Excursus Retry 451 452 Strategies


imagine, a mail envolope contains many recipient, The server accepts the first recipients and rejects the last
recipients, meaning “Too many recipients in this transaction”.

RFC 821 specifies the reply code 452 as “Insufficient storage”, which RFC 5821 amends, by stating that 452 can mean also
too many recipients in this transaction.

RFC 3463 defines enhanced status code 4.5.3 stating “Too many recipients”. RFC 5248 attaches the ESC 4.5.3 to reply
code 451, stating that changing this binding requires a specification, and there is no such specitifaciton.

Authdb NSS module


Upgrading manual tells that authdb NSS module was removed some time ago.
<a href="" title=""></a>

Can this change be reverted?
I'd like to use only as dovecot userdb source. It's also essential for me to enable files backend in nsswitch.conf so the system could use local user db. At the same time dovecot must not see local users at all. Authdb NSS module could help me there.
The other solution would be to use another instance of nsswitch.conf for dovecot authdb passwd module. Is it possible?


dns_lookup: Fix compilation with uClibc-ng

uClibc-ng does not have res_send or res_nsend.

dns_lookup: Fix compilation with uClibc-ng

uClibc-ng does not have res_send or res_nsend.
diff --git a/src/dns/dns_lookup.c b/src/dns/dns_lookup.c
index 1ea98b3..18073b4 100644
--- a/src/dns/dns_lookup.c
+++ b/src/dns/dns_lookup.c
@@ -311,9 +311,17 @@ typedef struct DNS_REPLY {
static int dns_res_query(const char *name, int class, int type,
unsigned char *answer, int anslen)
+ int len;
+#ifndef __UCLIBC__
+ len = res_query(name, class, type, an

dns_lookup: Fix compilation with uClibc-ng

uClibc-ng does not have res_send or res_nsend.
diff --git a/src/dns/dns_lookup.c b/src/dns/dns_lookup.c
index 1ea98b3..59657f1 100644
--- a/src/dns/dns_lookup.c
+++ b/src/dns/dns_lookup.c
@@ -344,11 +344,13 @@ static int dns_res_query(const char *name, int class, int type,
if (msg_verbose)
msg_info("res_mkquery() failed");
return (len);
+#ifndef __UCLIBC__
} else if ((len = res_send(msg_buf, len, answer, anslen)) < 0) {
if (msg_verbose)
msg_info("res_send() failed");
return (le

Fix build on Linux kernel 5.x+

Recognise kernel 5.x versioning scheme

Signed-off-by: Khem Raj <raj. ... at gmail dot com>

--- a/makedefs
+++ b/makedefs
@@ -543,7 +543,7 @@ EOF
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC-gcc} -shared"}
case "$CCARGS" in
*-DNO_DB*) ;;
*-DHAS_DB*) ;;
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -749,7 +749,7 @@ extern int initgroups(const char *, int)
-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4)
+#if defined(LINUX2) || de

smtpd_proxy EHLO-XFORWARD parse minor bug and attribute for {daemon_addr}

Hi everyone,

I stumbled upon a very minor bug with regard to parsing the supported
XFORWARD attributes from the EHLO reply in smtpd_proxy: the last
attribute is never acknowledged because when tokenizing, the appended
'\r' is not removed and leads to a failed string comparison in name_code
an thereby to the last attribute not being added to
I guess this has so far never come up because the last in line of
advertised XFORWARD attributes by postfix currently is IDENT, which
seems to never be set in this scenario anyways(?).

RFE: DANE functions + log

Recently I have been struggling with configuring DANE and DNSSEC for a domain, for which my DNS is


Linux Fedora 28
BIND 9.12.3
Postfix 3.3.1

smtp_tls_dane_insecure_mx_policy = dane
smtp_tls_security_level = dane
tls_dane_digest_agility = on
tls_dane_digests = sha512 sha256
tls_dane_trust_anchor_digest_enable = yes
smtp_dns_support_level = dnssec
smtp_host_lookup = native, dns

DNSSEC is not the problem, but there are issues in setting up DANE in postfix, hvis could be

1) logging

More informative logging of what is happening, when smtp is trying to establ

tracker / pull requests / source control ?


