5
/* Postfix virtual domain mail delivery agent
7
/* \fBvirtual\fR [generic Postfix daemon options]
9
/* The \fBvirtual\fR(8) delivery agent is designed for virtual mail
10
/* hosting services. Originally based on the Postfix local(8) delivery
11
/* agent, this agent looks up recipients with map lookups of their
12
/* full recipient address, instead of using hard-coded unix password
13
/* file lookups of the address local part only.
15
/* This delivery agent only delivers mail. Other features such as
16
/* mail forwarding, out-of-office notifications, etc., must be
17
/* configured via virtual_alias maps or via similar lookup mechanisms.
21
/* The mailbox location is controlled by the \fBvirtual_mailbox_base\fR
22
/* and \fBvirtual_mailbox_maps\fR configuration parameters (see below).
23
/* The \fBvirtual_mailbox_maps\fR table is indexed by the recipient
24
/* address as described under TABLE SEARCH ORDER below.
26
/* The mailbox pathname is constructed as follows:
29
/* \fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR
31
/* where \fIrecipient\fR is the full recipient address.
32
/* UNIX MAILBOX FORMAT
35
/* When the mailbox location does not end in \fB/\fR, the message
36
/* is delivered in UNIX mailbox format. This format stores multiple
37
/* messages in one textfile.
39
/* The \fBvirtual\fR delivery agent prepends a "\fBFrom \fIsender
40
/* time_stamp\fR" envelope header to each message, prepends a
41
/* \fBDelivered-To:\fR message header with the envelope recipient
43
/* prepends an \fBX-Original-To:\fR header with the recipient address as
45
/* prepends a \fBReturn-Path:\fR message header with the
46
/* envelope sender address, prepends a \fB>\fR character to lines
47
/* beginning with "\fBFrom \fR", and appends an empty line.
49
/* The mailbox is locked for exclusive access while delivery is in
50
/* progress. In case of problems, an attempt is made to truncate the
51
/* mailbox to its original length.
52
/* QMAIL MAILDIR FORMAT
55
/* When the mailbox location ends in \fB/\fR, the message is delivered
56
/* in qmail \fBmaildir\fR format. This format stores one message per file.
58
/* The \fBvirtual\fR delivery agent daemon prepends a \fBDelivered-To:\fR
59
/* message header with the final envelope recipient address,
60
/* prepends an \fBX-Original-To:\fR header with the recipient address as
61
/* given to Postfix, and prepends a
62
/* \fBReturn-Path:\fR message header with the envelope sender address.
64
/* By definition, \fBmaildir\fR format does not require application-level
65
/* file locking during mail delivery or retrieval.
69
/* Mailbox ownership is controlled by the \fBvirtual_uid_maps\fR
70
/* and \fBvirtual_gid_maps\fR lookup tables, which are indexed
71
/* with the full recipient address. Each table provides
72
/* a string with the numerical user and group ID, respectively.
74
/* The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on
75
/* numerical user ID values that may be specified in any
76
/* \fBvirtual_uid_maps\fR.
80
/* Normally, a lookup table is specified as a text file that
81
/* serves as input to the \fBpostmap\fR(1) command. The result, an
82
/* indexed file in \fBdbm\fR or \fBdb\fR format, is used for fast
83
/* searching by the mail system.
85
/* The search order is as follows. The search stops
86
/* upon the first successful lookup.
88
/* When the recipient has an optional address extension the
89
/* \fIuser+extension@domain.tld\fR address is looked up first.
91
/* With Postfix versions before 2.1, the optional address extension
94
/* The \fIuser@domain.tld\fR address, without address extension,
97
/* Finally, the recipient \fI@domain\fR is looked up.
99
/* When the table is provided via other means such as NIS, LDAP
100
/* or SQL, the same lookups are done as for ordinary indexed files.
102
/* Alternatively, a table can be provided as a regular-expression
103
/* map where patterns are given as regular expressions. In that case,
104
/* only the full recipient address is given to the regular-expression
109
/* The virtual delivery agent is not security sensitive, provided
110
/* that the lookup tables with recipient user/group ID information are
111
/* adequately protected. This program is not designed to run chrooted.
113
/* RFC 822 (ARPA Internet Text Messages)
115
/* Mail bounces when the recipient has no mailbox or when the
116
/* recipient is over disk quota. In all other cases, mail for
117
/* an existing recipient is deferred and a warning is logged.
