Attachment #161570 for bug #232642

Lines 13599-13601 Apologies for any names omitted. Link Here

(-)a/HISTORY (+6 lines)
13599	prevent dovecot-auth memory wastage. Timo Sirainen. File:	13599	prevent dovecot-auth memory wastage. Timo Sirainen. File:
13600	xsasl/xsasl_dovecot_server.c.	13600	xsasl/xsasl_dovecot_server.c.
13601		13601
		13602	20080725
		13603
		13604	Paranoia: defer delivery when a mailbox file is not owned
		13605	by the recipient. Requested by Sebastian Krahmer, SuSE.
		13606	Specify "strict_mailbox_ownership=no" to ignore ownership
		13607	discrepancies. Files: local/mailbox.c, virtual/mailbox.c.

Lines 11-16 instead, a new snapshot is released. Link Here

(-)a/RELEASE_NOTES (+8 lines)
11	The mail_release_date configuration parameter (format: yyyymmdd)	11	The mail_release_date configuration parameter (format: yyyymmdd)
12	specifies the release date of a stable release or snapshot release.	12	specifies the release date of a stable release or snapshot release.
13		13
		14	Incompatibility with Postfix 2.4.7
		15	==================================
		16
		17	When a mailbox file is not owned by its recipient, the local and
		18	virtual delivery agents now log a warning and defer delivery.
		19	Specify "strict_mailbox_ownership = no" to ignore such ownership
		20	discrepancies.
		21
14	Incompatibility with Postfix 2.4.4	22	Incompatibility with Postfix 2.4.4
15	==================================	23	==================================
16		24

Lines 394-399 LOCAL(8) LOCAL(8) Link Here

(-)a/html/local.8.html (+12 lines)
394	attempt; do not update the Delivered-To: address	394	attempt; do not update the Delivered-To: address
395	while expanding aliases or .forward files.	395	while expanding aliases or .forward files.
396		396
		397	Available in Postfix version 2.4.7-r1 and later:
		398
		399	<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
		400	Defer delivery when a mailbox file is not owned by
		401	its recipient.
		402
397	<b>DELIVERY METHOD CONTROLS</b>	403	<b>DELIVERY METHOD CONTROLS</b>
398	The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to	404	The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
399	low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,	405	low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
Lines 532-537 LOCAL(8) LOCAL(8) Link Here
532	agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-	538	agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
533	<a href="postconf.5.html#command_execution_directory">tion_directory</a>.	539	<a href="postconf.5.html#command_execution_directory">tion_directory</a>.
534		540
		541	Available in Postfix version 2.4.7-r1 and later:
		542
		543	<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
		544	Defer delivery when a mailbox file is not owned by
		545	its recipient.
		546
535	<b>MISCELLANEOUS CONTROLS</b>	547	<b>MISCELLANEOUS CONTROLS</b>
536	<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>	548	<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
537	The default location of the Postfix <a href="postconf.5.html">main.cf</a> and	549	The default location of the Postfix <a href="postconf.5.html">main.cf</a> and





</DD>

<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
(default: yes)</b></DT><DD>

<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible.  </p>

<p> This feature is available in Postfix 2.4.7-r1 and later. </p>


</DD>

<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>
(default: no)</b></DT><DD>





              destination  for  final  delivery to domains listed
              with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.

       Available in Postfix version 2.4.7-r1 and later:

       <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
              Defer delivery when a mailbox file is not owned  by
              its recipient.

<b>LOCKING CONTROLS</b>
       <b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
              How  to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
              attempting delivery.

       <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>

              sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.

       <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
              The  time  between attempts to acquire an exclusive
              lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.

       <b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
              The time after  which  a  stale  exclusive  mailbox
              lockfile is removed.

<b>RESOURCE AND RATE CONTROLS</b>
       <b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a>   ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
       <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
              The  maximal  number  of parallel deliveries to the
              same destination via the virtual  message  delivery
              transport.

       <b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a>     ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
       <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
              The  maximal  number of recipients per delivery via
              the virtual message delivery transport.

       <b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
              The maximal size in bytes of an individual  mailbox
              or maildir file, or zero (no limit).

<b>MISCELLANEOUS CONTROLS</b>
       <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
              The  default  location  of  the Postfix <a href="postconf.5.html">main.cf</a> and
              <a href="master.5.html">master.cf</a> configuration files.