I analyzed postfix using cppcheck and I would like to submit patches.
how can I do that ?

[src/milter/milter.c:778] -> [src/milter/milter.c:805]: (warning) Either
the condition 'milters!=0' is redundant or there is possible null pointer
dereference: milters.
[src/milter/test-milter.c:549]: (warning) sscanf() without field width
limits can crash with huge input data.
[src/posttls-finger/posttls-finger.c:878]: (warning) Redundant assignment
of 'stream' to itself.
[src/smtp/smtp_sasl_auth_cache.c:212]: (warning) sscanf() without field
width limits can crash with huge input data.

postfix, header rewriting, DKIM


upon receiving an email with:

< ... at example dot int>

- notice the missing space after the comma - sendmail passes the
unmodified header to milters, e.g.

openDKIM and postfix


I invested a lot of time tweaking OpenDKIM+Sendmail not to break DKIM-
Signatures, when sendmail is used at the same time to verify available
signatures, adding an Authentication-Results header, signing the
message and forwarding it to the alias-destination.

Postfix is silently discarding emails

In a special case Postfix (3.3.0 and 3.2.5 at least) will silently discard emails without logging
anything about it.

After moving to a new server a lot of mail was delivered to the luser_relay user, and when changing
this user to the main user of the system, all emails were lost with the only trace of them in the
maillog as one line of

postfix/qmgr[29592]: ACA2B201E3B00: removed

after received from amavisd.

The cause of this is the following:

The sequence of users in /etc/passwd had changed.

For historical reasons there are some users and groups in /etc/passwd and /etc/groups which

src/global/dict_mysql.c (postfix 3.2.0-5, 3.3.0 and current) to allow build against MySQL 8.x

From <a href="" title=""></a>
o MYSQL_OPT_SSL_VERIFY_SERVER_CERT (argument type: my_bool *)
This option is deprecated as of MySQL 5.7.11 and is removed in MySQL 8.0.

There are some issues in case postfix builds against mariadb or percona instead
mysql, because both define MYSQL_VERSION_ID >= 50711 and only mariadb also

mariadb (10.2.13):
#define MYSQL_VERSION_ID 100212
#define MARIADB_VERSION_ID 100212

percona (5.7.20-18):
#define MY

Postfix documentation patches not merged


I send an email to the list on August 22nd 2017 with some documentation
patches. They have not been merged yet. I can see my email in the
postfix-devel list archive. Is there something else I need to do to get
the patches merged?

Best regards,
-Sven Neuhaus

Writing a SMTP Extension


recently I got a project at university which includes an enhancement for Postfix. I read through the code already and tried to understand the various daemons. I feel a little lost because this is the first big open source project I am working on.

The project description states that I have to implement some SMTP extension which provides two features. (1) The owner of an SMTP account should be able to upload personal information in the vCard format onto his mail account after authentication.

doc: try to clarify owner- alias handling

First apologies if this is the wrong mailing list for
documentation patches.

This patch (based on the 3.2.4 sources) tries to improve the
documentation of the owner- alias handling.

OpenSSL fips mode

Hi all,

Attached please find a patch that adds a new configuration option to turn on OpenSSL FIPS mode (if supported by the installed version of OpenSSL lib).

Please feel free to modify the style/code and especially the documentation :)
and let me know of any required changes.

Kind regards,
Nik Kostaras

Nik Kostaras

Team Leader

[Telephone] +44 118 903 8635


[Clearswift] <>

1310 Waterside | Arlington Business Park | Theale | Berkshire | RG7 4SA | United Kingdom

Adaptive Security & Data Loss Prevention solutions for email, web, cloud app

Documentation patches


there's a semicolon missing in the MILTER_README.html, breaking a HTML
After noticing that I went looking and found two more missing semicolons
in the SMTPD_ACCESS_README.html and some unescaped ampersands in

I've attached patches against postfix-3.3-20170730.

