit_resp == 0 && LEN(body_line_buf) > 0)
+ edit_resp = parent->repl_body(parent->chg_context,
+ MILTER_BODY_LINE,
+ body_line_buf);
+ if (edit_resp == 0)
+ edit_resp = parent->repl_body(parent->chg_context,
+ MILTER_BODY_END,
+ (VSTRING *) 0);
+ body_edit_lockout = 1;
+ vstring_free(body_line_buf);
+ body_line_buf = 0;
+ }
switch (cmd) {
/*
***************
*** 1052,1058 ****
if (IN_CONNECT_EVENT(event)) {
msg_warn("milter %s: DISCARD action is not allowed "
"for connect or helo", milter->m.name);
- milter8_conf_error(milter);
MILTER8_EVENT_BREAK(milter->def_reply);
} else {
/* No more events for this message. */
--- 1112,1117 ----
***************
*** 1188,1193 ****
--- 1247,1255 ----
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
/* XXX Sendmail 8 compatibility. */
if (index == 0)
index = 1;
***************
*** 1212,1219 ****
edit_resp = parent->del_header(parent->chg_context,
(ssize_t) index,
STR(milter->buf));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
continue;
#endif
--- 1274,1279 ----
***************
*** 1226,1236 ****
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
edit_resp = parent->add_header(parent->chg_context,
STR(milter->buf),
STR(milter->body));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
continue;
/*
--- 1286,1297 ----
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
edit_resp = parent->add_header(parent->chg_context,
STR(milter->buf),
STR(milter->body));
continue;
/*
***************
*** 1247,1252 ****
--- 1308,1316 ----
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
if ((ssize_t) index + 1 < 1) {
msg_warn("milter %s: bad insert header index: %ld",
milter->m.name, (long) index);
***************
*** 1257,1264 ****
(ssize_t) index + 1,
STR(milter->buf),
STR(milter->body));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
continue;
#endif
--- 1321,1326 ----
***************
*** 1270,1279 ****
MILTER8_DATA_STRING, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
edit_resp = parent->add_rcpt(parent->chg_context,
STR(milter->buf));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
continue;
/*
--- 1332,1342 ----
MILTER8_DATA_STRING, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
edit_resp = parent->add_rcpt(parent->chg_context,
STR(milter->buf));
continue;
/*
***************
*** 1284,1293 ****
MILTER8_DATA_STRING, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
edit_resp = parent->del_rcpt(parent->chg_context,
STR(milter->buf));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
continue;
/*
--- 1347,1357 ----
MILTER8_DATA_STRING, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
edit_resp = parent->del_rcpt(parent->chg_context,
STR(milter->buf));
continue;
/*
***************
*** 1295,1304 ****
--- 1359,1378 ----
* update the message size.
*/
case SMFIR_REPLBODY:
+ if (body_edit_lockout) {
+ msg_warn("milter %s: body replacement requests can't "
+ "currently be mixed with other requests",
+ milter->m.name);
+ milter8_conf_error(milter);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
if (milter8_read_data(milter, data_size,
MILTER8_DATA_BUFFER, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
/* Start body replacement. */
if (body_line_buf == 0) {
body_line_buf = vstring_alloc(var_line_limit);
***************
*** 1348,1382 ****
}
/*
! * Finish message body replacement.
*/
! if (body_line_buf != 0) {
! if (edit_resp == 0) {
! /* In case the last body replacement line didn't end in CRLF. */
! if (LEN(body_line_buf) > 0)
! edit_resp = parent->repl_body(parent->chg_context,
! MILTER_BODY_LINE,
! body_line_buf);
! if (edit_resp == 0)
! edit_resp = parent->repl_body(parent->chg_context,
! MILTER_BODY_END,
! (VSTRING *) 0);
! }
vstring_free(body_line_buf);
! /*
! * Override a non-reject/discard result value after body replacement
! * failure.
! *
! * XXX Some cleanup clients ask the cleanup server to bounce mail for
! * them. In that case we must override a hard reject retval result
! * after queue file update failure. This is not a big problem; the
! * odds are small that a Milter application sends a hard reject after
! * replacing the message body.
! */
! if (edit_resp && (retval == 0 || strchr("DS4", retval[0]) == 0))
! retval = edit_resp;
! }
return (retval);
}
--- 1422,1441 ----
}
/*
! * Clean up after aborted message body replacement.
*/
! if (body_line_buf)
vstring_free(body_line_buf);
! /*
! * XXX Some cleanup clients ask the cleanup server to bounce mail for
! * them. In that case we must override a hard reject retval result after
! * queue file update failure. This is not a big problem; the odds are
! * small that a Milter application sends a hard reject after replacing
! * the message body.