       <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
              How much time a Postfix daemon process may take  to
              handle  a  request  before  it  is  terminated by a
              built-in watchdog timer.

       <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
              The maximal number  of  digits  after  the  decimal
              point when logging sub-second delay values.

       <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>

              over an internal communication channel.

       <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
              The maximum amount of time  that  an  idle  Postfix
              daemon  process  waits  for  an incoming connection
              before terminating voluntarily.

       <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
              The maximal number of incoming connections  that  a
              Postfix  daemon  process will service before termi-
              nating voluntarily.

       <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
              The process ID  of  a  Postfix  command  or  daemon
              process.

       <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
              The  process  name  of  a Postfix command or daemon
              process.

       <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
              The location of the Postfix top-level queue  direc-
              tory.

       <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
              The syslog facility of Postfix logging.

       <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
              The  mail  system  name  that  is  prepended to the
              process name in syslog  records,  so  that  "smtpd"
              becomes, for example, "postfix/smtpd".

<b>SEE ALSO</b>

       <a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto

<b>LICENSE</b>
       The  Secure  Mailer  license must be distributed with this
       software.

<b>HISTORY</b>
       This delivery agent was originally based  on  the  Postfix
       local  delivery  agent.  Modifications mainly consisted of
       removing code that either was not applicable or  that  was
       not  safe  in this context: aliases, ~user/.forward files,
       delivery to "|command" or to /file/name.

       The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
       tem by Daniel Bernstein.

       The  <b>maildir</b>  structure  appears  in  the  <b>qmail</b> system by
       Daniel Bernstein.

<b>AUTHOR(S)</b>

Lines 7062-7067 This feature should not be enabled on a general purpose mail server, Link Here

(-)a/man/man5/postconf.5 (+5 lines)
7062	because it is likely to reject legitimate email.	7062	because it is likely to reject legitimate email.
7063	.PP	7063	.PP
7064	This feature is available in Postfix 2.0 and later.	7064	This feature is available in Postfix 2.0 and later.
		7065	.SH strict_mailbox_ownership (default: yes)
		7066	Defer delivery when a mailbox file is not owned by its recipient.
		7067	The default setting is not backwards compatible.
		7068	.PP
		7069	This feature is available in Postfix 2.4.7-r1 and later.
7065	.SH strict_mime_encoding_domain (default: no)	7070	.SH strict_mime_encoding_domain (default: no)
7066	Reject mail with invalid Content-Transfer-Encoding: information	7071	Reject mail with invalid Content-Transfer-Encoding: information
7067	for the message/* or multipart/* MIME content types. This blocks	7072	for the message/* or multipart/* MIME content types. This blocks

Lines 412-417 Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To: Link Here

(-)a/man/man8/local.8 (-1 / +9 lines)
412	address (see prepend_delivered_header) only once, at the start of	412	address (see prepend_delivered_header) only once, at the start of
413	a delivery attempt; do not update the Delivered-To: address while	413	a delivery attempt; do not update the Delivered-To: address while
414	expanding aliases or .forward files.	414	expanding aliases or .forward files.
		415	.PP
		416	Available in Postfix version 2.4.7-r1 and later:
		417	.IP "\fBstrict_mailbox_ownership (yes)\fR"
		418	Defer delivery when a mailbox file is not owned by its recipient.
415	.SH "DELIVERY METHOD CONTROLS"	419	.SH "DELIVERY METHOD CONTROLS"
416	.na	420	.na
417	.nf	421	.nf
Lines 510-516 Restrict \fBlocal\fR(8) mail delivery to external commands. Link Here
510	Restrict \fBlocal\fR(8) mail delivery to external files.	514	Restrict \fBlocal\fR(8) mail delivery to external files.
511	.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"	515	.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
512	Restrict the characters that the \fBlocal\fR(8) delivery agent allows in	516	Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
513	$name expansions of $mailbox_command.	517	$name expansions of $mailbox_command and $command_execution_directory.
514	.IP "\fBdefault_privs (nobody)\fR"	518	.IP "\fBdefault_privs (nobody)\fR"
515	The default rights used by the \fBlocal\fR(8) delivery agent for delivery	519	The default rights used by the \fBlocal\fR(8) delivery agent for delivery
516	to external file or command.	520	to external file or command.
Lines 522-527 Available in Postfix version 2.2 and later: Link Here
522	.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"	526	.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
523	Restrict the characters that the \fBlocal\fR(8) delivery agent allows	527	Restrict the characters that the \fBlocal\fR(8) delivery agent allows
524	in $name expansions of $command_execution_directory.	528	in $name expansions of $command_execution_directory.
		529	.PP
		530	Available in Postfix version 2.4.7-r1 and later:
		531	.IP "\fBstrict_mailbox_ownership (yes)\fR"
		532	Defer delivery when a mailbox file is not owned by its recipient.
525	.SH "MISCELLANEOUS CONTROLS"	533	.SH "MISCELLANEOUS CONTROLS"
526	.na	534	.na
527	.nf	535	.nf

