head 1.11; access; symbols netbsd-11-0-RC4:1.11 PFIX-3-11-2:1.1.1.10 netbsd-11-0-RC3:1.11 netbsd-11-0-RC2:1.11 netbsd-11-0-RC1:1.11 perseant-exfatfs-base-20250801:1.11 netbsd-11:1.11.0.2 netbsd-11-base:1.11 PFIX-3-10-1:1.1.1.10 netbsd-10-1-RELEASE:1.10 perseant-exfatfs-base-20240630:1.10 perseant-exfatfs:1.10.0.4 perseant-exfatfs-base:1.10 netbsd-8-3-RELEASE:1.8 netbsd-9-4-RELEASE:1.8.14.1 netbsd-10-0-RELEASE:1.10 netbsd-10-0-RC6:1.10 netbsd-10-0-RC5:1.10 netbsd-10-0-RC4:1.10 netbsd-10-0-RC3:1.10 netbsd-10-0-RC2:1.10 PFIX-3-8-4:1.1.1.9 netbsd-10-0-RC1:1.10 netbsd-10:1.10.0.2 netbsd-10-base:1.10 PFIX-3-7-3:1.1.1.9 netbsd-9-3-RELEASE:1.8 cjep_sun2x-base1:1.9 cjep_sun2x:1.9.0.4 cjep_sun2x-base:1.9 cjep_staticlib_x-base1:1.9 netbsd-9-2-RELEASE:1.8 cjep_staticlib_x:1.9.0.2 cjep_staticlib_x-base:1.9 netbsd-9-1-RELEASE:1.8 PFIX-3-5-2:1.1.1.8 phil-wifi-20200421:1.9 phil-wifi-20200411:1.9 is-mlppp:1.8.0.16 is-mlppp-base:1.8 phil-wifi-20200406:1.9 netbsd-8-2-RELEASE:1.8 PFIX-3-5-0:1.1.1.8 netbsd-9-0-RELEASE:1.8 netbsd-9-0-RC2:1.8 netbsd-9-0-RC1:1.8 phil-wifi-20191119:1.8 netbsd-9:1.8.0.14 netbsd-9-base:1.8 phil-wifi-20190609:1.8 netbsd-8-1-RELEASE:1.8 netbsd-8-1-RC1:1.8 pgoyette-compat-merge-20190127:1.8 pgoyette-compat-20190127:1.8 pgoyette-compat-20190118:1.8 pgoyette-compat-1226:1.8 pgoyette-compat-1126:1.8 pgoyette-compat-1020:1.8 pgoyette-compat-0930:1.8 pgoyette-compat-0906:1.8 netbsd-7-2-RELEASE:1.7 pgoyette-compat-0728:1.8 netbsd-8-0-RELEASE:1.8 phil-wifi:1.8.0.12 phil-wifi-base:1.8 pgoyette-compat-0625:1.8 netbsd-8-0-RC2:1.8 pgoyette-compat-0521:1.8 pgoyette-compat-0502:1.8 pgoyette-compat-0422:1.8 netbsd-8-0-RC1:1.8 pgoyette-compat-0415:1.8 pgoyette-compat-0407:1.8 pgoyette-compat-0330:1.8 pgoyette-compat-0322:1.8 pgoyette-compat-0315:1.8 netbsd-7-1-2-RELEASE:1.7 pgoyette-compat:1.8.0.10 pgoyette-compat-base:1.8 netbsd-7-1-1-RELEASE:1.7 matt-nb8-mediatek:1.8.0.8 matt-nb8-mediatek-base:1.8 perseant-stdc-iso10646:1.8.0.6 perseant-stdc-iso10646-base:1.8 netbsd-8:1.8.0.4 netbsd-8-base:1.8 prg-localcount2-base3:1.8 prg-localcount2-base2:1.8 prg-localcount2-base1:1.8 prg-localcount2:1.8.0.2 prg-localcount2-base:1.8 pgoyette-localcount-20170426:1.8 bouyer-socketcan-base1:1.8 pgoyette-localcount-20170320:1.8 netbsd-7-1:1.7.0.12 netbsd-7-1-RELEASE:1.7 netbsd-7-1-RC2:1.7 PFIX-3-1-4:1.1.1.7 netbsd-7-nhusb-base-20170116:1.7 bouyer-socketcan:1.7.0.10 bouyer-socketcan-base:1.7 pgoyette-localcount-20170107:1.7 netbsd-7-1-RC1:1.7 pgoyette-localcount-20161104:1.7 netbsd-7-0-2-RELEASE:1.7 localcount-20160914:1.7 netbsd-7-nhusb:1.7.0.8 netbsd-7-nhusb-base:1.7 pgoyette-localcount-20160806:1.7 pgoyette-localcount-20160726:1.7 pgoyette-localcount:1.7.0.6 pgoyette-localcount-base:1.7 netbsd-7-0-1-RELEASE:1.7 netbsd-7-0:1.7.0.4 netbsd-7-0-RELEASE:1.7 PFIX-2-11-6:1.1.1.6 netbsd-7-0-RC3:1.7 netbsd-7-0-RC2:1.7 netbsd-7-0-RC1:1.7 PFIX-2-11-4:1.1.1.6 PFIX-2-11-3:1.1.1.6 netbsd-5-2-3-RELEASE:1.2.2.3 netbsd-5-1-5-RELEASE:1.2.2.2 netbsd-6-0-6-RELEASE:1.4 netbsd-6-1-5-RELEASE:1.4 netbsd-7:1.7.0.2 netbsd-7-base:1.7 PFIX-2-11-1:1.1.1.6 yamt-pagecache-base9:1.6 yamt-pagecache-tag8:1.4.4.1 netbsd-6-1-4-RELEASE:1.4 netbsd-6-0-5-RELEASE:1.4 tls-earlyentropy:1.6.0.2 tls-earlyentropy-base:1.7 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.6 riastradh-drm2-base3:1.6 PFIX-2-10-3:1.1.1.5 netbsd-6-1-3-RELEASE:1.4 netbsd-6-0-4-RELEASE:1.4 netbsd-5-2-2-RELEASE:1.2.2.3 netbsd-5-1-4-RELEASE:1.2.2.2 netbsd-6-1-2-RELEASE:1.4 netbsd-6-0-3-RELEASE:1.4 PFIX-2-10-2:1.1.1.5 netbsd-5-2-1-RELEASE:1.2.2.3 netbsd-5-1-3-RELEASE:1.2.2.2 PFIX-2-9-7:1.1.1.4 netbsd-6-1-1-RELEASE:1.4 riastradh-drm2-base2:1.5 riastradh-drm2-base1:1.5 riastradh-drm2:1.5.0.2 riastradh-drm2-base:1.5 netbsd-6-1:1.4.0.14 netbsd-6-0-2-RELEASE:1.4 netbsd-6-1-RELEASE:1.4 netbsd-6-1-RC4:1.4 netbsd-6-1-RC3:1.4 agc-symver:1.5.0.4 agc-symver-base:1.5 netbsd-6-1-RC2:1.4 netbsd-6-1-RC1:1.4 yamt-pagecache-base8:1.5 PFIX-2-9-5:1.1.1.4 netbsd-5-2:1.2.2.3.0.4 PFIX-2-8-13:1.1.1.3 netbsd-6-0-1-RELEASE:1.4 yamt-pagecache-base7:1.4 netbsd-5-2-RELEASE:1.2.2.3 netbsd-5-2-RC1:1.2.2.3 matt-nb6-plus-nbase:1.4 yamt-pagecache-base6:1.4 netbsd-6-0:1.4.0.12 netbsd-6-0-RELEASE:1.4 netbsd-6-0-RC2:1.4 tls-maxphys:1.4.0.10 tls-maxphys-base:1.7 matt-nb6-plus:1.4.0.8 matt-nb6-plus-base:1.4 netbsd-6-0-RC1:1.4 PFIX-2-8-12:1.1.1.3 PFIX-2-8-11:1.1.1.3 yamt-pagecache-base5:1.4 yamt-pagecache-base4:1.4 PFIX-2-8-8:1.1.1.3 netbsd-6:1.4.0.6 netbsd-6-base:1.4 netbsd-5-1-2-RELEASE:1.2.2.2 netbsd-5-1-1-RELEASE:1.2.2.2 yamt-pagecache-base3:1.4 PFIX-2-8-7:1.1.1.3 yamt-pagecache-base2:1.4 yamt-pagecache:1.4.0.4 yamt-pagecache-base:1.4 PFIX-2-8-6:1.1.1.3 PFIX-2-8-5:1.1.1.3 PFIX-2-8-4:1.1.1.3 cherry-xenmp:1.4.0.2 cherry-xenmp-base:1.4 PFIX-2-8-3:1.1.1.3 PFIX-2-8-2:1.1.1.3 PFIX-2-8-1:1.1.1.3 bouyer-quota2-nbase:1.4 bouyer-quota2:1.3.0.2 bouyer-quota2-base:1.3 matt-mips64-premerge-20101231:1.3 matt-nb5-mips64-premerge-20101231:1.2.4.2 matt-nb5-pq3:1.2.2.3.0.2 matt-nb5-pq3-base:1.2.2.3 PFIX-2-7-2:1.1.1.2 netbsd-5-1:1.2.2.2.0.2 netbsd-5-1-RELEASE:1.2.2.2 netbsd-5-1-RC4:1.2.2.2 matt-nb5-mips64-k15:1.2.4.2 PFIX-2-7-1:1.1.1.2 netbsd-5-1-RC3:1.2.2.2 netbsd-5-1-RC2:1.2.2.2 netbsd-5-1-RC1:1.2.2.2 matt-nb5-mips64:1.2.0.4 PFIX-2-6-6:1.1.1.1 matt-premerge-20091211:1.2 netbsd-5:1.2.0.2 PFIX-2-6-5:1.1.1.1 PFIX-2-6-2:1.1.1.1 VENEMA:1.1.1; locks; strict; comment @# @; 1.11 date 2025.02.25.19.15.41; author christos; state Exp; branches; next 1.10; commitid fJ74ewJaKlQmTSKF; 1.10 date 2022.10.08.16.12.43; author christos; state Exp; branches 1.10.4.1; next 1.9; commitid U6DKRBAOCOvmSVWD; 1.9 date 2020.03.18.19.05.13; author christos; state Exp; branches; next 1.8; commitid hnQlzuStoUGSQU0C; 1.8 date 2017.02.14.01.16.43; author christos; state Exp; branches 1.8.12.1 1.8.14.1; next 1.7; commitid SAURBenAuDPocRFz; 1.7 date 2014.07.06.19.45.50; author tron; state Exp; branches 1.7.6.1 1.7.10.1; next 1.6; commitid 0sXRsSQakf7PZlHx; 1.6 date 2013.09.25.19.12.34; author tron; state Exp; branches 1.6.2.1; next 1.5; commitid BdOkXddGcIvIWQ6x; 1.5 date 2013.01.02.19.18.30; author tron; state Exp; branches; next 1.4; 1.4 date 2011.03.02.19.56.37; author tron; state Exp; branches 1.4.4.1 1.4.10.1; next 1.3; 1.3 date 2010.06.17.18.18.14; author tron; state Exp; branches 1.3.2.1; next 1.2; 1.2 date 2009.06.23.11.41.05; author tron; state Exp; branches 1.2.2.1 1.2.4.1; next 1.1; 1.1 date 2009.06.23.10.08.19; author tron; state Exp; branches 1.1.1.1; next ; 1.10.4.1 date 2025.08.02.05.49.47; author perseant; state Exp; branches; next ; commitid 23j6GFaDws3O875G; 1.8.12.1 date 2020.04.08.14.06.49; author martin; state Exp; branches; next ; commitid Qli2aW9E74UFuA3C; 1.8.14.1 date 2023.12.25.12.54.30; author martin; state Exp; branches; next ; commitid yzNdlh5ioUjfxQRE; 1.7.6.1 date 2017.03.20.06.56.33; author pgoyette; state Exp; branches; next ; commitid jjw7cAwgyKq7RfKz; 1.7.10.1 date 2017.04.21.16.52.44; author bouyer; state Exp; branches; next ; commitid dUG7nkTKALCadqOz; 1.6.2.1 date 2014.08.10.07.12.46; author tls; state Exp; branches; next ; commitid 0tNMy3UM0qm8IMLx; 1.4.4.1 date 2013.01.23.00.04.48; author yamt; state Exp; branches; next 1.4.4.2; 1.4.4.2 date 2014.05.22.14.08.00; author yamt; state Exp; branches; next ; commitid cuVqdlp1QcvUzxBx; 1.4.10.1 date 2013.02.25.00.27.04; author tls; state Exp; branches; next 1.4.10.2; 1.4.10.2 date 2014.08.19.23.59.40; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.3.2.1 date 2011.03.05.15.08.52; author bouyer; state Exp; branches; next ; 1.2.2.1 date 2009.06.23.11.41.05; author snj; state dead; branches; next 1.2.2.2; 1.2.2.2 date 2009.09.15.06.02.06; author snj; state Exp; branches; next 1.2.2.3; 1.2.2.3 date 2010.11.21.18.31.22; author riz; state Exp; branches; next ; 1.2.4.1 date 2009.06.23.11.41.05; author matt; state dead; branches; next 1.2.4.2; 1.2.4.2 date 2010.04.21.05.23.24; author matt; state Exp; branches; next ; 1.1.1.1 date 2009.06.23.10.08.19; author tron; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2010.06.17.18.05.51; author tron; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2011.03.02.19.31.26; author tron; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2013.01.02.18.58.31; author tron; state Exp; branches; next 1.1.1.5; 1.1.1.5 date 2013.09.25.19.06.18; author tron; state Exp; branches; next 1.1.1.6; commitid WQnWePIKINywUQ6x; 1.1.1.6 date 2014.07.06.19.27.36; author tron; state Exp; branches; next 1.1.1.7; commitid 5TVMY9WFpCELTlHx; 1.1.1.7 date 2017.02.14.01.13.33; author christos; state Exp; branches; next 1.1.1.8; commitid 3GKuOxtmc3XhbRFz; 1.1.1.8 date 2020.03.18.18.59.26; author christos; state Exp; branches; next 1.1.1.9; commitid hRc0KjfEXOv3PU0C; 1.1.1.9 date 2022.10.08.16.09.00; author christos; state Exp; branches; next 1.1.1.10; commitid kRUbAM0nqDWDQVWD; 1.1.1.10 date 2025.02.25.19.11.34; author christos; state Exp; branches; next ; commitid cLFKwpXD6DqXOSKF; desc @@ 1.11 log @merge conflicts between 3.8.4 and 3.10.1 @ text @PPoossttffiixx AAddddrreessss VVeerriiffiiccaattiioonn HHoowwttoo ------------------------------------------------------------------------------- WWAARRNNIINNGG Recipient address verification may cause an increased load on down-stream servers in the case of a dictionary attack or a flood of backscatter bounces. Sender address verification may cause your site to be denylisted by some providers. See also the "Limitations" section below for more. WWhhaatt PPoossttffiixx aaddddrreessss vveerriiffiiccaattiioonn ccaann ddoo ffoorr yyoouu Address verification is a feature that allows the Postfix SMTP server to block a sender (MAIL FROM) or recipient (RCPT TO) address until the address has been verified to be deliverable. The technique has obvious uses to reject junk mail with an unreplyable sender address. The technique is also useful to block mail for undeliverable recipients, for example on a mail relay host that does not have a list of all the valid recipient addresses. This prevents undeliverable junk mail from entering the queue, so that Postfix doesn't have to waste resources trying to send MAILER- DAEMON messages back. This feature is available in Postfix version 2.1 and later. Topics covered in this document: * How address verification works * Limitations of address verification * Recipient address verification * Sender address verification for mail from frequently forged domains * Sender address verification for all email * Address verification database * Managing the address verification database * Controlling the routing of address verification probes * Forced probe routing examples * Limitations of forced probe routing HHooww aaddddrreessss vveerriiffiiccaattiioonn wwoorrkkss A Postfix MTA verifies a sender or recipient address by probing the preferred MTAs for that address, without actually delivering mail. The preferred MTAs could include the Postfix MTA itself, or some remote MTAs (SMTP interruptus). Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are always discarded. probe Postfix message -> mail Postfix Postfix -> queue Internet -> SMTP <-> verify server server | v <- Postfix probe <- delivery -> Local status agents -> Remote ^ | v Address verification database With Postfix address verification turned on, normal mail will suffer only a short delay of up to 6 seconds while an address is being verified for the first time. Once an address status is known, the status is cached and Postfix replies immediately. When verification takes too long the Postfix SMTP server defers the sender or recipient address with a 450 reply. Normal mail clients will connect again after some delay. The address verification delay is configurable with the main.cf address_verify_poll_count and address_verify_poll_delay parameters. See postconf(5) for details. LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffiiccaattiioonn * Postfix assumes that a remote SMTP server will reject unknown addresses in reply to the RCPT TO command. However, some sites report this in reply to the DATA command. For such sites you may configure a workaround with the smtp_address_verify_target parameter (Postfix 3.0 and later). * When verifying a remote address, Postfix probes the preferred MTAs for that address, without actually delivering mail. If a preferred MTA accepts the address, then Postfix assumes that the address is deliverable. In reality, mail for a remote address can bounce AFTER a preferred MTA accepts the recipient address, or AFTER a preferred MTA accepts the message content. * Some sites may denylist you when you are probing them too often (a probe is an SMTP session that does not deliver mail), or when you are probing them too often for a non-existent address. This is one reason why you should use sender address verification sparingly, if at all, when your site receives lots of email. * Normally, address verification probe messages follow the same path as regular mail. However, some sites send mail to the Internet via an intermediate relayhost; this breaks address verification. See below, section "Controlling the routing of address verification probes", for how to override mail routing and for possible limitations when you have to do this. * Postfix assumes that an address is undeliverable when a preferred MTA for the address rejects the probe, regardless of the reason for rejection (client rejected, HELO rejected, MAIL FROM rejected, etc.). Thus, Postfix rejects an address when a preferred MTA for that address rejects mail from your machine for any reason. This is not a limitation, but it is mentioned here just in case people believe that it is a limitation. * Unfortunately, some sites do not reject unknown addresses in reply to the RCPT TO or DATA command, but instead report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. * By default, Postfix probe messages have a sender address "double- bounce@@$myorigin" (with Postfix versions before 2.5, the default is "postmaster@@$myorigin"). This is SAFE because the Postfix SMTP server does not reject mail for this address. You can change the probe sender address into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "double-bounce@@$myorigin" would succeed. * The downside of using a non-empty sender address is that the address may end up on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent sender addresses when you specify a non-zero address_verify_sender_ttl value. RReecciippiieenntt aaddddrreessss vveerriiffiiccaattiioonn As mentioned earlier, recipient address verification is useful to block mail for undeliverable recipients on a mail relay host that does not have a list of all valid recipient addresses. This can help to prevent the mail queue from filling up with MAILER-DAEMON messages. Recipient address verification is relatively straightforward and there are no surprises. If a recipient probe fails, then Postfix rejects mail for the recipient address. If a recipient probe succeeds, then Postfix accepts mail for the recipient address. However, recipient address verification probes can increase the load on down-stream MTAs when you're being flooded by backscatter bounces, or when some spammer is mounting a dictionary attack. By default, address verification results are saved in a persistent database (Postfix version 2.7 and later; with earlier versions, specify the database in main.cf as described later). The persistent database helps to avoid probing the same address repeatedly. /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks # reject_unauth_destination is not needed here if the mail # relay policy is specified under smtpd_relay_restrictions # (available with Postfix 2.10 and later). reject_unauth_destination ... reject_unknown_recipient_domain reject_unverified_recipient ... # Postfix 2.6 and later privacy feature. # unverified_recipient_reject_reason = Address lookup failed # Postfix 3.2 and earlier workaround. # Do not set enable_original_recipient=no. This prevents Postfix # from saving the recipient address verification result under # the original address, when the address verification probe # message goes through address aliasing or canonical mapping. The "reject_unknown_recipient_domain" restriction blocks mail for non-existent domains. Putting this before "reject_unverified_recipient" avoids the overhead of generating unnecessary probe messages. The unverified_recipient_reject_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a recipient address is known to bounce. Change this setting into 550 when you trust Postfix's judgments. The following features are available in Postfix 2.6 and later. The unverified_recipient_defer_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a recipient address probe fails with some temporary error. Some sites insist on changing this into 250. NOTE: This change turns MX servers into backscatter sources when the load is high. The unverified_recipient_reject_reason parameter (default: empty) specifies fixed text that Postfix will send to remote SMTP clients, instead of sending actual address verification details. Do not specify the SMTP status code or enhanced status code. The unverified_recipient_tempfail_action parameter (default: defer_if_permit) specifies the Postfix SMTP server action when a recipient address verification probe fails with some temporary error. SSeennddeerr aaddddrreessss vveerriiffiiccaattiioonn ffoorr mmaaiill ffrroomm ffrreeqquueennttllyy ffoorrggeedd ddoommaaiinnss Only for very small sites, it is relatively safe to turn on sender address verification for specific domains that often appear in forged email. /etc/postfix/main.cf: smtpd_sender_restrictions = hash:/etc/postfix/sender_access unverified_sender_reject_code = 550 # Postfix 2.6 and later. # unverified_sender_defer_code = 250 # Default setting for Postfix 2.7 and later. # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree or lmdb instead. address_verify_map = btree:/var/lib/postfix/verify # Postfix 3.2 and earlier workaround. # Do not set enable_original_recipient=no. This prevents Postfix # from saving the sender address verification result under the # original address, when the address verification probe message # goes through address aliasing or canonical mapping. /etc/postfix/sender_access: # Don't do this when you handle lots of email. aol.com reject_unverified_sender hotmail.com reject_unverified_sender bigfoot.com reject_unverified_sender ... etcetera ... At some point in cyberspace/time, a list of frequently forged MAIL FROM domains was archived at https://web.archive.org/web/20080526153208/http:// www.monkeys.com/anti-spam/filtering/sender-domain-validate.in. NOTE: One of the first things you might want to do is to turn on sender address verification for all your own domains. SSeennddeerr aaddddrreessss vveerriiffiiccaattiioonn ffoorr aallll eemmaaiill Unfortunately, sender address verification cannot simply be turned on for all email - you are likely to lose legitimate mail from mis-configured systems. You almost certainly will have to set up allow lists for specific addresses, or even for entire domains. To find out how sender address verification would affect your mail, specify "warn_if_reject reject_unverified_sender" so that you can see what mail would be blocked: /etc/postfix/main.cf: smtpd_sender_restrictions = permit_mynetworks ... check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain warn_if_reject reject_unverified_sender ... # Postfix 2.6 and later. # unverified_sender_reject_reason = Address verification failed # Default setting for Postfix 2.7 and later. # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree or lmdb instead. address_verify_map = btree:/var/lib/postfix/verify This is also a good way to populate your cache with address verification results before you start to actually reject mail. The sender_access restriction is needed to allowlist domains or addresses that are known to be OK. Although Postfix will not mark a known-to-be-good address as bad after a probe fails, it is better to be safe than sorry. NOTE: You will have to allowlist sites such as securityfocus.com and other sites that operate mailing lists that use a different sender address for each posting (VERP). Such addresses pollute the address verification cache quickly, and generate unnecessary sender verification probes. /etc/postfix/sender_access securityfocus.com OK ... The "reject_unknown_sender_domain" restriction blocks mail from non-existent domains. Putting this before "reject_unverified_sender" avoids the overhead of generating unnecessary probe messages. The unverified_sender_reject_code parameter (default 450) specifies the numerical Postfix server reply code when a sender address is known to bounce. Change this setting into 550 when you trust Postfix's judgments. The following features are available in Postfix 2.6 and later. The unverified_sender_defer_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a sender address verification probe fails with some temporary error. Specify a valid 2xx or 4xx code. The unverified_sender_reject_reason parameter (default: empty) specifies fixed text that Postfix will send to remote SMTP clients, instead of sending actual address verification details. Do not specify the SMTP status code or enhanced status code. The unverified_sender_tempfail_action parameter (default: defer_if_permit) specifies the Postfix SMTP server action when a sender address verification probe fails with some temporary error. AAddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee To improve performance, the Postfix verify(8) daemon can save address verification results to a persistent database. This is enabled by default with Postfix 2.7 and later. The address_verify_map (NOTE: singular) configuration parameter specifies persistent storage for sender or recipient address verification results. If you specify an empty value, all address verification results are lost after "postfix reload" or "postfix stop". # Example 1: Default setting for Postfix 2.7 and later. # Note: avoid hash files here. Use btree or lmdb instead. /etc/postfix/main.cf: address_verify_map = btree:$data_directory/verify_cache # Example 2: Shared persistent lmdb: cache (Postfix 2.11 or later). # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. /etc/postfix/main.cf: address_verify_map = lmdb:$data_directory/verify_cache # address_verify_cache_cleanup_interval = 0 # Example 3: Shared persistent btree: cache (Postfix 2.9 or later). # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. /etc/postfix/main.cf: address_verify_map = proxy:btree:$data_directory/verify_cache # address_verify_cache_cleanup_interval = 0 # Example 4: Shared memory cache (requires Postfix 2.9 or later). # Disable automatic cache cleanup in all Postfix instances. # See memcache_table(5) for details. /etc/postfix/main.cf: address_verify_map = memcache:/etc/postfix/verify-memcache.cf address_verify_cache_cleanup_interval = 0 # Example 5: Default setting for Postfix 2.6 and earlier. # This uses non-persistent storage only. /etc/postfix/main.cf: address_verify_map = NOTE 1: The database file should be stored under a Postfix-owned directory, such as $data_directory. As of version 2.5, Postfix no longer uses root privileges when opening this file. To maintain backwards compatibility, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using a pre-existing database file, change its file ownership to the account specified with the mail_owner parameter, and either move the file to the data_directory, or move it to some other Postfix-owned directory. NOTE 2: Do not put this file in a file system that may run out of space. When the address verification table gets corrupted the world comes to an end and YOU will have to MANUALLY fix things as described in the next section. Meanwhile, you will not receive mail via SMTP. NOTE 3: The verify(8) daemon will create a new database when none exists. It will open or create the file before entering the chroot jail. MMaannaaggiinngg tthhee aaddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee The verify(8) manual page describes parameters that control how long address verification results are cached before they need to be refreshed, and how long results can remain "unrefreshed" before they expire. Postfix uses different controls for positive results (address was accepted) and for negative results (address was rejected, or address verification failed for some other reason). The verify(8) daemon will periodically remove expired entries from the address verification database, and log the number of entries retained and dropped (Postfix versions 2.7 and later). A cleanup run is logged as "partial" when the daemon terminates early because of "postfix reload, "postfix stop", or because the daemon received no requests for $max_idle seconds. Postfix versions 2.6 and earlier do not implement automatic address verification database cleanup. There, the database is managed manually as described next. When the address verification database file becomes too big, or when it becomes corrupted, the solution is to manually rename or delete (NOT: truncate) the file and run "postfix reload". The verify(8) daemon will then create a new database file. CCoonnttrroolllliinngg tthhee rroouuttiinngg ooff aaddddrreessss vveerriiffiiccaattiioonn pprroobbeess By default, Postfix sends address verification probe messages via the same route as regular mail, because that normally produces the most accurate result. It's no good to verify a local address by connecting to your own SMTP port; that just triggers all kinds of mailer loop alarms. The same is true for any destination that your machine is best MX host for: hidden domains, virtual domains, etc. However, some sites have a complex infrastructure where mail is not sent directly to the Internet, but is instead given to an intermediate relayhost. This is a problem for address verification, because remote Internet addresses can be verified only when Postfix can access remote destinations directly. For this reason, Postfix allows you to override the routing parameters when it delivers an address verification probe message. First, the address_verify_relayhost parameter allows you to override the relayhost setting, and the address_verify_transport_maps parameter allows you to override the transport_maps setting. The address_verify_sender_dependent_relayhost_maps parameter does the same for sender-dependent relayhost selection. Second, each address class is given its own address verification version of the message delivery transport, as shown in the table below. Address classes are defined in the ADDRESS_CLASS_README file. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |DDoommaaiinn lliisstt |RReegguullaarr ttrraannssppoorrtt|VVeerriiffyy ttrraannssppoorrtt | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |mydestination |local_transport |address_verify_local_transport | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |virtual_alias_domains |(not applicable) |(not applicable) | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |virtual_mailbox_domains|virtual_transport|address_verify_virtual_transport| |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |relay_domains |relay_transport |address_verify_relay_transport | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |(not applicable) |default_transport|address_verify_default_transport| |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | By default, the parameters that control delivery of address probes have the same value as the parameters that control normal mail delivery. FFoorrcceedd pprroobbee rroouuttiinngg eexxaammpplleess In a typical scenario one would override the relayhost setting for address verification probes and leave everything else alone: /etc/postfix/main.cf: relayhost = $mydomain address_verify_relayhost = ... Sites behind a network address translation box might have to use a different SMTP client that sends the correct hostname information: /etc/postfix/main.cf: relayhost = $mydomain address_verify_relayhost = address_verify_default_transport = direct_smtp /etc/postfix/master.cf: direct_smtp .. .. .. .. .. .. .. .. .. smtp -o smtp_helo_name=nat.box.tld LLiimmiittaattiioonnss ooff ffoorrcceedd pprroobbee rroouuttiinngg Inconsistencies can happen when probe messages don't follow the same path as regular mail. For example, a message can be accepted when it follows the regular route while an otherwise identical probe message is rejected when it follows the forced route. The opposite can happen, too, but is less likely. @ 1.10 log @Merge conflicts between postfix 3.5.2 and 3.7.3 @ text @d227 2 a228 2 could be found at http://www.monkeys.com/anti-spam/filtering/sender-domain- validate.in. @ 1.10.4.1 log @Sync with HEAD @ text @d227 2 a228 2 was archived at https://web.archive.org/web/20080526153208/http:// www.monkeys.com/anti-spam/filtering/sender-domain-validate.in. @ 1.9 log @merge postfix-3.5.0 @ text @d9 1 a9 1 Sender address verification may cause your site to be blacklisted by some d92 5 a96 5 * Some sites may blacklist you when you are probing them too often (a probe is an SMTP session that does not deliver mail), or when you are probing them too often for a non-existent address. This is one reason why you should use sender address verification sparingly, if at all, when your site receives lots of email. d128 1 a128 1 end op on spammer mailing lists. Although Postfix always discards mail to d237 1 a237 1 almost certainly will have to set up white lists for specific addresses, or d263 1 a263 1 The sender_access restriction is needed to whitelist domains or addresses that d267 1 a267 1 NOTE: You will have to whitelist sites such as securityfocus.com and other @ 1.8 log @Resolve conflicts. @ text @a49 1 d52 1 a52 2 queue Postfix Postfix -> a62 1 d167 6 d213 6 @ 1.8.14.1 log @Pull up the following, requeste by kim in ticket #1779: external/ibm-public/postfix/dist/README_FILES/BDAT_README up to 1.1.1.2 external/ibm-public/postfix/dist/README_FILES/MAILLOG_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/POSTSCREEN_3_5_README up to 1.1.1.1 external/ibm-public/postfix/dist/html/BDAT_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/MAILLOG_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/makedefs.1.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/postlogd.8.