indices in replacement text, and silently treated $text as
$0. Found by Michael Tokarev. File: dict_pcre.c.
-20021107
+20021108
- The behavior of the SMTP server's defer_if_permit flag has
- changed. The flag is still set when an UCE reject restriction
- fails due to a temporary (DNS) problem, to prevent unwanted
- mail from slipping through. However, the flag is no longer
- tested at the end of client, helo or sender restrictions.
- Instead, the flag is now tested at the end of the ETRN and
- recipient restrictions only.
+ Cleanup: the behavior of the SMTP server's defer_if_permit
+ flag was changed, in order to maximize the opportunity to
+ permanently reject mail without opening opportunities for
+ losing legitimate mail. This was done in cooperation with
+ Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
+
+ The defer_if_permit flag is still set when an UCE reject
+ restriction fails due to a temporary (e.g., DNS) problem,
+ to prevent unwanted mail from slipping through. However,
+ the flag is no longer tested at the end of client, helo or
+ sender restrictions. Instead, the flag is now tested at
+ the end of the ETRN and recipient restrictions only.
The behavior of the warn_if_reject restriction has changed.
It no longer activates any already made defer_if_permit or
when some UCE permit restriction fails due to a temporary
(DNS) problem, to avoid loss of legitimate mail).
- Instead of setting the defer_if_permit flag, a failing
- reject restriction after warn_if_reject now merely logs
- that it would have caused mail to be deferred.
+ Bugfix: instead of setting the defer_if_permit flag, a
+ failing reject restriction after warn_if_reject now merely
+ logs that it would have caused mail to be deferred.
A failing permit restriction after warn_if_reject still
raises the defer_if_reject flag, to avoid loss of legitimate
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
-Incompatible changes with Postfix snapshot 1.1.11-20021107
+Incompatible changes with Postfix snapshot 1.1.11-20021108
==========================================================
-The behavior of the SMTP server's defer_if_permit flag has changed.
+The behavior of the SMTP server's defer_if_permit flag has changed,
+in order to maximize the opportunity to permanently reject mail
+without opening opportunities for losing legitimate mail.
+
The flag is still set when an UCE reject restriction fails due to
a temporary (DNS) problem, to prevent unwanted mail from slipping
through. However, the flag is no longer tested at the end of client,
#
# inet_interfaces
# The network interface addresses that this system
-# receives mail on.
+# receives mail on. You need to stop and start Post-
+# fix when this parameter changes.
#
# masquerade_classes
-# List of address classes subject to masquerading:
-# zero or more of envelope_sender, envelope_recipi-
+# List of address classes subject to masquerading:
+# zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient.
#
# masquerade_domains
-# List of domains that hide their subdomain struc-
+# List of domains that hide their subdomain struc-
# ture.
#
# masquerade_exceptions
-# List of user names that are not subject to address
+# List of user names that are not subject to address
# masquerading.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
# regexp_table(5) format of POSIX regular expression tables
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
+# Note: you need to stop/start Postfix when this parameter changes.
+#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
-#
# RELOCATED(5) RELOCATED(5)
#
# NAME
#
# inet_interfaces
# The network interface addresses that this system
-# receives mail on.
+# receives mail on. You need to stop and start Post-
+# fix when this parameter changes.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
# regexp_table(5) format of POSIX regular expression tables
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
-# 1
-#
+# RELOCATED(5)
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
-# and LOCAL (the address localpart).
+# LOCAL (the address localpart), RECIPIENT and SENDER.
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us by way of a proxy or address translator.
#
+# Note: you need to stop and start Postfix when this parameter changes.
+#
inet_interfaces = all
# The proxy_interfaces parameter specifies the network interface
#
# inet_interfaces
# The network interface addresses that this system
-# receives mail on.