Lines 213-218 mail is delivered via the $virtual_transport mail delivery transport. Link Here

(-)a/man/man8/virtual.8 (+4 lines)
213	.IP "\fBvirtual_transport (virtual)\fR"	213	.IP "\fBvirtual_transport (virtual)\fR"
214	The default mail delivery transport and next-hop destination for	214	The default mail delivery transport and next-hop destination for
215	final delivery to domains listed with $virtual_mailbox_domains.	215	final delivery to domains listed with $virtual_mailbox_domains.
		216	.PP
		217	Available in Postfix version 2.4.7-r1 and later:
		218	.IP "\fBstrict_mailbox_ownership (yes)\fR"
		219	Defer delivery when a mailbox file is not owned by its recipient.
216	.SH "LOCKING CONTROLS"	220	.SH "LOCKING CONTROLS"
217	.na	221	.na
218	.nf	222	.nf

Lines 496-501 while (<>) { Link Here

(-)a/mantools/postlink (+1 lines)
496	s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g;	496	s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g;
497	s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g;	497	s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g;
498	s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g;	498	s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g;
		499	s;\bstrict_mailbox_ownership\b;<a href="postconf.5.html#strict_mailbox_ownership">$&</a>;g;
499	s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g;	500	s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g;
500	s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g;	501	s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g;
501	s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g;	502	s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g;

Lines 10586-10588 to the SASL authcid, but this causes inter-operability problems Link Here

(-)a/proto/postconf.proto (+7 lines)
10586	with some SMTP servers. </p>	10586	with some SMTP servers. </p>
10587		10587
10588	<p> This feature is available in Postfix 2.4.4 and later. </p>	10588	<p> This feature is available in Postfix 2.4.4 and later. </p>
		10589
		10590	%PARAM strict_mailbox_ownership yes
		10591
		10592	<p> Defer delivery when a mailbox file is not owned by its recipient.
		10593	The default setting is not backwards compatible. </p>
		10594
		10595	<p> This feature is available in Postfix 2.4.7-r1 and later. </p>

Lines 2783-2788 extern char *var_milt_v; Link Here

(-)a/src/global/mail_params.h (+7 lines)
2783	#define DEF_INT_FILT_CLASSES ""	2783	#define DEF_INT_FILT_CLASSES ""
2784	extern char *var_int_filt_classes;	2784	extern char *var_int_filt_classes;
2785		2785
		2786	/*
		2787	* Mailbox ownership.
		2788	*/
		2789	#define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership"
		2790	#define DEF_STRICT_MBOX_OWNER 1
		2791	extern bool var_strict_mbox_owner;
		2792
2786	/* LICENSE	2793	/* LICENSE
2787	/* .ad	2794	/* .ad
2788	/* .fi	2795	/* .fi

Lines 20-27 Link Here

(-)a/src/global/mail_version.h (-2 / +2 lines)
20	* Patches change both the patchlevel and the release date. Snapshots have no	20	* Patches change both the patchlevel and the release date. Snapshots have no
21	* patchlevel; they change the release date only.	21	* patchlevel; they change the release date only.
22	*/	22	*/
23	#define MAIL_RELEASE_DATE "20080131"	23	#define MAIL_RELEASE_DATE "20080726"
24	#define MAIL_VERSION_NUMBER "2.4.7"	24	#define MAIL_VERSION_NUMBER "2.4.7-r1"
25		25
26	#ifdef SNAPSHOT	26	#ifdef SNAPSHOT
27	# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE	27	# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

