snapshot-20010730

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 3d7064771ded4f2ba58890f7c8c3d306222565ae..bd9f61782486455db69f257050d287fef7f17f4e 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -5369,8 +5369,15 @@ Apologies for any names omitted.
 
        Bugfix: recursive restrictions could clobber non-reentrant
        address resolving results. Problem found by Victor Duchovni,
-       morganstanley.com.
+       morganstanley.com. In order to fix, introduced address
+       resolving caching, which shouls speed up UCE processing.
 
        Bugfix: the not yet published DUNNO table lookup result
        did not prevent further partial key lookups in the same
        table. Problem found by Victor Duchovni, morganstanley.com.
+
+20010729
+
+       Robustness: trim trailing whitespace from regexp and pcre
+       right-hand sides, for consistency with DB/DBM tables.
+       Files: util/dict_pcre.c, util/dict_regexp.c.

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 5b94e2288172bff99c77d14022f0980b865abb14..3079cb8ea862e621d91346f2f05d400a762f7bf8 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -15,7 +15,7 @@
   * Version of this program.
   */
 #define VAR_MAIL_VERSION       "mail_version"
-#define DEF_MAIL_VERSION       "Snapshot-20010729"
+#define DEF_MAIL_VERSION       "Snapshot-20010730"
 extern char *var_mail_version;
 
 /* LICENSE

diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in
index 5eaf14882d07093b65afa5b2d17f8c1c527ad641..2031632ee7d985a52fdcb5995fb9d1af62d77077 100644 (file)
--- a/postfix/src/smtpd/Makefile.in
+++ b/postfix/src/smtpd/Makefile.in
@@ -67,7 +67,7 @@ depend: $(MAKES)
        done) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile.in
        @$(EXPORT) make -f Makefile.in Makefile 1>&2
 
-tests: smtpd_check_test smtpd_check_test2 smtpd_token_test
+tests: smtpd_check_test smtpd_check_test2 smtpd_acl_test smtpd_token_test
 
 smtpd_check_test: smtpd_check smtpd_check.in smtpd_check.ref
        ../postmap/postmap smtpd_check_access
@@ -81,6 +81,12 @@ smtpd_check_test2: smtpd_check smtpd_check.in2 smtpd_check.ref2
        diff smtpd_check.ref2 smtpd_check.tmp
        rm -f smtpd_check.tmp smtpd_check_access.*
 
+smtpd_acl_test: smtpd_check smtpd_acl.in smtpd_acl.ref
+       ../postmap/postmap smtpd_check_access
+       ./smtpd_check <smtpd_acl.in >smtpd_check.tmp 2>&1
+       diff smtpd_acl.ref smtpd_check.tmp
+       rm -f smtpd_check.tmp smtpd_check_access.*
+
 smtpd_token_test: smtpd_token smtpd_token.in smtpd_token.ref
        ./smtpd_token <smtpd_token.in >smtpd_token.tmp 2>&1
        diff smtpd_token.ref smtpd_token.tmp