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/POSTSCREEN_3_5_README.html up to 1.1.1.2 external/ibm-public/postfix/dist/html/postfix-doc.css up to 1.1.1.1 external/ibm-public/postfix/dist/man/man1/makedefs.1 up to 1.3 external/ibm-public/postfix/dist/man/man8/postlogd.8 up to 1.3 external/ibm-public/postfix/dist/mantools/missing-proxy-read-maps up to 1.1.1.3 external/ibm-public/postfix/dist/mantools/spelldiff up to 1.1.1.1 external/ibm-public/postfix/dist/mantools/check-double-cc up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/check-double-install-proto-text up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/check-double-proto-html up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/comment.c up to 1.2 external/ibm-public/postfix/dist/mantools/check-postfix-files up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/check-spell-cc up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/check-spell-install-proto-text up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/check-spell-proto-html up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/deroff up to 1.1.1.1 external/ibm-public/postfix/dist/mantools/find-double up to 1.1.1.1 external/ibm-public/postfix/dist/mantools/check-double-history up to 1.1.1.1 external/ibm-public/postfix/dist/mantools/check-spell-history up to 1.1.1.1 external/ibm-public/postfix/dist/mantools/check-table-proto up to 1.1.1.1 external/ibm-public/postfix/dist/proto/BDAT_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/MAILLOG_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/POSTSCREEN_3_5_README.html up to 1.1.1.2 external/ibm-public/postfix/dist/proto/stop.double-cc up to 1.1.1.2 external/ibm-public/postfix/dist/proto/stop.double-install-proto-text up to 1.1.1.1 external/ibm-public/postfix/dist/proto/stop.double-proto-html up to 1.1.1.2 external/ibm-public/postfix/dist/proto/stop.spell-cc up to 1.1.1.2 external/ibm-public/postfix/dist/proto/stop.spell-proto-html up to 1.1.1.2 external/ibm-public/postfix/dist/proto/stop.double-history up to 1.1.1.1 external/ibm-public/postfix/dist/proto/stop.spell-history up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/bounce_notify_util_tester.c up to 1.2 external/ibm-public/postfix/dist/src/bounce/logfile-no-msgid-no-eoh-event up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/logfile-no-msgid-with-eoh-event up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/logfile-with-msgid-no-eoh-event up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/logfile-with-msgid-with-eoh-event up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/logfile-with-msgid-with-filter up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/logfile-with-msgid-with-long-line up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/msgfile-no-msgid-no-eoh-event up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/msgfile-no-msgid-with-eoh-event up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/msgfile-with-msgid-no-eoh-event up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/msgfile-with-msgid-with-eoh-event up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/obs_template_test.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/msgfile-with-msgid-with-filter up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/msgfile-with-msgid-with-long-line up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/no-msgid-no-eoh-event-no-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/no-msgid-no-eoh-event-with-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/no-msgid-with-eoh-event-no-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/no-msgid-with-eoh-event-with-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/with-msgid-no-eoh-event-no-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/with-msgid-no-eoh-event-with-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/with-msgid-with-eoh-event-no-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/with-msgid-with-eoh-event-with-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/with-msgid-with-filter-no-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/with-msgid-with-filter-with-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/with-msgid-with-long-line-no-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/bounce/with-msgid-with-long-line-with-thread.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13e up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13f up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13g up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13h up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13i up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13e up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13f up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13g up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13h up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13i up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/test-queue-file13e up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/test-queue-file13f up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/test-queue-file13g up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/test-queue-file13h up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/test-queue-file13i up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17a up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17b up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17c up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17d up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17e up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17f up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17g up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17a1 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17a2 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17b1 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17b2 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17c1 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17c2 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17d1 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17d2 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17e1 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17e2 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17f1 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17f2 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17g1 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17g2 up to 1.1.1.1 external/ibm-public/postfix/dist/src/cleanup/test-queue-file17 up to 1.1.1.1 external/ibm-public/postfix/dist/src/dns/dns_str_resflags.c up to 1.3 external/ibm-public/postfix/dist/src/dns/dns_sec.c up to 1.2 external/ibm-public/postfix/dist/src/global/header_body_checks_strip.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/info_log_addr_form.c up to 1.2 external/ibm-public/postfix/dist/src/global/info_log_addr_form.h up to 1.2 external/ibm-public/postfix/dist/src/global/mail_addr_crunch.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/mail_addr_crunch.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/mail_addr_find.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/map_search.c up to 1.4 external/ibm-public/postfix/dist/src/global/map_search.h up to 1.2 external/ibm-public/postfix/dist/src/global/mail_addr_find.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/mail_addr_form.c up to 1.2 external/ibm-public/postfix/dist/src/global/mail_addr_form.h up to 1.2 external/ibm-public/postfix/dist/src/global/mail_addr_map.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/maillog_client.c up to 1.3 external/ibm-public/postfix/dist/src/global/maillog_client.h up to 1.2 external/ibm-public/postfix/dist/src/global/map_search.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/global/normalize_mailhost_addr.c up to 1.3 external/ibm-public/postfix/dist/src/global/normalize_mailhost_addr.h up to 1.2 external/ibm-public/postfix/dist/src/global/off_cvt.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/off_cvt.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/quote_822_local.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/global/quote_822_local.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/global/quote_flags.c up to 1.2 external/ibm-public/postfix/dist/src/global/reject_deliver_request.c up to 1.2 external/ibm-public/postfix/dist/src/global/compat_level.c up to 1.3 external/ibm-public/postfix/dist/src/global/compat_level.h up to 1.3 external/ibm-public/postfix/dist/src/global/test_main.c up to 1.2 external/ibm-public/postfix/dist/src/global/compat_level_convert.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/compat_level_convert.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/compat_level_expand.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/compat_level_expand.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/config_known_tcp_ports.c up to 1.2 external/ibm-public/postfix/dist/src/global/config_known_tcp_ports.h up to 1.2 external/ibm-public/postfix/dist/src/global/config_known_tcp_ports.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/delivered_hdr.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/hfrom_format.c up to 1.2 external/ibm-public/postfix/dist/src/global/hfrom_format.h up to 1.2 external/ibm-public/postfix/dist/src/global/hfrom_format.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/login_sender_match.c up to 1.2 external/ibm-public/postfix/dist/src/global/login_sender_match.h up to 1.2 external/ibm-public/postfix/dist/src/global/login_sender_match.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/global/sasl_mech_filter.c up to 1.2 external/ibm-public/postfix/dist/src/global/sasl_mech_filter.h up to 1.2 external/ibm-public/postfix/dist/src/global/test_main.h up to 1.2 external/ibm-public/postfix/dist/src/master/dgram_server.c up to 1.3 external/ibm-public/postfix/dist/src/postconf/extract_cfg.sh up to 1.1.1.1 external/ibm-public/postfix/dist/src/postconf/test64.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postconf/test65.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postconf/test66.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postconf/test67.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postconf/test68.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postconf/test69.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postconf/test70.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postconf/test71.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postmap/file_test.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/postmap/file_test.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postmap/quote_test.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/postmap/quote_test.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/postmap/lmdb_abb up to 1.1.1.1 external/ibm-public/postfix/dist/src/postmap/lmdb_abb.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/smtp/smtp_misc.c up to 1.2 external/ibm-public/postfix/dist/src/smtp/smtp_map11.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/smtpd/smtpd_addr_valid.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_addr_valid.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/tls/bad-back-to-back-keys.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/bad-back-to-back-keys.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/bad-ec-cert-before-key.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/bad-ec-cert-before-key.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/bad-key-cert-mismatch.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/bad-key-cert-mismatch.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/bad-rsa-key-last.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/bad-rsa-key-last.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/ecca-cert.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/ecca-pkey.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/ecee-cert.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/ecee-pkey.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/ecroot-cert.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/ecroot-pkey.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/good-mixed-keyfirst.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/good-mixed-keyfirst.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/good-mixed-keylast.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/good-mixed-keylast.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/good-mixed-keymiddle.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/good-mixed-keymiddle.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/goodchains.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/goodchains.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/mkcert.sh up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/rsaca-cert.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/rsaca-pkey.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/rsaee-cert.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/rsaee-pkey.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/rsaroot-cert.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/rsaroot-pkey.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/tls_proxy_client_misc.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_proxy_client_print.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_proxy_client_scan.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_proxy_context_print.c up to 1.3 external/ibm-public/postfix/dist/src/tls/tls_proxy_context_scan.c up to 1.3 external/ibm-public/postfix/dist/src/tls/tls_proxy_server_print.c up to 1.3 external/ibm-public/postfix/dist/src/tls/tls_proxy_server_scan.c up to 1.3 external/ibm-public/postfix/dist/src/tls/warn-mixed-multi-key.pem up to 1.1.1.1 external/ibm-public/postfix/dist/src/tls/warn-mixed-multi-key.pem.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/trivial-rewrite/transport.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/trivial-rewrite/transport.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/mkmap_db.c up to 1.2 external/ibm-public/postfix/dist/src/util/mkmap.h up to 1.2 external/ibm-public/postfix/dist/src/util/argv_attr.h up to 1.3 external/ibm-public/postfix/dist/src/util/argv_attr_print.c up to 1.3 external/ibm-public/postfix/dist/src/util/argv_attr_scan.c up to 1.3 external/ibm-public/postfix/dist/src/util/byte_mask.c up to 1.2 external/ibm-public/postfix/dist/src/util/byte_mask.h up to 1.2 external/ibm-public/postfix/dist/src/util/byte_mask.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/byte_mask.ref0 up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/byte_mask.ref1 up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/byte_mask.ref2 up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_file.c up to 1.3 external/ibm-public/postfix/dist/src/util/dict_cidr_file.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/logwriter.c up to 1.2 external/ibm-public/postfix/dist/src/util/dict_cidr_file.map up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_cidr_file.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_inline_file.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_pcre_file.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_pcre_file.map up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_pcre_file.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_pipe_test.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_pipe_test.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_random.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_random_file.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_regexp_file.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_regexp_file.map up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_regexp_file.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_static_file.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_thash.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_thash.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_union_test.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_union_test.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/logwriter.h up to 1.2 external/ibm-public/postfix/dist/src/util/miss_endif_cidr.map up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/miss_endif_cidr.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/miss_endif_pcre.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/miss_endif_re.map up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/miss_endif_regexp.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/msg_logger.c up to 1.3 external/ibm-public/postfix/dist/src/util/msg_logger.h up to 1.2 external/ibm-public/postfix/dist/src/util/split_qnameval.c up to 1.2 external/ibm-public/postfix/dist/src/util/unix_dgram_connect.c up to 1.3 external/ibm-public/postfix/dist/src/util/unix_dgram_listen.c up to 1.3 external/ibm-public/postfix/dist/src/util/vbuf_print_test.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/vbuf_print_test.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/vstream_test.in up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/vstream_test.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/vstring_test.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/sane_strtol.c up to 1.2 external/ibm-public/postfix/dist/src/util/argv_split_at.c up to 1.2 external/ibm-public/postfix/dist/src/util/dict_stream.c up to 1.2 external/ibm-public/postfix/dist/src/util/dict_inline_cidr.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_inline_pcre.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_inline_regexp.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/dict_stream.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/find_inet.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/hash_fnv.c up to 1.3 external/ibm-public/postfix/dist/src/util/hash_fnv.h up to 1.3 external/ibm-public/postfix/dist/src/util/known_tcp_ports.c up to 1.2 external/ibm-public/postfix/dist/src/util/known_tcp_ports.h up to 1.2 external/ibm-public/postfix/dist/src/util/known_tcp_ports.ref up to 1.1.1.1 external/ibm-public/postfix/dist/src/util/ldseed.c up to 1.2 external/ibm-public/postfix/dist/src/util/ldseed.h up to 1.2 external/ibm-public/postfix/dist/src/util/mystrtok.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/sane_strtol.h up to 1.2 external/ibm-public/postfix/dist/src/util/inet_addr_sizes.c up to 1.2 external/ibm-public/postfix/dist/src/util/inet_addr_sizes.h up to 1.2 external/ibm-public/postfix/dist/src/util/inet_prefix_top.c up to 1.2 external/ibm-public/postfix/dist/src/util/inet_prefix_top.h up to 1.2 external/ibm-public/postfix/dist/src/util/mkmap_cdb.c up to 1.2 external/ibm-public/postfix/dist/src/util/mkmap_dbm.c up to 1.2 external/ibm-public/postfix/dist/src/util/mkmap_fail.c up to 1.2 external/ibm-public/postfix/dist/src/util/mkmap_lmdb.c up to 1.2 external/ibm-public/postfix/dist/src/util/mkmap_open.c up to 1.2 external/ibm-public/postfix/dist/src/util/mkmap_sdbm.c up to 1.2 external/ibm-public/postfix/dist/src/postlogd/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/postlogd/postlogd.c up to 1.3 external/ibm-public/postfix/dist/RELEASE_NOTES-3.1 up to 1.1.1.1 external/ibm-public/postfix/dist/RELEASE_NOTES-3.2 up to 1.1.1.1 external/ibm-public/postfix/dist/RELEASE_NOTES-3.3 up to 1.1.1.1 external/ibm-public/postfix/dist/RELEASE_NOTES-3.4 up to 1.1.1.1 external/ibm-public/postfix/dist/RELEASE_NOTES-3.5 up to 1.1.1.1 external/ibm-public/postfix/dist/RELEASE_NOTES-3.6 up to 1.1.1.1 external/ibm-public/postfix/dist/WISHLIST up to 1.1.1.2 external/ibm-public/postfix/dist/RELEASE_NOTES-3.7 up to 1.1.1.1 external/ibm-public/postfix/dist/README_FILES/CYRUS_README delete external/ibm-public/postfix/dist/src/global/mkmap.h delete external/ibm-public/postfix/dist/src/global/mkmap_cdb.c delete external/ibm-public/postfix/dist/src/global/mkmap_db.c delete external/ibm-public/postfix/dist/src/global/mkmap_dbm.c delete external/ibm-public/postfix/dist/src/global/mkmap_fail.c delete external/ibm-public/postfix/dist/src/global/mkmap_lmdb.c delete external/ibm-public/postfix/dist/src/global/mkmap_open.c delete external/ibm-public/postfix/dist/src/global/mkmap_sdbm.c delete external/ibm-public/postfix/dist/src/smtp/map11_map delete external/ibm-public/postfix/dist/src/tls/tls_proxy_print.c delete external/ibm-public/postfix/dist/src/tls/tls_proxy_scan.c delete external/ibm-public/postfix/dist/src/util/percentm.c delete external/ibm-public/postfix/dist/src/util/percentm.h delete external/ibm-public/postfix/Makefile.inc up to 1.31 (+patch) external/ibm-public/postfix/dist/AAAREADME up to 1.1.1.4 external/ibm-public/postfix/dist/HISTORY up to 1.1.1.29 external/ibm-public/postfix/dist/INSTALL up to 1.1.1.9 external/ibm-public/postfix/dist/LICENSE up to 1.1.1.2 external/ibm-public/postfix/dist/Makefile up to 1.1.1.3 external/ibm-public/postfix/dist/Makefile.in up to 1.1.1.10 external/ibm-public/postfix/dist/Makefile.init up to 1.1.1.3 external/ibm-public/postfix/dist/RELEASE_NOTES up to 1.1.1.17 external/ibm-public/postfix/dist/TLS_ACKNOWLEDGEMENTS up to 1.1.1.2 external/ibm-public/postfix/dist/TLS_CHANGES up to 1.1.1.2 external/ibm-public/postfix/dist/TLS_LICENSE up to 1.1.1.2 external/ibm-public/postfix/dist/US_PATENT_6321267 up to 1.1.1.2 external/ibm-public/postfix/dist/makedefs up to 1.16 external/ibm-public/postfix/dist/postfix-env.sh up to 1.1.1.2 external/ibm-public/postfix/dist/postfix-install up to 1.8 external/ibm-public/postfix/dist/README_FILES/AAAREADME up to 1.1.1.6 external/ibm-public/postfix/dist/README_FILES/ADDRESS_CLASS_README up to 1.1.1.2 external/ibm-public/postfix/dist/README_FILES/ADDRESS_REWRITING_README up to 1.1.1.5 external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README up to 1.10 external/ibm-public/postfix/dist/README_FILES/BACKSCATTER_README up to 1.1.1.5 external/ibm-public/postfix/dist/README_FILES/BASIC_CONFIGURATION_README up to 1.1.1.6 external/ibm-public/postfix/dist/README_FILES/BUILTIN_FILTER_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/COMPATIBILITY_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/CONNECTION_CACHE_README up to 1.1.1.5 external/ibm-public/postfix/dist/README_FILES/DATABASE_README up to 1.1.1.9 external/ibm-public/postfix/dist/README_FILES/DB_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/DEBUG_README up to 1.1.1.5 external/ibm-public/postfix/dist/README_FILES/FILTER_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/FORWARD_SECRECY_README up to 1.1.1.5 external/ibm-public/postfix/dist/README_FILES/INSTALL up to 1.10 external/ibm-public/postfix/dist/README_FILES/IPV6_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/LDAP_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/LINUX_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/LMDB_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/MILTER_README up to 1.1.1.9 external/ibm-public/postfix/dist/README_FILES/MULTI_INSTANCE_README up to 1.1.1.7 external/ibm-public/postfix/dist/README_FILES/MYSQL_README up to 1.1.1.5 external/ibm-public/postfix/dist/README_FILES/OVERVIEW up to 1.1.1.5 external/ibm-public/postfix/dist/README_FILES/PCRE_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/PGSQL_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/POSTSCREEN_README up to 1.1.1.7 external/ibm-public/postfix/dist/README_FILES/QSHAPE_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES up to 1.1.1.17 external/ibm-public/postfix/dist/README_FILES/SASL_README up to 1.1.1.11 external/ibm-public/postfix/dist/README_FILES/SCHEDULER_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/SMTPD_ACCESS_README up to 1.1.1.6 external/ibm-public/postfix/dist/README_FILES/SMTPD_POLICY_README up to 1.1.1.7 external/ibm-public/postfix/dist/README_FILES/SMTPD_PROXY_README up to 1.1.1.6 external/ibm-public/postfix/dist/README_FILES/SMTPUTF8_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/SOHO_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/SQLITE_README up to 1.1.1.4 external/ibm-public/postfix/dist/README_FILES/STANDARD_CONFIGURATION_README up to 1.1.1.6 external/ibm-public/postfix/dist/README_FILES/STRESS_README up to 1.1.1.6 external/ibm-public/postfix/dist/README_FILES/TLS_LEGACY_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/TLS_README up to 1.14 external/ibm-public/postfix/dist/README_FILES/TUNING_README up to 1.1.1.5 external/ibm-public/postfix/dist/README_FILES/VIRTUAL_README up to 1.1.1.3 external/ibm-public/postfix/dist/README_FILES/XCLIENT_README up to 1.1.1.4 external/ibm-public/postfix/dist/conf/LICENSE up to 1.1.1.2 external/ibm-public/postfix/dist/conf/TLS_LICENSE up to 1.1.1.2 external/ibm-public/postfix/dist/conf/access up to 1.1.1.8 external/ibm-public/postfix/dist/conf/aliases up to 1.1.1.5 external/ibm-public/postfix/dist/conf/canonical up to 1.1.1.5 external/ibm-public/postfix/dist/conf/generic up to 1.1.1.4 external/ibm-public/postfix/dist/conf/header_checks up to 1.1.1.6 external/ibm-public/postfix/dist/conf/main.cf up to 1.10 external/ibm-public/postfix/dist/conf/master.cf up to 1.11 external/ibm-public/postfix/dist/conf/post-install up to 1.4 external/ibm-public/postfix/dist/conf/postfix-files up to 1.9 external/ibm-public/postfix/dist/conf/postfix-script up to 1.4 external/ibm-public/postfix/dist/conf/postfix-tls-script up to 1.5 external/ibm-public/postfix/dist/conf/postmulti-script up to 1.3 external/ibm-public/postfix/dist/conf/relocated up to 1.1.1.3 external/ibm-public/postfix/dist/conf/transport up to 1.1.1.5 external/ibm-public/postfix/dist/conf/virtual up to 1.1.1.6 external/ibm-public/postfix/dist/html/ADDRESS_CLASS_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/ADDRESS_REWRITING_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html up to 1.11 external/ibm-public/postfix/dist/html/BACKSCATTER_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/BASIC_CONFIGURATION_README.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/BUILTIN_FILTER_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/CDB_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/COMPATIBILITY_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/CONNECTION_CACHE_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/CONTENT_INSPECTION_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/DATABASE_README.html up to 1.1.1.10 external/ibm-public/postfix/dist/html/DB_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/DEBUG_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/DSN_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/ETRN_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/FILTER_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/FORWARD_SECRECY_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/INSTALL.html up to 1.10 external/ibm-public/postfix/dist/html/IPV6_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/LDAP_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/LINUX_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/LMDB_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/LOCAL_RECIPIENT_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/MAILDROP_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/MEMCACHE_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/MILTER_README.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/MULTI_INSTANCE_README.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/MYSQL_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/Makefile.in up to 1.1.1.7 external/ibm-public/postfix/dist/html/NFS_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/OVERVIEW.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/PACKAGE_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/PCRE_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/PGSQL_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/POSTSCREEN_README.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/QSHAPE_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/RESTRICTION_CLASS_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/SASL_README.html up to 1.1.1.11 external/ibm-public/postfix/dist/html/SCHEDULER_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/SMTPD_ACCESS_README.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/SMTPD_POLICY_README.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/SMTPD_PROXY_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/SMTPUTF8_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/SOHO_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/SQLITE_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/STANDARD_CONFIGURATION_README.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/STRESS_README.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/TLS_LEGACY_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/TLS_README.html up to 1.15 external/ibm-public/postfix/dist/html/TUNING_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/UUCP_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/VERP_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/VIRTUAL_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/XCLIENT_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/XFORWARD_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/access.5.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/aliases.5.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/anvil.8.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/bounce.5.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/bounce.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/canonical.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/cidr_table.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/cleanup.8.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/defer.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/discard.8.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/dnsblog.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/error.8.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/flush.8.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/generic.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/header_checks.5.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/index.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/ldap_table.5.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/lmdb_table.5.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/lmtp.8.html up to 1.1.1.12 external/ibm-public/postfix/dist/html/local.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/mailq.1.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/master.5.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/master.8.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/memcache_table.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/mysql_table.5.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/newaliases.1.