after non-blocking connect fails with 'host unreachable'
that resulted in a unreasonable memory allocation request.
File: util/vstream_tweak.c.
+
+20110921
+
+ Bugfix (introduced: Postfix 1.1): smtpd(8) did not sanitize
+ newline characters in cleanup(8) REJECT messages, causing
+ them to be sent out via SMTP as bare newline characters.
+ This happened when a REJECT pattern matched multi-line
+ header text. Discovered by Kevin Locke. File: smtpd/smtpd.c.
+
+20110922
+
+ Bugfix (introduced: Postfix 2.1): smtpd(8) sent multi-line
+ responses from a before-queue content filter as text with
+ bare <LF> instead of <CR><LF>. Found during code maintenance.
+ File: smtpd/smtpd_proxy.c.
configuration parameter. The default is to authorize all clients in the IP
subnetworks that the local machine is attached to.
+Postfix can also be configured to relay mail from "mobile" clients that send
+mail from outside an authorized network block. This is explained in the
+SASL_README and TLS_README documents.
+
IMPORTANT: If your machine is connected to a wide area network then your
default mynetworks setting may be too friendly.
Make the rules for how to use close-on-exec more explicit.
- Add SASL / TLS note to BASIC_CONFIGURATION_README.html#relay_from.
+ Provide separate timeout control for dict_proxy client,
+ rewrite client, resolve client, cleanup client, and so on.
+ Perhaps a timeout argument to the mail_connect() routines.
Trick from amavisd: save listen socket/fifo/etc state, clear
their close-on-exec flags, exec the same program file to
authorize all clients in the IP subnetworks that the local machine
is attached to. </p>
+<p> Postfix can also be configured to relay mail from "mobile"
+clients that send mail from outside an authorized network block.
+This is explained in the <a href="SASL_README.html">SASL_README</a> and <a href="TLS_README.html">TLS_README</a> documents. </p>
+
<p> IMPORTANT: If your machine is connected to a wide area network
then your default <a href="postconf.5.html#mynetworks">mynetworks</a> setting may be too friendly. </p>
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time lim-
its, from a time limit per read or write system
- call, to a time limit to read or write a complete
+ call, to a time limit to send or receive a complete
record (an SMTP command line, SMTP response line,
SMTP message content line, or TLS protocol mes-
sage).
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time lim-
its, from a time limit per read or write system
- call, to a time limit to read or write a complete
+ call, to a time limit to send or receive a complete
record (an SMTP command line, SMTP response line,
SMTP message content line, or TLS protocol mes-
sage).
The network interface addresses that this mail sys-
tem receives mail on.
- <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
The Internet protocols Postfix will attempt to use
when making or accepting connections.
tem receives mail on by way of a proxy or network
address translation unit.
- <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (ipv6)</b>
+ <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the
Postfix SMTP client will try first, when a destina-
tion has IPv6 and IPv4 addresses with equal MX
The network interface addresses that this mail sys-
tem receives mail on.
- <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
The Internet protocols Postfix will attempt to use
when making or accepting connections.
corresponding protocol. </p>
<p> When IPv4 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
-Postfix will do DNS type A record lookups, and will convert
+Postfix will look up DNS type A records, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+ <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce
</pre>
<pre>
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time lim-
its, from a time limit per read or write system
- call, to a time limit to read or write a complete
+ call, to a time limit to send or receive a complete
record (an SMTP command line, SMTP response line,
SMTP message content line, or TLS protocol mes-
sage).
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
Change the behavior of the smtp_*_timeout time lim-
its, from a time limit per read or write system
- call, to a time limit to read or write a complete
+ call, to a time limit to send or receive a complete
record (an SMTP command line, SMTP response line,
SMTP message content line, or TLS protocol mes-
sage).
The network interface addresses that this mail sys-
tem receives mail on.
- <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
The Internet protocols Postfix will attempt to use
when making or accepting connections.
tem receives mail on by way of a proxy or network
address translation unit.
- <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (ipv6)</b>
+ <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the
Postfix SMTP client will try first, when a destina-
tion has IPv6 and IPv4 addresses with equal MX
tem receives mail on by way of a proxy or network
address translation unit.
- <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
The Internet protocols Postfix will attempt to use
when making or accepting connections.
corresponding protocol.
.PP
When IPv4 support is enabled via the inet_protocols parameter,
-Postfix will do DNS type A record lookups, and will convert
+Postfix will look up DNS type A records, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
IPV6_V6ONLY support (RFC 3493).
/etc/postfix/main.cf:
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
+ postscreen_blacklist_action = enforce
.fi
.ad
.ft R
.IP "\fBinet_interfaces (all)\fR"
The network interface addresses that this mail system receives
mail on.
-.IP "\fBinet_protocols (ipv4)\fR"
+.IP "\fBinet_protocols (all)\fR"
The Internet protocols Postfix will attempt to use when making
or accepting connections.
.IP "\fBimport_environment (see 'postconf -d' output)\fR"
Available in Postfix version 2.9 and later:
.IP "\fBsmtp_per_record_deadline (no)\fR"
Change the behavior of the smtp_*_timeout time limits, from a
-time limit per read or write system call, to a time limit to read
-or write a complete record (an SMTP command line, SMTP response
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
line, SMTP message content line, or TLS protocol message).