diff --git a/postfix/src/smtpd/smtpd_acl.in b/postfix/src/smtpd/smtpd_acl.in
new file mode 100644 (file)
index 0000000..e633c48
--- /dev/null
+++ b/postfix/src/smtpd/smtpd_acl.in
@@ -0,0 +1,107 @@
+#
+# Initialize
+#
+smtpd_delay_reject 0
+mynetworks 127.0.0.0/8,168.100.189.0/28
+relay_domains porcupine.org
+#
+# Test check_domain_access()
+#
+helo_restrictions hash:./smtpd_check_access
+# Expect: REJECT
+helo foo.dunno.com
+# Expect: OK
+helo bar.dunno.com
+# Expect: OK
+helo foo.duuno.com
+#
+# Test check_namadr_access(), domain part
+#
+client_restrictions hash:./smtpd_check_access
+# Expect: REJECT
+client foo.dunno.com 131.155.210.17
+# Expect: OK
+client bar.dunno.com 131.155.210.17
+# Expect: OK
+client bar.dunno.com 131.155.210.19
+#
+# Test check_namadr_access(), address part
+#
+# Expect: OK
+client bar.duno.com 131.155.210.17
+# Expect: REJECT
+client bar.duno.com 131.155.210.19
+# Expect: REJECT
+client bar.duno.com 44.33.22.11
+# Expect: OK
+client bar.duno.com 44.33.22.55
+# Expect: REJECT
+client bar.duno.com 44.33.44.33
+#
+# Test check_mail_access()
+#
+sender_restrictions hash:./smtpd_check_access
+# Expect: REJECT
+mail reject@dunno.domain
+# Expect: OK
+mail ok@dunno.domain
+# Expect: OK
+mail anyone@dunno.domain
+# Expect: OK
+mail bad-sender@dunno.domain
+#
+# Again, with a domain that rejects by default
+#
+# Expect: REJECT  
+mail reject@reject.domain
+# Expect: OK
+mail ok@reject.domain
+# Expect: REJECT
+mail anyone@reject.domain
+# Expect: REJECT
+mail good-sender@reject.domain
+#
+# Again, with a domain that accepts by default
+#
+# Expect: REJECT
+mail reject@ok.domain
+# Expect: OK
+mail ok@ok.domain
+# Expect: OK
+mail anyone@ok.domain
+# Expect: OK
+mail bad-sender@ok.domain
+#
+# Test check_mail_access()
+#
+recipient_restrictions hash:./smtpd_check_access
+# Expect: REJECT
+rcpt reject@dunno.domain
+# Expect: OK
+rcpt ok@dunno.domain
+# Expect: OK
+rcpt anyone@dunno.domain
+# Expect: OK
+rcpt bad-sender@dunno.domain
+#
+# Again, with a domain that rejects by default
+#
+# Expect: REJECT  
+rcpt reject@reject.domain
+# Expect: OK
+rcpt ok@reject.domain
+# Expect: REJECT
+rcpt anyone@reject.domain
+# Expect: REJECT
+rcpt good-sender@reject.domain
+#
+# Again, with a domain that accepts by default
+#
+# Expect: REJECT
+rcpt reject@ok.domain
+# Expect: OK
+rcpt ok@ok.domain
+# Expect: OK
+rcpt anyone@ok.domain
+# Expect: OK
+rcpt bad-sender@ok.domain