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/nisplus_table.5.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/oqmgr.8.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/pcre_table.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/pgsql_table.5.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/pickup.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/pipe.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/postalias.1.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/postcat.1.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/postconf.1.html up to 1.1.1.11 external/ibm-public/postfix/dist/html/postconf.5.html up to 1.19 external/ibm-public/postfix/dist/html/postdrop.1.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/postfix-manuals.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/postfix-tls.1.html up to 1.1.1.3 external/ibm-public/postfix/dist/html/postfix-wrapper.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/postfix.1.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/postkick.1.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/postlock.1.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/postlog.1.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/postmap.1.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/postmulti.1.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/postqueue.1.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/postscreen.8.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/postsuper.1.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/posttls-finger.1.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/proxymap.8.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/qmgr.8.html up to 1.1.1.9 external/ibm-public/postfix/dist/html/qmqp-sink.1.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/qmqp-source.1.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/qmqpd.8.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/qshape.1.html up to 1.1.1.4 external/ibm-public/postfix/dist/html/regexp_table.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/relocated.5.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/scache.8.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/sendmail.1.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/showq.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/smtp-sink.1.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/smtp-source.1.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/smtp.8.html up to 1.1.1.12 external/ibm-public/postfix/dist/html/smtpd.8.html up to 1.1.1.13 external/ibm-public/postfix/dist/html/socketmap_table.5.html up to 1.1.1.5 external/ibm-public/postfix/dist/html/spawn.8.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/sqlite_table.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/tcp_table.5.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/tlsmgr.8.html up to 1.1.1.6 external/ibm-public/postfix/dist/html/tlsproxy.8.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/trace.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/transport.5.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/trivial-rewrite.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/verify.8.html up to 1.1.1.8 external/ibm-public/postfix/dist/html/virtual.5.html up to 1.1.1.7 external/ibm-public/postfix/dist/html/virtual.8.html up to 1.1.1.7 external/ibm-public/postfix/dist/man/Makefile.in up to 1.1.1.7 external/ibm-public/postfix/dist/man/man1/postalias.1 up to 1.4 external/ibm-public/postfix/dist/man/man1/postcat.1 up to 1.4 external/ibm-public/postfix/dist/man/man1/postconf.1 up to 1.4 external/ibm-public/postfix/dist/man/man1/postdrop.1 up to 1.4 external/ibm-public/postfix/dist/man/man1/postfix-tls.1 up to 1.3 external/ibm-public/postfix/dist/man/man1/postfix.1 up to 1.6 external/ibm-public/postfix/dist/man/man1/postkick.1 up to 1.3 external/ibm-public/postfix/dist/man/man1/postlock.1 up to 1.3 external/ibm-public/postfix/dist/man/man1/postlog.1 up to 1.5 external/ibm-public/postfix/dist/man/man1/postmap.1 up to 1.4 external/ibm-public/postfix/dist/man/man1/postmulti.1 up to 1.4 external/ibm-public/postfix/dist/man/man1/postqueue.1 up to 1.5 external/ibm-public/postfix/dist/man/man1/postsuper.1 up to 1.4 external/ibm-public/postfix/dist/man/man1/posttls-finger.1 up to 1.5 external/ibm-public/postfix/dist/man/man1/sendmail.1 up to 1.4 external/ibm-public/postfix/dist/man/man1/smtp-sink.1 up to 1.3 external/ibm-public/postfix/dist/man/man5/access.5 up to 1.4 external/ibm-public/postfix/dist/man/man5/aliases.5 up to 1.5 external/ibm-public/postfix/dist/man/man5/canonical.5 up to 1.4 external/ibm-public/postfix/dist/man/man5/cidr_table.5 up to 1.5 external/ibm-public/postfix/dist/man/man5/generic.5 up to 1.4 external/ibm-public/postfix/dist/man/man5/header_checks.5 up to 1.3 external/ibm-public/postfix/dist/man/man5/ldap_table.5 up to 1.5 external/ibm-public/postfix/dist/man/man5/lmdb_table.5 up to 1.3 external/ibm-public/postfix/dist/man/man5/master.5 up to 1.4 external/ibm-public/postfix/dist/man/man5/mysql_table.5 up to 1.5 external/ibm-public/postfix/dist/man/man5/pcre_table.5 up to 1.4 external/ibm-public/postfix/dist/man/man5/pgsql_table.5 up to 1.5 external/ibm-public/postfix/dist/man/man5/postconf.5 up to 1.19 external/ibm-public/postfix/dist/man/man5/regexp_table.5 up to 1.4 external/ibm-public/postfix/dist/man/man5/relocated.5 up to 1.3 external/ibm-public/postfix/dist/man/man5/socketmap_table.5 up to 1.3 external/ibm-public/postfix/dist/man/man5/sqlite_table.5 up to 1.4 external/ibm-public/postfix/dist/man/man5/tcp_table.5 up to 1.3 external/ibm-public/postfix/dist/man/man5/transport.5 up to 1.4 external/ibm-public/postfix/dist/man/man5/virtual.5 up to 1.5 external/ibm-public/postfix/dist/man/man8/anvil.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/bounce.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/cleanup.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/discard.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/dnsblog.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/error.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/flush.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/local.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/master.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/oqmgr.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/pickup.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/pipe.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/postscreen.8 up to 1.5 external/ibm-public/postfix/dist/man/man8/proxymap.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/qmgr.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/qmqpd.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/scache.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/showq.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/smtp.8 up to 1.5 external/ibm-public/postfix/dist/man/man8/smtpd.8 up to 1.5 external/ibm-public/postfix/dist/man/man8/spawn.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/tlsmgr.8 up to 1.3 external/ibm-public/postfix/dist/man/man8/tlsproxy.8 up to 1.5 external/ibm-public/postfix/dist/man/man8/trivial-rewrite.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/verify.8 up to 1.4 external/ibm-public/postfix/dist/man/man8/virtual.8 up to 1.4 external/ibm-public/postfix/dist/mantools/ccformat up to 1.1.1.3 external/ibm-public/postfix/dist/mantools/check-postlink up to 1.1.1.3 external/ibm-public/postfix/dist/mantools/fixman up to 1.1.1.3 external/ibm-public/postfix/dist/mantools/make-relnotes up to 1.1.1.3 external/ibm-public/postfix/dist/mantools/make_soho_readme up to 1.1.1.4 external/ibm-public/postfix/dist/mantools/makemanidx up to 1.1.1.4 external/ibm-public/postfix/dist/mantools/man2html up to 1.1.1.5 external/ibm-public/postfix/dist/mantools/manlint up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/manspell up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/postconf2man up to 1.1.1.5 external/ibm-public/postfix/dist/mantools/postlink up to 1.1.1.13 external/ibm-public/postfix/dist/mantools/readme2html up to 1.1.1.2 external/ibm-public/postfix/dist/mantools/spell up to 1.1.1.3 external/ibm-public/postfix/dist/mantools/srctoman up to 1.1.1.3 external/ibm-public/postfix/dist/proto/ADDRESS_CLASS_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/ADDRESS_REWRITING_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/ADDRESS_VERIFICATION_README.html up to 1.11 external/ibm-public/postfix/dist/proto/BACKSCATTER_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/BASIC_CONFIGURATION_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/BUILTIN_FILTER_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/CDB_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/COMPATIBILITY_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/CONNECTION_CACHE_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/CONTENT_INSPECTION_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/DATABASE_README.html up to 1.1.1.10 external/ibm-public/postfix/dist/proto/DB_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/DEBUG_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/DSN_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/ETRN_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/FILTER_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/FORWARD_SECRECY_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/INSTALL.html up to 1.10 external/ibm-public/postfix/dist/proto/IPV6_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/LDAP_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/LINUX_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/LMDB_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/LOCAL_RECIPIENT_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/MAILDROP_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/MEMCACHE_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/MILTER_README.html up to 1.1.1.9 external/ibm-public/postfix/dist/proto/MULTI_INSTANCE_README.html up to 1.1.1.8 external/ibm-public/postfix/dist/proto/MYSQL_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/Makefile.in up to 1.1.1.7 external/ibm-public/postfix/dist/proto/NFS_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/OVERVIEW.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/PACKAGE_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/PCRE_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/PGSQL_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/POSTSCREEN_README.html up to 1.1.1.8 external/ibm-public/postfix/dist/proto/QSHAPE_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/RESTRICTION_CLASS_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/SASL_README.html up to 1.1.1.11 external/ibm-public/postfix/dist/proto/SCHEDULER_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/SMTPD_ACCESS_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/SMTPD_POLICY_README.html up to 1.1.1.7 external/ibm-public/postfix/dist/proto/SMTPD_PROXY_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/SMTPUTF8_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/SQLITE_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/STANDARD_CONFIGURATION_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/STRESS_README.html up to 1.1.1.7 external/ibm-public/postfix/dist/proto/TLS_LEGACY_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/TLS_README.html up to 1.14 external/ibm-public/postfix/dist/proto/TUNING_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/UUCP_README.html up to 1.1.1.3 external/ibm-public/postfix/dist/proto/VERP_README.html up to 1.1.1.5 external/ibm-public/postfix/dist/proto/VIRTUAL_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/XCLIENT_README.html up to 1.1.1.6 external/ibm-public/postfix/dist/proto/XFORWARD_README.html up to 1.1.1.4 external/ibm-public/postfix/dist/proto/access up to 1.1.1.8 external/ibm-public/postfix/dist/proto/aliases up to 1.1.1.6 external/ibm-public/postfix/dist/proto/canonical up to 1.1.1.5 external/ibm-public/postfix/dist/proto/cidr_table up to 1.1.1.6 external/ibm-public/postfix/dist/proto/generic up to 1.1.1.4 external/ibm-public/postfix/dist/proto/header_checks up to 1.1.1.7 external/ibm-public/postfix/dist/proto/ldap_table up to 1.1.1.7 external/ibm-public/postfix/dist/proto/lmdb_table up to 1.1.1.3 external/ibm-public/postfix/dist/proto/master up to 1.1.1.8 external/ibm-public/postfix/dist/proto/mysql_table up to 1.1.1.8 external/ibm-public/postfix/dist/proto/pcre_table up to 1.1.1.6 external/ibm-public/postfix/dist/proto/pgsql_table up to 1.1.1.8 external/ibm-public/postfix/dist/proto/postconf.html.prolog up to 1.1.1.5 external/ibm-public/postfix/dist/proto/postconf.man.prolog up to 1.1.1.4 external/ibm-public/postfix/dist/proto/postconf.proto up to 1.19 external/ibm-public/postfix/dist/proto/regexp_table up to 1.1.1.6 external/ibm-public/postfix/dist/proto/relocated up to 1.1.1.3 external/ibm-public/postfix/dist/proto/socketmap_table up to 1.1.1.3 external/ibm-public/postfix/dist/proto/sqlite_table up to 1.1.1.5 external/ibm-public/postfix/dist/proto/stop up to 1.1.1.7 external/ibm-public/postfix/dist/proto/tcp_table up to 1.1.1.4 external/ibm-public/postfix/dist/proto/transport up to 1.1.1.5 external/ibm-public/postfix/dist/proto/virtual up to 1.1.1.6 external/ibm-public/postfix/dist/src/anvil/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/anvil/anvil.c up to 1.4 external/ibm-public/postfix/dist/src/bounce/2template_test.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/bounce/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/bounce/bounce.c up to 1.4 external/ibm-public/postfix/dist/src/bounce/bounce_notify_util.c up to 1.4 external/ibm-public/postfix/dist/src/bounce/bounce_service.h up to 1.3 external/ibm-public/postfix/dist/src/bounce/bounce_template.c up to 1.4 external/ibm-public/postfix/dist/src/bounce/bounce_template.h up to 1.3 external/ibm-public/postfix/dist/src/bounce/bounce_templates.c up to 1.3 external/ibm-public/postfix/dist/src/bounce/template_test.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/cleanup/Makefile.in up to 1.1.1.9 external/ibm-public/postfix/dist/src/cleanup/cleanup.c up to 1.8 external/ibm-public/postfix/dist/src/cleanup/cleanup.h up to 1.10 external/ibm-public/postfix/dist/src/cleanup/cleanup_addr.c up to 1.3 external/ibm-public/postfix/dist/src/cleanup/cleanup_api.c up to 1.4 external/ibm-public/postfix/dist/src/cleanup/cleanup_body_edit.c up to 1.3 external/ibm-public/postfix/dist/src/cleanup/cleanup_envelope.c up to 1.5 external/ibm-public/postfix/dist/src/cleanup/cleanup_init.c up to 1.7 external/ibm-public/postfix/dist/src/cleanup/cleanup_map11.c up to 1.3 external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c up to 1.4 external/ibm-public/postfix/dist/src/cleanup/cleanup_message.c up to 1.4 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.c up to 1.5 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13c up to 1.1.1.2 external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13d up to 1.1.1.2 external/ibm-public/postfix/dist/src/cleanup/cleanup_out.c up to 1.3 external/ibm-public/postfix/dist/src/cleanup/cleanup_out_recipient.c up to 1.4 external/ibm-public/postfix/dist/src/cleanup/cleanup_region.c up to 1.3 external/ibm-public/postfix/dist/src/cleanup/cleanup_state.c up to 1.4 external/ibm-public/postfix/dist/src/discard/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/discard/discard.c up to 1.3 external/ibm-public/postfix/dist/src/dns/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/dns/dns.h up to 1.6 external/ibm-public/postfix/dist/src/dns/dns_lookup.c up to 1.8 external/ibm-public/postfix/dist/src/dns/dns_rr.c up to 1.3 external/ibm-public/postfix/dist/src/dns/dns_rr_eq_sa.c up to 1.3 external/ibm-public/postfix/dist/src/dns/dns_rr_eq_sa.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/dns/dns_rr_eq_sa.ref up to 1.1.1.5 external/ibm-public/postfix/dist/src/dns/dns_rr_to_pa.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/dns/dns_rr_to_sa.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/dns/dns_sa_to_rr.c up to 1.3 external/ibm-public/postfix/dist/src/dns/dns_sa_to_rr.ref up to 1.1.1.5 external/ibm-public/postfix/dist/src/dns/dns_strrecord.c up to 1.3 external/ibm-public/postfix/dist/src/dns/dns_strtype.c up to 1.2 external/ibm-public/postfix/dist/src/dns/dnsbl_ttl_127.0.0.1_bind_ncache.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/dns/dnsbl_ttl_127.0.0.1_bind_plain.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/dns/dnsbl_ttl_127.0.0.2_bind_plain.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/dns/error.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/dns/mxonly_test.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/dns/no-a.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/dns/no-aaaa.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/dns/no-mx.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/dns/nullmx_test.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/dns/nxdomain_test.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/dns/test_dns_lookup.c up to 1.3 external/ibm-public/postfix/dist/src/dnsblog/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/dnsblog/dnsblog.c up to 1.4 external/ibm-public/postfix/dist/src/error/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/error/error.c up to 1.3 external/ibm-public/postfix/dist/src/flush/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/flush/flush.c up to 1.4 external/ibm-public/postfix/dist/src/fsstone/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/global/Makefile.in up to 1.1.1.10 external/ibm-public/postfix/dist/src/global/abounce.c up to 1.3 external/ibm-public/postfix/dist/src/global/anvil_clnt.c up to 1.4 external/ibm-public/postfix/dist/src/global/anvil_clnt.h up to 1.3 external/ibm-public/postfix/dist/src/global/been_here.c up to 1.4 external/ibm-public/postfix/dist/src/global/been_here.h up to 1.3 external/ibm-public/postfix/dist/src/global/bounce.c up to 1.3 external/ibm-public/postfix/dist/src/global/bounce_log.c up to 1.3 external/ibm-public/postfix/dist/src/global/cleanup_strerror.c up to 1.2 external/ibm-public/postfix/dist/src/global/cleanup_user.h up to 1.3 external/ibm-public/postfix/dist/src/global/clnt_stream.c up to 1.4 external/ibm-public/postfix/dist/src/global/clnt_stream.h up to 1.2 external/ibm-public/postfix/dist/src/global/db_common.c up to 1.3 external/ibm-public/postfix/dist/src/global/debug_peer.c up to 1.3 external/ibm-public/postfix/dist/src/global/defer.c up to 1.3 external/ibm-public/postfix/dist/src/global/deliver_pass.c up to 1.3 external/ibm-public/postfix/dist/src/global/deliver_request.c up to 1.3 external/ibm-public/postfix/dist/src/global/deliver_request.h up to 1.3 external/ibm-public/postfix/dist/src/global/delivered_hdr.c up to 1.3 external/ibm-public/postfix/dist/src/global/dict_ldap.c up to 1.5 external/ibm-public/postfix/dist/src/global/dict_memcache.c up to 1.3 external/ibm-public/postfix/dist/src/global/dict_mysql.c up to 1.4 external/ibm-public/postfix/dist/src/global/dict_pgsql.c up to 1.4 external/ibm-public/postfix/dist/src/global/dict_proxy.c up to 1.3 external/ibm-public/postfix/dist/src/global/dict_proxy.h up to 1.3 external/ibm-public/postfix/dist/src/global/dict_sqlite.c up to 1.4 external/ibm-public/postfix/dist/src/global/dsb_scan.c up to 1.3 external/ibm-public/postfix/dist/src/global/dsb_scan.h up to 1.2 external/ibm-public/postfix/dist/src/global/dsn_print.c up to 1.3 external/ibm-public/postfix/dist/src/global/dsn_print.h up to 1.2 external/ibm-public/postfix/dist/src/global/dynamicmaps.c up to 1.4 external/ibm-public/postfix/dist/src/global/ehlo_mask.c up to 1.3 external/ibm-public/postfix/dist/src/global/ehlo_mask.h up to 1.3 external/ibm-public/postfix/dist/src/global/flush_clnt.c up to 1.3 external/ibm-public/postfix/dist/src/global/haproxy_srvr.c up to 1.3 external/ibm-public/postfix/dist/src/global/haproxy_srvr.h up to 1.2 external/ibm-public/postfix/dist/src/global/header_body_checks.c up to 1.3 external/ibm-public/postfix/dist/src/global/header_body_checks.h up to 1.3 external/ibm-public/postfix/dist/src/global/log_adhoc.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_addr_crunch.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_addr_crunch.h up to 1.2 external/ibm-public/postfix/dist/src/global/mail_addr_find.c up to 1.4 external/ibm-public/postfix/dist/src/global/mail_addr_find.h up to 1.2 external/ibm-public/postfix/dist/src/global/mail_addr_map.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_addr_map.h up to 1.2 external/ibm-public/postfix/dist/src/global/mail_command_client.c up to 1.4 external/ibm-public/postfix/dist/src/global/mail_conf.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_conf.h up to 1.3 external/ibm-public/postfix/dist/src/global/mail_conf_int.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_conf_long.c up to 1.2 external/ibm-public/postfix/dist/src/global/mail_conf_nint.c up to 1.2 external/ibm-public/postfix/dist/src/global/mail_conf_time.c up to 1.4 external/ibm-public/postfix/dist/src/global/mail_copy.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_dict.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_error.c up to 1.2 external/ibm-public/postfix/dist/src/global/mail_params.c up to 1.5 external/ibm-public/postfix/dist/src/global/mail_params.h up to 1.19 external/ibm-public/postfix/dist/src/global/mail_parm_split.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_proto.h up to 1.5 external/ibm-public/postfix/dist/src/global/mail_queue.h up to 1.3 external/ibm-public/postfix/dist/src/global/mail_stream.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_task.c up to 1.3 external/ibm-public/postfix/dist/src/global/mail_version.h up to 1.6 external/ibm-public/postfix/dist/src/global/maps.c up to 1.4 external/ibm-public/postfix/dist/src/global/maps.h up to 1.2 external/ibm-public/postfix/dist/src/global/maps.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/global/memcache_proto.c up to 1.3 external/ibm-public/postfix/dist/src/global/mime_state.c up to 1.3 external/ibm-public/postfix/dist/src/global/mkmap_proxy.c up to 1.2 external/ibm-public/postfix/dist/src/global/msg_stats.h up to 1.2 external/ibm-public/postfix/dist/src/global/msg_stats_print.c up to 1.3 external/ibm-public/postfix/dist/src/global/msg_stats_scan.c up to 1.3 external/ibm-public/postfix/dist/src/global/namadr_list.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/global/namadr_list.ref up to 1.1.1.5 external/ibm-public/postfix/dist/src/global/off_cvt.c up to 1.2 external/ibm-public/postfix/dist/src/global/opened.c up to 1.2 external/ibm-public/postfix/dist/src/global/post_mail.c up to 1.4 external/ibm-public/postfix/dist/src/global/post_mail.h up to 1.3 external/ibm-public/postfix/dist/src/global/quote_822_local.c up to 1.3 external/ibm-public/postfix/dist/src/global/quote_822_local.h up to 1.2 external/ibm-public/postfix/dist/src/global/quote_flags.h up to 1.2 external/ibm-public/postfix/dist/src/global/rcpt_buf.c up to 1.4 external/ibm-public/postfix/dist/src/global/rcpt_buf.h up to 1.2 external/ibm-public/postfix/dist/src/global/rcpt_print.c up to 1.3 external/ibm-public/postfix/dist/src/global/rcpt_print.h up to 1.2 external/ibm-public/postfix/dist/src/global/rec_type.h up to 1.3 external/ibm-public/postfix/dist/src/global/record.c up to 1.4 external/ibm-public/postfix/dist/src/global/resolve_clnt.c up to 1.4 external/ibm-public/postfix/dist/src/global/resolve_clnt.h up to 1.2 external/ibm-public/postfix/dist/src/global/rewrite_clnt.c up to 1.3 external/ibm-public/postfix/dist/src/global/scache.h up to 1.3 external/ibm-public/postfix/dist/src/global/scache_clnt.c up to 1.3 external/ibm-public/postfix/dist/src/global/sent.c up to 1.3 external/ibm-public/postfix/dist/src/global/server_acl.c up to 1.3 external/ibm-public/postfix/dist/src/global/server_acl.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/global/server_acl.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/global/smtp_reply_footer.c up to 1.3 external/ibm-public/postfix/dist/src/global/smtp_stream.c up to 1.5 external/ibm-public/postfix/dist/src/global/smtp_stream.h up to 1.4 external/ibm-public/postfix/dist/src/global/smtputf8.h up to 1.3 external/ibm-public/postfix/dist/src/global/split_addr.c up to 1.3 external/ibm-public/postfix/dist/src/global/split_addr.h up to 1.2 external/ibm-public/postfix/dist/src/global/strip_addr.c up to 1.4 external/ibm-public/postfix/dist/src/global/strip_addr.h up to 1.2 external/ibm-public/postfix/dist/src/global/strip_addr.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/global/trace.c up to 1.3 external/ibm-public/postfix/dist/src/global/uxtext.c up to 1.3 external/ibm-public/postfix/dist/src/global/verify.c up to 1.4 external/ibm-public/postfix/dist/src/global/verify_clnt.c up to 1.3 external/ibm-public/postfix/dist/src/global/verify_sender_addr.c up to 1.4 external/ibm-public/postfix/dist/src/global/xtext.c up to 1.3 external/ibm-public/postfix/dist/src/local/Makefile.in up to 1.1.1.8 external/ibm-public/postfix/dist/src/local/alias.c up to 1.3 external/ibm-public/postfix/dist/src/local/forward.c up to 1.4 external/ibm-public/postfix/dist/src/local/local.c up to 1.4 external/ibm-public/postfix/dist/src/local/local_expand.c up to 1.3 external/ibm-public/postfix/dist/src/local/mailbox.c up to 1.4 external/ibm-public/postfix/dist/src/local/unknown.c up to 1.8 external/ibm-public/postfix/dist/src/master/Makefile.in up to 1.1.1.7 external/ibm-public/postfix/dist/src/master/event_server.c up to 1.4 external/ibm-public/postfix/dist/src/master/mail_server.h up to 1.4 external/ibm-public/postfix/dist/src/master/master.c up to 1.4 external/ibm-public/postfix/dist/src/master/master.h up to 1.2 external/ibm-public/postfix/dist/src/master/master_conf.c up to 1.2 external/ibm-public/postfix/dist/src/master/master_ent.c up to 1.4 external/ibm-public/postfix/dist/src/master/master_listen.c up to 1.2 external/ibm-public/postfix/dist/src/master/master_monitor.c up to 1.3 external/ibm-public/postfix/dist/src/master/master_proto.h up to 1.2 external/ibm-public/postfix/dist/src/master/master_sig.c up to 1.3 external/ibm-public/postfix/dist/src/master/master_spawn.c up to 1.3 external/ibm-public/postfix/dist/src/master/master_vars.c up to 1.3 external/ibm-public/postfix/dist/src/master/master_wakeup.c up to 1.3 external/ibm-public/postfix/dist/src/master/multi_server.c up to 1.4 external/ibm-public/postfix/dist/src/master/single_server.c up to 1.4 external/ibm-public/postfix/dist/src/master/trigger_server.c up to 1.4 external/ibm-public/postfix/dist/src/milter/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/milter/milter.c up to 1.5 external/ibm-public/postfix/dist/src/milter/milter.h up to 1.4 external/ibm-public/postfix/dist/src/milter/milter8.c up to 1.5 external/ibm-public/postfix/dist/src/milter/milter_macros.c up to 1.3 external/ibm-public/postfix/dist/src/milter/test-milter.c up to 1.3 external/ibm-public/postfix/dist/src/oqmgr/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/oqmgr/qmgr.c up to 1.3 external/ibm-public/postfix/dist/src/oqmgr/qmgr.h up to 1.3 external/ibm-public/postfix/dist/src/oqmgr/qmgr_active.c up to 1.3 external/ibm-public/postfix/dist/src/oqmgr/qmgr_deliver.c up to 1.3 external/ibm-public/postfix/dist/src/oqmgr/qmgr_entry.c up to 1.3 external/ibm-public/postfix/dist/src/oqmgr/qmgr_error.c up to 1.2 external/ibm-public/postfix/dist/src/oqmgr/qmgr_feedback.c up to 1.2 external/ibm-public/postfix/dist/src/oqmgr/qmgr_message.c up to 1.4 external/ibm-public/postfix/dist/src/pickup/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/pickup/pickup.c up to 1.4 external/ibm-public/postfix/dist/src/pipe/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/pipe/pipe.c up to 1.4 external/ibm-public/postfix/dist/src/postalias/Makefile.in up to 1.1.1.6 external/ibm-public/postfix/dist/src/postalias/fail_test.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/postalias/fail_test.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postalias/postalias.c up to 1.5 external/ibm-public/postfix/dist/src/postcat/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/postcat/postcat.c up to 1.4 external/ibm-public/postfix/dist/src/postconf/Makefile.in up to 1.1.1.11 external/ibm-public/postfix/dist/src/postconf/extract.awk up to 1.1.1.6 external/ibm-public/postfix/dist/src/postconf/install_vars.h up to 1.2 external/ibm-public/postfix/dist/src/postconf/postconf.c up to 1.4 external/ibm-public/postfix/dist/src/postconf/postconf.h up to 1.4 external/ibm-public/postfix/dist/src/postconf/postconf_builtin.c up to 1.4 external/ibm-public/postfix/dist/src/postconf/postconf_dbms.c up to 1.5 external/ibm-public/postfix/dist/src/postconf/postconf_edit.c up to 1.3 external/ibm-public/postfix/dist/src/postconf/postconf_lookup.c up to 1.4 external/ibm-public/postfix/dist/src/postconf/postconf_main.c up to 1.4 external/ibm-public/postfix/dist/src/postconf/postconf_master.c up to 1.8 external/ibm-public/postfix/dist/src/postconf/postconf_misc.c up to 1.3 external/ibm-public/postfix/dist/src/postconf/postconf_user.c up to 1.4 external/ibm-public/postfix/dist/src/postconf/test28.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/postconf/test29.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/postconf/test34.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postconf/test35.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postconf/test40.ref up to 1.1.1.4 external/ibm-public/postfix/dist/src/postconf/test41.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postconf/test42.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postconf/test43.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postconf/test44.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postconf/test58.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/postconf/test59.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/postdrop/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/postdrop/postdrop.c up to 1.4 external/ibm-public/postfix/dist/src/postfix/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/postfix/postfix.c up to 1.6 external/ibm-public/postfix/dist/src/postkick/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/postkick/postkick.c up to 1.4 external/ibm-public/postfix/dist/src/postlock/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/postlock/postlock.c up to 1.4 external/ibm-public/postfix/dist/src/postlog/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/postlog/postlog.c up to 1.5 external/ibm-public/postfix/dist/src/postmap/Makefile.in up to 1.1.1.7 external/ibm-public/postfix/dist/src/postmap/fail_test.