Imported Upstream version 1.14

2013-11-05 17:32:43 +01:00 · 2013-11-05 17:32:43 +01:00 · 2357dc9ae5
commit 2357dc9ae5
parent b5012c41b3
9 changed files with 1178 additions and 202 deletions
--- a/man/man8/postfwd.8
+++ b/man/man8/postfwd.8
@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@ -128,8 +128,8 @@
 .rm #[ #] #H #V #F C
 .\" ========================================================================
 .\"
-.IX Title "POSTFWD 8"
-.TH POSTFWD 8 "2008-09-14" "perl v5.8.5" "User Contributed Perl Documentation"
+.IX Title "MANUAL1 8"
+.TH MANUAL1 8 "2009-06-27" "perl v5.8.8" "User Contributed Perl Documentation"
 .SH "NAME"
 postfwd \- postfix firewall daemon
 .SH "SYNOPSIS"
@ -147,11 +147,12 @@ postfwd [\s-1OPTIONS\s0] [\s-1SOURCE1\s0, \s-1SOURCE2\s0, ...]
 \&        -s, --scores <v>=<r>        returns <r> when score exceeds <v>
 .Ve
 .PP
-.Vb 10
+.Vb 11
 \&        Networking:
 \&        -d, --daemon                run postfwd as daemon
 \&        -i, --interface <dev>       listen on interface <dev>
 \&        -p, --port <port>           listen on port <port>
+\&            --proto <proto>         socket type (tcp or unix)
 \&        -u, --user <name>           set uid to user <name>
 \&        -g, --group <name>          set gid to group <name>
 \&        -R, --chroot <path>         chroot the daemon to <path>
@ -174,17 +175,22 @@ postfwd [\s-1OPTIONS\s0] [\s-1SOURCE1\s0, \s-1SOURCE2\s0, ...]
 \&            --cleanup-rates         cleanup interval in seconds for rate cache
 .Ve
 .PP
-.Vb 11
+.Vb 16
 \&        Optional:
 \&        -t, --test                  testing, always returns "dunno"
 \&        -v, --verbose               verbose logging, use twice (-vv) to increase level
 \&        -S, --summary <int>         show some usage statistics every <int> seconds
-\&            --no-rulestats          disables per rule statistics
+\&            --norulelog             disbles rule logging
+\&            --norulestats           disables per rule statistics
+\&            --noidlestats           disables statistics when idle
 \&        -n, --nodns                 disable dns
 \&            --nodnslog              disable dns logging
+\&            --dns_async_txt         perform dnsbl A and TXT lookups simultaneously
 \&            --dns_timeout           timeout in seconds for asynchonous dns queries
 \&            --dns_timeout_max       maximum of dns timeouts until a dnsbl will be deactivated
 \&            --dns_timeout_interval  interval in seconds for dns timeout maximum counter
+\&            --dns_max_ns_lookups    max names to look up with sender_ns_addrs
+\&            --dns_max_mx_lookups    max names to look up with sender_mx_addrs
 \&        -I, --instantcfg            re-reads rulefiles for every new request
 .Ve
 .PP
@ -346,6 +352,21 @@ Rules can span multiple lines by adding a trailing backslash \*(L"\e\*(R" charac
 \&        recipient_domain
 .Ve
 .PP
+.Vb 2
+\&        helo_address            - postfwd tries to look up the helo_name. use
+\&                                  helo_address=!!(0.0.0.0/0) to check for unknown.
+.Ve
+.PP
+.Vb 2
+\&        sender_ns_names,        - postfwd tries to look up the names/ip addresses
+\&        sender_ns_addrs           of the nameservers for the sender domain part.
+.Ve
+.PP
+.Vb 2
+\&        sender_mx_names,        - postfwd tries to look up the names/ip addresses
+\&        sender_mx_addrs           of the mx records for the sender domain part.
