and broke reject_unauthenticated_sender_login_mismatch and
reject_sender_login_mismatch. Based on fix by Victor
Duchovni. File: smtpd/smtpd_check.c.
+
+20090605
+
+ Bugfix: "postmulti -e destroy" used hard-coded /bin/env
+ command. Simplified the "destroy" procedure to destroy only
+ known safe names without "/". File: conf/postmulti-script.
+
+20090710
+
+ Bugfix (introduced Postfix 2.3): Postfix got out of sync
+ with a Milter application after the application sent a
+ "quarantine" request at end-of-message time. The milter
+ application would still be in the end-of-message state,
+ while Postfix would already be working on the next SMTP
+ event (typically, QUIT or MAIL FROM). Problem diagnosed
+ with help from Alban Deniz. File: milter/milter8.c.
+
+20090712
+
+ Bugfix (garbage introduced Postfix 2.6): the ugly
+ ${multi_instance_name:postfix}${multi_instance_name
+ ?$multi_instance_name} garbage in Postfix logging is now
+ hopefully gone. File: global/mail_task.c.
+
+20090715
+
+ Documentation: as of Postfix 2.6, the reject_unauth_pipelining
+ feature can be used meaningfully at any protocol stage.
+ File: proto/postconf.proto.
;;
destroy)
+
+ # "postmulti -e destroy" will remove an entire instance only when
+ # invoked immediately after "postmulti -e create" (i.e. before
+ # other files are added to the instance). We delete only known
+ # safe names without "/".
+ #
+ QUEUE_SUBDIRS="active bounce corrupt defer deferred flush hold \
+ incoming maildrop pid private public saved trace"
+ #DEBUG=echo
+ WARN="postlog -p warn -t $TAG"
+
# Locate the target instance
#
[ -f "$config_directory/main.cf" ] ||
postfix -c "$config_directory" status >/dev/null 2>&1 &&
fatal "Instance '$config_directory' is not stopped"
- # XXX: Internal "postfix /some/cmd" interface via /bin/env for execvp().
- #
- for q in maildrop incoming active deferred hold
- do
- postfix -c "$config_directory" /bin/env \
- find "$q" ! -name "$q" ! -name "?" -perm 0700 -print |
- grep "^" >/dev/null &&
- fatal "Instance '$config_directory' $q queue is not empty"
- done
-
# Update multi_instance directories
# and also (just in case) drop from alternate_config_directories
#
- update_cfdirs del $config_directory || exit 1
+ $DEBUG update_cfdirs del "$config_directory" || exit 1
- # Change default personalities:
- MAIL_CONFIG="$config_directory"; export MAIL_CONFIG
-
- # Full steam ahead, instance will be at least partly destroyed!
-
- # Try to remove data_directory, but not sub-directories.
- # Note: care with "$TAG" insertion into sh -c 'script'.
+ # XXX: Internal "postfix /some/cmd" interface.
#
- postfix /bin/sh -c \
- 'cd $data_directory; rm -f -- *; cd ..; rmdir $data_directory; \
- PATH=$command_directory:$PATH; export PATH; \
- test -d $data_directory && \
- postlog -p warn -t "'"$TAG"'" \
- "$data_directory partly removed" 2>&1' 2>/dev/null
-
- # Remove Postfix-owned files in the queue directory.
- # Remove all files in the "pid" sub-directory.
- # Remove empty directories.
- # Note: care with "$TAG" insertion into sh -c 'script'.
- postfix /bin/sh -c \
- 'find . -user $mail_owner ! -type d -exec rm -f -- "{}" ";"; \
- find . -depth -user $mail_owner -type d -exec rmdir -- "{}" ";"; \
- rm -f -- pid/*; rmdir *; cd ..; rmdir $queue_directory; \
- PATH=$command_directory:$PATH; export PATH; \
- test -d $queue_directory && \
- postlog -p warn -t "'"$TAG"'" \
- "$queue_directory partly removed" 2>&1' 2>/dev/null
+ postfix -c "$config_directory" /bin/sh -c "
+ for q in $QUEUE_SUBDIRS
+ do
+ $DEBUG rmdir -- \$q ||
+ $WARN \`pwd\`/\$q: please verify contents and remove by hand
+ done
+ "
+
+ postfix -c "$config_directory" /bin/sh -c "
+ for dir in \$data_directory \$queue_directory
+ do
+ $DEBUG rmdir -- \$dir ||
+ $WARN \$dir: please verify contents and remove by hand
+ done
+ "