+# receives mail on. You need to stop and start Post-
+# fix when this parameter changes.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
# regexp_table(5) format of POSIX regular expression tables
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
</dl>
+<p>
+
+<b>Note: you need to stop and start Postfix when this parameter changes.</b>
+
<hr>
<a href="index.html">Up one level</a> | Basic Configuration | <a
<b>inet</b><i>_</i><b>interfaces</b>
The network interface addresses that this system
- receives mail on.
+ receives mail on. You need to stop and start Post-
+ fix when this parameter changes.
<b>masquerade</b><i>_</i><b>classes</b>
- List of address classes subject to masquerading:
- zero or more of <b>envelope</b><i>_</i><b>sender</b>, <b>envelope</b><i>_</i><b>recipi-</b>
+ List of address classes subject to masquerading:
+ zero or more of <b>envelope</b><i>_</i><b>sender</b>, <b>envelope</b><i>_</i><b>recipi-</b>
<b>ent</b>, <b>header</b><i>_</i><b>sender</b>, <b>header</b><i>_</i><b>recipient</b>.
<b>masquerade</b><i>_</i><b>domains</b>
- List of domains that hide their subdomain struc-
+ List of domains that hide their subdomain struc-
ture.
<b>masquerade</b><i>_</i><b>exceptions</b>
- List of user names that are not subject to address
+ List of user names that are not subject to address
masquerading.
<b>mydestination</b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b>myorigin</b>
<a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b>RECIPIENT</b>
The entire recipient address.
+ <b>SENDER</b> The entire sender address.
+
The <b>PATH</b> environment variable is always reset to a system-
dependent default path, and the <b>TZ</b> (time zone) environment
variable is always passed on without change.
also the root directory of Postfix daemons that run
chrooted.
+ <b>inet</b><i>_</i><b>interfaces</b>
+ The network interface addresses that this system
+ receives mail on. You need to stop and start Post-
+ fix when this parameter changes.
+
<b>Resource</b> <b>controls</b>
<b>default</b><i>_</i><b>process</b><i>_</i><b>limit</b>
Default limit for the number of simultaneous child
<html> <head> </head> <body> <pre>
-
RELOCATED(5) RELOCATED(5)
<b>NAME</b>
<b>inet</b><i>_</i><b>interfaces</b>
The network interface addresses that this system
- receives mail on.
+ receives mail on. You need to stop and start Post-
+ fix when this parameter changes.
<b>mydestination</b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b>myorigin</b>
<a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ RELOCATED(5)
</pre> </body> </html>
<b>inet</b><i>_</i><b>interfaces</b>
The network interface addresses that this system
- receives mail on.
+ receives mail on. You need to stop and start Post-
+ fix when this parameter changes.
<b>mydestination</b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b>myorigin</b>
<a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Other parameters of interest:
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
+You need to stop and start Postfix when this parameter changes.
.IP \fBmasquerade_classes\fR
List of address classes subject to masquerading: zero or more of
\fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR,
Other parameters of interest:
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
+You need to stop and start Postfix when this parameter changes.
.IP \fBmydestination\fR
List of domains that this mail system considers local.
.IP \fBmyorigin\fR
Other parameters of interest:
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
+You need to stop and start Postfix when this parameter changes.
.IP \fBmydestination\fR
List of domains that this mail system considers local.
.IP \fBmyorigin\fR
rightmost @ character).
.IP \fBRECIPIENT\fR
The entire recipient address.
+.IP \fBSENDER\fR
+The entire sender address.
.PP
The \fBPATH\fR environment variable is always reset to a
system-dependent default path, and the \fBTZ\fR (time zone)
.IP \fBqueue_directory\fR
Top-level directory of the Postfix queue. This is also the root
directory of Postfix daemons that run chrooted.
+.IP \fBinet_interfaces\fR
+The network interface addresses that this system receives mail on.
+You need to stop and start Postfix when this parameter changes.
.SH "Resource controls"
.ad
.fi
# Other parameters of interest:
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
+# You need to stop and start Postfix when this parameter changes.
