postfix-2.3-20060203

diff --git a/postfix/HISTORY b/postfix/HISTORY
index c58ffee5562eb1948bda4bd1e775acc3e50c8cc7..bad71993e21275b83ced557dda9db27da9575979 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -11965,7 +11965,19 @@ Apologies for any names omitted.
        hard errors (change 20050726) they were still processed as
        soft errors. File: dns/dns_lookup.c.
 
-Open issues:
+20060203
+
+       Bugfix: smtpd core dump when SASL was compiled in, turned
+       off (smtpd_sasl_auth_enable = no) and permit_sasl_authenticated
+       was specified in local_header_rewrite_clients. Victor
+       Duchovni.  File: smtpd/smtpd_check.c.
+
+       Cleanup: don't complain about useless SASL or TLS "permit"
+       restrictions when SASL or TLS aren't compiled in, but do
+       reject mail when reject_plaintext_session is specified while
+       TLS isn't compiled in. File: smtpd/smtpd_check.c.
+
+Wish list:
 
        Make the map case folding/locking options configurable, if
        not at run-time then at least at compile time so we get

diff --git a/postfix/src/cleanup/cleanup_addr.c b/postfix/src/cleanup/cleanup_addr.c
index 3f7ffbb75e20a297ef099e3ca79ef12f9db6dc61..1e1f20cd38b22aac0a96b82038824c89994bbe75 100644 (file)
--- a/postfix/src/cleanup/cleanup_addr.c
+++ b/postfix/src/cleanup/cleanup_addr.c
@@ -99,6 +99,9 @@ void    cleanup_addr_sender(CLEANUP_STATE *state, const char *buf)
      * for replying. Having to support both forms is error prone, therefore
      * an incomplete envelope address is rewritten to fully qualified form in
      * the local domain context.
+     * 
+     * 20000520: Replace mailer-daemon@$myorigin by the null address, to handle
+     * bounced mail traffic more robustly.
      */
     cleanup_rewrite_internal(MAIL_ATTR_RWR_LOCAL, clean_addr, buf);
     if (strncasecmp(STR(clean_addr), MAIL_ADDR_MAIL_DAEMON "@",

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 5b145f05970b9f4685c53857a73106e68902b8f7..d564ee652360f431ed330b84308b94c4c8a62b0d 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20060202"
+#define MAIL_RELEASE_DATE      "20060203"
 #define MAIL_VERSION_NUMBER    "2.3"
 
 #ifdef SNAPSHOT

diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index 2caa81af4b09b3722332847895ece433c91f0ae1..82c1d0346d6c946e33779ef01ab27c2b608d565a 100644 (file)
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -956,18 +956,17 @@ static int reject_unknown_client(SMTPD_STATE *state)
 
 static int reject_plaintext_session(SMTPD_STATE *state)
 {
-#ifdef USE_TLS
     char   *myname = "reject_plaintext_session";
 
     if (msg_verbose)
        msg_info("%s: %s %s", myname, state->name, state->addr);
 
+#ifdef USE_TLS
     if (state->tls_context == 0)
+#endif
        return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
                                   var_plaintext_code, "4.7.1",
                                   "Session encryption is required"));
-#endif
-    return (SMTPD_CHECK_DUNNO);
 }
 
 /* permit_inet_interfaces - succeed if client my own address */
@@ -3480,10 +3479,8 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
            } else
                sleep(atoi(*++cpp));
 #endif
-#ifdef USE_TLS
        } else if (strcasecmp(name, REJECT_PLAINTEXT_SESSION) == 0) {
            status = reject_plaintext_session(state);
-#endif
        }
 
        /*
@@ -3521,8 +3518,8 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
                    status = reject_rbl_domain(state, *cpp, state->name,
                                               SMTPD_NAME_CLIENT);
            }
-#ifdef USE_TLS
        } else if (is_map_command(state, name, CHECK_CCERT_ACL, &cpp)) {
+#ifdef USE_TLS
            status = check_ccert_access(state, *cpp, def_acl);
 #endif
        }
@@ -3699,17 +3696,17 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
                msg_warn("restriction `%s' after `%s' is ignored",
                         cpp[1], CHECK_RELAY_DOMAINS);
        } else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) {
-           if (var_smtpd_sasl_enable)
 #ifdef USE_SASL_AUTH
+           if (var_smtpd_sasl_enable)
                status = permit_sasl_auth(state,
                                          SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO);
-#else
-               msg_warn("restriction `%s' ignored: no SASL support", name);
 #endif
-#ifdef USE_TLS
        } else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) {
+#ifdef USE_TLS
            status = permit_tls_clientcerts(state, 1);
+#endif
        } else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) {
+#ifdef USE_TLS
            status = permit_tls_clientcerts(state, 0);
 #endif
        } else if (strcasecmp(name, REJECT_UNKNOWN_RCPTDOM) == 0) {
@@ -3866,15 +3863,16 @@ void    smtpd_check_rewrite(SMTPD_STATE *state)
                status = SMTPD_CHECK_OK;
        } else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) {
 #ifdef USE_SASL_AUTH
-           status = permit_sasl_auth(state, SMTPD_CHECK_OK,
-                                     SMTPD_CHECK_DUNNO);
-#else
-           status = SMTPD_CHECK_DUNNO;
+           if (var_smtpd_sasl_enable)
+               status = permit_sasl_auth(state, SMTPD_CHECK_OK,
+                                         SMTPD_CHECK_DUNNO);
 #endif
-#ifdef USE_TLS
        } else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) {
+#ifdef USE_TLS
            status = permit_tls_clientcerts(state, 1);
+#endif
        } else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) {
+#ifdef USE_TLS
            status = permit_tls_clientcerts(state, 0);
 #endif
        } else {