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/postmap/fail_test.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/postmap/postmap.c up to 1.5 external/ibm-public/postfix/dist/src/postmulti/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/postmulti/postmulti.c up to 1.4 external/ibm-public/postfix/dist/src/postqueue/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/postqueue/postqueue.c up to 1.5 external/ibm-public/postfix/dist/src/postqueue/showq_compat.c up to 1.4 external/ibm-public/postfix/dist/src/postqueue/showq_json.c up to 1.4 external/ibm-public/postfix/dist/src/postscreen/Makefile.in up to 1.1.1.7 external/ibm-public/postfix/dist/src/postscreen/postscreen.c up to 1.5 external/ibm-public/postfix/dist/src/postscreen/postscreen.h up to 1.4 external/ibm-public/postfix/dist/src/postscreen/postscreen_dnsbl.c up to 1.4 external/ibm-public/postfix/dist/src/postscreen/postscreen_early.c up to 1.4 external/ibm-public/postfix/dist/src/postscreen/postscreen_endpt.c up to 1.4 external/ibm-public/postfix/dist/src/postscreen/postscreen_haproxy.c up to 1.3 external/ibm-public/postfix/dist/src/postscreen/postscreen_haproxy.h up to 1.2 external/ibm-public/postfix/dist/src/postscreen/postscreen_misc.c up to 1.4 external/ibm-public/postfix/dist/src/postscreen/postscreen_send.c up to 1.3 external/ibm-public/postfix/dist/src/postscreen/postscreen_smtpd.c up to 1.5 external/ibm-public/postfix/dist/src/postscreen/postscreen_starttls.c up to 1.4 external/ibm-public/postfix/dist/src/postscreen/postscreen_state.c up to 1.4 external/ibm-public/postfix/dist/src/postscreen/postscreen_tests.c up to 1.4 external/ibm-public/postfix/dist/src/postsuper/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/postsuper/postsuper.c up to 1.4 external/ibm-public/postfix/dist/src/posttls-finger/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/posttls-finger/posttls-finger.c up to 1.5 external/ibm-public/postfix/dist/src/proxymap/Makefile.in up to 1.1.1.6 external/ibm-public/postfix/dist/src/proxymap/proxymap.c up to 1.4 external/ibm-public/postfix/dist/src/qmgr/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/qmgr/qmgr.c up to 1.3 external/ibm-public/postfix/dist/src/qmgr/qmgr.h up to 1.3 external/ibm-public/postfix/dist/src/qmgr/qmgr_active.c up to 1.3 external/ibm-public/postfix/dist/src/qmgr/qmgr_deliver.c up to 1.3 external/ibm-public/postfix/dist/src/qmgr/qmgr_entry.c up to 1.3 external/ibm-public/postfix/dist/src/qmgr/qmgr_error.c up to 1.2 external/ibm-public/postfix/dist/src/qmgr/qmgr_feedback.c up to 1.2 external/ibm-public/postfix/dist/src/qmgr/qmgr_message.c up to 1.4 external/ibm-public/postfix/dist/src/qmqpd/Makefile.in up to 1.1.1.6 external/ibm-public/postfix/dist/src/qmqpd/qmqpd.c up to 1.4 external/ibm-public/postfix/dist/src/qmqpd/qmqpd_peer.c up to 1.3 external/ibm-public/postfix/dist/src/scache/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/scache/scache.c up to 1.4 external/ibm-public/postfix/dist/src/sendmail/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/sendmail/sendmail.c up to 1.4 external/ibm-public/postfix/dist/src/showq/Makefile.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/showq/showq.c up to 1.5 external/ibm-public/postfix/dist/src/smtp/Makefile.in up to 1.1.1.10 external/ibm-public/postfix/dist/src/smtp/lmtp_params.c up to 1.5 external/ibm-public/postfix/dist/src/smtp/smtp.c up to 1.13 external/ibm-public/postfix/dist/src/smtp/smtp.h up to 1.5 external/ibm-public/postfix/dist/src/smtp/smtp_addr.c up to 1.5 external/ibm-public/postfix/dist/src/smtp/smtp_addr.h up to 1.3 external/ibm-public/postfix/dist/src/smtp/smtp_chat.c up to 1.4 external/ibm-public/postfix/dist/src/smtp/smtp_connect.c up to 1.5 external/ibm-public/postfix/dist/src/smtp/smtp_key.c up to 1.3 external/ibm-public/postfix/dist/src/smtp/smtp_map11.c up to 1.3 external/ibm-public/postfix/dist/src/smtp/smtp_map11.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtp/smtp_params.c up to 1.5 external/ibm-public/postfix/dist/src/smtp/smtp_proto.c up to 1.5 external/ibm-public/postfix/dist/src/smtp/smtp_rcpt.c up to 1.3 external/ibm-public/postfix/dist/src/smtp/smtp_reuse.c up to 1.4 external/ibm-public/postfix/dist/src/smtp/smtp_sasl_auth_cache.c up to 1.3 external/ibm-public/postfix/dist/src/smtp/smtp_sasl_glue.c up to 1.3 external/ibm-public/postfix/dist/src/smtp/smtp_sasl_proto.c up to 1.3 external/ibm-public/postfix/dist/src/smtp/smtp_session.c up to 1.5 external/ibm-public/postfix/dist/src/smtp/smtp_state.c up to 1.3 external/ibm-public/postfix/dist/src/smtp/smtp_tls_policy.c up to 1.4 external/ibm-public/postfix/dist/src/smtp/smtp_trouble.c up to 1.3 external/ibm-public/postfix/dist/src/smtpd/Makefile.in up to 1.1.1.11 external/ibm-public/postfix/dist/src/smtpd/pfilter.c up to 1.2 (+patch) external/ibm-public/postfix/dist/src/smtpd/smtpd.c up to 1.20 external/ibm-public/postfix/dist/src/smtpd/smtpd.h up to 1.5 external/ibm-public/postfix/dist/src/smtpd/smtpd_acl.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_acl.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_chat.c up to 1.4 external/ibm-public/postfix/dist/src/smtpd/smtpd_chat.h up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c up to 1.6 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.h up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.in2 up to 1.1.1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.in3 up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.ref up to 1.1.1.5 external/ibm-public/postfix/dist/src/smtpd/smtpd_check.ref2 up to 1.1.1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_check_backup.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_check_backup.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_check_dsn.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_check_dsn.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_dns_filter.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_dnswl.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/smtpd/smtpd_dnswl.ref up to 1.1.1.4 external/ibm-public/postfix/dist/src/smtpd/smtpd_error.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_error.ref up to 1.1.1.4 external/ibm-public/postfix/dist/src/smtpd/smtpd_exp.in up to 1.1.1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_exp.ref up to 1.1.1.5 external/ibm-public/postfix/dist/src/smtpd/smtpd_expand.h up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_haproxy.c up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_milter.c up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_nullmx.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_nullmx.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/smtpd/smtpd_peer.c up to 1.5 external/ibm-public/postfix/dist/src/smtpd/smtpd_proxy.c up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_resolve.c up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_resolve.h up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_glue.c up to 1.5 external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_proto.c up to 1.3 external/ibm-public/postfix/dist/src/smtpd/smtpd_server.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/smtpd/smtpd_server.ref up to 1.1.1.4 external/ibm-public/postfix/dist/src/smtpd/smtpd_state.c up to 1.2 external/ibm-public/postfix/dist/src/smtpstone/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/smtpstone/smtp-sink.c up to 1.3 external/ibm-public/postfix/dist/src/smtpstone/smtp-source.c up to 1.3 external/ibm-public/postfix/dist/src/spawn/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/spawn/spawn.c up to 1.4 external/ibm-public/postfix/dist/src/tls/Makefile.in up to 1.1.1.10 external/ibm-public/postfix/dist/src/tls/tls.h up to 1.5 external/ibm-public/postfix/dist/src/tls/tls_bio_ops.c up to 1.1.1.6 external/ibm-public/postfix/dist/src/tls/tls_certkey.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_client.c up to 1.13 external/ibm-public/postfix/dist/src/tls/tls_dane.c up to 1.5 external/ibm-public/postfix/dist/src/tls/tls_dh.c up to 1.5 external/ibm-public/postfix/dist/src/tls/tls_fprint.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_mgr.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_misc.c up to 1.5 external/ibm-public/postfix/dist/src/tls/tls_proxy.h up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_proxy_clnt.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_rsa.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_scache.c up to 1.4 external/ibm-public/postfix/dist/src/tls/tls_server.c up to 1.12 external/ibm-public/postfix/dist/src/tls/tls_session.c up to 1.3 external/ibm-public/postfix/dist/src/tls/tls_verify.c up to 1.4 external/ibm-public/postfix/dist/src/tlsmgr/Makefile.in up to 1.1.1.6 external/ibm-public/postfix/dist/src/tlsmgr/tlsmgr.c up to 1.4 external/ibm-public/postfix/dist/src/tlsproxy/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c up to 1.6 external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.h up to 1.2 external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy_state.c up to 1.3 external/ibm-public/postfix/dist/src/trivial-rewrite/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/trivial-rewrite/resolve.c up to 1.4 external/ibm-public/postfix/dist/src/trivial-rewrite/rewrite.c up to 1.3 external/ibm-public/postfix/dist/src/trivial-rewrite/transport.c up to 1.4 external/ibm-public/postfix/dist/src/trivial-rewrite/trivial-rewrite.c up to 1.4 external/ibm-public/postfix/dist/src/trivial-rewrite/trivial-rewrite.h up to 1.3 external/ibm-public/postfix/dist/src/util/Makefile.in up to 1.1.1.11 external/ibm-public/postfix/dist/src/util/allascii.c up to 1.3 external/ibm-public/postfix/dist/src/util/alldig.c up to 1.2 external/ibm-public/postfix/dist/src/util/argv.c up to 1.4 external/ibm-public/postfix/dist/src/util/argv.h up to 1.4 external/ibm-public/postfix/dist/src/util/attr.h up to 1.5 external/ibm-public/postfix/dist/src/util/attr_clnt.c up to 1.3 external/ibm-public/postfix/dist/src/util/attr_clnt.h up to 1.3 external/ibm-public/postfix/dist/src/util/attr_print0.c up to 1.3 external/ibm-public/postfix/dist/src/util/attr_print64.c up to 1.3 external/ibm-public/postfix/dist/src/util/attr_print_plain.c up to 1.3 external/ibm-public/postfix/dist/src/util/attr_scan0.c up to 1.3 external/ibm-public/postfix/dist/src/util/attr_scan0.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/util/attr_scan64.c up to 1.3 external/ibm-public/postfix/dist/src/util/attr_scan64.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/util/attr_scan_plain.c up to 1.3 external/ibm-public/postfix/dist/src/util/attr_scan_plain.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/util/auto_clnt.c up to 1.4 external/ibm-public/postfix/dist/src/util/auto_clnt.h up to 1.2 external/ibm-public/postfix/dist/src/util/base32_code.h up to 1.3 external/ibm-public/postfix/dist/src/util/base64_code.h up to 1.3 external/ibm-public/postfix/dist/src/util/binhash.c up to 1.3 external/ibm-public/postfix/dist/src/util/binhash.h up to 1.3 external/ibm-public/postfix/dist/src/util/casefold.c up to 1.3 external/ibm-public/postfix/dist/src/util/check_arg.h up to 1.3 external/ibm-public/postfix/dist/src/util/cidr_match.c up to 1.4 external/ibm-public/postfix/dist/src/util/cidr_match.h up to 1.2 external/ibm-public/postfix/dist/src/util/clean_env.c up to 1.3 external/ibm-public/postfix/dist/src/util/clean_env.h up to 1.2 external/ibm-public/postfix/dist/src/util/connect.h up to 1.2 external/ibm-public/postfix/dist/src/util/dict.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict.h up to 1.5 external/ibm-public/postfix/dist/src/util/dict_alloc.c up to 1.3 external/ibm-public/postfix/dist/src/util/dict_cache.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict_cdb.c up to 1.3 external/ibm-public/postfix/dist/src/util/dict_cdb.h up to 1.2 external/ibm-public/postfix/dist/src/util/dict_cidr.c up to 1.5 external/ibm-public/postfix/dist/src/util/dict_cidr.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/dict_cidr.map up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/dict_cidr.ref up to 1.1.1.4 external/ibm-public/postfix/dist/src/util/dict_db.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict_db.h up to 1.4 external/ibm-public/postfix/dist/src/util/dict_dbm.h up to 1.2 external/ibm-public/postfix/dist/src/util/dict_fail.c up to 1.2 external/ibm-public/postfix/dist/src/util/dict_fail.h up to 1.2 external/ibm-public/postfix/dist/src/util/dict_inline.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict_lmdb.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict_lmdb.h up to 1.3 external/ibm-public/postfix/dist/src/util/dict_open.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict_pcre.c up to 1.5 external/ibm-public/postfix/dist/src/util/dict_pcre.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/dict_pcre.map up to 1.1.1.3 external/ibm-public/postfix/dist/src/util/dict_pcre.ref up to 1.1.1.4 external/ibm-public/postfix/dist/src/util/dict_random.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict_random.h up to 1.3 external/ibm-public/postfix/dist/src/util/dict_regexp.c up to 1.5 external/ibm-public/postfix/dist/src/util/dict_regexp.map up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/dict_regexp.ref up to 1.1.1.3 external/ibm-public/postfix/dist/src/util/dict_sdbm.h up to 1.2 external/ibm-public/postfix/dist/src/util/dict_static.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict_thash.c up to 1.4 external/ibm-public/postfix/dist/src/util/dict_thash.map up to 1.1.1.3 external/ibm-public/postfix/dist/src/util/dict_union.c up to 1.3 external/ibm-public/postfix/dist/src/util/dict_utf8.c up to 1.3 external/ibm-public/postfix/dist/src/util/dict_utf8_test.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/dup2_pass_on_exec.c up to 1.2 external/ibm-public/postfix/dist/src/util/edit_file.c up to 1.4 external/ibm-public/postfix/dist/src/util/edit_file.h up to 1.3 external/ibm-public/postfix/dist/src/util/extpar.c up to 1.4 external/ibm-public/postfix/dist/src/util/find_inet.c up to 1.3 external/ibm-public/postfix/dist/src/util/gccw.c up to 1.2 external/ibm-public/postfix/dist/src/util/hex_code.c up to 1.3 external/ibm-public/postfix/dist/src/util/hex_code.h up to 1.4 external/ibm-public/postfix/dist/src/util/hex_quote.c up to 1.2 external/ibm-public/postfix/dist/src/util/host_port.h up to 1.3 external/ibm-public/postfix/dist/src/util/htable.c up to 1.4 external/ibm-public/postfix/dist/src/util/inet_addr_host.c up to 1.3 external/ibm-public/postfix/dist/src/util/inet_addr_list.in up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/inet_addr_list.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/inet_connect.c up to 1.3 external/ibm-public/postfix/dist/src/util/inet_listen.c up to 1.3 external/ibm-public/postfix/dist/src/util/inet_proto.c up to 1.4 external/ibm-public/postfix/dist/src/util/inet_proto.h up to 1.2 external/ibm-public/postfix/dist/src/util/killme_after.c up to 1.2 external/ibm-public/postfix/dist/src/util/listen.h up to 1.3 external/ibm-public/postfix/dist/src/util/load_lib.c up to 1.3 external/ibm-public/postfix/dist/src/util/lstat_as.h up to 1.3 external/ibm-public/postfix/dist/src/util/mac_expand.c up to 1.4 external/ibm-public/postfix/dist/src/util/mac_expand.h up to 1.4 external/ibm-public/postfix/dist/src/util/mac_expand.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/util/mac_expand.ref up to 1.1.1.4 external/ibm-public/postfix/dist/src/util/mac_parse.h up to 1.3 external/ibm-public/postfix/dist/src/util/make_dirs.c up to 1.2 external/ibm-public/postfix/dist/src/util/match_list.c up to 1.3 external/ibm-public/postfix/dist/src/util/match_ops.c up to 1.3 external/ibm-public/postfix/dist/src/util/midna_domain.c up to 1.4 external/ibm-public/postfix/dist/src/util/midna_domain.h up to 1.4 external/ibm-public/postfix/dist/src/util/midna_domain_test.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/msg_output.c up to 1.4 external/ibm-public/postfix/dist/src/util/msg_output.h up to 1.3 external/ibm-public/postfix/dist/src/util/msg_syslog.c up to 1.2 external/ibm-public/postfix/dist/src/util/msg_syslog.h up to 1.3 external/ibm-public/postfix/dist/src/util/mvect.c up to 1.3 external/ibm-public/postfix/dist/src/util/myaddrinfo.c up to 1.3 external/ibm-public/postfix/dist/src/util/myaddrinfo.h up to 1.3 external/ibm-public/postfix/dist/src/util/myaddrinfo.ref up to 1.1.1.5 external/ibm-public/postfix/dist/src/util/myaddrinfo4.ref up to 1.1.1.2 external/ibm-public/postfix/dist/src/util/myflock.c up to 1.3 external/ibm-public/postfix/dist/src/util/myflock.h up to 1.3 external/ibm-public/postfix/dist/src/util/mymalloc.c up to 1.4 external/ibm-public/postfix/dist/src/util/mymalloc.h up to 1.4 external/ibm-public/postfix/dist/src/util/mystrtok.c up to 1.4 external/ibm-public/postfix/dist/src/util/name_mask.c up to 1.3 external/ibm-public/postfix/dist/src/util/nbbio.c up to 1.3 external/ibm-public/postfix/dist/src/util/netstring.c up to 1.3 external/ibm-public/postfix/dist/src/util/peekfd.c up to 1.3 external/ibm-public/postfix/dist/src/util/printable.c up to 1.3 external/ibm-public/postfix/dist/src/util/recv_pass_attr.c up to 1.3 external/ibm-public/postfix/dist/src/util/sane_fsops.h up to 1.3 external/ibm-public/postfix/dist/src/util/sane_link.c up to 1.2 external/ibm-public/postfix/dist/src/util/sane_rename.c up to 1.2 external/ibm-public/postfix/dist/src/util/sane_socketpair.h up to 1.3 external/ibm-public/postfix/dist/src/util/slmdb.c up to 1.4 external/ibm-public/postfix/dist/src/util/sock_addr.c up to 1.3 external/ibm-public/postfix/dist/src/util/sock_addr.h up to 1.2 external/ibm-public/postfix/dist/src/util/split_nameval.c up to 1.2 external/ibm-public/postfix/dist/src/util/stat_as.h up to 1.3 external/ibm-public/postfix/dist/src/util/stringops.h up to 1.5 external/ibm-public/postfix/dist/src/util/sys_compat.c up to 1.3 external/ibm-public/postfix/dist/src/util/sys_defs.h up to 1.14 external/ibm-public/postfix/dist/src/util/timed_wait.h up to 1.3 external/ibm-public/postfix/dist/src/util/unix_pass_fd_fix.c up to 1.2 external/ibm-public/postfix/dist/src/util/unix_send_fd.c up to 1.8 external/ibm-public/postfix/dist/src/util/unsafe.c up to 1.2 external/ibm-public/postfix/dist/src/util/valid_hostname.c up to 1.3 external/ibm-public/postfix/dist/src/util/valid_hostname.h up to 1.2 external/ibm-public/postfix/dist/src/util/vbuf.c up to 1.3 external/ibm-public/postfix/dist/src/util/vbuf_print.c up to 1.4 external/ibm-public/postfix/dist/src/util/vstream.c up to 1.4 external/ibm-public/postfix/dist/src/util/vstream.h up to 1.4 external/ibm-public/postfix/dist/src/util/vstream_tweak.c up to 1.3 external/ibm-public/postfix/dist/src/util/vstring.c up to 1.4 external/ibm-public/postfix/dist/src/util/vstring.h up to 1.4 external/ibm-public/postfix/dist/src/util/vstring_vstream.c up to 1.2 external/ibm-public/postfix/dist/src/util/vstring_vstream.h up to 1.3 external/ibm-public/postfix/dist/src/util/watchdog.c up to 1.3 external/ibm-public/postfix/dist/src/verify/Makefile.in up to 1.1.1.6 external/ibm-public/postfix/dist/src/verify/verify.c up to 1.4 external/ibm-public/postfix/dist/src/virtual/Makefile.in up to 1.1.1.5 external/ibm-public/postfix/dist/src/virtual/mailbox.c up to 1.3 external/ibm-public/postfix/dist/src/virtual/virtual.c up to 1.4 external/ibm-public/postfix/dist/src/xsasl/Makefile.in up to 1.1.1.4 external/ibm-public/postfix/dist/src/xsasl/xsasl.h up to 1.3 external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_client.c up to 1.3 external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_server.c up to 1.4 external/ibm-public/postfix/dist/src/xsasl/xsasl_dovecot_server.c up to 1.4 external/ibm-public/postfix/dist/src/xsasl/xsasl_saslc_client.c up to 1.2 external/ibm-public/postfix/dist/src/xsasl/xsasl_server.c up to 1.2 external/ibm-public/postfix/lib/dns/Makefile up to 1.4 external/ibm-public/postfix/lib/global/Makefile up to 1.10 external/ibm-public/postfix/lib/masterlib/Makefile up to 1.3 external/ibm-public/postfix/lib/milter/Makefile up to 1.2 external/ibm-public/postfix/lib/tls/Makefile up to 1.4 external/ibm-public/postfix/lib/util/Makefile up to 1.11 external/ibm-public/postfix/lib/xsasl/Makefile up to 1.3 external/ibm-public/postfix/libexec/smtp/Makefile up to 1.4 external/ibm-public/postfix/libexec/smtpd/Makefile up to 1.9 (+patch) external/ibm-public/postfix/libexec/tlsproxy/Makefile up to 1.2 external/ibm-public/postfix/sbin/postconf/Makefile up to 1.9 doc/3RDPARTY (apply patch) Update Postfix to 3.8.4. @ text @d9 1 a9 1 Sender address verification may cause your site to be denylisted by some d50 1 d53 2 a54 1 Postfix Postfix -> queue d65 1 d95 5 a99 5 * Some sites may denylist you when you are probing them too often (a probe is an SMTP session that does not deliver mail), or when you are probing them too often for a non-existent address. This is one reason why you should use sender address verification sparingly, if at all, when your site receives lots of email. d131 1 a131 1 end up on spammer mailing lists. Although Postfix always discards mail to a169 6 # Postfix 3.2 and earlier workaround. # Do not set enable_original_recipient=no. This prevents Postfix # from saving the recipient address verification result under # the original address, when the address verification probe # message goes through address aliasing or canonical mapping. a209 6 # Postfix 3.2 and earlier workaround. # Do not set enable_original_recipient=no. This prevents Postfix # from saving the sender address verification result under the # original address, when the address verification probe message # goes through address aliasing or canonical mapping. d228 1 a228 1 almost certainly will have to set up allow lists for specific addresses, or d254 1 a254 1 The sender_access restriction is needed to allowlist domains or addresses that d258 1 a258 1 NOTE: You will have to allowlist sites such as securityfocus.com and other @ 1.8.12.1 log @Merge changes from current as of 20200406 @ text @d50 1 d53 2 a54 1 Postfix Postfix -> queue d65 1 a169 6 # Postfix 3.2 and earlier workaround. # Do not set enable_original_recipient=no. This prevents Postfix # from saving the recipient address verification result under # the original address, when the address verification probe # message goes through address aliasing or canonical mapping. a209 6 # Postfix 3.2 and earlier workaround. # Do not set enable_original_recipient=no. This prevents Postfix # from saving the sender address verification result under the # original address, when the address verification probe message # goes through address aliasing or canonical mapping. @ 1.7 log @Resolve conflicts from last import. @ text @d44 5 a48 5 A Postfix MTA verifies a sender or recipient address by probing the nearest MTA for that address, without actually delivering mail. The nearest MTA could be the Postfix MTA itself, or it could be a remote MTA (SMTP interruptus). Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are always discarded. d84 10 a93 6 * When verifying a remote address, Postfix probes the nearest MTA for that address, without actually delivering mail to it. If the nearest MTA accepts the address, then Postfix assumes that the address is deliverable. In reality, mail for a remote address can bounce AFTER the nearest MTA accepts the recipient address, or AFTER the nearest MTA accepts the message content. d108 1 a108 1 * Postfix assumes that an address is undeliverable when the nearest MTA for d111 1 a111 1 rejects an address when the nearest MTA for that address rejects mail from d116 3 a118 3 RCPT TO command, but report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. d207 2 a208 2 # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/db/postfix/verify d248 2 a249 2 # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/db/postfix/verify d300 1 a300 1 # Note: avoid hash files here. Use btree instead. @ 1.7.10.1 log @Sync with HEAD @ text @d44 5 a48 5 A Postfix MTA verifies a sender or recipient address by probing the preferred MTAs for that address, without actually delivering mail. The preferred MTAs could include the Postfix MTA itself, or some remote MTAs (SMTP interruptus). Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are always discarded. d84 6 a89 10 * Postfix assumes that a remote SMTP server will reject unknown addresses in reply to the RCPT TO command. However, some sites report this in reply to the DATA command. For such sites you may configure a workaround with the smtp_address_verify_target parameter (Postfix 3.0 and later). * When verifying a remote address, Postfix probes the preferred MTAs for that address, without actually delivering mail. If a preferred MTA accepts the address, then Postfix assumes that the address is deliverable. In reality, mail for a remote address can bounce AFTER a preferred MTA accepts the recipient address, or AFTER a preferred MTA accepts the message content. d104 1 a104 1 * Postfix assumes that an address is undeliverable when a preferred MTA for d107 1 a107 1 rejects an address when a preferred MTA for that address rejects mail from d112 3 a114 3 RCPT TO or DATA command, but instead report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. d203 2 a204 2 # Note 2: Avoid hash files here. Use btree or lmdb instead. address_verify_map = btree:/var/lib/postfix/verify d244 2 a245 2 # Note 2: Avoid hash files here. Use btree or lmdb instead. address_verify_map = btree:/var/lib/postfix/verify d296 1 a296 1 # Note: avoid hash files here. Use btree or lmdb instead. @ 1.7.6.1 log @Sync with HEAD @ text @d44 5 a48 5 A Postfix MTA verifies a sender or recipient address by probing the preferred MTAs for that address, without actually delivering mail. The preferred MTAs could include the Postfix MTA itself, or some remote MTAs (SMTP interruptus). Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are always discarded. d84 6 a89 10 * Postfix assumes that a remote SMTP server will reject unknown addresses in reply to the RCPT TO command. However, some sites report this in reply to the DATA command. For such sites you may configure a workaround with the smtp_address_verify_target parameter (Postfix 3.0 and later). * When verifying a remote address, Postfix probes the preferred MTAs for that address, without actually delivering mail. If a preferred MTA accepts the address, then Postfix assumes that the address is deliverable. In reality, mail for a remote address can bounce AFTER a preferred MTA accepts the recipient address, or AFTER a preferred MTA accepts the message content. d104 1 a104 1 * Postfix assumes that an address is undeliverable when a preferred MTA for d107 1 a107 1 rejects an address when a preferred MTA for that address rejects mail from d112 3 a114 3 RCPT TO or DATA command, but instead report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. d203 2 a204 2 # Note 2: Avoid hash files here. Use btree or lmdb instead. address_verify_map = btree:/var/lib/postfix/verify d244 2 a245 2 # Note 2: Avoid hash files here. Use btree or lmdb instead. address_verify_map = btree:/var/lib/postfix/verify d296 1 a296 1 # Note: avoid hash files here. Use btree or lmdb instead. @ 1.6 log @Resolve conflicts from last import. @ text @d295 2 a297 2 # Default setting for Postfix 2.7 and later. # Note: avoid hash files here. Use btree instead. d300 11 a310 1 # Shared persistent cache (requires Postfix 2.9 or later). a311 2 # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. d314 4 a317 2 # Shared memory cache (requires Postfix 2.9 or later). # See memcache_table(5) for details. d319 1 d321 3 a323 2 # Default setting for Postfix 2.6 and earlier. # This uses non-persistent storage only. @ 1.6.2.1 log @Rebase. @ text @a294 2 # Example 1: Default setting for Postfix 2.7 and later. # Note: avoid hash files here. Use btree instead. d296 2 d300 1 a300 11 # Example 2: Shared persistent lmdb: cache (Postfix 2.11 or later). # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. /etc/postfix/main.cf: address_verify_map = lmdb:$data_directory/verify_cache # address_verify_cache_cleanup_interval = 0 # Example 3: Shared persistent btree: cache (Postfix 2.9 or later). # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. /etc/postfix/main.cf: d302 2 d306 2 a307 4 # Example 4: Shared memory cache (requires Postfix 2.9 or later). # Disable automatic cache cleanup in all Postfix instances. # See memcache_table(5) for details. /etc/postfix/main.cf: a308 1 address_verify_cache_cleanup_interval = 0 d310 2 a311 3 # Example 5: Default setting for Postfix 2.6 and earlier. # This uses non-persistent storage only. /etc/postfix/main.cf: @ 1.5 log @Resolve conflicts from last import. @ text @d155 3 d279 1 a279 1 addres verification details. Do not specify the SMTP status code or enhanced @ 1.4 log @Resolve conflicts from last import. @ text @d126 7 d297 10 @ 1.4.10.1 log @resync with head @ text @a125 7 * The downside of using a non-empty sender address is that the address may end op on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent sender addresses when you specify a non-zero address_verify_sender_ttl value. a289 10 # Shared persistent cache (requires Postfix 2.9 or later). address_verify_map = proxy:btree:$data_directory/verify_cache # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. # address_verify_cache_cleanup_interval = 0 # Shared memory cache (requires Postfix 2.9 or later). # See memcache_table(5) for details. address_verify_map = memcache:/etc/postfix/verify-memcache.cf @ 1.4.10.2 log @Rebase to HEAD as of a few days ago. @ text @a154 3 # reject_unauth_destination is not needed here if the mail # relay policy is specified under smtpd_relay_restrictions # (available with Postfix 2.10 and later). d276 1 a276 1 address verification details. Do not specify the SMTP status code or enhanced a291 2 # Example 1: Default setting for Postfix 2.7 and later. # Note: avoid hash files here. Use btree instead. d293 2 d297 1 a297 11 # Example 2: Shared persistent lmdb: cache (Postfix 2.11 or later). # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. /etc/postfix/main.cf: address_verify_map = lmdb:$data_directory/verify_cache # address_verify_cache_cleanup_interval = 0 # Example 3: Shared persistent btree: cache (Postfix 2.9 or later). # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. /etc/postfix/main.cf: d299 2 d303 2 a304 4 # Example 4: Shared memory cache (requires Postfix 2.9 or later). # Disable automatic cache cleanup in all Postfix instances. # See memcache_table(5) for details. /etc/postfix/main.cf: a305 1 address_verify_cache_cleanup_interval = 0 d307 2 a308 3 # Example 5: Default setting for Postfix 2.6 and earlier. # This uses non-persistent storage only. /etc/postfix/main.cf: @ 1.4.4.1 log @sync with head @ text @a125 7 * The downside of using a non-empty sender address is that the address may end op on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent sender addresses when you specify a non-zero address_verify_sender_ttl value. a289 10 # Shared persistent cache (requires Postfix 2.9 or later). address_verify_map = proxy:btree:$data_directory/verify_cache # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. # address_verify_cache_cleanup_interval = 0 # Shared memory cache (requires Postfix 2.9 or later). # See memcache_table(5) for details. address_verify_map = memcache:/etc/postfix/verify-memcache.cf @ 1.4.4.2 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @a154 3 # reject_unauth_destination is not needed here if the mail # relay policy is specified under smtpd_relay_restrictions # (available with Postfix 2.10 and later). d276 1 a276 1 address verification details. Do not specify the SMTP status code or enhanced @ 1.3 log @Resolve conflicts from last import. @ text @d124 1 a124 1 "postmaster@@$myorigin" would succeed. @ 1.3.2.1 log @Sync with HEAD @ text @d124 1 a124 1 "double-bounce@@$myorigin" would succeed. @ 1.2 log @(Re-)apply NetBSD specific patches. @ text @d7 4 a10 4 The sender/recipient address verification feature described in this document is suitable only for low-traffic sites. It performs poorly under high load; excessive sender address verification activity may even cause your site to be blacklisted by some providers. See the "Limitations" section below for details. d21 2 a22 2 The technique may also be useful to block mail for undeliverable recipients, for example on a mail relay host that does not have a list of all the valid d50 20 a69 12 Postfix Postfix Address Internet -> SMTP <-> verify <-> verification server server database | ^ probe delivery messages status v | Postfix Postfix queue -> delivery agents d88 2 a89 1 the recipient address. d107 8 a114 2 rejects mail when the sender's MTA rejects mail from your machine. This is a good thing. d116 2 a117 7 * Unfortunately, some major sites such as YAHOO do not reject unknown addresses in reply to the RCPT TO command, but report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. * By default, Postfix probe messages have "double-bounce@@$myorigin" as the sender address (with Postfix versions before 2.5, the default is d121 4 a124 4 You can change this into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "postmaster@@$myorigin" would succeed. d128 4 a131 4 As mentioned earlier, recipient address verification may be useful to block mail for undeliverable recipients on a mail relay host that does not have a list of all valid recipient addresses. This can help to prevent the mail queue from filling up with MAILER-DAEMON messages. d140 4 a143 3 By default, address verification results are not saved. To avoid probing the same address repeatedly, you can store the result in a persistent database as described later. d191 1 d197 1 d232 1 d278 6 a283 15 NOTE: By default, address verification information is not stored in a persistent file. You have to specify one in main.cf (see below). Persistent storage is off by default because it may need more disk space than is available in your file system. Address verification information is cached by the Postfix verify daemon. Postfix has a bunch of parameters that control the caching of positive and negative results. Refer to the verify(8) manual page for details. The address_verify_map (NOTE: singular) configuration parameter specifies an optional database for sender or recipient address verification results. If you don't specify a file, all address verification information is lost after "postfix reload" or "postfix stop". If your /var file system has sufficient space, try: d286 1 d288 1 a288 1 address_verify_map = btree:/var/db/postfix/verify d290 14 a303 7 NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non- Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using a pre-existing database file, move it to the data_directory, and change ownership to the account specified with the mail_owner parameter. d310 2 a311 2 NOTE 3: The verify(8) daemon process will create a new database when none exists, and will open/create the file before it enters the chroot jail. d315 3 a317 3 The verify(8) manual page describes parameters that control how long information remains cached before it needs to be refreshed, and how long information can remain "unrefreshed" before it expires. Postfix uses different d319 1 a319 1 (address was rejected). d321 12 a332 4 Right now, no tools are provided to manage the address verification database. If the file gets too big, or if it gets corrupted, you can manually rename or delete the file and run "postfix reload". The new verify daemon process will then create a new database. @ 1.2.4.1 log @file ADDRESS_VERIFICATION_README was added on branch matt-nb5-mips64 on 2010-04-21 05:23:24 +0000 @ text @d1 385 @ 1.2.4.2 log @sync to netbsd-5 @ text @a0 385 PPoossttffiixx AAddddrreessss VVeerriiffiiccaattiioonn HHoowwttoo ------------------------------------------------------------------------------- WWAARRNNIINNGG The sender/recipient address verification feature described in this document is suitable only for low-traffic sites. It performs poorly under high load; excessive sender address verification activity may even cause your site to be blacklisted by some providers. See the "Limitations" section below for details. WWhhaatt PPoossttffiixx aaddddrreessss vveerriiffiiccaattiioonn ccaann ddoo ffoorr yyoouu Address verification is a feature that allows the Postfix SMTP server to block a sender (MAIL FROM) or recipient (RCPT TO) address until the address has been verified to be deliverable. The technique has obvious uses to reject junk mail with an unreplyable sender address. The technique may also be useful to block mail for undeliverable recipients, for example on a mail relay host that does not have a list of all the valid recipient addresses. This prevents undeliverable junk mail from entering the queue, so that Postfix doesn't have to waste resources trying to send MAILER- DAEMON messages back. This feature is available in Postfix version 2.1 and later. Topics covered in this document: * How address verification works * Limitations of address verification * Recipient address verification * Sender address verification for mail from frequently forged domains * Sender address verification for all email * Address verification database * Managing the address verification database * Controlling the routing of address verification probes * Forced probe routing examples * Limitations of forced probe routing HHooww aaddddrreessss vveerriiffiiccaattiioonn wwoorrkkss A Postfix MTA verifies a sender or recipient address by probing the nearest MTA for that address, without actually delivering mail. The nearest MTA could be the Postfix MTA itself, or it could be a remote MTA (SMTP interruptus). Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are always discarded. Postfix Postfix Address Internet -> SMTP <-> verify <-> verification server server database | ^ probe delivery messages status v | Postfix Postfix queue -> delivery agents With Postfix address verification turned on, normal mail will suffer only a short delay of up to 6 seconds while an address is being verified for the first time. Once an address status is known, the status is cached and Postfix replies immediately. When verification takes too long the Postfix SMTP server defers the sender or recipient address with a 450 reply. Normal mail clients will connect again after some delay. The address verification delay is configurable with the main.cf address_verify_poll_count and address_verify_poll_delay parameters. See postconf(5) for details. LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffiiccaattiioonn * When verifying a remote address, Postfix probes the nearest MTA for that address, without actually delivering mail to it. If the nearest MTA accepts the address, then Postfix assumes that the address is deliverable. In reality, mail for a remote address can bounce AFTER the nearest MTA accepts the recipient address. * Some sites may blacklist you when you are probing them too often (a probe is an SMTP session that does not deliver mail), or when you are probing them too often for a non-existent address. This is one reason why you should use sender address verification sparingly, if at all, when your site receives lots of email. * Normally, address verification probe messages follow the same path as regular mail. However, some sites send mail to the Internet via an intermediate relayhost; this breaks address verification. See below, section "Controlling the routing of address verification probes", for how to override mail routing and for possible limitations when you have to do this. * Postfix assumes that an address is undeliverable when the nearest MTA for the address rejects the probe, regardless of the reason for rejection (client rejected, HELO rejected, MAIL FROM rejected, etc.). Thus, Postfix rejects mail when the sender's MTA rejects mail from your machine. This is a good thing. * Unfortunately, some major sites such as YAHOO do not reject unknown addresses in reply to the RCPT TO command, but report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. * By default, Postfix probe messages have "double-bounce@@$myorigin" as the sender address (with Postfix versions before 2.5, the default is "postmaster@@$myorigin"). This is SAFE because the Postfix SMTP server does not reject mail for this address. You can change this into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "postmaster@@$myorigin" would succeed. RReecciippiieenntt aaddddrreessss vveerriiffiiccaattiioonn As mentioned earlier, recipient address verification may be useful to block mail for undeliverable recipients on a mail relay host that does not have a list of all valid recipient addresses. This can help to prevent the mail queue from filling up with MAILER-DAEMON messages. Recipient address verification is relatively straightforward and there are no surprises. If a recipient probe fails, then Postfix rejects mail for the recipient address. If a recipient probe succeeds, then Postfix accepts mail for the recipient address. However, recipient address verification probes can increase the load on down-stream MTAs when you're being flooded by backscatter bounces, or when some spammer is mounting a dictionary attack. By default, address verification results are not saved. To avoid probing the same address repeatedly, you can store the result in a persistent database as described later. /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination ... reject_unknown_recipient_domain reject_unverified_recipient ... # Postfix 2.6 and later privacy feature. # unverified_recipient_reject_reason = Address lookup failed The "reject_unknown_recipient_domain" restriction blocks mail for non-existent domains. Putting this before "reject_unverified_recipient" avoids the overhead of generating unnecessary probe messages. The unverified_recipient_reject_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a recipient address is known to bounce. Change this setting into 550 when you trust Postfix's judgments. The following features are available in Postfix 2.6 and later. The unverified_recipient_defer_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a recipient address probe fails with some temporary error. Some sites insist on changing this into 250. NOTE: This change turns MX servers into backscatter sources when the load is high. The unverified_recipient_reject_reason parameter (default: empty) specifies fixed text that Postfix will send to remote SMTP clients, instead of sending actual address verification details. Do not specify the SMTP status code or enhanced status code. The unverified_recipient_tempfail_action parameter (default: defer_if_permit) specifies the Postfix SMTP server action when a recipient address verification probe fails with some temporary error. SSeennddeerr aaddddrreessss vveerriiffiiccaattiioonn ffoorr mmaaiill ffrroomm ffrreeqquueennttllyy ffoorrggeedd ddoommaaiinnss Only for very small sites, it is relatively safe to turn on sender address verification for specific domains that often appear in forged email. /etc/postfix/main.cf: smtpd_sender_restrictions = hash:/etc/postfix/sender_access unverified_sender_reject_code = 550 # Postfix 2.6 and later. # unverified_sender_defer_code = 250 # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/db/postfix/verify /etc/postfix/sender_access: aol.com reject_unverified_sender hotmail.com reject_unverified_sender bigfoot.com reject_unverified_sender ... etcetera ... At some point in cyberspace/time, a list of frequently forged MAIL FROM domains could be found at http://www.monkeys.com/anti-spam/filtering/sender-domain- validate.in. NOTE: One of the first things you might want to do is to turn on sender address verification for all your own domains. SSeennddeerr aaddddrreessss vveerriiffiiccaattiioonn ffoorr aallll eemmaaiill Unfortunately, sender address verification cannot simply be turned on for all email - you are likely to lose legitimate mail from mis-configured systems. You almost certainly will have to set up white lists for specific addresses, or even for entire domains. To find out how sender address verification would affect your mail, specify "warn_if_reject reject_unverified_sender" so that you can see what mail would be blocked: /etc/postfix/main.cf: smtpd_sender_restrictions = permit_mynetworks ... check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain warn_if_reject reject_unverified_sender ... # Postfix 2.6 and later. # unverified_sender_reject_reason = Address verification failed # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/db/postfix/verify This is also a good way to populate your cache with address verification results before you start to actually reject mail. The sender_access restriction is needed to whitelist domains or addresses that are known to be OK. Although Postfix will not mark a known-to-be-good address as bad after a probe fails, it is better to be safe than sorry. NOTE: You will have to whitelist sites such as securityfocus.com and other sites that operate mailing lists that use a different sender address for each posting (VERP). Such addresses pollute the address verification cache quickly, and generate unnecessary sender verification probes. /etc/postfix/sender_access securityfocus.com OK ... The "reject_unknown_sender_domain" restriction blocks mail from non-existent domains. Putting this before "reject_unverified_sender" avoids the overhead of generating unnecessary probe messages. The unverified_sender_reject_code parameter (default 450) specifies the numerical Postfix server reply code when a sender address is known to bounce. Change this setting into 550 when you trust Postfix's judgments. The following features are available in Postfix 2.6 and later. The unverified_sender_defer_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a sender address verification probe fails with some temporary error. Specify a valid 2xx or 4xx code. The unverified_sender_reject_reason parameter (default: empty) specifies fixed text that Postfix will send to remote SMTP clients, instead of sending actual addres verification details. Do not specify the SMTP status code or enhanced status code. The unverified_sender_tempfail_action parameter (default: defer_if_permit) specifies the Postfix SMTP server action when a sender address verification probe fails with some temporary error. AAddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee NOTE: By default, address verification information is not stored in a persistent file. You have to specify one in main.cf (see below). Persistent storage is off by default because it may need more disk space than is available in your file system. Address verification information is cached by the Postfix verify daemon. Postfix has a bunch of parameters that control the caching of positive and negative results. Refer to the verify(8) manual page for details. The address_verify_map (NOTE: singular) configuration parameter specifies an optional database for sender or recipient address verification results. If you don't specify a file, all address verification information is lost after "postfix reload" or "postfix stop". If your /var file system has sufficient space, try: /etc/postfix/main.cf: # Note: avoid hash files here. Use btree instead. address_verify_map = btree:/var/db/postfix/verify NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non- Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using a pre-existing database file, move it to the data_directory, and change ownership to the account specified with the mail_owner parameter. NOTE 2: Do not put this file in a file system that may run out of space. When the address verification table gets corrupted the world comes to an end and YOU will have to MANUALLY fix things as described in the next section. Meanwhile, you will not receive mail via SMTP. NOTE 3: The verify(8) daemon process will create a new database when none exists, and will open/create the file before it enters the chroot jail. MMaannaaggiinngg tthhee aaddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee The verify(8) manual page describes parameters that control how long information remains cached before it needs to be refreshed, and how long information can remain "unrefreshed" before it expires. Postfix uses different controls for positive results (address was accepted) and for negative results (address was rejected). Right now, no tools are provided to manage the address verification database. If the file gets too big, or if it gets corrupted, you can manually rename or delete the file and run "postfix reload". The new verify daemon process will then create a new database. CCoonnttrroolllliinngg tthhee rroouuttiinngg ooff aaddddrreessss vveerriiffiiccaattiioonn pprroobbeess By default, Postfix sends address verification probe messages via the same route as regular mail, because that normally produces the most accurate result. It's no good to verify a local address by connecting to your own SMTP port; that just triggers all kinds of mailer loop alarms. The same is true for any destination that your machine is best MX host for: hidden domains, virtual domains, etc. However, some sites have a complex infrastructure where mail is not sent directly to the Internet, but is instead given to an intermediate relayhost. This is a problem for address verification, because remote Internet addresses can be verified only when Postfix can access remote destinations directly. For this reason, Postfix allows you to override the routing parameters when it delivers an address verification probe message. First, the address_verify_relayhost parameter allows you to override the relayhost setting, and the address_verify_transport_maps parameter allows you to override the transport_maps setting. The address_verify_sender_dependent_relayhost_maps parameter does the same for sender-dependent relayhost selection. Second, each address class is given its own address verification version of the message delivery transport, as shown in the table below. Address classes are defined in the ADDRESS_CLASS_README file. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |DDoommaaiinn lliisstt |RReegguullaarr ttrraannssppoorrtt|VVeerriiffyy ttrraannssppoorrtt | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |mydestination |local_transport |address_verify_local_transport | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |virtual_alias_domains |(not applicable) |(not applicable) | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |virtual_mailbox_domains|virtual_transport|address_verify_virtual_transport| |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |relay_domains |relay_transport |address_verify_relay_transport | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |(not applicable) |default_transport|address_verify_default_transport| |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | By default, the parameters that control delivery of address probes have the same value as the parameters that control normal mail delivery. FFoorrcceedd pprroobbee rroouuttiinngg eexxaammpplleess In a typical scenario one would override the relayhost setting for address verification probes and leave everything else alone: /etc/postfix/main.cf: relayhost = $mydomain address_verify_relayhost = ... Sites behind a network address translation box might have to use a different SMTP client that sends the correct hostname information: /etc/postfix/main.cf: relayhost = $mydomain address_verify_relayhost = address_verify_default_transport = direct_smtp /etc/postfix/master.cf: direct_smtp .. .. .. .. .. .. .. .. .. smtp -o smtp_helo_name=nat.box.tld LLiimmiittaattiioonnss ooff ffoorrcceedd pprroobbee rroouuttiinngg Inconsistencies can happen when probe messages don't follow the same path as regular mail. For example, a message can be accepted when it follows the regular route while an otherwise identical probe message is rejected when it follows the forced route. The opposite can happen, too, but is less likely. @ 1.2.2.1 log @file ADDRESS_VERIFICATION_README was added on branch netbsd-5 on 2009-09-15 06:02:06 +0000 @ text @d1 385 @ 1.2.2.2 log @Apply patch (requested by tron in ticket #944): Update Postfix to 2.6.5. @ text @a0 385 PPoossttffiixx AAddddrreessss VVeerriiffiiccaattiioonn HHoowwttoo ------------------------------------------------------------------------------- WWAARRNNIINNGG The sender/recipient address verification feature described in this document is suitable only for low-traffic sites. It performs poorly under high load; excessive sender address verification activity may even cause your site to be blacklisted by some providers. See the "Limitations" section below for details. WWhhaatt PPoossttffiixx aaddddrreessss vveerriiffiiccaattiioonn ccaann ddoo ffoorr yyoouu Address verification is a feature that allows the Postfix SMTP server to block a sender (MAIL FROM) or recipient (RCPT TO) address until the address has been verified to be deliverable. The technique has obvious uses to reject junk mail with an unreplyable sender address. The technique may also be useful to block mail for undeliverable recipients, for example on a mail relay host that does not have a list of all the valid recipient addresses. This prevents undeliverable junk mail from entering the queue, so that Postfix doesn't have to waste resources trying to send MAILER- DAEMON messages back. This feature is available in Postfix version 2.1 and later. Topics covered in this document: * How address verification works * Limitations of address verification * Recipient address verification * Sender address verification for mail from frequently forged domains * Sender address verification for all email * Address verification database * Managing the address verification database * Controlling the routing of address verification probes * Forced probe routing examples * Limitations of forced probe routing HHooww aaddddrreessss vveerriiffiiccaattiioonn wwoorrkkss A Postfix MTA verifies a sender or recipient address by probing the nearest MTA for that address, without actually delivering mail. The nearest MTA could be the Postfix MTA itself, or it could be a remote MTA (SMTP interruptus). Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are always discarded. Postfix Postfix Address Internet -> SMTP <-> verify <-> verification server server database | ^ probe delivery messages status v | Postfix Postfix queue -> delivery agents With Postfix address verification turned on, normal mail will suffer only a short delay of up to 6 seconds while an address is being verified for the first time. Once an address status is known, the status is cached and Postfix replies immediately. When verification takes too long the Postfix SMTP server defers the sender or recipient address with a 450 reply. Normal mail clients will connect again after some delay. The address verification delay is configurable with the main.cf address_verify_poll_count and address_verify_poll_delay parameters. See postconf(5) for details. LLiimmiittaattiioonnss ooff aaddddrreessss vveerriiffiiccaattiioonn * When verifying a remote address, Postfix probes the nearest MTA for that address, without actually delivering mail to it. If the nearest MTA accepts the address, then Postfix assumes that the address is deliverable. In reality, mail for a remote address can bounce AFTER the nearest MTA accepts the recipient address. * Some sites may blacklist you when you are probing them too often (a probe is an SMTP session that does not deliver mail), or when you are probing them too often for a non-existent address. This is one reason why you should use sender address verification sparingly, if at all, when your site receives lots of email. * Normally, address verification probe messages follow the same path as regular mail. However, some sites send mail to the Internet via an intermediate relayhost; this breaks address verification. See below, section "Controlling the routing of address verification probes", for how to override mail routing and for possible limitations when you have to do this. * Postfix assumes that an address is undeliverable when the nearest MTA for the address rejects the probe, regardless of the reason for rejection (client rejected, HELO rejected, MAIL FROM rejected, etc.). Thus, Postfix rejects mail when the sender's MTA rejects mail from your machine. This is a good thing. * Unfortunately, some major sites such as YAHOO do not reject unknown addresses in reply to the RCPT TO command, but report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. * By default, Postfix probe messages have "double-bounce@@$myorigin" as the sender address (with Postfix versions before 2.5, the default is "postmaster@@$myorigin"). This is SAFE because the Postfix SMTP server does not reject mail for this address. You can change this into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "postmaster@@$myorigin" would succeed. RReecciippiieenntt aaddddrreessss vveerriiffiiccaattiioonn As mentioned earlier, recipient address verification may be useful to block mail for undeliverable recipients on a mail relay host that does not have a list of all valid recipient addresses. This can help to prevent the mail queue from filling up with MAILER-DAEMON messages. Recipient address verification is relatively straightforward and there are no surprises. If a recipient probe fails, then Postfix rejects mail for the recipient address. If a recipient probe succeeds, then Postfix accepts mail for the recipient address. However, recipient address verification probes can increase the load on down-stream MTAs when you're being flooded by backscatter bounces, or when some spammer is mounting a dictionary attack. By default, address verification results are not saved. To avoid probing the same address repeatedly, you can store the result in a persistent database as described later. /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination ... reject_unknown_recipient_domain reject_unverified_recipient ... # Postfix 2.6 and later privacy feature. # unverified_recipient_reject_reason = Address lookup failed The "reject_unknown_recipient_domain" restriction blocks mail for non-existent domains. Putting this before "reject_unverified_recipient" avoids the overhead of generating unnecessary probe messages. The unverified_recipient_reject_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a recipient address is known to bounce. Change this setting into 550 when you trust Postfix's judgments. The following features are available in Postfix 2.6 and later. The unverified_recipient_defer_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a recipient address probe fails with some temporary error. Some sites insist on changing this into 250. NOTE: This change turns MX servers into backscatter sources when the load is high. The unverified_recipient_reject_reason parameter (default: empty) specifies fixed text that Postfix will send to remote SMTP clients, instead of sending actual address verification details. Do not specify the SMTP status code or enhanced status code. The unverified_recipient_tempfail_action parameter (default: defer_if_permit) specifies the Postfix SMTP server action when a recipient address verification probe fails with some temporary error. SSeennddeerr aaddddrreessss vveerriiffiiccaattiioonn ffoorr mmaaiill ffrroomm ffrreeqquueennttllyy ffoorrggeedd ddoommaaiinnss Only for very small sites, it is relatively safe to turn on sender address verification for specific domains that often appear in forged email. /etc/postfix/main.cf: smtpd_sender_restrictions = hash:/etc/postfix/sender_access unverified_sender_reject_code = 550 # Postfix 2.6 and later. # unverified_sender_defer_code = 250 # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/db/postfix/verify /etc/postfix/sender_access: aol.com reject_unverified_sender hotmail.com reject_unverified_sender bigfoot.com reject_unverified_sender ... etcetera ... At some point in cyberspace/time, a list of frequently forged MAIL FROM domains could be found at http://www.monkeys.com/anti-spam/filtering/sender-domain- validate.in. NOTE: One of the first things you might want to do is to turn on sender address verification for all your own domains. SSeennddeerr aaddddrreessss vveerriiffiiccaattiioonn ffoorr aallll eemmaaiill Unfortunately, sender address verification cannot simply be turned on for all email - you are likely to lose legitimate mail from mis-configured systems. You almost certainly will have to set up white lists for specific addresses, or even for entire domains. To find out how sender address verification would affect your mail, specify "warn_if_reject reject_unverified_sender" so that you can see what mail would be blocked: /etc/postfix/main.cf: smtpd_sender_restrictions = permit_mynetworks ... check_sender_access hash:/etc/postfix/sender_access reject_unknown_sender_domain warn_if_reject