-Sven Neuhaus

BAD signature from "Wietse Venema <>"

I seem to be having some trouble checking the sigs on

$ gpg --verify postfix-3.2.2.tar.gz.gpg1 postfix-3.3-20170613.tar.gz
gpg: Signature made 2017-06-13T13:35:00 PDT using RSA key ID C12BCD99
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: Can't check signature: bad public key

Oops, try again:

$ gpg --allow-weak-digest-algos --verify postfix-3.2.2.tar.gz.gpg1
gpg: Signature made 2017-06-13T13:35:00 PDT using RSA key ID C12BCD99
gpg: WARNING: digest algorithm MD5 is deprecated
gpg: please see <a href="" title=""></a>

smtp outbound proxy protocol support

Attached is a patch that configurably enables smtp to send a v1 PROXY
protocol string before HELO.

We have a specific use case where want postfix to be able to specify the
sending IP to use to our network edges, and PROXY protocol seemed ideal for
this. We can just override the "source" ip to use in the protocol
string, and the edge proxy/firewall can SNAT using the provided IP. I
realize this is kind of an esoteric use case for PROXY protocol, but
figured I'd submit the patch for some eyes even if its not considered
for merging upstream.

Verify.db and hitting address verification limit on postfix-3.1.4


Last week one of our clients got DDoS:ed very badly and I noticed that
"Too many address verification requests" get cached in the verify.db as
negative hits. I really think that is wrong. Only negative hits that
come from the next hop should be cached.

Disabling negative hit caching kind of "nullifies" the idea of the
cache, even though it can be used temporarily to solve this.

Mika Ilmaranta

Spelling fixes

Hello. I've been offering spelling fixes to many projects for a long time.
I can't find the right entry-point for this project

My changes are here:
<a href="" title=""></a>

My goal, of course, is for them to be accepted, so if there's a
license waiver I need to sign, just let me know.

140 files changed, 339 insertions(+), 339 deletions(-)
wc: 3148 18117 143025

I'm not particularly interested in sending a 140k patch by email. Most
lists do not accept them. That said, I can do so if that's requested.

postfix-pgsql to use connection string


I am using postfix-pgsql with ssl authentication. Therefore I need to
provide a connection string for postgres connections. A patch is
attached to do so.

See <a href="" title=""></a> for
more details.

Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)

Interesting article in latest issue of subject titled:

"A Differential Approach to Undefined Behavior Detection"

which may describe procedures not used in other static analysis programs.

Article references the authors' website here:

<a href="" title=""></a>

which contains more info links and a link to the software on github here:

<a href="" title=""></a>

Best regards,


Enforcing minimum TLS versions in postfix

We've currently reviving the STARTTLS Everywhere
(<a href="" title=""></a>) project at EFF. Some
of the features it currently has:

* Know about a set of major email domains that are guaranteed to
support STARTTLS, and what mx domains they point to
* Know about the minimum TLS version that those domains are guaranteed
to support
* Preliminary integration with the letsencrypt python client, allowing
automated installation of a valid cert from Let's Encrypt

The code can currently transform all of the above into tweaks to a
postfix configuration.

question on non-printable characters in logging


Postfix will convert the non-printable characters into "?" before logging.
Is there any way to conver those non-printable characters to UTF8 insteaded
of replacing with "?" ? Otherwise it not easy to dig out the sender or
msg-id if containing non-printable characters such as european characters.
Many thanks in advance.


RFE: postqueue top sender

Would it be possible to implement a new postqueue options that prints the top
senders currently in queue? Something like 'postqueue -t':

109 <a href="mailto: ... at example dot com"> ... at example dot com</a>
7 <a href="mailto: ... at example dot com"> ... at example dot com</a>
. ...