! */
! if (edit_resp && (retval == 0 || strchr("DS4", retval[0]) == 0))
! retval = edit_resp;
return (retval);
}
***************
*** 1532,1537 ****
--- 1591,1599 ----
VSTREAM_CTL_DOUBLE,
VSTREAM_CTL_TIMEOUT, milter->cmd_timeout,
VSTREAM_CTL_END);
+ /* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
+ if (connect_fn == inet_connect)
+ vstream_tweak_tcp(milter->fp);
/*
* Open the negotiations by sending what actions the Milter may request
***************
*** 2434,2439 ****
--- 2496,2503 ----
msg_timeout, NO_PROTOCOL, STR(act_buf), parent);
milter->fp = vstream_fdopen(fd, O_RDWR);
vstream_control(milter->fp, VSTREAM_CTL_DOUBLE, VSTREAM_CTL_END);
+ /* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
+ vstream_tweak_sock(milter->fp);
milter->version = version;
milter->rq_mask = rq_mask;
milter->ev_mask = ev_mask;
diff -cr --new-file /var/tmp/postfix-2.4.3/src/smtp/smtp.c ./src/smtp/smtp.c
*** /var/tmp/postfix-2.4.3/src/smtp/smtp.c Sun Mar 25 18:46:36 2007
--- ./src/smtp/smtp.c Fri Jul 20 11:25:24 2007
***************
*** 204,209 ****
--- 204,215 ----
/* A case insensitive list of LHLO keywords (pipelining, starttls,
/* auth, etc.) that the LMTP client will ignore in the LHLO response
/* from a remote LMTP server.
+ /* .PP
+ /* Available in Postfix version 2.4.4 and later:
+ /* .IP "\fBsend_cyrus_sasl_authzid (no)\fR"
+ /* When authenticating to a remote SMTP or LMTP server with the
+ /* default setting "no", send no SASL authoriZation ID (authzid); send
+ /* only the SASL authentiCation ID (authcid) plus the authcid's password.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
diff -cr --new-file /var/tmp/postfix-2.4.3/src/smtp/smtp_connect.c ./src/smtp/smtp_connect.c
*** /var/tmp/postfix-2.4.3/src/smtp/smtp_connect.c Sun Dec 3 14:58:09 2006
--- ./src/smtp/smtp_connect.c Tue Jul 31 11:31:48 2007
***************
*** 304,309 ****
--- 304,319 ----
stream = vstream_fdopen(sock, O_RDWR);
/*
+ * Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE.
+ */
+ if (sa->sa_family == AF_INET
+ #ifdef AF_INET6
+ || sa->sa_family == AF_INET6
+ #endif
+ )
+ vstream_tweak_tcp(stream);
+
+ /*
* Bundle up what we have into a nice SMTP_SESSION object.
*/
return (smtp_session_alloc(stream, destination, name, addr,
***************
*** 380,386 ****
if (THIS_SESSION_IS_EXPIRED)
smtp_quit(state); /* also disables caching */
if (THIS_SESSION_IS_CACHED
! /* Redundant tests for safety... */
&& vstream_ferror(session->stream) == 0
&& vstream_feof(session->stream) == 0) {
smtp_save_session(state);
--- 390,396 ----
if (THIS_SESSION_IS_EXPIRED)
smtp_quit(state); /* also disables caching */
if (THIS_SESSION_IS_CACHED
! /* Redundant tests for safety... */
&& vstream_ferror(session->stream) == 0
&& vstream_feof(session->stream) == 0) {
smtp_save_session(state);
diff -cr --new-file /var/tmp/postfix-2.4.3/src/smtpd/smtpd.c ./src/smtpd/smtpd.c
*** /var/tmp/postfix-2.4.3/src/smtpd/smtpd.c Sat Mar 17 13:59:38 2007
--- ./src/smtpd/smtpd.c Tue Jul 31 11:35:26 2007
***************
*** 1618,1624 ****
if (SMTPD_STAND_ALONE(state) == 0) {
if (smtpd_milters != 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0)
! (void) milter_send(smtpd_milters, state->dest->stream);
rec_fprintf(state->cleanup, REC_TYPE_TIME, REC_TYPE_TIME_FORMAT,
REC_TYPE_TIME_ARG(state->arrival_time));
if (*var_filter_xport)
--- 1618,1625 ----
if (SMTPD_STAND_ALONE(state) == 0) {
if (smtpd_milters != 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0)
! /* Send place-holder smtpd_milters list. */
! (void) milter_dummy(smtpd_milters, state->cleanup);
rec_fprintf(state->cleanup, REC_TYPE_TIME, REC_TYPE_TIME_FORMAT,
REC_TYPE_TIME_ARG(state->arrival_time));
if (*var_filter_xport)
***************
*** 2521,2526 ****
--- 2522,2531 ----
*/
if (state->cleanup) {
if (SMTPD_STAND_ALONE(state) == 0) {
+ if (smtpd_milters != 0
+ && (state->saved_flags & MILTER_SKIP_FLAGS) == 0)
+ /* Send actual smtpd_milters list. */
+ (void) milter_send(smtpd_milters, state->cleanup);
if (state->saved_flags)
rec_fprintf(state->cleanup, REC_TYPE_FLGS, "%d",
state->saved_flags);
***************
*** 2735,2740 ****
--- 2740,2764 ----
state->dest = 0;
state->cleanup = 0;
}
+
+ /*
+ * XXX If we lose the cleanup server while it is editing a queue file,
+ * the Postfix SMTP server will be out of sync with Milter applications.