reject_unverified_sender ... # Postfix 2.6 and later. # unverified_sender_reject_reason = Address verification failed # Note 1: Be sure to read the "Caching" section below! # Note 2: Avoid hash files here. Use btree instead. address_verify_map = btree:/var/db/postfix/verify This is also a good way to populate your cache with address verification results before you start to actually reject mail. The sender_access restriction is needed to whitelist domains or addresses that are known to be OK. Although Postfix will not mark a known-to-be-good address as bad after a probe fails, it is better to be safe than sorry. NOTE: You will have to whitelist sites such as securityfocus.com and other sites that operate mailing lists that use a different sender address for each posting (VERP). Such addresses pollute the address verification cache quickly, and generate unnecessary sender verification probes. /etc/postfix/sender_access securityfocus.com OK ... The "reject_unknown_sender_domain" restriction blocks mail from non-existent domains. Putting this before "reject_unverified_sender" avoids the overhead of generating unnecessary probe messages. The unverified_sender_reject_code parameter (default 450) specifies the numerical Postfix server reply code when a sender address is known to bounce. Change this setting into 550 when you trust Postfix's judgments. The following features are available in Postfix 2.6 and later. The unverified_sender_defer_code parameter (default 450) specifies the numerical Postfix SMTP server reply code when a sender address verification probe fails with some temporary error. Specify a valid 2xx or 4xx code. The unverified_sender_reject_reason parameter (default: empty) specifies fixed text that Postfix will send to remote SMTP clients, instead of sending actual addres verification details. Do not specify the SMTP status code or enhanced status code. The unverified_sender_tempfail_action parameter (default: defer_if_permit) specifies the Postfix SMTP server action when a sender address verification probe fails with some temporary error. AAddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee NOTE: By default, address verification information is not stored in a persistent file. You have to specify one in main.cf (see below). Persistent storage is off by default because it may need more disk space than is available in your file system. Address verification information is cached by the Postfix verify daemon. Postfix has a bunch of parameters that control the caching of positive and negative results. Refer to the verify(8) manual page for details. The address_verify_map (NOTE: singular) configuration parameter specifies an optional database for sender or recipient address verification results. If you don't specify a file, all address verification information is lost after "postfix reload" or "postfix stop". If your /var file system has sufficient space, try: /etc/postfix/main.cf: # Note: avoid hash files here. Use btree instead. address_verify_map = btree:/var/db/postfix/verify NOTE 1: As of version 2.5, Postfix no longer uses root privileges when opening this file. The file should now be stored under the Postfix-owned data_directory. As a migration aid, an attempt to open the file under a non- Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using a pre-existing database file, move it to the data_directory, and change ownership to the account specified with the mail_owner parameter. NOTE 2: Do not put this file in a file system that may run out of space. When the address verification table gets corrupted the world comes to an end and YOU will have to MANUALLY fix things as described in the next section. Meanwhile, you will not receive mail via SMTP. NOTE 3: The verify(8) daemon process will create a new database when none exists, and will open/create the file before it enters the chroot jail. MMaannaaggiinngg tthhee aaddddrreessss vveerriiffiiccaattiioonn ddaattaabbaassee The verify(8) manual page describes parameters that control how long information remains cached before it needs to be refreshed, and how long information can remain "unrefreshed" before it expires. Postfix uses different controls for positive results (address was accepted) and for negative results (address was rejected). Right now, no tools are provided to manage the address verification database. If the file gets too big, or if it gets corrupted, you can manually rename or delete the file and run "postfix reload". The new verify daemon process will then create a new database. CCoonnttrroolllliinngg tthhee rroouuttiinngg ooff aaddddrreessss vveerriiffiiccaattiioonn pprroobbeess By default, Postfix sends address verification probe messages via the same route as regular mail, because that normally produces the most accurate result. It's no good to verify a local address by connecting to your own SMTP port; that just triggers all kinds of mailer loop alarms. The same is true for any destination that your machine is best MX host for: hidden domains, virtual domains, etc. However, some sites have a complex infrastructure where mail is not sent directly to the Internet, but is instead given to an intermediate relayhost. This is a problem for address verification, because remote Internet addresses can be verified only when Postfix can access remote destinations directly. For this reason, Postfix allows you to override the routing parameters when it delivers an address verification probe message. First, the address_verify_relayhost parameter allows you to override the relayhost setting, and the address_verify_transport_maps parameter allows you to override the transport_maps setting. The address_verify_sender_dependent_relayhost_maps parameter does the same for sender-dependent relayhost selection. Second, each address class is given its own address verification version of the message delivery transport, as shown in the table below. Address classes are defined in the ADDRESS_CLASS_README file. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |DDoommaaiinn lliisstt |RReegguullaarr ttrraannssppoorrtt|VVeerriiffyy ttrraannssppoorrtt | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |mydestination |local_transport |address_verify_local_transport | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |virtual_alias_domains |(not applicable) |(not applicable) | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |virtual_mailbox_domains|virtual_transport|address_verify_virtual_transport| |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |relay_domains |relay_transport |address_verify_relay_transport | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |(not applicable) |default_transport|address_verify_default_transport| |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | By default, the parameters that control delivery of address probes have the same value as the parameters that control normal mail delivery. FFoorrcceedd pprroobbee rroouuttiinngg eexxaammpplleess In a typical scenario one would override the relayhost setting for address verification probes and leave everything else alone: /etc/postfix/main.cf: relayhost = $mydomain address_verify_relayhost = ... Sites behind a network address translation box might have to use a different SMTP client that sends the correct hostname information: /etc/postfix/main.cf: relayhost = $mydomain address_verify_relayhost = address_verify_default_transport = direct_smtp /etc/postfix/master.cf: direct_smtp .. .. .. .. .. .. .. .. .. smtp -o smtp_helo_name=nat.box.tld LLiimmiittaattiioonnss ooff ffoorrcceedd pprroobbee rroouuttiinngg Inconsistencies can happen when probe messages don't follow the same path as regular mail. For example, a message can be accepted when it follows the regular route while an otherwise identical probe message is rejected when it follows the forced route. The opposite can happen, too, but is less likely. @ 1.2.2.3 log @Pull up following revision(s) (requested by tron in ticket #1425): Update Postfix to version 2.7.1: - Improved before-queue content filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. Typically, this allows Postfix to handle the same mail load with fewer content filter processes. - Improved address verification performance. The verify database is now persistent by default, and it is automatically cleaned periodically. Under overload conditions, the Postfix SMTP server no longer waits up to 6 seconds for an address probe to complete. - Support for reputation management based on the local SMTP client IP address. This is typically implemented with "FILTER transportname:" actions in access maps or header/body checks, and mail delivery transports in master.cf with unique smtp_bind_address values. @ text @d7 4 a10 4 Recipient address verification may cause an increased load on down-stream servers in the case of a dictionary attack or a flood of backscatter bounces. Sender address verification may cause your site to be blacklisted by some providers. See also the "Limitations" section below for more. d21 2 a22 2 The technique is also useful to block mail for undeliverable recipients, for example on a mail relay host that does not have a list of all the valid d50 12 a61 20 probe Postfix message -> mail queue Postfix Postfix -> Internet -> SMTP <-> verify server server | v <- Postfix probe <- delivery -> Local status agents -> Remote ^ | v Address verification database d80 1 a80 2 the recipient address, or AFTER the nearest MTA accepts the message content. d98 2 a99 8 rejects an address when the nearest MTA for that address rejects mail from your machine for any reason. This is not a limitation, but it is mentioned here just in case people believe that it is a limitation. * Unfortunately, some sites do not reject unknown addresses in reply to the RCPT TO command, but report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. d101 7 a107 2 * By default, Postfix probe messages have a sender address "double- bounce@@$myorigin" (with Postfix versions before 2.5, the default is d111 4 a114 4 You can change the probe sender address into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "postmaster@@$myorigin" would succeed. d118 4 a121 4 As mentioned earlier, recipient address verification is useful to block mail for undeliverable recipients on a mail relay host that does not have a list of all valid recipient addresses. This can help to prevent the mail queue from filling up with MAILER-DAEMON messages. d130 3 a132 4 By default, address verification results are saved in a persistent database (Postfix version 2.7 and later; with earlier versions, specify the database in main.cf as described later). The persistent database helps to avoid probing the same address repeatedly. a179 1 # Default setting for Postfix 2.7 and later. a184 1 # Don't do this when you handle lots of email. a218 1 # Default setting for Postfix 2.7 and later. d264 15 a278 6 To improve performance, the Postfix verify(8) daemon can save address verification results to a persistent database. This is enabled by default with Postfix 2.7 and later. The address_verify_map (NOTE: singular) configuration parameter specifies persistent storage for sender or recipient address verification results. If you specify an empty value, all address verification results are lost after "postfix reload" or "postfix stop". a280 1 # Default setting for Postfix 2.7 and later. d282 1 a282 1 address_verify_map = btree:$data_directory/verify_cache d284 7 a290 14 # Default setting for Postfix 2.6 and earlier. # This uses non-persistent storage only. address_verify_map = NOTE 1: The database file should be stored under a Postfix-owned directory, such as $data_directory. As of version 2.5, Postfix no longer uses root privileges when opening this file. To maintain backwards compatibility, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using a pre-existing database file, change its file ownership to the account specified with the mail_owner parameter, and either move the file to the data_directory, or move it to some other Postfix-owned directory. d297 2 a298 2 NOTE 3: The verify(8) daemon will create a new database when none exists. It will open or create the file before entering the chroot jail. d302 3 a304 3 The verify(8) manual page describes parameters that control how long address verification results are cached before they need to be refreshed, and how long results can remain "unrefreshed" before they expire. Postfix uses different d306 1 a306 1 (address was rejected, or address verification failed for some other reason). d308 4 a311 12 The verify(8) daemon will periodically remove expired entries from the address verification database, and log the number of entries retained and dropped (Postfix versions 2.7 and later). A cleanup run is logged as "partial" when the daemon terminates early because of "postfix reload, "postfix stop", or because the daemon received no requests for $max_idle seconds. Postfix versions 2.6 and earlier do not implement automatic address verification database cleanup. There, the database is managed manually as described next. When the address verification database file becomes too big, or when it becomes corrupted, the solution is to manually rename or delete (NOT: truncate) the file and run "postfix reload". The verify(8) daemon will then create a new database file. @ 1.1 log @Initial revision @ text @d182 1 a182 1 address_verify_map = btree:/var/lib/postfix/verify d221 1 a221 1 address_verify_map = btree:/var/lib/postfix/verify d282 1 a282 1 address_verify_map = btree:/var/lib/postfix/verify @ 1.1.1.1 log @Import Postfix 2.6.2. @ text @@ 1.1.1.2 log @Import Postfix 2.7.1. Major changes since Postfix 2.6.6: - Improved before-queue content filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. Typically, this allows Postfix to handle the same mail load with fewer content filter processes. - Improved address verification performance. The verify database is now persistent by default, and it is automatically cleaned periodically. Under overload conditions, the Postfix SMTP server no longer waits up to 6 seconds for an address probe to complete. - Support for reputation management based on the local SMTP client IP address. This is typically implemented with "FILTER transportname:" actions in access maps or header/body checks, and mail delivery transports in master.cf with unique smtp_bind_address values. @ text @d7 4 a10 4 Recipient address verification may cause an increased load on down-stream servers in the case of a dictionary attack or a flood of backscatter bounces. Sender address verification may cause your site to be blacklisted by some providers. See also the "Limitations" section below for more. d21 2 a22 2 The technique is also useful to block mail for undeliverable recipients, for example on a mail relay host that does not have a list of all the valid d50 12 a61 20 probe Postfix message -> mail queue Postfix Postfix -> Internet -> SMTP <-> verify server server | v <- Postfix probe <- delivery -> Local status agents -> Remote ^ | v Address verification database d80 1 a80 2 the recipient address, or AFTER the nearest MTA accepts the message content. d98 2 a99 8 rejects an address when the nearest MTA for that address rejects mail from your machine for any reason. This is not a limitation, but it is mentioned here just in case people believe that it is a limitation. * Unfortunately, some sites do not reject unknown addresses in reply to the RCPT TO command, but report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. d101 7 a107 2 * By default, Postfix probe messages have a sender address "double- bounce@@$myorigin" (with Postfix versions before 2.5, the default is d111 4 a114 4 You can change the probe sender address into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with mis-configured sites that reject MAIL FROM: <>, while probes from "postmaster@@$myorigin" would succeed. d118 4 a121 4 As mentioned earlier, recipient address verification is useful to block mail for undeliverable recipients on a mail relay host that does not have a list of all valid recipient addresses. This can help to prevent the mail queue from filling up with MAILER-DAEMON messages. d130 3 a132 4 By default, address verification results are saved in a persistent database (Postfix version 2.7 and later; with earlier versions, specify the database in main.cf as described later). The persistent database helps to avoid probing the same address repeatedly. a179 1 # Default setting for Postfix 2.7 and later. a184 1 # Don't do this when you handle lots of email. a218 1 # Default setting for Postfix 2.7 and later. d264 15 a278 6 To improve performance, the Postfix verify(8) daemon can save address verification results to a persistent database. This is enabled by default with Postfix 2.7 and later. The address_verify_map (NOTE: singular) configuration parameter specifies persistent storage for sender or recipient address verification results. If you specify an empty value, all address verification results are lost after "postfix reload" or "postfix stop". a280 1 # Default setting for Postfix 2.7 and later. d282 1 a282 1 address_verify_map = btree:$data_directory/verify_cache d284 7 a290 14 # Default setting for Postfix 2.6 and earlier. # This uses non-persistent storage only. address_verify_map = NOTE 1: The database file should be stored under a Postfix-owned directory, such as $data_directory. As of version 2.5, Postfix no longer uses root privileges when opening this file. To maintain backwards compatibility, an attempt to open the file under a non-Postfix directory is redirected to the Postfix-owned data_directory, and a warning is logged. If you wish to continue using a pre-existing database file, change its file ownership to the account specified with the mail_owner parameter, and either move the file to the data_directory, or move it to some other Postfix-owned directory. d297 2 a298 2 NOTE 3: The verify(8) daemon will create a new database when none exists. It will open or create the file before entering the chroot jail. d302 3 a304 3 The verify(8) manual page describes parameters that control how long address verification results are cached before they need to be refreshed, and how long results can remain "unrefreshed" before they expire. Postfix uses different d306 1 a306 1 (address was rejected, or address verification failed for some other reason). d308 4 a311 12 The verify(8) daemon will periodically remove expired entries from the address verification database, and log the number of entries retained and dropped (Postfix versions 2.7 and later). A cleanup run is logged as "partial" when the daemon terminates early because of "postfix reload, "postfix stop", or because the daemon received no requests for $max_idle seconds. Postfix versions 2.6 and earlier do not implement automatic address verification database cleanup. There, the database is managed manually as described next. When the address verification database file becomes too big, or when it becomes corrupted, the solution is to manually rename or delete (NOT: truncate) the file and run "postfix reload". The verify(8) daemon will then create a new database file. @ 1.1.1.3 log @Import Postfix 2.8.1. Changes since version 2.7.*: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. @ text @d124 1 a124 1 "double-bounce@@$myorigin" would succeed. @ 1.1.1.4 log @Import Postfix 2.9.5. Major changes since version 2.8.x: - Support for long, non-repeating, queue IDs (queue file names). The main benefit of non-repeating names is simpler logfile analysis. See the description of "enable_long_queue_ids" in postconf(5) for details. - Memcache client support, and support to share postscreen(8) and verify(8) caches via the proxymap server. Details about memcache support are in memcache_table(5) and MEMCACHE_README. - Gradual degradation: if a database is unavailable (can't open, most read or write errors) a Postfix daemon will log a warning and continue providing the services that don't depend on that table, instead of immediately terminating with a fatal error. To terminate immediately when a database file can't be opened, specify "daemon_table_open_error_is_fatal = yes". - Revised postconf(1) command. It warns about unused parameter name=value settings in main.cf or master.cf (likely mistakes), understands "dynamic" parameter names such as names that depend on the name of a master.cf entry (finally, "postconf -n" shows all parameter settings), and it can display main.cf and master.cf in a more user-friendly format (postconf -nf, postconf -Mf). - Read/write deadline support in the SMTP client and server to defend against application-level DOS attacks that very slowly write or read data one byte at a time. @ text @a125 7 * The downside of using a non-empty sender address is that the address may end op on spammer mailing lists. Although Postfix always discards mail to the double-bounce address, this still results in wasted network bandwidth and server capacity. To defeat address harvesting, Postfix 2.9 and later support time-dependent sender addresses when you specify a non-zero address_verify_sender_ttl value. a289 10 # Shared persistent cache (requires Postfix 2.9 or later). address_verify_map = proxy:btree:$data_directory/verify_cache # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. # address_verify_cache_cleanup_interval = 0 # Shared memory cache (requires Postfix 2.9 or later). # See memcache_table(5) for details. address_verify_map = memcache:/etc/postfix/verify-memcache.cf @ 1.1.1.5 log @Import Postfix 2.10.2. Major changes since version 2.9.* are: - Separation of relay policy (with smtpd_relay_restrictions) from spam policy (with smtpd_{client, helo, sender, recipient}_restrictions), which makes accidental open relay configuration less likely. The default is backwards compatible. - HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands. - Support for the TLSv1 and TLSv2 protocols, as well as support to turn them off if needed for inter-operability. - Laptop-friendly configuration. By default, Postfix now uses UNIX-domain sockets instead of FIFOs, and thus avoids MTIME file system updates on an idle mail system. - Revised postconf(1) command. The "-x" option expands $name in a parameter value (both main.cf and master.cf); the "-o name=value" option overrides a main.cf parameter setting; and postconf(1) now warns about a $name that has no name=value setting. - Sendmail-style "socketmap" lookup tables. @ text @a154 3 # reject_unauth_destination is not needed here if the mail # relay policy is specified under smtpd_relay_restrictions # (available with Postfix 2.10 and later). d276 1 a276 1 address verification details. Do not specify the SMTP status code or enhanced @ 1.1.1.6 log @Import Postfix 2.11.1. The main changes since version 2.10.* are: - Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. - A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. - The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. - Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '*/*/chroot = n'", and to change/add a "-o name=value" setting use "postconf -P 'smtp/inet/name = value'". This was developed primarily to allow automated tools to manage Postfix systems without having to parse Postfix configuration files. @ text @a294 2 # Example 1: Default setting for Postfix 2.7 and later. # Note: avoid hash files here. Use btree instead. d296 2 d300 1 a300 11 # Example 2: Shared persistent lmdb: cache (Postfix 2.11 or later). # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. /etc/postfix/main.cf: address_verify_map = lmdb:$data_directory/verify_cache # address_verify_cache_cleanup_interval = 0 # Example 3: Shared persistent btree: cache (Postfix 2.9 or later). # Disable automatic cache cleanup in all Postfix instances except # for one instance that will be responsible for cache cleanup. /etc/postfix/main.cf: d302 2 d306 2 a307 4 # Example 4: Shared memory cache (requires Postfix 2.9 or later). # Disable automatic cache cleanup in all Postfix instances. # See memcache_table(5) for details. /etc/postfix/main.cf: a308 1 address_verify_cache_cleanup_interval = 0 d310 2 a311 3 # Example 5: Default setting for Postfix 2.6 and earlier. # This uses non-persistent storage only. /etc/postfix/main.cf: @ 1.1.1.7 log @The stable Postfix release is called postfix-3.0.x where 3=major release number, 0=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11 before proceeding. Notes for distribution maintainers ---------------------------------- * New backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. * New Postfix build system. The Postfix build/install procedure has changed to support Postfix dynamically-linked libraries and database plugins. These must not be "shared" with non-Postfix programs, and therefore must not be installed in a public directory. To avoid massive frustration due to broken patches, PLEASE BUILD POSTFIX FIRST WITHOUT APPLYING ANY PATCHES. Follow the INSTALL instructions (see "Building with Postfix dynamically-linked libraries and database plugins"), and see how things work and what the dynamically-linked libraries, database plugin, and configuration files look like. Then, go ahead and perform your platform-specific customizations. The INSTALL section "Tips for distribution maintainers" has further suggestions. Major changes - critical ------------------------ [Incompat 20140714] After upgrading Postfix, "postfix reload" (or start/stop) is required. Several Postfix-internal protocols have been extended to support SMTPUTF8. Failure to reload or restart will result in mail staying queued, while Postfix daemons log warning messages about unexpected attributes. Major changes - default settings -------------------------------- [Incompat 20141009] The default settings have changed for relay_domains (new: empty, old: $mydestination) and mynetworks_style (new: host, old: subnet). However the backwards-compatibility safety net will prevent these changes from taking effect, giving the system administrator the option to make an old default setting permanent in main.cf or to adopt the new default setting, before turning off backwards compatibility. See COMPATIBILITY_README for details. [Incompat 20141001] A new backwards-compatibility safety net forces Postfix to run with backwards-compatible main.cf and master.cf default settings after an upgrade to a newer but incompatible Postfix version. See COMPATIBILITY_README for details. While the backwards-compatible default settings are in effect, Postfix logs what services or what email would be affected by the incompatible change. Based on this the administrator can make some backwards-compatibility settings permanent in main.cf or master.cf, before turning off backwards compatibility. See postconf.5.html#compatibility_level for details. [Incompat 20141001] The default settings have changed for append_dot_mydomain (new: no. old: yes), master.cf chroot (new: n, old: y), and smtputf8 (new: yes, old: no). Major changes - access control ------------------------------ [Feature 20141119] Support for BCC actions in header/body_checks and milter_header_checks. There is no limit on the number of BCC actions that may be specified, other than the implicit limit due to finite storage. BCC support will not be implemented in Postfix delivery agent header/body_checks. It works in the same way as always_bcc and sender/recipient_bcc_maps: there can be only one address per action, recipients are added with the NOTIFY=NONE delivery status notification option, and duplicate recipients are ignored (with the same delivery status notification options). [Incompat 20141009] The default settings have changed for relay_domains (new: empty, old: $mydestination) and mynetworks_style (new: host, old: subnet). However the backwards-compatibility safety net will prevent these changes from taking effect, giving the system administrator the option to make an old default setting permanent in main.cf or to adopt the new default setting, before turning off backwards compatibility. See COMPATIBILITY_README for details. [Feature 20140618] New INFO action in access(5) tables, for consistency with header/body_checks. [Feature 20140620] New check_xxx_a_access (for xxx in client, reverse_client, helo, sender, recipient) implements access control on all A and AAAA IP addresses for respectively the client hostname, helo parameter, sender domain or recipient domain. This complements the existing check_xxx_mx_access and check_xxx_ns_access features. Major changes - address rewriting --------------------------------- [Incompat 20141001] The default settings have changed for append_dot_mydomain (new: no. old: yes), master.cf chroot (new: n, old: y), and smtputf8 (new: yes, old: no). Major changes - address verification ------------------------------------ [Feature 20141227] The new smtp_address_verify_target parameter (default: rcpt) specifies what protocol stage decides if a recipient is valid. Specify "data" for servers that reject invalid recipients in response to the DATA command. Major changes - database support -------------------------------- [Feature 20140512] Support for Berkeley DB version 6. [Feature 20140618] The "randmap" lookup table performs random selection. This may be used to implement load balancing, for example: /etc/postfix/transport: # Deliver my own domain as usual. example.com : .example.com : /etc/postfix/main.cf: transport_maps = # Deliver my own domain as usual. hash:/etc/postfix/transport # Deliver other domains via randomly-selected relayhosts randmap:{smtp:smtp0.example.com, smtp:smtp1.example.com} A variant of this can randomly select SMTP clients with different smtp_bind_address settings. To implement different weights, specify lookup results multiple times. For example, to choose smtp:smtp1.example.com twice as often as smtp:smtp0.example.com, specify smtp:smtp1.example.com twice. A future version may support randmap:/path/to/file to load a list of results from file. [Feature 20140618] As the name suggests, the "pipemap" table implements a pipeline of lookup tables. The name of the table specifies the pipeline as a sequence of tables. For example, the following prevents SMTP mail to system accounts that have "nologin" as their login shell: /etc/postfix/main.cf: local_recipient_maps = pipemap:{unix:passwd.byname, pcre:/etc/postfix/no-nologin.pcre} alias_maps /etc/postfix/no-nologin.pcre: !