Of course I can do that with sort, awk, uniq etc.


smtpd_sender_login_maps and multiple lookup tables


This is perhaps old news, but couldn’t find anything related in the archives nor in the release notes.
So, just in case… ;-)

Up to now, I had :

smtpd_sender_login_maps = sqlite:db_sender_login_map
db_sender_login_map_dbpath = […]
db_sender_login_map_query = […]

submission_sender_restrictions =

submission inet n - n - - smtpd
-o smtpd_sender_restrictions=$submission_sender_restrictions

and everything seemed to be working as expected (Postfix 2.11.0 - 201401

RFE: Additional postqueue output format

The current postqueue output format is somewhat like this:

$ postqueue -p
----Queue ID----- --Size-- ---Arrival Time---- --Sender/Recipient------
3n97rq4vbmz1gT 2660 Tue Sep 8 03:18:03 <a href="mailto:dane-users- ... at sys4 dot de">dane-users- ... at sys4 dot de</a>
(connect to some.server.tld[]:25: Connection refused)
<a href="mailto: ... at server dot tld"> ... at server dot tld</a>
(conversation with some.otherserver.tld[] timed out while receiving the initial server greeting)
<a href="mailto:rcpt@remote-destination.tld">rcpt@remote-destination.tld</a>

I - at least I - find it hard to write scrip - multi IPv6 bindings but single IPv4 fallback in mixedmode possible??

Hi@ Developers

I have a setup in my for multiple IPv6 Addresses with SSL and
TLS configured and on my IPv6 Layer everything works as expected.
The Problem: Some of the Mailhosters doenst accept IPv6 MTA's at this
time and so i need a fallback, but i have only 1 IPv4 Address in my Root
Server Webhosting Package.

Can i run IPv4 Virtualhosts on one single IPv4 address at the same time
while IPv6 instances are running normally side by side?

Right now i use a single IPv4 / virtual host smtp.mydomain.tld but
unfortently in the rceived by header of Thunderbrid and other Mail

Hi there

Iam just a new postfix user/development interrested person

TLS shake broken but openssl s_client succeed


I know there are sevel similar mail threads to discuss the TLS handshake
failure issue (such as:
<a href="" title=""></a>). However, my
situation is that I use same cipher list on posttls-finger and openssl
s_client, posttls-finger failed but openssl s_client succeeded.

The remote MTA is MS exchange 2003, and it support RC4-MD5 cipher. On my
postfix machine, the openssl version is 1.0.1e.

I use this cipher list: 'ALL:+RC4:!3DES:@STRENGTH', the index of RC4-SHA is
77/78 in this list.

question on qmgr_transport_select()


I went thru the qmgr source code and found an odd logic, from the comments
we can know it will stop until we run out of "todo" entries. However the
implementation is:
if ((need -= MIN5af51743e4eef(queue->window - queue->busy_refcount,
queue->todo_refcount)) <= 0)

suppose if transport->pending is 1, so the value of need is 2 (pending+1),
queue->window is 5 by default(destination concurrent connection). Now there
is one todo entry and one busy entry, so min(queue->window -
queue->busy_refcount, queue->todo_refcount) is 1, which cause the
invalidation of if statement.

Postfix 3.0.1 dynamicmaps.c

dymap_init() reads /etc/postfix/ directory and we seem
to constantly get "warning: /etc/postfix/ directory
read error: No such file or directory".