119
/* Problems and transactions are logged to \fBsyslogd\fR(8).
120
/* Corrupted message files are marked so that the queue
121
/* manager can move them to the \fBcorrupt\fR queue afterwards.
123
/* Depending on the setting of the \fBnotify_classes\fR parameter,
124
/* the postmaster is notified of bounces and of other trouble.
126
/* This delivery agent supports address extensions in email
127
/* addresses and in lookup table keys, but does not propagate
128
/* address extension information to the result of table lookup.
130
/* Postfix should have lookup tables that can return multiple result
131
/* attributes. In order to avoid the inconvenience of maintaining
132
/* three tables, use an LDAP or MYSQL database.
133
/* CONFIGURATION PARAMETERS
136
/* Changes to \fBmain.cf\fR are picked up automatically, as virtual(8)
137
/* processes run for only a limited amount of time. Use the command
138
/* "\fBpostfix reload\fR" to speed up a change.
140
/* The text below provides only a parameter summary. See
141
/* postconf(5) for more details including examples.
142
/* MAILBOX DELIVERY CONTROLS
145
/* .IP "\fBvirtual_mailbox_base (empty)\fR"
146
/* A prefix that the virtual(8) delivery agent prepends to all pathname
147
/* results from $virtual_mailbox_maps table lookups.
148
/* .IP "\fBvirtual_mailbox_maps (empty)\fR"
149
/* Optional lookup tables with all valid addresses in the domains that
150
/* match $virtual_mailbox_domains.
151
/* .IP "\fBvirtual_minimum_uid (100)\fR"
152
/* The minimum user ID value that the virtual(8) delivery agent accepts
153
/* as a result from \fB$virtual_uid_maps\fR table lookup.
154
/* .IP "\fBvirtual_uid_maps (empty)\fR"
155
/* Lookup tables with the per-recipient user ID that the virtual(8)
156
/* delivery agent uses while writing to the recipient's mailbox.
157
/* .IP "\fBvirtual_gid_maps (empty)\fR"
158
/* Lookup tables with the per-recipient group ID for virtual(8) mailbox
161
/* Available in Postfix version 2.0 and later:
162
/* .IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR"
163
/* The list of domains that are delivered via the $virtual_transport
164
/* mail delivery transport.
165
/* .IP "\fBvirtual_transport (virtual)\fR"
166
/* The default mail delivery transport for domains that match the
167
/* $virtual_mailbox_domains parameter value.
171
/* .IP "\fBvirtual_mailbox_lock (see 'postconf -d' output)\fR"
172
/* How to lock a UNIX-style virtual(8) mailbox before attempting
174
/* .IP "\fBdeliver_lock_attempts (20)\fR"
175
/* The maximal number of attempts to acquire an exclusive lock on a
176
/* mailbox file or bounce(8) logfile.
177
/* .IP "\fBdeliver_lock_delay (1s)\fR"
178
/* The time between attempts to acquire an exclusive lock on a mailbox
179
/* file or bounce(8) logfile.
180
/* .IP "\fBstale_lock_time (500s)\fR"
181
/* The time after which a stale exclusive mailbox lockfile is removed.
182
/* RESOURCE AND RATE CONTROLS
185
/* .IP "\fBvirtual_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
186
/* The maximal number of parallel deliveries to the same destination
187
/* via the virtual message delivery transport.
188
/* .IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR"
189
/* The maximal number of recipients per delivery via the virtual
190
/* message delivery transport.
191
/* .IP "\fBvirtual_mailbox_limit (51200000)\fR"
192
/* The maximal size in bytes of an individual mailbox or maildir file,
193
/* or zero (no limit).
194
/* MISCELLANEOUS CONTROLS
197
/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
198
/* The default location of the Postfix main.cf and master.cf
199
/* configuration files.
200
/* .IP "\fBdaemon_timeout (18000s)\fR"
201
/* How much time a Postfix daemon process may take to handle a
202
/* request before it is terminated by a built-in watchdog timer.
203
/* .IP "\fBipc_timeout (3600s)\fR"
204
/* The time limit for sending or receiving information over an internal
205
/* communication channel.
206
/* .IP "\fBmax_idle (100s)\fR"
207
/* The maximum amount of time that an idle Postfix daemon process
208
/* waits for the next service request before exiting.