/nologin/ whatever Each "pipemap:" query is given to the first table. Each table lookup result becomes the query for the next table in the pipeline, and the last table produces the final result. When any table lookup produces no result, the entire pipeline produces no result. A future version may support pipemap:/path/to/file to load a list of lookup tables from file. [Feature 20140924] Support for unionmap, with the same syntax as pipemap. This sends a query to all tables, and concatenates non-empty results, separated by comma. [Feature 20131121] The "static" lookup table now supports whitespace when invoked as "static:{ text with whitespace }", so that it can be used, for example, at the end of smtpd_mumble_restrictions as "check_mumble_access static:{reject text...}". [Feature 20141126] "inline:{key=value, { key = text with comma/space}}" avoids the need to create a database for just a few entries. Major changes - delivery status notifications --------------------------------------------- [Feature 20140321] Delivery status filter support, to replace the delivery status codes and explanatory text of successful or unsuccessful deliveries by Postfix mail delivery agents. This was originally implemented for sites that want to turn certain soft delivery errors into hard delivery errors, but it can also be used to censor out information from delivery confirmation reports. This feature is implemented as a filter that replaces the three-number enhanced status code and descriptive text in Postfix delivery agent success, bounce, or defer messages. Note: this will not override "soft_bounce=yes", and this will not change a successful delivery status into an unsuccessful status or vice versa. The first example turns specific soft TLS errors into hard errors, by overriding the first number in the enhanced status code. /etc/postfix/main.cf: smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter /etc/postfix/smtp_dsn_filter: /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/ 5$1 /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/ 5$1 The second example removes the destination command name and file name from local(8) successful delivery reports, so that they will not be reported when a sender requests confirmation of delivery. /etc/postfix/main.cf: local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter /etc/postfix/local_dsn_filter: /^(2\S+ delivered to file).+/ $1 /^(2\S+ delivered to command).+/ $1 This feature is supported in the lmtp(8), local(8), pipe(8), smtp(8) and virtual(8) delivery agents. That is, all delivery agents that actually deliver mail. It will not be implemented in the error and retry pseudo-delivery agents. The new main.cf parameters and default values are: default_delivery_status_filter = lmtp_delivery_status_filter = $default_delivery_status_filter local_delivery_status_filter = $default_delivery_status_filter pipe_delivery_status_filter = $default_delivery_status_filter smtp_delivery_status_filter = $default_delivery_status_filter virtual_delivery_status_filter = $default_delivery_status_filter See the postconf(5) manpage for more details. [Incompat 20140618] The pipe(8) delivery agent will now log a limited amount of command output upon successful delivery, and will report that output in "SUCCESS" delivery status reports. This is another good reason to disable inbound DSN requests at the Internet perimeter. [Feature 20140907] With "confirm_delay_cleared = yes", Postfix informs the sender when delayed mail leaves the queue (this is in addition to the delay_warning_time feature that warns when mail is still queued). This feature is disabled by default, because it can result in a sudden burst of notifications when the queue drains at the end of a prolonged network outage. Major changes - dns ------------------- [Feature 20141128] Support for DNS server reply filters in the Postfix SMTP/LMTP client and SMTP server. This helps to work around mail delivery problems with sites that have incorrect DNS information. Note: this has no effect on the implicit DNS lookups that are made by nsswitch.conf or equivalent mechanisms. This feature renders each lookup result as one line of text in standard zone-file format as shown below. The class field is always "IN", the preference field exists only for MX records, the names of hosts, domains, etc. end in ".", and those names are in ASCII form (xn--mumble form for internationalized domain names). name ttl class type preference value --------------------------------------------------------- postfix.org. 86400 IN MX 10 mail.cloud9.net. Typically, one would match this text with a regexp: or pcre: table. When a match is found, the table lookup result specifies an action. By default, the table query and the action name are case-insensitive. Currently, only the IGNORE action is implemented. For safety reasons, Postfix logs a warning or defers mail delivery when a DNS reply filter removes all lookup results from a successful query. The Postfix SMTP/LMTP client uses the smtp_dns_reply_filter and lmtp_dns_reply_filter features only for Postfix SMTP client lookups of MX, A, and AAAAA records to locate a remote SMTP or LMTP server, including lookups that implement the features reject_unverified_sender and reject_unverified_recipient. The filters are not used for lookups made through nsswitch.conf and similar mechanisms. The Postfix SMTP server uses the smtpd_dns_reply_filter feature only for Postfix SMTP server lookups of MX, A, AAAAA, and TXT records to implement the features reject_unknown_helo_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_*, and reject_rhsbl_*. The filter is not used for lookups made through nsswitch.conf and similar mechanisms, such as lookups of the remote SMTP client name. [Feature 20141126] Nullmx support (MX records with a null hostname). This change affects error messages only. The Postfix SMTP client already bounced mail for such domains, and the Postfix SMTP server already rejected such domains with reject_unknown_sender/recipient_domain. This feature introduces a new SMTP server configuration parameter nullmx_reject_code (default: 556). Major changes - dynamic linking ------------------------------- [Feature 20140530] Support to build Postfix with Postfix dynamically-linked libraries, and with dynamically-loadable database clients. These MUST NOT be used by non-Postfix programs. Postfix dynamically-linked libraries introduce minor runtime overhead and result in smaller Postfix executable files. Dynamically-loadable database clients are useful when you distribute or install pre-compiled packages. Postfix 3.0 supports dynamic loading for CDB, LDAP, LMDB, MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients. This implementation is based on Debian code by LaMont Jones, initially ported by Viktor Dukhovni. Currently, support exists for recent versions of Linux, FreeBSD, MacOS X, and for the ancient Solaris 9. To support Postfix dynamically-linked libraries and dynamically-loadable database clients, the Postfix build procedure had to be changed (specifically, the files makedefs and Makefile.in, and the files postfix-install and post-install that install or update Postfix). [Incompat 20140530] The Postfix 3.0 build procedure expects that you specify database library dependencies with variables named AUXLIBS_CDB, AUXLIBS_LDAP, etc. With Postfix 3.0 and later, the old AUXLIBS variable still supports building a statically-loaded CDB etc. database client, but only the new AUXLIBS_CDB etc. variables support building a dynamically-loaded or statically-loaded CDB etc. database client. See CDB_README, LDAP_README, etc. for details. Failure to follow this advice will defeat the purpose of dynamic database client loading. Every Postfix executable file will have database library dependencies. And that was exactly what dynamic database client loading was meant to avoid. Major changes - future proofing ------------------------------- [Cleanup 20141224] The changes described here have no visible effect on Postfix behavior, but they make Postfix code easier to maintain, and therefore make new functionality easier to add. * Compile-time argument typechecks of non-printf/scanf-like variadic function argument lists. * Deprecating the use of "char *" for non-text purposes such as memory allocation and pointers to application context for call-back functions. This dates from long-past days before void * became universally available. * Replace integer types for counters and sizes with size_t or ssize_t equivalents. This eliminates some wasteful 64<->32bit conversions on 64-bit systems. Major changes - installation pathnames -------------------------------------- [Incompat 20140625] For compliance with file system policies, some non-executable files have been moved from $daemon_directory to the directory specified with the new meta_directory configuration parameter which has the same default value as the config_directory parameter. This change affects non-executable files that are shared between multiple Postfix instances such as postfix-files, dynamicmaps.cf, and multi-instance template files. For backwards compatibility with Postfix 2.6 .. 2.11, specify "meta_directory = $daemon_directory" in main.cf before installing or upgrading Postfix, or specify "meta_directory = /path/name" on the "make makefiles", "make install" or "make upgrade" command line. Major changes - milter ---------------------- [Feature 20140928] Support for per-Milter settings that override main.cf parameters. For details see the section "Advanced policy client configuration" in the SMTPD_POLICY_README document. Here is an example that uses both old and new syntax: smtpd_milters = { inet:127.0.0.1:port1, default_action=accept, ... }, inet:127.0.0.1:port2, ... The supported attribute names are: command_timeout, connect_timeout, content_timeout, default_action, and protocol. These have the same names as the corresponding main.cf parameters, without the "milter_" prefix. The per-milter settings are specified as attribute=value pairs separated by comma or space; specify { name = value } to allow spaces around the "=" or within an attribute value. [Feature 20141018] DMARC compatibility: when a Milter inserts a header ABOVE Postfix's own Received: header, Postfix no longer exposes its own Received: header to Milters (violating protocol) and Postfix no longer hides the Milter-inserted header from Milters (wtf). Major changes - parameter syntax -------------------------------- [Feature 20140921] In preparation for configurable mail headers and logging, new main.cf support for if-then-else expressions: ${name?{text1}:{text2}} and for logical expressions: ${{text1}=={text2}?{text3}:{text4}} ${{text1}!={text2}?{text3}:{text4}} Whitespace before and after {text} is ignored. This can help to make complex expressions more readable. See the postconf(5) manpage for further details. [Feature 20140928] Support for whitespace in daemon command-line arguments. For details, see the "Command name + arguments" section in the master(5) manpage. Example: smtpd -o { parameter = value containing whitespace } ... The { ... } form is also available for non-option command-line arguments in master.cf, for example: pipe ... argv=command { argument containing whitespace } ... In both cases, whitespace immediately after "{" and before "}" is ignored. [Feature 20141005] Postfix import_environment and export_environment now allow "{ name=value }" to protect whitespace in attribute values. [Feature 20141006] The new message_drop_header parameter replaces a hard-coded table that specifies what message headers the cleanup daemon will remove. The list of supported header names covers RFC 5321, 5322, MIME RFCs, and some historical names. Major changes - pipe daemon --------------------------- [Incompat 20140618] The pipe(8) delivery agent will now log a limited amount of command output upon successful delivery, and will report that output in "SUCCESS" delivery status reports. This is another good reason to disable inbound DSN requests at the Internet perimeter. Major changes - policy client ----------------------------- [Feature 20140703] This release introduces three new configuration parameters that control error recovery for failed SMTPD policy requests. * smtpd_policy_service_default_action (default: 451 4.3.5 Server configuration problem): The default action when an SMTPD policy service request fails. * smtpd_policy_service_try_limit (default: 2): The maximal number of attempts to send an SMTPD policy service request before giving up. This must be a number greater than zero. * smtpd_policy_service_retry_delay (default: 1s): The delay between attempts to resend a failed SMTPD policy service request. This must be a number greater than zero. See postconf(5) for details and limitations. [Feature 20140928] Support for per-policy service settings that override main.cf parameters. For details see the section "Different settings for different Milter applications" in the MILTER_README document. Here is an example that uses both old and new syntax: smtpd_recipient_restrictions = ... check_policy_service { inet:127.0.0.1:port3, default_action=DUNNO } check_policy_service inet:127.0.0.1:port4 ... The per-policy service settings are specified as attribute=value pairs separated by comma or space; specify { name = value } to allow spaces around the "=" or within an attribute value. The supported attribute names are: default_action, max_idle, max_ttl, request_limit, retry_delay, timeout, try_limit. These have the same names as the corresponding main.cf parameters, without the "smtpd_policy_service_" prefix. [Feature 20140505] A client port attribute was added to the policy delegation protocol. [Feature 20140630] New smtpd_policy_service_request_limit feature to limit the number of requests per Postfix SMTP server policy connection. This is a workaround to avoid error-recovery delays with policy servers that cannot maintain a persistent connection. Major changes - position-independent executables ------------------------------------------------ [Feature 20150205] Preliminary support for building position-independent executables (PIE), tested on Fedora Core 20, Ubuntu 14.04, FreeBSD 9 and 10, and NetBSD 6. Specify: $ make makefiles pie=yes ...other arguments... On some systems, PIE is used by the ASLR exploit mitigation technique (ASLR = Address-Space Layout Randomization). Whether specifying "pie=yes" has any effect at all depends on the compiler. Reportedly, some compilers always produce PIE executables. Major changes - postscreen -------------------------- [Feature 20140501] Configurable time limit (postscreen_dnsbl_timeout) for DNSBL or DNSWL lookups. This is separate from the timeouts in the dnsblog(8) daemon which are controlled by system resolver(3) routines. Major changes - session fingerprint ----------------------------------- [Feature 20140801] The Postfix SMTP server now logs at the end of a session how many times an SMTP command was successfully invoked, followed by the total number of invocations if some invocations were unsuccessful. This logging will enough to diagnose many problems without using verbose logging or network sniffer. Normal session, no TLS: disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1 Normal session. with TLS: disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 All recipients rejected, no ESMTP command pipelining: disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1 All recipients rejected, with ESMTP command pipelining: disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 Password guessing bot, hangs up without QUIT: disconnect from name[addr] ehlo=1 auth=0/1 Mis-configured client trying to use TLS wrappermode on port 587: disconnect from name[addr] unknown=0/1 Logfile analyzers can trigger on the presence of "/". It indicates that Postfix rejected at least one command. [Feature 20150118] As a late addition, the SMTP server now also logs the total number of commands (as "commands=x/y") even when the client did not send any commands. This helps logfile analyzers to recognize sessions without commands. Major changes - smtp client --------------------------- [Feature 20141227] The new smtp_address_verify_target parameter (default: rcpt) determines what protocol stage decides if a recipient is valid. Specify "data" for servers that reject recipients after the DATA command. Major changes - smtputf8 ------------------------ [Incompat 20141001] The default settings have changed for append_dot_mydomain (new: no, old: yes), master.cf chroot (new: n, old: y), and smtputf8 (new: yes, old: no). [Incompat 20140714] After upgrading Postfix, "postfix reload" (or start/stop) is required. Several Postfix-internal protocols have been extended to support SMTPUTF8. Failure to reload or restart will result in mail staying queued, while Postfix daemons log warning messages about unexpected attributes. [Feature 20140715] Support for Email Address Internationalization (EAI) as defined in RFC 6531..6533. This supports UTF-8 in SMTP/LMTP sender addresses, recipient addresses, and message header values. The implementation is based on initial work by Arnt Gulbrandsen that was funded by CNNIC. See SMTPUTF8_README for a description of Postfix SMTPUTF8 support. [Feature 20150112] UTF-8 Casefolding support for Postfix lookup tables and matchlists (mydestination, relay_domains, etc.). This is enabled only with "smtpuf8 = yes". [Feature 20150112] With smtputf8_enable=yes, SMTP commands with UTF-8 syntax errors are rejected, table lookup results with invalid UTF-8 syntax are handled as configuration errors, and UTF-8 syntax errors in policy server replies result in execution of the policy server's default action. Major changes - tls support --------------------------- (see "Major changes - delivery status notifications" above for turning 4XX soft errors into 5XX bounces when a remote SMTP server does not offer STARTTLS support). [Feature 20140209] the Postfix SMTP client now also falls back to plaintext when TLS fails AFTER the TLS protocol handshake. [Feature 20140218] The Postfix SMTP client now requires that a queue file is older than $minimal_backoff_time, before falling back from failed TLS to plaintext (both during or after the TLS handshake). [Feature 20141021] Per IETF TLS WG consensus, the tls_session_ticket_cipher default setting was changed from aes-128-cbc to aes-256-cbc. [Feature 20150116] TLS wrappermode support in the Postfix smtp(8) client (new smtp_tls_wrappermode parameter) and in posttls-finger(1) (new -w option). There still is life in that deprecated protocol, and people should not have to jump hoops with stunnel. @ text @d44 5 a48 5 A Postfix MTA verifies a sender or recipient address by probing the preferred MTAs for that address, without actually delivering mail. The preferred MTAs could include the Postfix MTA itself, or some remote MTAs (SMTP interruptus). Probe messages are like normal mail, except that they are never delivered, deferred or bounced; probe messages are always discarded. d84 6 a89 10 * Postfix assumes that a remote SMTP server will reject unknown addresses in reply to the RCPT TO command. However, some sites report this in reply to the DATA command. For such sites you may configure a workaround with the smtp_address_verify_target parameter (Postfix 3.0 and later). * When verifying a remote address, Postfix probes the preferred MTAs for that address, without actually delivering mail. If a preferred MTA accepts the address, then Postfix assumes that the address is deliverable. In reality, mail for a remote address can bounce AFTER a preferred MTA accepts the recipient address, or AFTER a preferred MTA accepts the message content. d104 1 a104 1 * Postfix assumes that an address is undeliverable when a preferred MTA for d107 1 a107 1 rejects an address when a preferred MTA for that address rejects mail from d112 3 a114 3 RCPT TO or DATA command, but instead report a delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites. d203 1 a203 1 # Note 2: Avoid hash files here. Use btree or lmdb instead. d244 1 a244 1 # Note 2: Avoid hash files here. Use btree or lmdb instead. d296 1 a296 1 # Note: avoid hash files here. Use btree or lmdb instead. @ 1.1.1.8 log @This is the Postfix 3.5 (stable) release. The stable Postfix release is called postfix-3.5.x where 3=major release number, 5=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.6-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.3 or earlier, read RELEASE_NOTES-3.4 before proceeding. License change --------------- This software is distributed with a dual license: in addition to the historical IBM Public License 1.0, it is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. Major changes - multiple relayhost in SMTP ------------------------------------------ [Feature 20200111] the Postfix SMTP and LMTP client support a list of nexthop destinations separated by comma or whitespace. These destinations will be tried in the specified order. The list form can be specified in relayhost, transport_maps, default_transport, and sender_dependent_default_transport_maps. Examples: /etc/postfix/main.cf: relayhost = foo.example, bar.example default_transport = smtp:foo.example, bar.example. NOTE: this is an SMTP and LMTP client feature. It does not work for other Postfix delivery agents. Major changes - certificate access ---------------------------------- [Feature 20190517] Search order support for check_ccert_access. Search order support for other tables is in design (canonical_maps, virtual_alias_maps, transport_maps, etc.). The following check_ccert_access setting uses the built-in search order: it first looks up the client certificate fingerprint, then the client certificate public-key fingerprint, and it stops when a decision is made. /etc/postfix/main.cf: smtpd_mumble_restrictions = ... check_ccert_access hash:/etc/postfix/ccert-access ... The following setting, with explicit search order, produces the exact same result: /etc/postfix/main.cf: smtpd_mumble_restrictions = ... check_ccert_access { hash:/etc/postfix/ccert-access { search_order = cert_fingerprint, pubkey_fingerprint } } ... Support is planned for other certificate features. Major changes - dovecot usability --------------------------------- [Feature 20190615] The SMTP+LMTP delivery agent can now prepend Delivered-To, X-Original-To and Return-Path headers, just like the pipe(8) and local(8) delivery agents. This uses the "flags=DORX" command-line flags in master.cf. See the smtp(8) manpage for details. This obsoletes the "lmtp_assume_final = yes" setting, and replaces it with "flags=...X...", for consistency with the pipe(8) delivery agent. Major changes - forced expiration --------------------------------- [Feature 20200202] Support to force-expire email messages. This introduces new postsuper(1) command-line options to request expiration, and additional information in mailq(1) or postqueue(1) output. The forced-to-expire status is stored in a queue file attribute. An expired message is returned to the sender when the queue manager attempts to deliver that message (note that Postfix will never deliver messages in the hold queue). The postsuper(1) -e and -f options both set the forced-to-expire queue file attribute. The difference is that -f will also release a message if it is in the hold queue. With -e, such a message would not be returned to the sender until it is released with -f or -H. In the mailq(1) or postqueue(1) -p output, a forced-to-expire message is indicated with # after the queue file name. In postqueue(1) JSON output, there is a new per-message field "forced_expire" (with value true or false) that shows the forced-to-expire status. Major changes - haproxy2 protocol --------------------------------- [Feature 20200112] Support for the haproxy v2 protocol. The Postfix implementation supports TCP over IPv4 and IPv6, as well as non-proxied connections; the latter are typically used for heartbeat tests. The haproxy v2 protocol introduces no additional Postfix configuration. The Postfix smtpd(8) and postscreen(8) daemons accept both v1 and v2 protocol versions. Major changes - logging ----------------------- [Incompat 20191109] Postfix daemon processes now log the from= and to= addresses in external (quoted) form in non-debug logging (info, warning, etc.). This means that when an address localpart contains spaces or other special characters, the localpart will be quoted, for example: from=<"name with spaces"@@example.com> Older Postfix versions would log the internal (unquoted) form: from= The external and internal forms are identical for the vast majority of email addresses that contain no spaces or other special characters in the localpart. Specify "info_log_address_format = internal" for backwards compatibility. The logging in external form is consistent with the address form that Postfix 3.2 and later prefer for table lookups. It is therefore the more useful form for non-debug logging. Major changes - IP address normalization ---------------------------------------- [Incompat 20190427] Postfix now normalizes IP addresses received with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency with direct connections to Postfix. This may change the appearance of logging, and the way that check_client_access will match subnets of an IPv6 address. This is the Postfix 3.4 (stable) release. The stable Postfix release is called postfix-3.4.x where 3=major release number, 4=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.5-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3 before proceeding. License change --------------- This software is distributed with a dual license: in addition to the historical IBM Public License 1.0, it is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. Summary of changes ------------------ Incompatible changes, bdat support, containers, database support, logging, safety, tls connection pooling, tls support, usability, Incompatible changes -------------------- [Incompat 20180826] The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: # The logging alternative: smtpd_discard_ehlo_keywords = chunking # The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard See BDAT_README for more. [Incompat 20190126] This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. [Incompat 20190106] Postfix 3.4 drops support for OpenSSL 1.0.1 (end-of-life was December 31, 2016) and all earlier releases. [Incompat 20180701] To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. To set the tlsproxy process limit to zero: # postconf -F tlsproxy/unix/process_limit=0 # postfix reload Major changes - bdat support -------------------- [Feature 20180826] Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. Major changes - containers -------------------------- [Feature 20190126] Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and eliminates multiple problems with systemd-based systems. - Logging to stdout is useful when Postfix runs in a container, as it eliminates a syslogd dependency. See MAILLOG_README for configuration examples and logfile rotation. [Feature 20180422] Better handling of undocumented(!) Linux behavior whether or not signals are delivered to a PID=1 process. Major changes - database support -------------------------------- [Feature 20181105] Support for (key, list of filenames) in map source text. - Currently, this feature is used only by tls_server_sni_maps. - When a map is created from source with "postmap -F maptype:mapname", the command processes each key as usual and processes each value as a list of filenames, concatenates the content of those files (with one newline character in-between files), and stores an entry with (key, base64-encoded result). - When a map is queried with "postmap -F -q ...", the command base64-decodes each value. It reports an error when a value is not in base64 form. This "postmap -F -q ..." behavior also works when querying the memory-resident map types cidr:, inline:, pcre:, randmap:, regexp:, and static:. Postfix reads the files specified as table values, stores base64-encoded content, and base64-decodes content upon table lookup. Internally, Postfix will turn on this behavior for lookups (not updates) when a map is opened with the DICT_FLAG_RHS_IS_FILE flag. Major changes - logging ----------------------- [Feature 20190126] Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and eliminates multiple problems with systemd-based systems. - Logging to stdout is useful when Postfix runs in a container, as it eliminates a syslogd dependency. See MAILLOG_README for configuration examples and logfile rotation. Major changes - safety ---------------------- [Feature 20180623] Automatic retirement: dnsblog(8) and tlsproxy(8) process will now voluntarily retire after after max_idle*max_use, or some sane limit if either limit is disabled. Without this, a process could stay busy for days or more. Major changes - tls connection pooling -------------------------------------- [Feature 20180617] Postfix SMTP client support for multiple deliveries per TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don't combine deliveries. This feature is enabled with "smtp_tls_connection_reuse=yes" in main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. It supports all Postfix TLS security levels including dane and dane-only. The implementation of TLS connection reuse relies on the same scache(8) service as used for delivering plaintext SMTP mail, the same tlsproxy(8) daemon as used by the postscreen(8) service for inbound connections, and relies on the same hints from the qmgr(8) daemon. It reuses the configuration parameters described in CONNECTION_CACHE_README. The Postfix SMTP client now logs whether an SMTP-over-TLS connection is newly established ("TLS connection established") or whether the connection is reused ("TLS connection reused"). The following illustrates how TLS connections are reused: Initial plaintext SMTP handshake: smtp(8) -> remote SMTP server Reused SMTP/TLS connection, or new SMTP/TLS connection: smtp(8) -> tlsproxy(8) -> remote SMTP server Cached SMTP/TLS connection: scache(8) -> tlsproxy(8) -> remote SMTP server Major changes - tls support --------------------------- [Feature 20190106] SNI support in the Postfix SMTP server, the Postfix SMTP client, and in the tlsproxy(8) daemon (both server and client roles). See the postconf(5) documentation for the new tls_server_sni_maps and smtp_tls_servername parameters. [Feature 20190106] Support for files that contain multiple (key, certificate, trust chain) instances. This was required to implement server-side SNI table lookups, but it also eliminates the need for separate cert/key files for RSA, DSA, Elliptic Curve, and so on. The file format is documented in the TLS_README sections "Server-side certificate and private key configuration" and "Client-side certificate and private key configuration", and in the postconf(5) documentation for the parameters smtp_tls_chain_files, smtpd_tls_chain_files, tlsproxy_client_chain_files, and tlsproxy_tls_chain_files. Note: the command "postfix tls" does not yet support the new consolidated certificate chain format. If you switch to the new format, you'll need to manage your keys and certificates directly, rather than via postfix-tls(1). Major changes - usability ------------------------- [Feature 20180812] Support for smtpd_reject_footer_maps (as well as the postscreen variant postscreen_reject_footer_maps) for more informative reject messages. This is indexed with the Postfix SMTP server response text, and overrides the footer specified with smtpd_reject_footer. One will want to use a pcre: or regexp: map with this. This is the Postfix 3.3 (stable) release. The stable Postfix release is called postfix-3.3.x where 3=major release number, 3=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.1 or earlier, read RELEASE_NOTES-3.2 before proceeding. License change --------------- This software is distributed with a dual license: in addition to the historical IBM Public License 1.0, it is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. Major changes - compatibility safety net ---------------------------------------- [20180106] With compatibility_level < 1, the Postfix SMTP server now warns for mail that would be blocked by the Postfix 2.10 smtpd_relay_restrictions feature, without blocking that mail. This extends the compatibility safety net for sites that upgrade from earlier Postfix versions (questions on the postfix-users list show there is a steady trickle). See COMPATIBILITY_README for details. Major changes - configuration ----------------------------- [20170617] The postconf command now warns about unknown parameter names in a Postfix database configuration file. As with other unknown parameter names, these warnings can help to find typos early. [20180113] New read-only service_name parameter that contains the master.cf service name of a Postfix daemon process (it that is empty in a non-daemon process). This can make Postfix SMTP server logging logging distinct by setting the syslog_name in master.cf with "-o syslog_name=postfix/$service_name" for the "submission" and "smtps" services, and can make Postfix SMTP client distinct by setting "-o syslog_name=postfix/$service_name" for the "relay" service. Major changes - container support --------------------------------- [20171218] Preliminary support to run Postfix in the foreground, with "postfix start-fg". This requires that Postfix multi-instance support is disabled. To receive Postfix syslog information on the container's host, mount the host's /dev/log socket inside the container (example: "docker run -v /dev/log:/dev/log ..."), and specify a distinct Postfix "syslog_name" prefix that identifies the logging from the Postfix instance. Postfix does not log systemd events. Major changes - database support --------------------------------- [20170617] The postconf command warns about unknown parameter names in a Postfix database configuration file. [20171227] The pgsql_table(5) hosts parameter now supports the postgresql:// URI syntax. Contributed by Magosányi Árpád. Major changes - header format ----------------------------- [20180010] This release changes the format of 'full name' information in Postfix-generated From: headers, when a local program such as /bin/mail submits a message without From: header. Postfix-generated From: headers with 'full name' information are now formatted as "From: name