+.Ve
+.PP
 .Vb 6
 \&        version                 - postfwd version, contains "postfwd n.nn"
 \&                                  this enables version based checks in your rulesets
@ -361,7 +382,7 @@ Feel free to combine them the way you need it (have a look at the \s-1EXAMPLES\s
 Most values can be specified as regular expressions (\s-1PCRE\s0). Please see the table below
 for details:
 .PP
-.Vb 38
+.Vb 43
 \&        # ==========================================================
 \&        # ITEM=VALUE                            TYPE
 \&        # ==========================================================
@ -373,6 +394,11 @@ for details:
 \&        score=5.0                               mask = maximum floating point value
 \&        rbl=zen.spamhaus.org                    mask = <name>/<reply>/<maxcache>[,...]
 \&        rblcount=2                              mask = numeric, will match if rbl hits >= 2
+\&        helo_address=<a.b.c.d/nn>               mask = CIDR[,CIDR,...]
+\&        sender_ns_names=some.domain.tld         mask = PCRE
+\&        sender_mx_names=some.domain.tld         mask = PCRE
+\&        sender_ns_addrs=<a.b.c.d/nn>            mask = CIDR[,CIDR,...]
+\&        sender_mx_addrs=<a.b.c.d/nn>            mask = CIDR[,CIDR,...]
 \&        # ------------------------------
 \&        # Postfix version 2.1 and later:
 \&        # ------------------------------
@ -536,6 +562,18 @@ postfwd actions control the behaviour of the program. Currently you can specify
 \&              action==size($$client_address/1572864/3600/450 4.7.1 sorry, max 1.5mb per hour)
 .Ve
 .PP
+.Vb 9
+\&        ask (<addr>:<port>[:<ignore>])
+\&        allows to delegate the policy decision to another policy service (e.g. postgrey). the first
+\&        and the second argument (address and port) are mandatory. a third optional argument may be
+\&        specified to tell postfwd to ignore certain answers and go on parsing the ruleset:
+\&           # example1: query postgrey and return it's answer to postfix
+\&           id=GREY; client_address==10.1.1.1; ask(127.0.0.1:10031)
+\&           # example2: query postgrey but ignore it's answer, if it matches 'DUNNO'
+\&           # and continue parsing postfwd's ruleset
+\&           id=GREY; client_address==10.1.1.1; ask(127.0.0.1:10031:^dunno$)
+.Ve
+.PP
 .Vb 3
 \&        wait (<delay>)
 \&        pauses the program execution for <delay> seconds. use this for
@ -712,6 +750,13 @@ The following arguments will control it's behaviour in this case.
 \&        postfwd listens on the specified port (default tcp/10040).
 .Ve
 .PP
+.Vb 4
+\&        --proto <type>
+\&        The protocol type for postfwd's socket. Currently you may use 'tcp' or 'unix' here.
+\&        To use postfwd with a unix domain socket, run it as follows:
+\&            postfwd --proto=unix --port=/somewhere/postfwd.socket
+.Ve
+.PP
 .Vb 2
 \&        -u, --user <name>
 \&        Changes real and effective user to <name>.
@ -891,6 +936,23 @@ These parameters influence the way postfwd is working. Any of them can be combin
 \&        in conjunction with the --dns_timeout_max parameter.
 .Ve
 .PP
+.Vb 4
+\&        --dns_async_txt
+\&        Perform dnsbl A and TXT lookups simultaneously (otherwise only for listings with at
+\&        least one A record). This needs more network bandwidth due to increased queries but
+\&        might increase throughput because the lookups can be parallelized.
+.Ve
+.PP
+.Vb 2
+\&        --dns_max_ns_lookups     (default=0)
+\&        maximum ns names to lookup up with sender_ns_addrs item. use 0 for no maximum.
+.Ve
+.PP
+.Vb 2
+\&        --dns_max_mx_lookups     (default=0)
+\&        maximum mx names to lookup up with sender_mx_addrs item. use 0 for no maximum.
+.Ve
+.PP
 .Vb 6
 \&        -I, --instantcfg
 \&        The config files, specified by -f will be re-read for every request
@ -1225,7 +1287,7 @@ The parser evaluates the given action and continues with the next rule (except f
 for more information). Nothing will be sent to postfix.
 .PP
 If no rule has matched and the end of the ruleset is reached postfwd will return dunno without logging anything unless in verbose mode. You may
-simply place a last `catch\-all´ rule to change that behaviour:
+simply place a last `catch\-all´ rule to change that behaviour:
 .PP
 .Vb 2
 \&        ... <your rules> ...