# In the configuration directory remove just the main.cf and master.cf
# files.
- rm -f -- "$MAIL_CONFIG/master.cf" "$MAIL_CONFIG/main.cf" 2>/dev/null
- rmdir -- "$MAIL_CONFIG" 2>/dev/null
- test -d "$MAIL_CONFIG" && \
- postlog -p warn -t "$TAG" \
- "$MAIL_CONFIG partly removed" 2>&1
+ $DEBUG rm -f -- "$config_directory/master.cf" "$config_directory/main.cf" 2>/dev/null
+ $DEBUG rmdir -- "$config_directory" ||
+ $WARN $config_directory: please verify contents and remove by hand
;;
+
enable)
postconf -c "$config_directory" -e \
"multi_instance_enable = yes" || exit 1;;
commands ahead of time without knowing that Postfix actually supports
ESMTP command pipelining. This stops mail from bulk mail software
that improperly uses ESMTP command pipelining in order to speed up
-deliveries. <br> Note: <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> is not useful
-outside <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> when 1) the client uses ESMTP (EHLO
-instead of HELO) and 2) with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (the
-default). The use of <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> in the other
-restriction contexts is therefore not recommended. </dd>
+deliveries.
+<br> With Postfix 2.6 and later, the SMTP server sets a per-session
+flag whenever it detects illegal pipelining, including pipelined
+EHLO or HELO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply
+tests whether the flag was set at any point in time during the
+session.
+<br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks
+the current status of the input read queue, and its usage is not
+recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>. </dd>
<dt><b><a name="reject">reject</a></b></dt>
that improperly uses ESMTP command pipelining in order to speed up
deliveries.
.br
-Note: reject_unauth_pipelining is not useful
-outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO
-instead of HELO) and 2) with "smtpd_delay_reject = yes" (the
-default). The use of reject_unauth_pipelining in the other
-restriction contexts is therefore not recommended.
+With Postfix 2.6 and later, the SMTP server sets a per-session
+flag whenever it detects illegal pipelining, including pipelined
+EHLO or HELO commands. The reject_unauth_pipelining feature simply
+tests whether the flag was set at any point in time during the
+session.
+.br
+With older Postfix versions, reject_unauth_pipelining checks
+the current status of the input read queue, and its usage is not
+recommended in contexts other than smtpd_data_restrictions.
.IP "\fBreject\fR"
Reject the request. This restriction is useful at the end of
a restriction list, to make the default policy explicit. The
commands ahead of time without knowing that Postfix actually supports
ESMTP command pipelining. This stops mail from bulk mail software
that improperly uses ESMTP command pipelining in order to speed up
-deliveries. <br> Note: reject_unauth_pipelining is not useful
-outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO
-instead of HELO) and 2) with "smtpd_delay_reject = yes" (the
-default). The use of reject_unauth_pipelining in the other
-restriction contexts is therefore not recommended. </dd>
+deliveries.
+<br> With Postfix 2.6 and later, the SMTP server sets a per-session
+flag whenever it detects illegal pipelining, including pipelined
+EHLO or HELO commands. The reject_unauth_pipelining feature simply
+tests whether the flag was set at any point in time during the
+session.
+<br> With older Postfix versions, reject_unauth_pipelining checks
+the current status of the input read queue, and its usage is not
+recommended in contexts other than smtpd_data_restrictions. </dd>
<dt><b><a name="reject">reject</a></b></dt>
/* Setenv()-ed from main.cf, or inherited from master. */
if ((tag = safe_getenv(CONF_ENV_LOGTAG)) == 0)
/* Check main.cf settings directly, in case set-gid. */
- tag = var_syslog_name ? var_syslog_name : DEF_SYSLOG_NAME;
+ tag = var_syslog_name ? var_syslog_name :
+ mail_conf_eval(DEF_SYSLOG_NAME);
vstring_sprintf(canon_name, "%s/%s", tag, argv0);
return (vstring_str(canon_name));
}
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20090603"
-#define MAIL_VERSION_NUMBER "2.6.2"
+#define MAIL_RELEASE_DATE "20090802"
+#define MAIL_VERSION_NUMBER "2.6.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
/*
* Decision: quarantine. In Sendmail 8.13 this does not imply a
* transition in the receiver state (reply, reject, tempfail,
- * accept, discard).
+ * accept, discard). We should not transition, either, otherwise
+ * we get out of sync.
*/
case SMFIR_QUARANTINE:
/* XXX What to do with the "reason" text? */
MILTER8_DATA_BUFFER, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
- MILTER8_EVENT_BREAK("H");
+ milter8_def_reply(milter, "H");
+ continue;
/*
* Decision: skip further events of this type.
projects / thirdparty / postfix.git / commitdiff