+ * Sending an ABORT to the Milters is not sufficient to restore
+ * synchronization, because there may be any number of Milter replies
+ * already in flight. Destroying and recreating the Milters (and faking
+ * the connect and ehlo events) is too much trouble for testing and
+ * maintenance. Workaround: force the Postfix SMTP server to hang up with
+ * a 421 response in the rare case that the cleanup server breaks AND
+ * that the remote SMTP client continues the session after end-of-data.
+ *
+ * XXX Should use something other than CLEANUP_STAT_WRITE when we lose
+ * contact with the cleanup server. This requires changes to the
+ * mail_stream module and its users (smtpd, qmqpd, perhaps sendmail).
+ * That is too much change for a stable release.
+ */
+ if (smtpd_milters != 0 && (state->err & CLEANUP_STAT_WRITE) != 0)
+ state->access_denied = mystrdup("421 4.3.0 Mail system error");
/*
* Handle any errors. One message may suffer from multiple errors, so
diff -cr --new-file /var/tmp/postfix-2.4.3/src/smtpstone/qmqp-source.c ./src/smtpstone/qmqp-source.c
*** /var/tmp/postfix-2.4.3/src/smtpstone/qmqp-source.c Sat Mar 17 13:59:38 2007
--- ./src/smtpstone/qmqp-source.c Tue Jul 31 12:40:47 2007
***************
*** 356,361 ****
--- 356,368 ----
dequeue_connect(session);
non_blocking(fd, BLOCKING);
event_disable_readwrite(fd);
+ /* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
+ if (sa->sa_family == AF_INET
+ #ifdef AF_INET6
+ || sa->sa_family == AF_INET6
+ #endif
+ )
+ vstream_tweak_tcp(session->stream);
send_data(session);
}
}
diff -cr --new-file /var/tmp/postfix-2.4.3/src/smtpstone/smtp-source.c ./src/smtpstone/smtp-source.c
*** /var/tmp/postfix-2.4.3/src/smtpstone/smtp-source.c Sat Mar 17 13:59:38 2007
--- ./src/smtpstone/smtp-source.c Tue Jul 31 12:41:41 2007
***************
*** 472,477 ****
--- 472,484 ----
event_disable_readwrite(fd);
event_enable_read(fd, read_banner, (char *) session);
dequeue_connect(session);
+ /* Avoid poor performance when TCP MSS > VSTREAM_BUFSIZE. */
+ if (sa->sa_family == AF_INET
+ #ifdef AF_INET6
+ || sa->sa_family == AF_INET6
+ #endif
+ )
+ vstream_tweak_tcp(session->stream);
}
}
diff -cr --new-file /var/tmp/postfix-2.4.3/src/util/Makefile.in ./src/util/Makefile.in
*** /var/tmp/postfix-2.4.3/src/util/Makefile.in Sat Mar 17 13:51:33 2007
--- ./src/util/Makefile.in Sun Jul 29 12:02:35 2007
***************
*** 30,36 ****
username.c valid_hostname.c vbuf.c vbuf_print.c vstream.c \
vstream_popen.c vstring.c vstring_vstream.c watchdog.c writable.c \
write_buf.c write_wait.c sane_basename.c format_tv.c allspace.c \
! allascii.c load_file.c killme_after.c
OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
--- 30,36 ----
username.c valid_hostname.c vbuf.c vbuf_print.c vstream.c \
vstream_popen.c vstring.c vstring_vstream.c watchdog.c writable.c \
write_buf.c write_wait.c sane_basename.c format_tv.c allspace.c \
! allascii.c load_file.c killme_after.c vstream_tweak.c
OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
***************
*** 62,68 ****
username.o valid_hostname.o vbuf.o vbuf_print.o vstream.o \
vstream_popen.o vstring.o vstring_vstream.o watchdog.o writable.o \
write_buf.o write_wait.o sane_basename.o format_tv.o allspace.o \
! allascii.o load_file.o killme_after.o
