newaliases

Aus Foxwiki

sendmail - Postfix to Sendmail compatibility interface

Beschreibung

The Postfix sendmail(1) command implements the Postfix to Sendmail compatibility interface. For the sake of compatibility with existing applica‐ tions, some Sendmail command-line options are recognized but silently ignored.

By default, Postfix sendmail(1) reads a message from standard input until EOF or until it reads a line with only a . character, and arranges for de‐ livery. Postfix sendmail(1) relies on the postdrop(1) command to create a queue file in the maildrop directory.

Specific command aliases are provided for other common modes of operation:

mailq List the mail queue. Each entry shows the queue file ID, message size, arrival time, sender, and the recipients that still need to be deliv‐ ered. If mail could not be delivered upon the last attempt, the reason for failure is shown. The queue ID string is followed by an optional status character:

* The message is in the active queue, i.e. the message is selected for delivery.
! The message is in the hold queue, i.e. no further delivery attempt will be made until the mail is taken off hold.
# The message is forced to expire. See the postsuper(1) options -e or -f.

This mode of operation is implemented by executing the postqueue(1) command.

Installation

Syntax

sendmail [option ...] [recipient ...]
mailq sendmail -bp
newaliases sendmail -I

Parameter

Optionen

Umgebungsvariablen

Exit-Status

Konfiguration

Dateien

ENVIRONMENT

MAIL_CONFIG

  • Directory with Postfix configuration files.

MAIL_VERBOSE (value does not matter) Enable verbose logging for debugging purposes.

MAIL_DEBUG (value does not matter) Enable debugging with an external command, as specified with the debugger_command configuration parameter.

NAME The sender full name. This is used only with messages that have no From: message header. See also the -F option above.

Anwendungen

Sicherheit

By design, this program is not set-user (or group) id. It is prepared to handle message content from untrusted, possibly remote, users.

However, like most Postfix programs, this program does not enforce a security policy on its command-line arguments. Instead, it relies on the UNIX system to enforce access policies based on the effective user and group IDs of the process. Concretely, this means that running Postfix commands as root (from sudo or equivalent) on behalf of a non-root user is likely to create privilege escalation opportunities.

If an application runs any Postfix programs on behalf of users that do not have normal shell access to Postfix commands, then that application MUST restrict user-specified command-line arguments to avoid privilege escalation.

  • Filter all command-line arguments, for example arguments that contain a pathname or that specify a database access method. These pathname checks must reject user-controlled symlinks or hardlinks to sensitive files, and must not be vulnerable to TOCTOU race attacks.
  • Disable command options processing for all command arguments that contain user-specified data. For example, the Postfix sendmail(1) command line MUST be structured as follows:
/path/to/sendmail system-arguments -- user-arguments

Here, the "--" disables command option processing for all user-arguments that follow.

Without the "--", a malicious user could enable Postfix sendmail(1) command options, by specifying an email address that starts with "-".

Dokumentation

RFC

Man-Pages

Info-Pages

Siehe auch

Links

Projekt-Homepage

Weblinks

Einzelnachweise


Testfragen

Testfrage 1

Antwort1

Testfrage 2

Antwort2

Testfrage 3

Antwort3

Testfrage 4

Antwort4

Testfrage 5

Antwort5

Manpage

newaliases

Initialize the alias database. If no input file is specified (with the -oA option, see below), the program processes the file(s) specified with the alias_database configuration parameter. If no alias database type is specified, the program uses the type specified with the default_database_type configuration parameter. This mode of operation is implemented by running the postalias(1) command.

Note
it may take a minute or so before an alias database update becomes visible. Use the "postfix reload" command to eliminate this delay.

These and other features can be selected by specifying the appropriate combination of command-line options. Some features are controlled by parameters in the main.cf configuration file.

DIAGNOSTICS

Problems are logged to syslogd(8) or postlogd(8), and to the standard error stream.

CONFIGURATION PARAMETERS

The following main.cf parameters are especially relevant to this program. The text below provides only a parameter summary. See postconf(5) for more details including examples.

COMPATIBILITY CONTROLS

Available with Postfix 2.9 and later:

sendmail_fix_line_endings (always) Controls how the Postfix sendmail command converts email message line endings from <CR><LF> into UNIX format (<LF>).

