default smtp_tls_dane_insecure_mx_policy setting resulted in
unnecessary 'dnssec_probe' warnings, on systems that disable
DNSSEC lookups (the default). File: smtp/smtp_addr.c.
+
+20250223
+
+ Documentation: updated link to Dovecot documentation. File:
+ proto/SASL_README.
+
+20250227
+
+ Improved and corrected error messages when converting (host
+ or service) information to (symbolic text, numerical text,
+ or binary) form. File: util/myaddrinfo.c.
+
+20250304
+
+ Bugfix (defect introduced: Postfix 2.3, date 20051222): the
+ Dovecot auth client did not attempt to create a new connection
+ after an I/O error on an existing connection. Reported by
+ Oleksandr Kozmenko. File: xsasl/xsasl_dovecot_server.c.
+
+20250316
+
+ Bugfix (defect introduced: date 19991116): when appending
+ a setting to a main.cf or master.cf file that did not end
+ in a newline character, the "postconf -e" command did not
+ add an extra newline character before appending the new
+ setting, causing information to become garbled. Fix by
+ Michael Tokarev. File: postconf/postconf_edit.c.
<p> Dovecot is a POP/IMAP server that has its own configuration to
authenticate POP/IMAP clients. When the Postfix SMTP server uses
Dovecot SASL, it reuses parts of this configuration. Consult the
-<a href="http://wiki.dovecot.org">Dovecot documentation</a> for how
+<a href="https://doc.dovecot.org">Dovecot documentation</a> for how
to configure and operate the Dovecot authentication server. </p>
<h4><a name="server_dovecot_comm">Postfix to Dovecot SASL communication</a></h4>
<p> Dovecot is a POP/IMAP server that has its own configuration to
authenticate POP/IMAP clients. When the Postfix SMTP server uses
Dovecot SASL, it reuses parts of this configuration. Consult the
-<a href="http://wiki.dovecot.org">Dovecot documentation</a> for how
+<a href="https://doc.dovecot.org">Dovecot documentation</a> for how
to configure and operate the Dovecot authentication server. </p>
<h4><a name="server_dovecot_comm">Postfix to Dovecot SASL communication</a></h4>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20250224"
-#define MAIL_VERSION_NUMBER "3.7.14"
+#define MAIL_RELEASE_DATE "20250422"
+#define MAIL_VERSION_NUMBER "3.7.15"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
static char *pcf_next_cf_line(VSTRING *buf, VSTREAM *src, VSTREAM *dst, int *lineno)
{
char *cp;
+ int last_char;
- while (vstring_get(buf, src) != VSTREAM_EOF) {
+ while ((last_char = vstring_get(buf, src)) != VSTREAM_EOF) {
+ if (last_char != '\n') {
+ VSTRING_ADDCH(buf, '\n');
+ VSTRING_TERMINATE(buf);
+ }
if (lineno)
*lineno += 1;
if ((cp = pcf_find_cf_info(buf, dst)) != 0)
*/
if ((aierr = sockaddr_to_hostaddr(sa, sa_length, &client_addr,
&client_port, 0)) != 0)
- msg_fatal("%s: cannot convert client address/port to string: %s",
- myname, MAI_STRERROR(aierr));
+ msg_fatal("%s: cannot convert client sockaddr type %s length %ld "
+ "to string: %s", myname,
+#ifdef AF_INET6
+ sa->sa_family == AF_INET6 ? "AF_INET6" :
+#endif
+ sa->sa_family == AF_INET ? "AF_INET" : "other",
+ (long) sa_length, MAI_STRERROR(aierr));
state->port = mystrdup(client_port.buf);
/*
state->dest_sockaddr_len,
&server_addr,
&server_port, 0)) != 0)
- msg_fatal("%s: cannot convert server address/port to string: %s",
- myname, MAI_STRERROR(aierr));
- /* TODO: convert IPv4-in-IPv6 to IPv4 form. */
+ /* TODO: convert IPv4-in-IPv6 to IPv4 form. */
+ msg_fatal("%s: cannot convert server sockaddr type %s length %ld "
+ "to string: %s", myname,
+#ifdef AF_INET6
+ state->dest_sockaddr.ss_family == AF_INET6 ? "AF_INET6" :
+#endif
+ state->dest_sockaddr.ss_family == AF_INET ? "AF_INET" :
+ "other", (long) state->dest_sockaddr_len,
+ MAI_STRERROR(aierr));
state->dest_addr = mystrdup(server_addr.buf);
state->dest_port = mystrdup(server_port.buf);
if ((aierr = hostaddr_to_sockaddr(state->addr, state->port,
SOCK_STREAM, &res)) != 0)
- msg_fatal("%s: cannot convert client address/port to string: %s",
- myname, MAI_STRERROR(aierr));
+ msg_fatal("%s: cannot convert client address '%s' port '%s' to binary: %s",
+ myname, state->addr, state->port, MAI_STRERROR(aierr));
if (res->ai_addrlen > sizeof(state->sockaddr))
msg_panic("%s: address length > struct sockaddr_storage", myname);
memcpy((void *) &(state->sockaddr), res->ai_addr, res->ai_addrlen);
}
vstring_strcpy(reply, "Connection lost to authentication server");
+ xsasl_dovecot_server_disconnect(server->impl);
return XSASL_AUTH_TEMP;
}
if (i == 1) {
vstring_strcpy(reply, "Can't connect to authentication server");
+ xsasl_dovecot_server_disconnect(server->impl);
return XSASL_AUTH_TEMP;
}
"CONT\t%u\t%s\n", server->last_request_id, request);
if (vstream_fflush(server->impl->sasl_stream) == VSTREAM_EOF) {
vstring_strcpy(reply, "Connection lost to authentication server");
+ xsasl_dovecot_server_disconnect(server->impl);
return XSASL_AUTH_TEMP;
}
return xsasl_dovecot_handle_reply(server, reply);
projects / thirdparty / postfix.git / commitdiff