209
/* .IP "\fBmax_use (100)\fR"
210
/* The maximal number of connection requests before a Postfix daemon
211
/* process terminates.
212
/* .IP "\fBprocess_id (read-only)\fR"
213
/* The process ID of a Postfix command or daemon process.
214
/* .IP "\fBprocess_name (read-only)\fR"
215
/* The process name of a Postfix command or daemon process.
216
/* .IP "\fBqueue_directory (see 'postconf -d' output)\fR"
217
/* The location of the Postfix top-level queue directory.
218
/* .IP "\fBsyslog_facility (mail)\fR"
219
/* The syslog facility of Postfix logging.
220
/* .IP "\fBsyslog_name (postfix)\fR"
221
/* The mail system name that is prepended to the process name in syslog
222
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
224
/* qmgr(8), queue manager
225
/* bounce(8), delivery status reports
226
/* postconf(5), configuration parameters
227
/* syslogd(8), system logging
229
/* Use "\fBpostconf readme_directory\fR" or
230
/* "\fBpostconf html_directory\fR" to locate this information.
231
/* VIRTUAL_README, domain hosting howto
235
/* The Secure Mailer license must be distributed with this software.
239
/* This delivery agent was originally based on the Postfix local delivery
240
/* agent. Modifications mainly consisted of removing code that either
241
/* was not applicable or that was not safe in this context: aliases,
242
/* ~user/.forward files, delivery to "|command" or to /file/name.
244
/* The \fBDelivered-To:\fR message header appears in the \fBqmail\fR
245
/* system by Daniel Bernstein.
247
/* The \fBmaildir\fR structure appears in the \fBqmail\fR system
248
/* by Daniel Bernstein.
251
/* IBM T.J. Watson Research
253
/* Yorktown Heights, NY 10598, USA
256
/* andrewm@connect.com.au
257
/* connect.com.au Pty. Ltd.
258
/* Level 3, 213 Miller St
259
/* North Sydney 2060, NSW, Australia
262
/* System library. */
264
#include <sys_defs.h>
267
#include <paths.h> /* XXX mail_spool_dir dependency */
270
/* Utility library. */
276
#include <set_eugid.h>
279
/* Global library. */
281
#include <mail_queue.h>
282
#include <recipient_list.h>
283
#include <deliver_request.h>
284
#include <deliver_completed.h>
285
#include <mail_params.h>
286
#include <mail_conf.h>
287
#include <mail_params.h>
288
#include <mail_addr_find.h>
289
#include <flush_clnt.h>
291
/* Single server skeleton. */
293
#include <mail_server.h>
295
/* Application-specific. */
300
* Tunable parameters.
302
char *var_virt_mailbox_maps;
303
char *var_virt_uid_maps;
304
char *var_virt_gid_maps;
305
int var_virt_minimum_uid;
306
char *var_virt_mailbox_base;
307
char *var_virt_mailbox_lock;
308
int var_virt_mailbox_limit;
309
char *var_mail_spool_dir; /* XXX dependency fix */
314
MAPS *virtual_mailbox_maps;
315
MAPS *virtual_uid_maps;
316
MAPS *virtual_gid_maps;
321
int virtual_mbox_lock_mask;
323
/* local_deliver - deliver message with extreme prejudice */
325
static int local_deliver(DELIVER_REQUEST *rqst, char *service)
327
char *myname = "local_deliver";
328
RECIPIENT *rcpt_end = rqst->rcpt_list.info + rqst->rcpt_list.len;
336
msg_info("local_deliver: %s from %s", rqst->queue_id, rqst->sender);
339
* Initialize the delivery attributes that are not recipient specific.
342
deliver_attr_init(&state.msg_attr);
343
state.msg_attr.queue_name = rqst->queue_name;
344
state.msg_attr.queue_id = rqst->queue_id;
345
state.msg_attr.fp = rqst->fp;
346
state.msg_attr.offset = rqst->data_offset;
347
state.msg_attr.sender = rqst->sender;
348
state.msg_attr.relay = service;
349
state.msg_attr.arrival_time = rqst->arrival_time;
350
RESET_USER_ATTR(usr_attr, state.level);
351
state.request = rqst;
354
* Iterate over each recipient named in the delivery request. When the
355
* mail delivery status for a given recipient is definite (i.e. bounced
356
* or delivered), update the message queue file and cross off the
357
* recipient. Update the per-message delivery status.