Apr 21 16:41:47 foo7 postfix/qmgr[3538]: scan_dir_push: open
Apr 21 16:41:47 foo7 postfix/qmgr[3538]: scan_dir_next: skip .
Apr 21 16:41:47 foo7 postfix/qmgr[3538]: scan_dir_next: skip ..
Apr 21 16:41:47 foo7 postfix/qmgr[3538]: warning:
/etc/postfix/ directory read error: No such file or
Apr 21 16:41:47 foo7 postfix/qmgr[3538]: scan_dir_pop: close

missing include in allascii.c

We seem to be missing an #include <string.h> in allascii.c:

allascii.c: In function ‘allascii_len’:
allascii.c:51:8: warning: incompatible implicit declaration of built-in
function ‘strlen’
len = strlen(string);

--- src/util/allascii.c 2015-02-17 00:43:56.000000000 +0000
+++ src/util//allascii.c 2015-02-17 10:01:47.775727110 +0000
@@ -35,6 +35,7 @@

#include <sys_defs.h>
#include <ctype.h>
+#include <string.h>

/* Utility library. */

Possible problem with dead code in src/postlog/postlog.c

Hello all,

This is my first post on the postfix-devel mailing list.

While investigating a problem with postlog.c in postfix release 2.6.6
seg faulting when invoked as "postlog -h", we discovered that the code
was trying to print a string called tag, but the tag variable had been
set to a null pointer at line 209:

tag = 0;

In later versions (I checked 2.10 and 3.1) of the postlog.c code, that
line has been removed, eliminating the seg fault problem, however the
code after the while loop (line 243 in 2.6.6, and still present in 3.1)
still seems to expect that the value of tag can

Defensive liveness testing of DNSBLs

Over on another list, people were grousing that it's impossible to
shut down a DNSBL because no matter what you do, clueless people with
dusty mail configurations will keep hammering on it. You can list
nothing, or list everything, or put in long delays, or return
delegations to name servers on nonexistent networks, or return text
records with obscene insults, but they will keep hammering.

smtpd xclient and sasl

We use postfix with dovecot as a sasl backend, and have run into a small
issue with the XCLIENT extension and SASL. smtpd_sasl_activate is
called only upon the initial connection to smtpd, and that sets the sasl
structure to using the socket's remote ip address. When XCLIENT is
used, a new ip address is specified but the sasl structure is not

Adding transactional capabilities to Postfix


I'm using Postfix few months (before I use qmail for 10+ years). Its greate
piece of software. Because i'm using it also on smtp relay, i want to add
some transactional capabilities.

The primary reason is "monitoring activity of our smtp relay users" and
actively disabking problem users in realtime.

The one approach is to calculate succesfull ratio of sending email. Some
kind of transaction log statistics.

My idea is pretty simple: for each smtp user (sasl user name) store
statistics/log for each si ple delivery (based on queue id).

Cygwin port of postfix 2.11.3


just for info: I ported postfix 2.11.3 to Cygwin.

The patch:
<a href="" title=""></a>
Shouldn't break builds on other platforms. This was tested on Debian.

Binaries are available in the Cygwin net distribution:
<a href="" title=""></a>


Error building postfix-2.12-20141207

I am getting the following error when building postfix-2.12-20141207:

x86_64-pc-linux-gnu-gcc -I. -I../../include -DHAS_PCRE -DHAS_LDAP
-DUSE_TLS -DHAS_LMDB -DNO_NIS -DHAS_CDB -I/usr/include/cdb
-DSNAPSHOT -DDEF_SHLIB_DIR=\"/usr/lib64/postfix/\${mail_version}\"
-Wno-comment -I. -I../../include -DLINUX3 -c smtpd.c
smtpd.c:4678:22: error: ‘unimpl_cmd’ undeclared here (not in a function)
{SMTPD_CMD_AUTH, unimpl_cmd,},

tarball signature digest algorithm


while packaging postfix 2.11.1 I noticed that the corresponding pgp/gpg
signature is generated using the md5 digest algorithm. MD5 is now
disabled as an acceptable digest method for signatures for source
tarballs of openSUSE packages. Would it be possible to re-issue the
signature using a SHA-1 or any of the SHA-2 family?