# .IP \fBmasquerade_classes\fR
# List of address classes subject to masquerading: zero or more of
# \fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR,
# Other parameters of interest:
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
+# You need to stop and start Postfix when this parameter changes.
# .IP \fBmydestination\fR
# List of domains that this mail system considers local.
# .IP \fBmyorigin\fR
# Other parameters of interest:
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
+# You need to stop and start Postfix when this parameter changes.
# .IP \fBmydestination\fR
# List of domains that this mail system considers local.
# .IP \fBmyorigin\fR
extern char *var_cmd_exp_filter;
#define VAR_FWD_EXP_FILTER "forward_expansion_filter"
-#define DEF_FWD_EXP_FILTER "1234567890!@%-_=+:,./\
+#define DEF_FWD_EXP_FILTER "1234567890!@%-_=+:,.\
abcdefghijklmnopqrstuvwxyz\
ABCDEFGHIJKLMNOPQRSTUVWXYZ"
extern char *var_fwd_exp_filter;
#define DEF_DEFER_CODE 450
extern int var_defer_code;
+#define DEFER_IF_PERMIT "defer_if_permit"
+#define DEFER_IF_REJECT "defer_if_reject"
+
#define REJECT_UNKNOWN_CLIENT "reject_unknown_client"
#define VAR_UNK_CLIENT_CODE "unknown_client_reject_code"
#define DEF_UNK_CLIENT_CODE 450
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20021107"
+#define MAIL_RELEASE_DATE "20021108"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.11-" MAIL_RELEASE_DATE
/* rightmost @ character).
/* .IP \fBRECIPIENT\fR
/* The entire recipient address.
+/* .IP \fBSENDER\fR
+/* The entire sender address.
/* .PP
/* The \fBPATH\fR environment variable is always reset to a
/* system-dependent default path, and the \fBTZ\fR (time zone)
/* .IP \fBqueue_directory\fR
/* Top-level directory of the Postfix queue. This is also the root
/* directory of Postfix daemons that run chrooted.
+/* .IP \fBinet_interfaces\fR
+/* The network interface addresses that this system receives mail on.
+/* You need to stop and start Postfix when this parameter changes.
/* .SH "Resource controls"
/* .ad
/* .fi
int warn_if_reject; /* force reject into warning */
SMTPD_DEFER defer_if_reject; /* force reject into deferral */
SMTPD_DEFER defer_if_permit; /* force permit into deferral */
+ int defer_if_permit_client; /* force permit into warning */
+ int defer_if_permit_helo; /* force permit into warning */
+ int defer_if_permit_sender; /* force permit into warning */
VSTRING *expand_buf; /* scratch space for $name expansion */
} SMTPD_STATE;
*
* reject_unknown_client, hostname-based white-list, reject
*
- * XXX Don't raise the defer_if_permit flag with a failing reject-style
- * restriction that follows warn_if_reject. Instead, log the warning for the
+ * XXX With warn_if_reject, don't raise the defer_if_permit flag when a
+ * reject-style restriction fails. Instead, log the warning for the
* resulting defer message.
*
- * XXX Do raise the defer_if_reject flag with a failing permit-style
- * restriction that follows warn_if_reject. Otherwise, we could reject
- * legitimate mail.
+ * XXX With warn_if_reject, do raise the defer_if_reject flag when a
+ * permit-style restriction fails. Otherwise, we could reject legitimate
+ * mail.