359
for (msg_stat = 0, rcpt = rqst->rcpt_list.info; rcpt < rcpt_end; rcpt++) {
360
state.msg_attr.orig_rcpt = rcpt->orig_addr;
361
state.msg_attr.recipient = rcpt->address;
362
state.msg_attr.rcpt_offset = rcpt->offset;
363
rcpt_stat = deliver_recipient(state, usr_attr);
365
deliver_completed(state.msg_attr.fp, rcpt->offset);
366
msg_stat |= rcpt_stat;
372
/* local_service - perform service for client */
374
static void local_service(VSTREAM *stream, char *service, char **argv)
376
DELIVER_REQUEST *request;
380
* Sanity check. This service takes no command-line arguments.
383
msg_fatal("unexpected command-line argument: %s", argv[0]);
386
* This routine runs whenever a client connects to the UNIX-domain socket
387
* that is dedicated to local mail delivery service. What we see below is
388
* a little protocol to (1) tell the client that we are ready, (2) read a
389
* delivery request from the client, and (3) report the completion status
392
if ((request = deliver_request_read(stream)) != 0) {
393
status = local_deliver(request, service);
394
deliver_request_done(stream, request, status);
398
/* pre_accept - see if tables have changed */
400
static void pre_accept(char *unused_name, char **unused_argv)
404
if ((table = dict_changed_name()) != 0) {
405
msg_info("table %s has changed -- restarting", table);
410
/* post_init - post-jail initialization */
412
static void post_init(char *unused_name, char **unused_argv)
416
* Drop privileges most of the time.
418
set_eugid(var_owner_uid, var_owner_gid);
420
virtual_mailbox_maps =
421
maps_create(VAR_VIRT_MAILBOX_MAPS, var_virt_mailbox_maps,
422
DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
425
maps_create(VAR_VIRT_UID_MAPS, var_virt_uid_maps,
426
DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
429
maps_create(VAR_VIRT_GID_MAPS, var_virt_gid_maps,
430
DICT_FLAG_LOCK | DICT_FLAG_PARANOID);
432
virtual_mbox_lock_mask = mbox_lock_mask(var_virt_mailbox_lock);
435
/* pre_init - pre-jail initialization */
437
static void pre_init(char *unused_name, char **unused_argv)
441
* Reset the file size limit from the message size limit to the mailbox
444
* We can't have mailbox size limit smaller than the message size limit,
445
* because that prohibits the delivery agent from updating the queue
448
if (var_virt_mailbox_limit) {
449
if (var_virt_mailbox_limit < var_message_limit)
450
msg_fatal("main.cf configuration error: %s is smaller than %s",
451
VAR_VIRT_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT);
452
set_file_limit(var_virt_mailbox_limit);
461
/* main - pass control to the single-threaded skeleton */
463
int main(int argc, char **argv)
465
static CONFIG_INT_TABLE int_table[] = {
466
VAR_VIRT_MINUID, DEF_VIRT_MINUID, &var_virt_minimum_uid, 1, 0,
467
VAR_VIRT_MAILBOX_LIMIT, DEF_VIRT_MAILBOX_LIMIT, &var_virt_mailbox_limit, 0, 0,
470
static CONFIG_STR_TABLE str_table[] = {
471
VAR_MAIL_SPOOL_DIR, DEF_MAIL_SPOOL_DIR, &var_mail_spool_dir, 0, 0,
472
VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,
473
VAR_VIRT_UID_MAPS, DEF_VIRT_UID_MAPS, &var_virt_uid_maps, 0, 0,
474
VAR_VIRT_GID_MAPS, DEF_VIRT_GID_MAPS, &var_virt_gid_maps, 0, 0,
475
VAR_VIRT_MAILBOX_BASE, DEF_VIRT_MAILBOX_BASE, &var_virt_mailbox_base, 1, 0,
476
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
480
single_server_main(argc, argv, local_service,
481
MAIL_SERVER_INT_TABLE, int_table,
482
MAIL_SERVER_STR_TABLE, str_table,
483
MAIL_SERVER_PRE_INIT, pre_init,
484
MAIL_SERVER_POST_INIT, post_init,
485
MAIL_SERVER_PRE_ACCEPT, pre_accept,