.SH "MIME PROCESSING CONTROLS"
.na
Available in Postfix version 2.9 and later:
.IP "\fBsmtp_per_record_deadline (no)\fR"
Change the behavior of the smtp_*_timeout time limits, from a
-time limit per read or write system call, to a time limit to read
-or write a complete record (an SMTP command line, SMTP response
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
line, SMTP message content line, or TLS protocol message).
.SH "TROUBLE SHOOTING CONTROLS"
.na
.IP "\fBinet_interfaces (all)\fR"
The network interface addresses that this mail system receives
mail on.
-.IP "\fBinet_protocols (ipv4)\fR"
+.IP "\fBinet_protocols (all)\fR"
The Internet protocols Postfix will attempt to use when making
or accepting connections.
.IP "\fBipc_timeout (3600s)\fR"
.IP "\fBproxy_interfaces (empty)\fR"
The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
-.IP "\fBsmtp_address_preference (ipv6)\fR"
+.IP "\fBsmtp_address_preference (any)\fR"
The address type ("ipv6", "ipv4" or "any") that the Postfix
SMTP client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
.IP "\fBproxy_interfaces (empty)\fR"
The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
-.IP "\fBinet_protocols (ipv4)\fR"
+.IP "\fBinet_protocols (all)\fR"
The Internet protocols Postfix will attempt to use when making
or accepting connections.
.IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
authorize all clients in the IP subnetworks that the local machine
is attached to. </p>
+<p> Postfix can also be configured to relay mail from "mobile"
+clients that send mail from outside an authorized network block.
+This is explained in the SASL_README and TLS_README documents. </p>
+
<p> IMPORTANT: If your machine is connected to a wide area network
then your default mynetworks setting may be too friendly. </p>
corresponding protocol. </p>
<p> When IPv4 support is enabled via the inet_protocols parameter,
-Postfix will do DNS type A record lookups, and will convert
+Postfix will look up DNS type A records, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
IPV6_V6ONLY support (RFC 3493). </p>
/etc/postfix/main.cf:
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
+ postscreen_blacklist_action = enforce
</pre>
<pre>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20110918"
+#define MAIL_RELEASE_DATE "20110930"
#define MAIL_VERSION_NUMBER "2.9"
#ifdef SNAPSHOT
/* .IP "\fBinet_interfaces (all)\fR"
/* The network interface addresses that this mail system receives
/* mail on.
-/* .IP "\fBinet_protocols (ipv4)\fR"
+/* .IP "\fBinet_protocols (all)\fR"
/* The Internet protocols Postfix will attempt to use when making
/* or accepting connections.
/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
/* Available in Postfix version 2.9 and later:
/* .IP "\fBsmtp_per_record_deadline (no)\fR"
/* Change the behavior of the smtp_*_timeout time limits, from a
-/* time limit per read or write system call, to a time limit to read
-/* or write a complete record (an SMTP command line, SMTP response
+/* time limit per read or write system call, to a time limit to send
+/* or receive a complete record (an SMTP command line, SMTP response
/* line, SMTP message content line, or TLS protocol message).
/* MIME PROCESSING CONTROLS
/* .ad
/* Available in Postfix version 2.9 and later:
/* .IP "\fBsmtp_per_record_deadline (no)\fR"
/* Change the behavior of the smtp_*_timeout time limits, from a
-/* time limit per read or write system call, to a time limit to read
-/* or write a complete record (an SMTP command line, SMTP response
+/* time limit per read or write system call, to a time limit to send
+/* or receive a complete record (an SMTP command line, SMTP response
/* line, SMTP message content line, or TLS protocol message).
/* TROUBLE SHOOTING CONTROLS
/* .ad
/* .IP "\fBinet_interfaces (all)\fR"
/* The network interface addresses that this mail system receives
/* mail on.
-/* .IP "\fBinet_protocols (ipv4)\fR"
+/* .IP "\fBinet_protocols (all)\fR"
/* The Internet protocols Postfix will attempt to use when making
/* or accepting connections.
/* .IP "\fBipc_timeout (3600s)\fR"
/* .IP "\fBproxy_interfaces (empty)\fR"
/* The network interface addresses that this mail system receives mail
/* on by way of a proxy or network address translation unit.
-/* .IP "\fBsmtp_address_preference (ipv6)\fR"
+/* .IP "\fBsmtp_address_preference (any)\fR"
/* The address type ("ipv6", "ipv4" or "any") that the Postfix
/* SMTP client will try first, when a destination has IPv6 and IPv4
/* addresses with equal MX preference.
/* .IP "\fBproxy_interfaces (empty)\fR"
/* The network interface addresses that this mail system receives mail
/* on by way of a proxy or network address translation unit.
-/* .IP "\fBinet_protocols (ipv4)\fR"
+/* .IP "\fBinet_protocols (all)\fR"
/* The Internet protocols Postfix will attempt to use when making
/* or accepting connections.
/* .IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
if (state->err == 0) {
why = vstring_alloc(10);
state->err = mail_stream_finish(state->dest, why);
+ printable(STR(why), ' ');
} else
mail_stream_cleanup(state->dest);
state->dest = 0;
*/
if (LEN(proxy->buffer) < var_line_limit) {
if (VSTRING_LEN(proxy->buffer))
- VSTRING_ADDCH(proxy->buffer, '\n');
+ vstring_strcat(proxy->buffer, "\r\n");
vstring_strcat(proxy->buffer, STR(buffer));
}
projects / thirdparty / postfix.git / commitdiff