HDRS = argv.h attr.h attr_clnt.h auto_clnt.h base64_code.h binhash.h \
chroot_uid.h cidr_match.h clean_env.h connect.h ctable.h dict.h \
dict_cdb.h dict_cidr.h dict_db.h dict_dbm.h dict_env.h dict_ht.h \
--- 62,68 ----
username.o valid_hostname.o vbuf.o vbuf_print.o vstream.o \
vstream_popen.o vstring.o vstring_vstream.o watchdog.o writable.o \
write_buf.o write_wait.o sane_basename.o format_tv.o allspace.o \
! allascii.o load_file.o killme_after.o vstream_tweak.o
HDRS = argv.h attr.h attr_clnt.h auto_clnt.h base64_code.h binhash.h \
chroot_uid.h cidr_match.h clean_env.h connect.h ctable.h dict.h \
dict_cdb.h dict_cidr.h dict_db.h dict_dbm.h dict_env.h dict_ht.h \
***************
*** 1600,1605 ****
--- 1600,1610 ----
vstream_popen.o: vbuf.h
vstream_popen.o: vstream.h
vstream_popen.o: vstream_popen.c
+ vstream_tweak.o: msg.h
+ vstream_tweak.o: sys_defs.h
+ vstream_tweak.o: vbuf.h
+ vstream_tweak.o: vstream.h
+ vstream_tweak.o: vstream_tweak.c
vstring.o: msg.h
vstring.o: mymalloc.h
vstring.o: sys_defs.h
diff -cr --new-file /var/tmp/postfix-2.4.3/src/util/vstream.h ./src/util/vstream.h
*** /var/tmp/postfix-2.4.3/src/util/vstream.h Wed Feb 14 18:46:29 2007
--- ./src/util/vstream.h Tue Jul 31 09:20:47 2007
***************
*** 153,158 ****
--- 153,164 ----
#define vstream_setjmp(stream) setjmp((stream)->jbuf[0])
#define vstream_longjmp(stream, val) longjmp((stream)->jbuf[0], (val))
+ /*
+ * Tweaks and workarounds.
+ */
+ extern int vstream_tweak_sock(VSTREAM *);
+ extern int vstream_tweak_tcp(VSTREAM *);
+
/* LICENSE
/* .ad
/* .fi
diff -cr --new-file /var/tmp/postfix-2.4.3/src/util/vstream_tweak.c ./src/util/vstream_tweak.c
*** /var/tmp/postfix-2.4.3/src/util/vstream_tweak.c Wed Dec 31 19:00:00 1969
--- ./src/util/vstream_tweak.c Tue Jul 31 11:01:49 2007
***************
*** 0 ****
--- 1,139 ----
+ /*++
+ /* NAME
+ /* vstream_tweak 3
+ /* SUMMARY
+ /* performance tweaks
+ /* SYNOPSIS
+ /* #include
+ /*
+ /* VSTREAM *vstream_tweak_sock(stream)
+ /* VSTREAM *stream;
+ /*
+ /* VSTREAM *vstream_tweak_tcp(stream)
+ /* VSTREAM *stream;
+ /* DESCRIPTION
+ /* vstream_tweak_sock() does a best effort to boost your
+ /* network performance on the specified generic stream.
+ /*
+ /* vstream_tweak_tcp() does a best effort to boost your
+ /* Internet performance on the specified TCP stream.
+ /*
+ /* Arguments:
+ /* .IP stream
+ /* The stream being boosted.
+ /* DIAGNOSTICS
+ /* Panics: interface violations.
+ /* LICENSE
+ /* .ad
+ /* .fi
+ /* The Secure Mailer license must be distributed with this software.
+ /* AUTHOR(S)
+ /* Wietse Venema
+ /* IBM T.J. Watson Research
+ /* P.O. Box 704
+ /* Yorktown Heights, NY 10598, USA
+ /*--*/
+
+ /* System library. */
+
+ #include
+ #include
+ #include
+ #include
+
+ /* Utility library. */
+
+ #include
+ #include
+
+ /* Application-specific. */
+
+ #ifdef HAS_IPV6
+ #define SOCKADDR_STORAGE struct sockaddr_storage
+ #else
+ #define SOCKADDR_STORAGE struct sockaddr
+ #endif
+
+ /* vstream_tweak_sock - boost your generic network performance */
+
+ int vstream_tweak_sock(VSTREAM *fp)
+ {
+ SOCKADDR_STORAGE ss;
+ struct sockaddr *sa = (struct sockaddr *) & ss;
+ SOCKADDR_SIZE sa_length = sizeof(ss);
+ int ret;
+
+ /*
+ * If the caller doesn't know if this socket is AF_LOCAL, AF_INET, etc.,
+ * figure it out for them.