Lines 378-383 Link Here

(-)a/src/local/local.c (-1 / +11 lines)
378	/* address (see prepend_delivered_header) only once, at the start of	378	/* address (see prepend_delivered_header) only once, at the start of
379	/* a delivery attempt; do not update the Delivered-To: address while	379	/* a delivery attempt; do not update the Delivered-To: address while
380	/* expanding aliases or .forward files.	380	/* expanding aliases or .forward files.
		381	/* .PP
		382	/* Available in Postfix version 2.4.7-r1 and later:
		383	/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
		384	/* Defer delivery when a mailbox file is not owned by its recipient.
381	/* DELIVERY METHOD CONTROLS	385	/* DELIVERY METHOD CONTROLS
382	/* .ad	386	/* .ad
383	/* .fi	387	/* .fi
Lines 468-474 Link Here
468	/* Restrict \fBlocal\fR(8) mail delivery to external files.	472	/* Restrict \fBlocal\fR(8) mail delivery to external files.
469	/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"	473	/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
470	/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in	474	/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
471	/* $name expansions of $mailbox_command.	475	/* $name expansions of $mailbox_command and $command_execution_directory.
472	/* .IP "\fBdefault_privs (nobody)\fR"	476	/* .IP "\fBdefault_privs (nobody)\fR"
473	/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery	477	/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
474	/* to external file or command.	478	/* to external file or command.
Lines 480-485 Link Here
480	/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"	484	/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
481	/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows	485	/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows
482	/* in $name expansions of $command_execution_directory.	486	/* in $name expansions of $command_execution_directory.
		487	/* .PP
		488	/* Available in Postfix version 2.4.7-r1 and later:
		489	/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
		490	/* Defer delivery when a mailbox file is not owned by its recipient.
483	/* MISCELLANEOUS CONTROLS	491	/* MISCELLANEOUS CONTROLS
484	/* .ad	492	/* .ad
485	/* .fi	493	/* .fi
Lines 641-646 int var_mailtool_compat; Link Here
641	char *var_mailbox_lock;	649	char *var_mailbox_lock;
642	int var_mailbox_limit;	650	int var_mailbox_limit;
643	bool var_frozen_delivered;	651	bool var_frozen_delivered;
		652	bool var_strict_mbox_owner;
644		653
645	int local_cmd_deliver_mask;	654	int local_cmd_deliver_mask;
646	int local_file_deliver_mask;	655	int local_file_deliver_mask;
Lines 887-892 int main(int argc, char **argv) Link Here
887	VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,	896	VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,
888	VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,	897	VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,
889	VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,	898	VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,
		899	VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
890	0,	900	0,
891	};	901	};
892		902

Lines 194-199 static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) Link Here

(-)a/src/local/mailbox.c (+6 lines)
194	vstream_fclose(mp->fp);	194	vstream_fclose(mp->fp);
195	dsb_simple(why, "5.2.0",	195	dsb_simple(why, "5.2.0",
196	"destination %s is not a regular file", mailbox);	196	"destination %s is not a regular file", mailbox);
		197	} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
		198	vstream_fclose(mp->fp);
		199	dsb_simple(why, "4.2.0",
		200	"destination %s is not owned by recipient", mailbox);
		201	msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
		202	VAR_STRICT_MBOX_OWNER);
197	} else {	203	} else {
198	end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);	204	end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
199	mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,	205	mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

Lines 125-130 static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) Link Here

(-)a/src/virtual/mailbox.c (+6 lines)
125	msg_warn("recipient %s: destination %s is not a regular file",	125	msg_warn("recipient %s: destination %s is not a regular file",
126	state.msg_attr.rcpt.address, usr_attr.mailbox);	126	state.msg_attr.rcpt.address, usr_attr.mailbox);
127	dsb_simple(why, "5.3.5", "mail system configuration error");	127	dsb_simple(why, "5.3.5", "mail system configuration error");
		128	} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
		129	vstream_fclose(mp->fp);
		130	dsb_simple(why, "4.2.0",
		131	"destination %s is not owned by recipient", usr_attr.mailbox);
		132	msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
		133	VAR_STRICT_MBOX_OWNER);
128	} else {	134	} else {
129	end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);	135	end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
130	mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,	136	mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