Many thanks,
Andreas Stieger

beefing up Postfix macro processing

I've been looking into an old wish to make Postfix headers and (some
of the) Postfix logging configurable. But before that could happen,
the $name expansion logic needed to be extended because it is a bit

This week I added support for if-then-else logic in conditional
$name expansion and support for conditional expansions based
on the (in)equality of text strings. For example:

${{text1} == ${text2} ? {text3} : {text4}}

Where text1..text4 are subject to $name expansion. For the curious:
``${{text1} == ${text2}}'' evaluates to empty or "true".

Overriding earlier entry...


recently I noticed this warning about "overriding earlier entry". At
first I did not pay it much attention, but it became enough annoying
to look at it recently.

I am sending this email because I think that we need to do something
about it, and hope that this will help communicate valid ideas around.

Situation is a bit quirky, because of the following facts:
1. postfix manual clearly states: "When the same parameter is defined
multiple times, only the last instance is remembered."
2. Postfix uses almost no command line arguments

Re: [PATCH] smtpd_policy_service_(error_sleep_time|max_keepalive)

Am 27.06.2014 15:31 schrieb ... at porcupine dot org:



attached is a patch which adds the following configuration options
to postfix:


The first one will make the sleep(1) in attr_clnt_request configurable.
(line with comment /* XXX make configurable */)
In anvil_clnt.c and tls_mgr.c, where attr_clnt is also used, the current default 1 is used.
For check_policy_service (smtpd_check.c) the configuration parameter is used.

The second one will cause postfix to disconnect after the specified
amount of requests made over a policyd connection.
If set to 0 it will be dis

Patch: Unicode email support (RFC 6531, 6532, 6533)


at <a href="" title=""></a> you will find a
patch to add unicode email support to Postfix. The patch is relative to

I tried to append it to a list posting, but the result was too large for
the list, hence the URL.

A short overview of the RFCs: You can use naked UTF8 in localparts and
domain, and you can usually forget about quoted-printable. There's an
interlock to make sure that UTF8 messages are only ever sent to servers
that understand UTF8 addresses.


I can't compile and install Postfix 2.10.3 and above with pcre 8.35 on
Mac OS X 10.9.2. Postfix 2.10.2 works.

RFC: Verify concurrency limit


I'm one of the maintainers of multi-node spam checking service. We were
recently hit by DDoS attack. We received hundreds of emails per second,
all targeted to <a href="mailto: ... at single dot"> ... at single dot</a>. Unfortunately
had "unknown receiver tarpit" feature enabled and we had (must have)
"reject_unverified_recipient" option enabled on our side. This resulted
hundreds of verify probes per second, but client replied to less that
one per second. This resulted HUGE mail queue of verify probes plus
couple of real emails.

Ambiguous description on "reject_unknown_recipient_domain"


When I checked the description of "reject_unknown_recipient_domain" on
official portal: <a href="" title=""></a>, I found the
description is ambiguous with the implementation.

Below is the quote from portal:
*reject_unknown_recipient_domain*Reject the request when Postfix is not
final destination for the recipient domain, and the RCPT TO domain has 1) *no
DNS A or MX record* or 2) .......

From the description, If one domain has no DNS A record or no DNS MX
record, it will be reject as unknown recipient domain, however, the
implementation is:
It will check MX record fi

What causes 550 Action not taken ?

I have a little server that pumps out spam to people who pay me for
it. (Yes, really.)

Looking at the logs, I'm seeing a lot of "550 Action not taken" at end
of data from recipient systems which I believe are running Postfix.
Can someone tell me what that means, so I can tell the recipients to
undo whatever they did to cause it?

The mail typically has a vast spamassasin score and often contains
viruses. Due to the volume it's common to have 20 open SMTP sessions
per recipient. The recipients use it to tune their spam filters, look
for phish campaigns, and the like.


TLS support


I've been looking at the current state of TLS support in postfix.
I notice that the documentation on the website says it will
support DANE in the 2.11 version.

