postfix-2.6.2-RC1

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 23597cf567fc2f9794943d40a580d00363ac5b57..6fa824c64530401fb2e6d53d7f20774d41d865d6 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -15231,3 +15231,12 @@ Apologies for any names omitted.
        The queue file would be corrupted when the delay_warning_time
        record was marked as "done" after sending the "your mail
        is delayed" notice.  File: qmgr/qmgr_message.c.
+
+20090528
+
+       Bugfix (introduced: Postfix 2.6 change 20080629): with
+       plaintext sessions, smtpd_tls_auth_only=yes caused spurious
+       warnings with reject_authenticated_sender_login_mismatch,
+       and broke reject_unauthenticated_sender_login_mismatch and
+       reject_sender_login_mismatch.  Based on fix by Victor
+       Duchovni. File: smtpd/smtpd_check.c.

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index fd5201cad0b22759142c7228e351d5510887e54a..baa50b117b3ab85c83d67e4073a072224b357c63 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20090519"
-#define MAIL_VERSION_NUMBER    "2.6.1"
+#define MAIL_RELEASE_DATE      "20090528"
+#define MAIL_VERSION_NUMBER    "2.6.2-RC1"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE     "-" MAIL_RELEASE_DATE

diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index 1a18f92e3c797b3768cd77028d13939a0abf2531..ea3dfbf9c77589103e6206b49a9d9d748bc84353 100644 (file)
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -3278,10 +3278,16 @@ static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sen
     char   *name;
     int     found = 0;
 
+    /*
+     * Replace obscure code by self-evident code.
+     */
+#define SMTPD_SASL_AUTHENTICATED(state) \
+       (smtpd_sasl_is_active(state) && state->sasl_username != 0)
+
     /*
      * Reject if the client is logged in and does not own the sender address.
      */
-    if (smtpd_sasl_is_active(state) && state->sasl_username != 0) {
+    if (var_smtpd_sasl_enable && SMTPD_SASL_AUTHENTICATED(state)) {
        reply = smtpd_resolve_addr(sender);
        if (reply->flags & RESOLVE_FLAG_FAIL)
            reject_dict_retry(state, sender);
@@ -3314,7 +3320,7 @@ static int reject_unauth_sender_login_mismatch(SMTPD_STATE *state, const char *s
      * Reject if the client is not logged in and the sender address has an
      * owner.
      */
-    if (smtpd_sasl_is_active(state) && state->sasl_username == 0) {
+    if (var_smtpd_sasl_enable && !SMTPD_SASL_AUTHENTICATED(state)) {
        reply = smtpd_resolve_addr(sender);
        if (reply->flags & RESOLVE_FLAG_FAIL)
            reject_dict_retry(state, sender);
@@ -3766,7 +3772,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
                                          state->sender, SMTPD_NAME_SENDER);
        } else if (strcasecmp(name, REJECT_AUTH_SENDER_LOGIN_MISMATCH) == 0) {
 #ifdef USE_SASL_AUTH
-           if (smtpd_sasl_is_active(state)) {
+           if (var_smtpd_sasl_enable) {
                if (state->sender && *state->sender)
                    status = reject_auth_sender_login_mismatch(state, state->sender);
            } else
@@ -3774,7 +3780,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
                msg_warn("restriction `%s' ignored: no SASL support", name);
        } else if (strcasecmp(name, REJECT_UNAUTH_SENDER_LOGIN_MISMATCH) == 0) {
 #ifdef USE_SASL_AUTH
-           if (smtpd_sasl_is_active(state)) {
+           if (var_smtpd_sasl_enable) {
                if (state->sender && *state->sender)
                    status = reject_unauth_sender_login_mismatch(state, state->sender);
            } else