Lines 183-188 Link Here

(-)a/src/virtual/virtual.c (+10 lines)
183	/* .IP "\fBvirtual_transport (virtual)\fR"	183	/* .IP "\fBvirtual_transport (virtual)\fR"
184	/* The default mail delivery transport and next-hop destination for	184	/* The default mail delivery transport and next-hop destination for
185	/* final delivery to domains listed with $virtual_mailbox_domains.	185	/* final delivery to domains listed with $virtual_mailbox_domains.
		186	/* .PP
		187	/* Available in Postfix version 2.4.7-r1 and later:
		188	/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
		189	/* Defer delivery when a mailbox file is not owned by its recipient.
186	/* LOCKING CONTROLS	190	/* LOCKING CONTROLS
187	/* .ad	191	/* .ad
188	/* .fi	192	/* .fi
Lines 329-334 char *var_virt_mailbox_base; Link Here
329	char *var_virt_mailbox_lock;	333	char *var_virt_mailbox_lock;
330	int var_virt_mailbox_limit;	334	int var_virt_mailbox_limit;
331	char var_mail_spool_dir; / XXX dependency fix */	335	char var_mail_spool_dir; / XXX dependency fix */
		336	bool var_strict_mbox_owner;
332		337
333	/*	338	/*
334	* Mappings.	339	* Mappings.
Lines 504-509 int main(int argc, char **argv) Link Here
504	VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,	509	VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
505	0,	510	0,
506	};	511	};
		512	static const CONFIG_BOOL_TABLE bool_table[] = {
		513	VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
		514	0,
		515	};
507		516
508	/*	517	/*
509	* Fingerprint executables and core dumps.	518	* Fingerprint executables and core dumps.
Lines 513-518 int main(int argc, char **argv) Link Here
513	single_server_main(argc, argv, local_service,	522	single_server_main(argc, argv, local_service,
514	MAIL_SERVER_INT_TABLE, int_table,	523	MAIL_SERVER_INT_TABLE, int_table,
515	MAIL_SERVER_STR_TABLE, str_table,	524	MAIL_SERVER_STR_TABLE, str_table,
		525	MAIL_SERVER_BOOL_TABLE, bool_table,
516	MAIL_SERVER_PRE_INIT, pre_init,	526	MAIL_SERVER_PRE_INIT, pre_init,
517	MAIL_SERVER_POST_INIT, post_init,	527	MAIL_SERVER_POST_INIT, post_init,
518	MAIL_SERVER_PRE_ACCEPT, pre_accept,	528	MAIL_SERVER_PRE_ACCEPT, pre_accept,

Return to bug 232642

Lines 11602-11607 This feature is available in Postfix 2.0 and later. Link Here

(-)a/html/postconf.5.html (+11 lines)
11602		11602
11603	</DD>	11603	</DD>
11604		11604
		11605	<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
		11606	(default: yes)</b></DT><DD>
		11607
		11608	<p> Defer delivery when a mailbox file is not owned by its recipient.
		11609	The default setting is not backwards compatible. </p>
		11610
		11611	<p> This feature is available in Postfix 2.4.7-r1 and later. </p>
		11612
		11613
		11614	</DD>
		11615
11605	<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>	11616	<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>
11606	(default: no)</b></DT><DD>	11617	(default: no)</b></DT><DD>
11607		11618