DANE will make it possible for us to have mandatory encryption, so
I would like to see that we can get the best out of that.

So one thing I've noticed is that you currently only have settings
for dh512 and dh1024.

X-Original-To via XFORWARD?


on mailstores (read: Dovecot) we often would like to know X-Original-To in
order to apply SIEVE-Rules against the X-Original-To value.

Obviously it doesn't make sense to add that header and send it via SMTP/LMTP
if a message has more than one recipient. But what if we set

Would it then be safe and possible to forward X-Original-To via SMTP/LMTP?

Dovecot (or any other receiver) could use the information and add the header.


Patch: Support NOTIFY ESMTP parameter in SMFIR_ADDRCPT_PAR


The following patch adds support for setting the NOTIFY ESMTP parameter
via the SMFIR_ADDRCPT_PAR milter command, as per the milter spec
(previously, Postfix ignored all ESMTP parameters passed to this milter

The patch is simple and only touches two functions because most of the
required pieces were already there. All I needed to do was split the
argument list, parse the NOTIFY parameter (using the existing
dsn_notify_mask() function), and pass the result as the last argument to
cleanup_addr_bcc_dsn(), instead of always passing DEF_DSN_NOTIFY.

Patch: Expose custom data to postfix map lookups, and call for help

My organization has a requirement to expose a custom value to various
map lookups[1], such as the transport map. We wrote a patch to
accomplish this, and it has been working well in production for at least
a couple years, with postfix 2.8.2[4]. We have recently attempted to
port the patch to 2.10.2[5], but are experiencing some problems.

PATCH: Add support in dict_mysql.c for enabling SSL and reading from my.cnf files


The following patch adds support for using SSL when connecting to a
MySQL server and support for reading my.cnf files which can set other
connection related options.

New configuration parameters for SSL connections are -

tls_cert_file - File containing the client's public key.
tls_key_file - File containing the client's private key.
tls_CAfile - File containing the server's public key.
tls_CApath - Directory containing the server's public key.
tls_ciphers - A list of permissible ciphers to use for encryption.
tls_verify_cert - Verify that the name of th

Email Address length check


Why there is no length limitation on Email Address (there is max
length:320 on RFC: <a href="" title=""></a>)? Is there any plan
on it?
The workaround is that add such checking on PolicyD or Milter.


Patch to support multiple destination on transport


Currently Postfix doesn't support multiple destinations on transport (eg:
smtp: []:25, []:10025 this is not supported).
However Postfix support multiple destination on smtp_fallback_relay (eg:
smtp_fallback_relay = []:25, []:10025).
Now I have implemented this feature(support multiple destinations) based
on Postfix 2.8.8 (it's easy to add it on latest version).
My question is who can I contact with to check whether/how I add my patch
on source code tree.
Many thanks in advance.

King Cao

limits for slow messages (patch)


attached is my first take on the problem we have discussed few weeks ago -
limiting amount of deferred messages in the active queue and limiting
amount of delivery agents used by presumably "slow" deferred messages.

The patch contains several incremental parts which show how I developed
this and which make it more readable at the same time.

The first half of the patch implements the active queue limit. Few

- The qmgr_loop() now always round robins the queues. The original version
stopped doing that when active queue was full and incoming mail kept
flowing in.

'reject_unknown_helo_hostname' shouldn't exist


Postfix's documentation quotes for 'reject_unknown_helo_hostname':
"Reject the request when the HELO or EHLO hostname has no DNS A or MX

Under '3.6 Domains' of RFC 2821 it says:

"Only resolvable, fully-qualified, domain names (FQDNs) are permitted
when domain names are used in SMTP. In other words, names that can
be resolved to MX RRs or A RRs (as discussed in section 5) are
permitted, as are CNAME RRs whose targets can be resolved, in turn,
to MX or A RRs."

I have seen in Postfix's documentation that it caters for 'home-grown'
software for some attributes.

Syndicate content