*/
static void PRINTFLIKE(3, 4) defer_if(SMTPD_DEFER *, int, const char *,...);
cpp[1], REJECT_ALL);
} else if (strcasecmp(name, REJECT_UNAUTH_PIPE) == 0) {
status = reject_unauth_pipelining(state, reply_name, reply_class);
+ } else if (strcasecmp(name, DEFER_IF_PERMIT) == 0) {
+ DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
+ "450 <%s>: %s rejected: defer_if_permit requested",
+ reply_name, reply_class);
+ } else if (strcasecmp(name, DEFER_IF_REJECT) == 0) {
+ DEFER_IF_REJECT2(state, MAIL_ERROR_POLICY,
+ "450 <%s>: %s rejected: defer_if_reject requested",
+ reply_name, reply_class);
}
/*
}
/*
- * This is cleared before client restrictions, and is tested after
- * recipient and etrn restrictions.
+ * Reset the defer_if_permit flag.
*/
state->defer_if_permit.active = 0;
if (status == 0 && client_restrctions->argc)
status = generic_checks(state, client_restrctions, state->namaddr,
SMTPD_NAME_CLIENT, CHECK_CLIENT_ACL);
+ state->defer_if_permit_client = state->defer_if_permit.active;
return (status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
}
return (x); \
}
+ /*
+ * Restore the defer_if_permit flag to its value before HELO/EHLO, and do
+ * not set the flag when it was already raised by a previous protocol
+ * stage.
+ */
+ state->defer_if_permit.active = state->defer_if_permit_client;
+
/*
* Apply restrictions in the order as specified.
*/
if (status == 0 && helo_restrctions->argc)
status = generic_checks(state, helo_restrctions, state->helo_name,
SMTPD_NAME_HELO, CHECK_HELO_ACL);
+ state->defer_if_permit_helo = state->defer_if_permit.active;
SMTPD_CHECK_HELO_RETURN(status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
}
return (x); \
}
+ /*
+ * Restore the defer_if_permit flag to its value before MAIL FROM, and do
+ * not set the flag when it was already raised by a previous protocol
+ * stage. The client may skip the helo/ehlo.
+ */
+ state->defer_if_permit.active = state->defer_if_permit_client
+ | state->defer_if_permit_helo;
+
/*
* Apply restrictions in the order as specified.
*/
if (status == 0 && mail_restrctions->argc)
status = generic_checks(state, mail_restrctions, sender,
SMTPD_NAME_SENDER, CHECK_SENDER_ACL);
+ state->defer_if_permit_sender = state->defer_if_permit.active;
SMTPD_CHECK_MAIL_RETURN(status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
}
|| (err = smtpd_check_mail(state, state->sender)) != 0)
SMTPD_CHECK_RCPT_RETURN(err);
+ /*
+ * Restore the defer_if_permit flag to its value before RCPT TO, and do
+ * not set the flag when it was already raised by a previous protocol
+ * stage.
+ */
+ state->defer_if_permit.active = state->defer_if_permit_sender;
+
/*
* Apply restrictions in the order as specified.
*/
|| (err = smtpd_check_helo(state, state->helo_name)) != 0)
SMTPD_CHECK_ETRN_RETURN(err);
+ /*
+ * Restore the defer_if_permit flag to its value before ETRN, and do not
+ * set the flag when it was already raised by a previous protocol stage.
+ * The client may skip the helo/ehlo.
+ */
+ state->defer_if_permit.active = state->defer_if_permit_client
+ | state->defer_if_permit_helo;
+
/*
* Apply restrictions in the order as specified.
*/
state->recipient = 0;
}
+ /*
+ * Reset the defer_if_permit flag. This should not be necessary but we do
+ * it just in case.
+ */
+ state->defer_if_permit.active = 0;
+
/*
* Apply restrictions in the order as specified.
*
state->recursion = 0;
state->msg_size = 0;
state->junk_cmds = 0;
- state->defer_if_reject.active = 0;
+ state->defer_if_permit_client = 0;
+ state->defer_if_permit_helo = 0;
+ state->defer_if_permit_sender = 0;
state->defer_if_reject.reason = 0;
- state->defer_if_permit.active = 0;
state->defer_if_permit.reason = 0;
state->expand_buf = 0;
projects / thirdparty / postfix.git / commitdiff