Lines 200-208 VIRTUAL(8) VIRTUAL(8) Link Here

(-)a/html/virtual.8.html (-26 / +32 lines)
200	destination for final delivery to domains listed	200	destination for final delivery to domains listed
201	with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.	201	with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
202		202
		203	Available in Postfix version 2.4.7-r1 and later:
		204
		205	<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
		206	Defer delivery when a mailbox file is not owned by
		207	its recipient.
		208
203	<b>LOCKING CONTROLS</b>	209	<b>LOCKING CONTROLS</b>
204	<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>	210	<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
205	How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before	211	How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
206	attempting delivery.	212	attempting delivery.
207		213
208	<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>	214	<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
Lines 210-250 VIRTUAL(8) VIRTUAL(8) Link Here
210	sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.	216	sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
211		217
212	<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>	218	<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
213	The time between attempts to acquire an exclusive	219	The time between attempts to acquire an exclusive
214	lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.	220	lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
215		221
216	<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>	222	<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
217	The time after which a stale exclusive mailbox	223	The time after which a stale exclusive mailbox
218	lockfile is removed.	224	lockfile is removed.
219		225
220	<b>RESOURCE AND RATE CONTROLS</b>	226	<b>RESOURCE AND RATE CONTROLS</b>
221	<b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>	227	<b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
222	<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>	228	<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
223	The maximal number of parallel deliveries to the	229	The maximal number of parallel deliveries to the
224	same destination via the virtual message delivery	230	same destination via the virtual message delivery
225	transport.	231	transport.
226		232
227	<b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>	233	<b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
228	<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>	234	<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
229	The maximal number of recipients per delivery via	235	The maximal number of recipients per delivery via
230	the virtual message delivery transport.	236	the virtual message delivery transport.
231		237
232	<b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>	238	<b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
233	The maximal size in bytes of an individual mailbox	239	The maximal size in bytes of an individual mailbox
234	or maildir file, or zero (no limit).	240	or maildir file, or zero (no limit).
235		241
236	<b>MISCELLANEOUS CONTROLS</b>	242	<b>MISCELLANEOUS CONTROLS</b>
237	<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>	243	<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
238	The default location of the Postfix <a href="postconf.5.html">main.cf</a> and	244	The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
239	<a href="master.5.html">master.cf</a> configuration files.	245	<a href="master.5.html">master.cf</a> configuration files.
240		246
241	<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>	247	<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
242	How much time a Postfix daemon process may take to	248	How much time a Postfix daemon process may take to
243	handle a request before it is terminated by a	249	handle a request before it is terminated by a
244	built-in watchdog timer.	250	built-in watchdog timer.
245		251
246	<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>	252	<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
247	The maximal number of digits after the decimal	253	The maximal number of digits after the decimal
248	point when logging sub-second delay values.	254	point when logging sub-second delay values.
249		255
250	<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>	256	<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
Lines 252-284 VIRTUAL(8) VIRTUAL(8) Link Here
252	over an internal communication channel.	258	over an internal communication channel.
253		259
254	<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>	260	<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
255	The maximum amount of time that an idle Postfix	261	The maximum amount of time that an idle Postfix
256	daemon process waits for an incoming connection	262	daemon process waits for an incoming connection
257	before terminating voluntarily.	263	before terminating voluntarily.
258		264
259	<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>	265	<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
260	The maximal number of incoming connections that a	266	The maximal number of incoming connections that a
261	Postfix daemon process will service before termi-	267	Postfix daemon process will service before termi-
262	nating voluntarily.	268	nating voluntarily.
263		269
264	<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>	270	<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
265	The process ID of a Postfix command or daemon	271	The process ID of a Postfix command or daemon
266	process.	272	process.
267		273
268	<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>	274	<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
269	The process name of a Postfix command or daemon	275	The process name of a Postfix command or daemon
270	process.	276	process.
271		277
272	<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>	278	<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
273	The location of the Postfix top-level queue direc-	279	The location of the Postfix top-level queue direc-
274	tory.	280	tory.
275		281
276	<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>	282	<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
277	The syslog facility of Postfix logging.	283	The syslog facility of Postfix logging.
278		284
279	<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>	285	<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
280	The mail system name that is prepended to the	286	The mail system name that is prepended to the
281	process name in syslog records, so that "smtpd"	287	process name in syslog records, so that "smtpd"
282	becomes, for example, "postfix/smtpd".	288	becomes, for example, "postfix/smtpd".
283		289
284	<b>SEE ALSO</b>	290	<b>SEE ALSO</b>
Lines 291-310 VIRTUAL(8) VIRTUAL(8) Link Here
291	<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto	297	<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
292		298
293	<b>LICENSE</b>	299	<b>LICENSE</b>
294	The Secure Mailer license must be distributed with this	300	The Secure Mailer license must be distributed with this
295	software.	301	software.
296		302
297	<b>HISTORY</b>	303	<b>HISTORY</b>
298	This delivery agent was originally based on the Postfix	304	This delivery agent was originally based on the Postfix
299	local delivery agent. Modifications mainly consisted of	305	local delivery agent. Modifications mainly consisted of
300	removing code that either was not applicable or that was	306	removing code that either was not applicable or that was
301	not safe in this context: aliases, ~user/.forward files,	307	not safe in this context: aliases, ~user/.forward files,
302	delivery to "\|command" or to /file/name.	308	delivery to "\|command" or to /file/name.
303		309
304	The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-	310	The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
305	tem by Daniel Bernstein.	311	tem by Daniel Bernstein.
306		312
307	The <b>maildir</b> structure appears in the <b>qmail</b> system by	313	The <b>maildir</b> structure appears in the <b>qmail</b> system by
308	Daniel Bernstein.	314	Daniel Bernstein.
309		315
310	<b>AUTHOR(S)</b>	316	<b>AUTHOR(S)</b>