+ */
+ if ((ret = getsockname(vstream_fileno(fp), sa, &sa_length)) >= 0) {
+ switch (sa->sa_family) {
+ #ifdef AF_INET6
+ case AF_INET6:
+ #endif
+ case AF_INET:
+ ret = vstream_tweak_tcp(fp);
+ break;
+ }
+ }
+ return (ret);
+ }
+
+ /* vstream_tweak_tcp - boost your TCP performance */
+
+ int vstream_tweak_tcp(VSTREAM *fp)
+ {
+ const char *myname = "vstream_tweak_tcp";
+ int mss;
+ SOCKOPT_SIZE mss_len = sizeof(mss);
+ int err;
+
+ /*
+ * Avoid Nagle delays when VSTREAM buffers are smaller than the MSS.
+ *
+ * Forcing TCP_NODELAY to be "always on" would hurt performance in the
+ * common case where VSTREAM buffers are larger than the MSS.
+ *
+ * Instead we ask the kernel what the current MSS is, and take appropriate
+ * action. Linux <= 2.2 getsockopt(TCP_MAXSEG) always returns zero (or
+ * whatever value was stored last with setsockopt()).
+ */
+ if ((err = getsockopt(vstream_fileno(fp), IPPROTO_TCP, TCP_MAXSEG,
+ (char *) &mss, &mss_len)) < 0) {
+ msg_warn("%s: getsockopt TCP_MAXSEG: %m", myname);
+ return (err);
+ }
+ if (msg_verbose)
+ msg_info("%s: TCP_MAXSEG %d", myname, mss);
+
+ /*
+ * Fix for recent Postfix versions: increase the VSTREAM buffer size if
+ * the VSTREAM buffer is smaller than the MSS. Note: the MSS may change
+ * when the route changes and IP path MTU discovery is turned on, so we
+ * choose a somewhat larger buffer.
+ */
+ #ifdef VSTREAM_CTL_BUFSIZE
+ if (mss > 0) {
+ if (mss < __MAXINT__(ssize_t) /2)
+ mss *= 2;
+ vstream_control(fp,
+ VSTREAM_CTL_BUFSIZE, (ssize_t) mss,
+ VSTREAM_CTL_END);
+ }
+
+ /*
+ * Workaround for older Postfix versions: turn on TCP_NODELAY if the
+ * VSTREAM buffer size is smaller than the MSS.
+ */
+ #else
+ if (mss > VSTREAM_BUFSIZE) {
+ int nodelay = 0;
+
+ if ((err = setsockopt(vstream_fileno(fp), IPPROTO_TCP, TCP_NODELAY,
+ (char *) &nodelay, sizeof(nodelay))) < 0)
+ msg_warn("%s: setsockopt TCP_NODELAY: %m", myname);
+ }
+ #endif
+ return (err);
+ }
diff -cr --new-file /var/tmp/postfix-2.4.3/src/xsasl/xsasl_cyrus_client.c ./src/xsasl/xsasl_cyrus_client.c
*** /var/tmp/postfix-2.4.3/src/xsasl/xsasl_cyrus_client.c Mon Nov 27 17:18:58 2006
--- ./src/xsasl/xsasl_cyrus_client.c Wed Jul 11 08:35:45 2007
***************
*** 66,71 ****
--- 66,76 ----
#include
/*
+ * Global library
+ */
+ #include
+
+ /*
* Application-specific
*/
#include
***************
*** 329,335 ****
if ((sasl_status = SASL_CLIENT_NEW(service, server,
NULL_CLIENT_ADDR, NULL_SERVER_ADDR,
! custom_callbacks, NULL_SECFLAGS,
&sasl_conn)) != SASL_OK) {
msg_warn("per-session SASL client initialization: %s",
xsasl_cyrus_strerror(sasl_status));
--- 334,341 ----
if ((sasl_status = SASL_CLIENT_NEW(service, server,
NULL_CLIENT_ADDR, NULL_SERVER_ADDR,
! var_cyrus_sasl_authzid ? custom_callbacks :
! custom_callbacks + 1, NULL_SECFLAGS,
&sasl_conn)) != SASL_OK) {
msg_warn("per-session SASL client initialization: %s",
xsasl_cyrus_strerror(sasl_status));