" by default. Specify "header_from_format = obsolete" to get the earlier form "From: address (name)". See the postconf(5) manpage for more details. Major changes - invisible changes --------------------------------- [20170617] Additional paranoia in the VSTRING implementation: a null byte after the end of vstring buffers (this is a safety net so that C-style string operations won't scribble past the end); earlier detection of bad length and precision format string specifiers (these are the result of programming error, as Postfix format strings cannot be specified externally). Major changes - milter support ------------------------------ [20171223] Milter applications can now send RET and ENVID parameters in SMFIR_CHGFROM (change envelope sender) requests. Major changes - mixed IPv6/IPv4 support --------------------------------------- [20170505] Workaround for mail delivery problems when 1) both Postfix IPv6 and IPv4 support are enabled, 2) some destination announces more primary IPv6 MX addresses than primary IPv4 MX addresses, 3) the destination is unreachable over IPv6, and 4) Postfix runs into the smtp_mx_address_limit before it can try to deliver over IPv4. When both Postfix IPv6 and IPv4 support are enabled, the Postfix SMTP client will now relax MX preferences so that it can schedule similar numbers of IPv4 and IPv6 destination addresses. This ensures that an IPv6 connectivity problem will not prevent mail from being delivered over IPv4 (and vice versa). Specify "smtp_balance_inet_protocols = no" to disable this workaround. Major changes - xclient ----------------------- [20171218] The Postfix SMTP server now allows the XCLIENT command before STARTTLS when TLS is required. This is useful for servers that run behind a reverse proxy server such as nginx. This is the Postfix 3.2 (stable) release. The stable Postfix release is called postfix-3.2.x where 3=major release number, 2=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.3-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.0 or earlier, read RELEASE_NOTES-3.1 before proceeding. Invisible changes ----------------- In addition to the visible changes described below, there is an ongoing overhaul of low-level code. With each change come updated tests to ensure that future changes will not 'break' compatibility with past behavior. Major changes - address mapping ------------------------------- [Feature 20170128] Postfix 3.2 fixes the handling of address extensions with email addresses that contain spaces. For example, the virtual_alias_maps, canonical_maps, and smtp_generic_maps features now correctly propagate an address extension from "aa bb+ext"@@example.com to "cc dd+ext"@@other.example, instead of producing broken output. Major changes - header/body_checks ---------------------------------- [Feature 20161008] "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar to "IGNORE" but also logs the action, and "PASS" disables header, body, and Milter inspection for the remainder of the message content. Contributed by Hobbit. Major changes - log analysis ---------------------------- [Feature 20160330] The collate.pl script by Viktor Dukhovni for grouping Postfix logfile records into "sessions" based on queue ID and process ID information. It's in the auxiliary/collate directory of the Postfix source tree. Major changes - maps support ---------------------------- [Feature 20160527] Postfix 3.2 cidr tables support if/endif and negation (by prepending ! to a pattern), just like regexp and pcre tables. The primarily purpose is to improve readability of complex tables. See the cidr_table(5) manpage for syntax details. [Incompat 20160925] In the Postfix MySQL database client, the default option_group value has changed to "client", to enable reading of "client" option group settings in the MySQL options file. This fixes a "not found" problem with Postfix queries that contain UTF8-encoded non-ASCII text. Specify an empty option_group value (option_group =) to get backwards-compatible behavior. [Feature 20161217] Stored-procedure support for MySQL databases. Contributed by John Fawcett. See mysql_table(5) for instructions. [Feature 20170128] The postmap command, and the inline: and texthash: maps now support spaces in left-hand field of the lookup table "source text". Use double quotes (") around a left-hand field that contains spaces, and use backslash (\) to protect embedded quotes in a left-hand field. There is no change in the processing of the right-hand field. Major changes - milter support ------------------------------ [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). [Feature 20161024] smtpd_milter_maps support for per-client Milter configuration that overrides smtpd_milters, and that has the same syntax. A lookup result of "DISABLE" turns off Milter support. See MILTER_README.html for details. Major changes - policy delegation --------------------------------- [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). Major changes - postqueue ------------------------- [Incompat 20170129] The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment (this override is not recommended, as it affects all Postfix utities and daemons). Major changes - safety ---------------------- [Incompat 20161227] For safety reasons, the sendmail -C option must specify an authorized directory: the default configuration directory, a directory that is listed in the default main.cf file with alternate_config_directories or multi_instance_directories, or the command must be invoked with root privileges (UID 0 and EUID 0). This mitigates a recurring problem with the PHP mail() function. Major changes - sasl -------------------- [Feature 20160625] The Postfix SMTP server now passes remote client and local server network address and port information to the Cyrus SASL library. Build with ``make makefiles "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards compatibility. Major changes - smtputf8 ------------------------ [Feature 20161103] Postfix 3.2 disables the 'transitional' compatibility between the IDNA2003 and IDNA2008 standards for internationalized domain names (domain names beyond the limits of US-ASCII). This change makes Postfix behavior consistent with contemporary web browsers. It affects the handling of some corner cases such as German sz and Greek zeta. See http://unicode.org/cldr/utility/idna.jsp for more examples. Specify "enable_idna2003_compatibility = yes" to restore historical behavior (but keep in mind that the rest of the world may not make that same choice). Major changes - tls ------------------- [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API features, so that Postfix will build without depending on backwards-compatibility support. [Incompat 20161204] Postfix 3.2 removes tentative features that were implemented before the DANE spec was finalized: - Support for certificate usage PKIX-EE(1), - The ability to disable digest agility (Postfix now behaves as if "tls_dane_digest_agility = on"), and - The ability to disable support for "TLSA 2 [01] [12]" records that specify the digest of a trust anchor (Postfix now behaves as if "tls_dane_trust_anchor_digest_enable = yes). [Feature 20161217] Postfix 3.2 enables elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter tls_eecdh_auto_curves with the names of curves that may be negotiated. The default tls_eecdh_auto_curves setting is determined at compile time, and depends on the Postfix and OpenSSL versions. At runtime, Postfix will skip curve names that aren't supported by the OpenSSL library. Major changes - xclient ----------------------- [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). @ text @d50 1 d53 2 a54 1 Postfix Postfix -> queue d65 1 a169 6 # Postfix 3.2 and earlier workaround. # Do not set enable_original_recipient=no. This prevents Postfix # from saving the recipient address verification result under # the original address, when the address verification probe # message goes through address aliasing or canonical mapping. a209 6 # Postfix 3.2 and earlier workaround. # Do not set enable_original_recipient=no. This prevents Postfix # from saving the sender address verification result under the # original address, when the address verification probe message # goes through address aliasing or canonical mapping. @ 1.1.1.9 log @Import Postfix-3.7.3 (previous version was 3.5.2) This is the Postfix 3.7 (stable) release. The stable Postfix release is called postfix-3.7.x where 3=major release number, 7=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.8-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.5 or earlier, read RELEASE_NOTES-3.6 before proceeding. License change --------------- This software is distributed with a dual license: in addition to the historical IBM Public License 1.0, it is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. Bugfix for messages not delivered after "warning: Unexpected record type 'X' ============================================================================ Due to a bug introduced in Postfix 3.7.0, a message could falsely be flagged as corrupt with "warning: Unexpected record type 'X'". Such messages were moved to the "corrupt" queue directory, where they may still be found. See below for instructions to deal with these falsely flagged messages. This could happen for messages with 5000 or more recipients, or with fewer recipients on a busy mail server. The problem was first reported by Frank Brendel, reproduced by John Alex. A file in the "corrupt" queue directory may be inspected with the command "postcat /var/spool/postfix/corrupt/. If delivery of the file is still desired, the file can be moved back to /var/spool/postfix/incoming after updating Postfix and executing "postfix reload". Major changes - configuration ----------------------------- [Feature 20210605] Support to inline the content of small cidr:, pcre:, and regexp: tables in Postfix parameter values. Example: smtpd_forbidden_commands = CONNECT GET POST regexp:{{/^[^A-Z]/ Thrash}} This is the new smtpd_forbidden_commands default value. It will immediately disconnect a remote SMTP client when a command does not start with a letter (a-z or A-Z). The basic syntax is: /etc/postfix/main.cf: parameter = .. map-type:{ { rule-1 }, { rule-2 } .. } .. /etc/postfix/master.cf: .. -o { parameter = .. map-type:{ { rule-1 }, { rule-2 } .. } .. } .. where map-type is one of cidr, pcre, or regexp. Postfix ignores whitespace after '{' and before '}', and writes each rule as one text line to a nameless in-memory file: in-memory file: rule-1 rule-2 .. Postfix parses the result as if it is a file in /etc/postfix. Note: if a rule contains $, specify $$ to keep Postfix from trying to do $name expansion as it evaluates the parameter value. Major changes - lmdb support ---------------------------- [Feature 20210605] Overhauled the LMDB client's error handling, and added integration tests for future-proofing. There are no visible changes in documented behavior. Major changes - logging ----------------------- [Feature 20210815] To make the maillog_file feature more useful, the postlog(1) command is now set-gid postdrop, so that unprivileged programs can use it to write logging through the postlogd(8) daemon. This required hardening the postlog(1) command against privilege escalation attacks. DO NOT turn on the set-gid bit with older postlog(1) implementations. Major changes - pcre2 support ----------------------------- [Feature 20211127] Support for the pcre2 library (the legacy pcre library is no longer maintained). The Postfix build procedure automatically detects if the pcre2 library is installed, and if it is unavailable, the Postfix build procedure will detect if the legacy pcre library is installed. See PCRE_README if you need to build Postfix with a specific library. Visible differences: some error messages may have a different text, and the 'X' pattern flag is no longer supported with pcre2. Major changes - security ------------------------ [Feature 20220102] Postfix programs now randomize the initial state of in-memory hash tables, to defend against hash collision attacks involving a large number of attacker-chosen lookup keys. Presently, the only known opportunity for such attacks involves remote SMTP client IPv6 addresses in the anvil(8) service. The attack would require making hundreds of short-lived connections per second from thousands of different IP addresses, because the anvil(8) service drops inactive counters after 100s. Other in-memory hash tables with attacker-chosen lookup keys are by design limited in size. The fix is cheap, and therefore implemented for all Postfix in-memory hash tables. Problem reported by Pascal Junod. [Feature 20211030] The postqueue command now sanitizes non-printable characters (such as newlines) in strings before they are formatted as json or as legacy output. These outputs are piped into other programs that are run by administrative users. This closes a hypothetical opportunity for privilege escalation. [Feature 20210815] Updated defense against remote clients or servers that 'trickle' SMTP or LMTP traffic, based on per-request deadlines and minimum data rates. Per-request deadlines: The new {smtpd,smtp,lmtp}_per_request_deadline parameters replace {smtpd,smtp,lmtp}_per_record_deadline, with backwards compatible default settings. This defense is enabled by default in the Postfix SMTP server in case of overload. The new smtpd_per_record_deadline parameter limits the combined time for the Postfix SMTP server to receive a request and to send a response, while the new {smtp,lmtp}_per_record_deadline parameters limit the combined time for the Postfix SMTP or LMTP client to send a request and to receive a response. Minimum data rates: The new smtpd_min_data_rate parameter enforces a minimum plaintext data transfer rate for DATA and BDAT requests, but only when smtpd_per_record_deadline is enabled. After a read operation transfers N plaintext bytes (possibly after TLS decryption), and after the DATA or BDAT request deadline is decreased by the elapsed time of that read operation, the DATA or BDAT request deadline is increased by N/smtpd_min_data_rate seconds. However, the deadline is never increased beyond the smtpd_timeout value. The default minimum data rate is 500 (bytes/second) but is still subject to change. The new {smtp,lmtp}_min_data_rate parameters enforce the corresponding minimum DATA transfer rates for the Postfix SMTP and LMTP client. Major changes - tls support --------------------------- [Cleanup 20220121] The new tlsproxy_client_security_level parameter replaces tlsproxy_client_level, and the new tlsproxy_client_policy_maps parameter replaces tlsproxy_client_policy. This is for consistent parameter naming (tlsproxy_client_xxx corresponds to smtp_tls_xxx). This change was made with backwards-compatible default settings. [Feature 20210926] Postfix was updated to support OpenSSL 3.0.0 API features, and to work around OpenSSL 3.0.0 bit-rot (avoid using deprecated API features). Other code health ----------------- [typos] Typo fixes by raf. [pre-release checks] Added pre-release checks to detect a) new typos in documentation and source-code comments, b) missing entries in the postfix-files file (some documentation would not be installed), c) missing rules in the postlink script (some text would not have a hyperlink in documentation), and d) missing map-based $parameter names in the proxy_read_maps default value (the proxymap daemon would not automatically authorize some proxied maps). [memory stream] Improved support for memory-based streams made it possible to inline small cidr:, pcre:, and regexp: maps in Postfix parameter values, and to eliminate some ad-hoc code that converted tlsproxy(8) protocol data to or from serialized form. ************************************************************************* This is the Postfix 3.6 (stable) release. The stable Postfix release is called postfix-3.6.x where 3=major release number, 6=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.7-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.4 or earlier, read RELEASE_NOTES-3.5 before proceeding. License change --------------- This software is distributed with a dual license: in addition to the historical IBM Public License 1.0, it is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. Major changes - internal protocol identification ------------------------------------------------ [Incompat 20200920] Internal protocols have changed. You need to "postfix stop" before updating, or before backing out to an earlier release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, postscreen) may fail to communicate with the rest of Postfix, causing mail delivery delays until Postfix is restarted. This change does not affect message files in Postfix queue directories, only the communication between running Postfix programs. With this change, every Postfix internal service, including the postdrop command, announces the name of its protocol before doing any other I/O. Every Postfix client program, including the Postfix sendmail command, will verify that the protocol name matches what it is supposed to be. The purpose of this change is to produce better error messages, for example, when someone configures the discard daemon as a bounce service in master.cf, or vice versa. This change may break third-party programs that implement a Postfix-internal protocol such as qpsmtpd. Such programs have never been supported. Fortunately, this will be an easy fix: look at the first data from the cleanup daemon: if it is a protocol announcement, you're talking to Postfix 3.6 or later. That's the only real change. Major changes - tls ------------------- [Incompat 20200705] The minimum supported OpenSSL version is 1.1.1, which will reach the end of life by 2023-09-11. Postfix 3.6 is expected to reach the end of support in 2025. Until then, Postfix will be updated as needed for compatibility with OpenSSL. The default fingerprint digest has changed from md5 to sha256 (Postfix 3.6 with compatibility_level >= 3.6). With a lower compatibility_level setting, Postfix defaults to using md5, and logs a warning when a Postfix configuration specifies no explicit digest type. Export-grade Diffie-Hellman key exchange is no longer supported, and the tlsproxy_tls_dh512_param_file parameter is ignored, [Feature 20200906] The tlstype.pl helper script by Viktor Dukhovni reports TLS information per message delivery. This processes output from the collate.pl script. See auxiliary/collate/README.tlstype and auxiliary/collate/tlstype.pl. Major changes - compatibility level ----------------------------------- [Feature 20210109] Starting with Postfix version 3.6, the compatibility level is "3.6". In future Postfix releases, the compatibility level will be the Postfix version that introduced the last incompatible change. The level is formatted as 'major.minor.patch', where 'patch' is usually omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2. This also introduces main.cf and master.cf support for the <=level, " which matches an empty sender address, and the "@@domain" wildcard pattern. More information about those can be found in the postconf(5) manpage. Example: /etc/postfix/main.cf: # Allow root and postfix full control, anyone else can only # send mail as themselves. Use "uid:" followed by the numerical # UID when the UID has no entry in the UNIX password file. local_login_sender_maps = inline:{ { root = *}, { postfix = * } }, pcre:/etc/postfix/login_senders /etc/postfix/login_senders: # Allow both the bare username and the user@@domain forms. /(.+)/ $1 $1@@example.com Major changes - order of relay and recipient restrictions --------------------------------------------------------- [Incompat 20210131] With smtpd_relay_before_recipient_restrictions=yes, the Postfix SMTP server will evaluate smtpd_relay_restrictions before smtpd_recipient_restrictions. This is the default behavior with compatibility_level >= 3.6. This change makes the implemented behavior consistent with existing documentation. There is a backwards-compatibility warning that allows users to freeze historical behavior. See COMPATIBILITY_README for details. Major changes - respectful logging ---------------------------------- [Feature 20210220] Postfix version 3.6 deprecates terminology that implies white is better than black. Instead, Postfix prefers 'allowlist', 'denylist', and variations on those words. This change affects Postfix documentation, and postscreen parameters and logging. To keep the old postscreen logging set "respectful_logging = no" in main.cf. Noel Jones assisted with the initial transition. Changes in documentation ------------------------ Postfix documentation was updated to use 'allowlist', 'denylist', etc. These documentation changes do not affect Postfix behavior. Changes in parameter names -------------------------- The following postscreen parameters replace names that contain 'blacklist' or 'whitelist': postscreen_allowlist_interfaces postscreen_denylist_action postscreen_dnsbl_allowlist_threshold These new parameters have backwards-compatible default settings that support the old parameter names, so that the name change should not affect Postfix behavior. This means that existing management tools that use the old parameter names should keep working as before. This compatibility safety net may break when some management tools use the new parameter names, and some use the old names, such that different tools will disagree on how Postfix works. Changes in logging ------------------ The following logging replaces forms that contain 'blacklist' or 'whitelist': postfix/postscreen[pid]: ALLOWLIST VETO [address]:port postfix/postscreen[pid]: ALLOWLISTED [address]:port postfix/postscreen[pid]: DENYLISTED [address]:port To avoid breaking logfile analysis tools, Postfix keeps logging the old forms by default, as long as the compatibility_level parameter setting is less than 3.6, and the respectful_logging parameter is not explicitly configured. As a reminder, Postfix will log the following: postfix/postscreen[pid]: Using backwards-compatible default setting respectful_logging=no for client [address]:port To keep logging the old form, make the setting "respectful_logging = no" permanent in main.cf, for example: # postconf "respectful_logging = no" # postfix reload To stop the reminder, configure the respectful_logging parameter to "yes" or "no", or configure "compatibility_level = 3.6". Major changes - threaded bounces -------------------------------- [Feature 20201205] Support for threaded bounces. This allows mail readers to present a non-delivery, delayed delivery, or successful delivery notification in the same email thread as the original message. Unfortunately, this also makes it easy for users to mistakenly delete the whole email thread (all related messages), instead of deleting only the delivery status notification. To enable, specify "enable_threaded_bounces = yes". Other changes - smtpd_sasl_mechanism_list ----------------------------------------- [Feature 20200906] The smtpd_sasl_mechanism_list parameter (default: !external, static:rest) prevents confusing errors when a SASL backend announces EXTERNAL support which Postfix does not support. Other changes - delivery logging -------------------------------- [Incompat 20200531] Postfix delivery agents now log an explicit record when delegating delivery to a different Postfix delivery agent. For example, with "best_mx_transport = local", an SMTP delivery agent will now log when a recipient will be delivered locally. This makes the delegating delivery agent visible, where it would otherwise have remained invisible, which would complicate troubleshooting. postfix/smtp[pid]: queueid: passing to transport=local This will usually be followed by logging for an actual delivery: postfix/local[pid]: queueid: to=, relay=local, ... Other examples: the local delivery agent will log a record that it defers mailbox delivery through mailbox_transport or through fallback_transport. Other changes - error logging ----------------------------- [Incompat 20200531] Postfix programs will now log "Application error" instead of "Success" or "Unknown error: 0" when an operation fails with errno == 0, i.e., the error originates from non-kernel code. Other changes - dns lookups --------------------------- [Feature 20200509] The threadsafe resolver API (res_nxxx() calls) is now the default, not because the API is threadsafe, but because this is the API where new features are being added. To build old style, build with: make makefiles CCARGS="-DNO_RES_NCALLS..." This is the default for systems that are known not to support the threadsafe resolver API. @ text @d9 1 a9 1 Sender address verification may cause your site to be denylisted by some d92 5 a96 5 * Some sites may denylist you when you are probing them too often (a probe is an SMTP session that does not deliver mail), or when you are probing them too often for a non-existent address. This is one reason why you should use sender address verification sparingly, if at all, when your site receives lots of email. d128 1 a128 1 end up on spammer mailing lists. Although Postfix always discards mail to d237 1 a237 1 almost certainly will have to set up allow lists for specific addresses, or d263 1 a263 1 The sender_access restriction is needed to allowlist domains or addresses that d267 1 a267 1 NOTE: You will have to allowlist sites such as securityfocus.com and other @ 1.1.1.10 log @Import postfix-3.10.1 (previous was 3.8.4) Summary: Postfix 3.9 (July 2022): This release focused on enhancing the TLS (Transport Layer Security) capabilities of Postfix. It introduced support for TLSv1.3, allowing for more secure and efficient encrypted communications. Additionally, improvements were made to the handling of TLSA records, which are used in DNS-based Authentication of Named Entities (DANE) to associate TLS certificates with domain names. Postfix 3.10 (July 2023): This version brought significant updates to Postfix's SMTP (Simple Mail Transfer Protocol) functionalities. It added support for the SMTPUTF8 extension, enabling the use of UTF-8 encoding in email addresses and headers, which is essential for internationalization. The release also included performance optimizations, particularly in the handling of large mail queues, and introduced new configuration parameters to provide administrators with finer control over mail processing. The changes are described more in detail in: 3.10 changes: RELEASE_NOTES 3.9 changes: RELEASE_NOTES_3.9 3.8 changes: RELEASE_NOTES_3.8 @ text @d227 2 a228 2 was archived at https://web.archive.org/web/20080526153208/http:// www.monkeys.com/anti-spam/filtering/sender-domain-validate.in. @