TROUBLE SHOOTING CONTROLS

The DEBUG_README file gives examples of how to troubleshoot a Postfix system.

debugger_command (empty) The external command to execute when a Postfix daemon program is invoked with the -D option.

debug_peer_level (2) The increment in verbose logging level when a nexthop destination, remote client or server name or network address matches a pattern given with the debug_peer_list parameter.

debug_peer_list (empty) Optional list of nexthop destination, remote client or server name or network address patterns that, if matched, cause the verbose logging level to increase by the amount specified in $debug_peer_level.

ACCESS CONTROLS

Available in Postfix version 2.2 and later:

authorized_flush_users (static:anyone) List of users who are authorized to flush the queue.

authorized_mailq_users (static:anyone) List of users who are authorized to view the queue.

authorized_submit_users (static:anyone) List of users who are authorized to submit mail with the sendmail(1) command (and with the privileged postdrop(1) helper command).

RESOURCE AND RATE CONTROLS

bounce_size_limit (50000) The maximal amount of original message text that is sent in a non-delivery notification.

fork_attempts (5) The maximal number of attempts to fork() a child process.

fork_delay (1s) The delay between attempts to fork() a child process.

hopcount_limit (50) The maximal number of Received: message headers that is allowed in the primary message headers.

queue_run_delay (300s) The time between deferred queue scans by the queue manager; prior to Postfix 2.4 the default value was 1000s.

FAST FLUSH CONTROLS

The ETRN_README file describes configuration and operation details for the Postfix "fast flush" service.

fast_flush_domains ($relay_domains) Optional list of destinations that are eligible for per-destination logfiles with mail that is queued to those destinations.

VERP CONTROLS

The VERP_README file describes configuration and operation details of Postfix support for variable envelope return path addresses.

default_verp_delimiters (+=) The two default VERP delimiter characters.

verp_delimiter_filter (-=+) The characters Postfix accepts as VERP delimiter characters on the Postfix sendmail(1) command line and in SMTP commands.

MISCELLANEOUS CONTROLS

alias_database (see 'postconf -d' output) The alias databases for local(8) delivery that are updated with "newaliases" or with "sendmail -bi".

command_directory (see 'postconf -d' output) The location of all postfix administrative commands.

config_directory (see 'postconf -d' output) The default location of the Postfix main.cf and master.cf configuration files.

daemon_directory (see 'postconf -d' output) The directory with Postfix support programs and daemon programs.

default_database_type (see 'postconf -d' output) The default database type for use in newaliases(1), postalias(1) and postmap(1) commands.

delay_warning_time (0h) The time after which the sender receives a copy of the message headers of mail that is still queued.

import_environment (see 'postconf -d' output) The list of environment parameters that a privileged Postfix process will import from a non-Postfix parent process, or name=value environment overrides.

mail_owner (postfix) The UNIX system account that owns the Postfix queue and most Postfix daemon processes.

queue_directory (see 'postconf -d' output) The location of the Postfix top-level queue directory.

remote_header_rewrite_domain (empty) Don't rewrite message headers from remote clients at all when this parameter is empty; otherwise, rewrite message headers and append the spec‐ ified domain name to incomplete addresses.

syslog_facility (mail) The syslog facility of Postfix logging.

syslog_name (see 'postconf -d' output) A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd".

Postfix 3.2 and later:

alternate_config_directories (empty) A list of non-default Postfix configuration directories that may be specified with "-c config_directory" on the command line (in the case of sendmail(1), with the "-C" option), or via the MAIL_CONFIG environment parameter.

multi_instance_directories (empty) An optional list of non-default Postfix configuration directories; these directories belong to additional Postfix instances that share the Postfix executable files and documentation with the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance.

FILES

/var/spool/postfix, mail queue

/etc/postfix, configuration files

SEE ALSO

pickup(8), mail pickup daemon qmgr(8), queue manager smtpd(8), SMTP server flush(8), fast flush service postsuper(1), queue maintenance postalias(1), create/update/query alias database postdrop(1), mail posting utility postfix(1), mail system control postqueue(1), mail queue control postlogd(8), Postfix logging syslogd(8), system logging

README_FILES Use "postconf readme_directory" or "postconf html_directory" to locate this information. DEBUG_README, Postfix debugging howto ETRN_README, Postfix ETRN howto VERP_README, Postfix VERP howto