diff --git a/postfix/src/smtpd/smtpd_acl.ref b/postfix/src/smtpd/smtpd_acl.ref
new file mode 100644 (file)
index 0000000..34e3518
--- /dev/null
+++ b/postfix/src/smtpd/smtpd_acl.ref
@@ -0,0 +1,164 @@
+>>> #
+>>> # Initialize
+>>> #
+>>> smtpd_delay_reject 0
+OK
+>>> mynetworks 127.0.0.0/8,168.100.189.0/28
+OK
+>>> relay_domains porcupine.org
+OK
+>>> #
+>>> # Test check_domain_access()
+>>> #
+>>> helo_restrictions hash:./smtpd_check_access
+OK
+>>> # Expect: REJECT
+>>> helo foo.dunno.com
+./smtpd_check: reject: HELO from localhost[127.0.0.1]: 554 <foo.dunno.com>: Helo command rejected: Access denied
+554 <foo.dunno.com>: Helo command rejected: Access denied
+>>> # Expect: OK
+>>> helo bar.dunno.com
+OK
+>>> # Expect: OK
+>>> helo foo.duuno.com
+OK
+>>> #
+>>> # Test check_namadr_access(), domain part
+>>> #
+>>> client_restrictions hash:./smtpd_check_access
+OK
+>>> # Expect: REJECT
+>>> client foo.dunno.com 131.155.210.17
+./smtpd_check: reject: CONNECT from foo.dunno.com[131.155.210.17]: 554 <foo.dunno.com[131.155.210.17]>: Client host rejected: Access denied
+554 <foo.dunno.com[131.155.210.17]>: Client host rejected: Access denied
+>>> # Expect: OK
+>>> client bar.dunno.com 131.155.210.17
+OK
+>>> # Expect: OK
+>>> client bar.dunno.com 131.155.210.19
+OK
+>>> #
+>>> # Test check_namadr_access(), address part
+>>> #
+>>> # Expect: OK
+>>> client bar.duno.com 131.155.210.17
+OK
+>>> # Expect: REJECT
+>>> client bar.duno.com 131.155.210.19
+./smtpd_check: reject: CONNECT from bar.duno.com[131.155.210.19]: 554 <bar.duno.com[131.155.210.19]>: Client host rejected: Access denied
+554 <bar.duno.com[131.155.210.19]>: Client host rejected: Access denied
+>>> # Expect: REJECT
+>>> client bar.duno.com 44.33.22.11
+./smtpd_check: reject: CONNECT from bar.duno.com[44.33.22.11]: 554 <bar.duno.com[44.33.22.11]>: Client host rejected: Access denied
+554 <bar.duno.com[44.33.22.11]>: Client host rejected: Access denied
+>>> # Expect: OK
+>>> client bar.duno.com 44.33.22.55
+OK
+>>> # Expect: REJECT
+>>> client bar.duno.com 44.33.44.33
+./smtpd_check: reject: CONNECT from bar.duno.com[44.33.44.33]: 554 <bar.duno.com[44.33.44.33]>: Client host rejected: Access denied
+554 <bar.duno.com[44.33.44.33]>: Client host rejected: Access denied
+>>> #
+>>> # Test check_mail_access()
+>>> #
+>>> sender_restrictions hash:./smtpd_check_access
+OK
+>>> # Expect: REJECT
+>>> mail reject@dunno.domain
+./smtpd_check: reject: MAIL from bar.duno.com[44.33.44.33]: 554 <reject@dunno.domain>: Sender address rejected: Access denied; from=<reject@dunno.domain>
+554 <reject@dunno.domain>: Sender address rejected: Access denied
+>>> # Expect: OK
+>>> mail ok@dunno.domain
+OK
+>>> # Expect: OK
+>>> mail anyone@dunno.domain
+OK
+>>> # Expect: OK
+>>> mail bad-sender@dunno.domain
+OK
+>>> #
+>>> # Again, with a domain that rejects by default
+>>> #
+>>> # Expect: REJECT  
+>>> mail reject@reject.domain
+./smtpd_check: reject: MAIL from bar.duno.com[44.33.44.33]: 554 <reject@reject.domain>: Sender address rejected: Access denied; from=<reject@reject.domain>
+554 <reject@reject.domain>: Sender address rejected: Access denied
+>>> # Expect: OK
+>>> mail ok@reject.domain
+OK
+>>> # Expect: REJECT
+>>> mail anyone@reject.domain
+./smtpd_check: reject: MAIL from bar.duno.com[44.33.44.33]: 554 <anyone@reject.domain>: Sender address rejected: Access denied; from=<anyone@reject.domain>
+554 <anyone@reject.domain>: Sender address rejected: Access denied
+>>> # Expect: REJECT
+>>> mail good-sender@reject.domain
+./smtpd_check: reject: MAIL from bar.duno.com[44.33.44.33]: 554 <good-sender@reject.domain>: Sender address rejected: Access denied; from=<good-sender@reject.domain>
+554 <good-sender@reject.domain>: Sender address rejected: Access denied
+>>> #
+>>> # Again, with a domain that accepts by default
+>>> #
+>>> # Expect: REJECT
+>>> mail reject@ok.domain
+./smtpd_check: reject: MAIL from bar.duno.com[44.33.44.33]: 554 <reject@ok.domain>: Sender address rejected: Access denied; from=<reject@ok.domain>
+554 <reject@ok.domain>: Sender address rejected: Access denied
+>>> # Expect: OK
+>>> mail ok@ok.domain
+OK
+>>> # Expect: OK
+>>> mail anyone@ok.domain
+OK
+>>> # Expect: OK
+>>> mail bad-sender@ok.domain
+OK
+>>> #
+>>> # Test check_mail_access()
+>>> #
+>>> recipient_restrictions hash:./smtpd_check_access
+OK
+>>> # Expect: REJECT
+>>> rcpt reject@dunno.domain
+./smtpd_check: reject: RCPT from bar.duno.com[44.33.44.33]: 554 <reject@dunno.domain>: Recipient address rejected: Access denied; from=<bad-sender@ok.domain> to=<reject@dunno.domain>
+554 <reject@dunno.domain>: Recipient address rejected: Access denied
+>>> # Expect: OK
+>>> rcpt ok@dunno.domain
+OK
+>>> # Expect: OK
+>>> rcpt anyone@dunno.domain
+OK
+>>> # Expect: OK
+>>> rcpt bad-sender@dunno.domain
+OK
+>>> #
+>>> # Again, with a domain that rejects by default
+>>> #
+>>> # Expect: REJECT  
+>>> rcpt reject@reject.domain
+./smtpd_check: reject: RCPT from bar.duno.com[44.33.44.33]: 554 <reject@reject.domain>: Recipient address rejected: Access denied; from=<bad-sender@ok.domain> to=<reject@reject.domain>
+554 <reject@reject.domain>: Recipient address rejected: Access denied
+>>> # Expect: OK
+>>> rcpt ok@reject.domain
+OK
+>>> # Expect: REJECT
+>>> rcpt anyone@reject.domain
+./smtpd_check: reject: RCPT from bar.duno.com[44.33.44.33]: 554 <anyone@reject.domain>: Recipient address rejected: Access denied; from=<bad-sender@ok.domain> to=<anyone@reject.domain>
+554 <anyone@reject.domain>: Recipient address rejected: Access denied
+>>> # Expect: REJECT
+>>> rcpt good-sender@reject.domain
+./smtpd_check: reject: RCPT from bar.duno.com[44.33.44.33]: 554 <good-sender@reject.domain>: Recipient address rejected: Access denied; from=<bad-sender@ok.domain> to=<good-sender@reject.domain>
+554 <good-sender@reject.domain>: Recipient address rejected: Access denied
+>>> #
+>>> # Again, with a domain that accepts by default
+>>> #
+>>> # Expect: REJECT
+>>> rcpt reject@ok.domain
+./smtpd_check: reject: RCPT from bar.duno.com[44.33.44.33]: 554 <reject@ok.domain>: Recipient address rejected: Access denied; from=<bad-sender@ok.domain> to=<reject@ok.domain>
+554 <reject@ok.domain>: Recipient address rejected: Access denied
+>>> # Expect: OK
+>>> rcpt ok@ok.domain
+OK
+>>> # Expect: OK
+>>> rcpt anyone@ok.domain
+OK
+>>> # Expect: OK
+>>> rcpt bad-sender@ok.domain
+OK

diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index 2fc9a6ba9e312d0cd8fd3d3952d81f34e15f23cd..7e7631520b2a6c68e045b5fdedad612301e45e93 100644 (file)
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -1549,7 +1549,7 @@ static int check_mail_access(SMTPD_STATE *state, const char *table,
     status = check_access(state, table, local_at, PARTIAL, found,
                          reply_name, reply_class, def_acl);
     myfree(local_at);
-    if (status != 0)
+    if (status != 0 || *found)
        return (status);
 
     /*

diff --git a/postfix/src/smtpd/smtpd_check_access b/postfix/src/smtpd/smtpd_check_access
index f7f6e42d7fc34b79c01b1f9482dc557c17a1241c..afb5487c965698565922f815c5d036113962fdfb 100644 (file)
--- a/postfix/src/smtpd/smtpd_check_access
+++ b/postfix/src/smtpd/smtpd_check_access
@@ -2,9 +2,30 @@ bad.domain             554 match bad.domain
 friend.bad.domain      OK
 bad-sender@            554 match bad-sender@
 bad-sender@good.domain OK
+good-sender@           OK
 131.155.210            554 match 131.155.210
 131.155.210.17         OK
+131.155.210.19         REJECT
 reject@this.address    554 match reject@this.address
 open_user@some.site    open
 strict_user@some.site  strict
 auth_client            123456
+
+dunno.com              dunno
+foo.dunno.com          reject
+
+44.33.22               dunno
+44.33.22.11            REJECT
+44.33                  REJECT
+
+reject@dunno.domain    REJECT
+ok@dunno.domain                OK
+dunno.domain           DUNNO
+
+reject@reject.domain   REJECT
+ok@reject.domain       OK
+reject.domain          REJECT
+
+reject@ok.domain       REJECT
+ok@ok.domain           OK
+ok.domain              OK

diff --git a/postfix/src/util/dict_pcre.c b/postfix/src/util/dict_pcre.c
index 1e8e84b6bf5a33ff28fd5bcafd25e38172bcd74c..6d3c6f5239321630f2aafc7e05b23bd22577f5a4 100644 (file)
--- a/postfix/src/util/dict_pcre.c
+++ b/postfix/src/util/dict_pcre.c
@@ -266,6 +266,7 @@ DICT   *dict_pcre_open(const char *map, int unused_flags, int dict_flags)
            continue;
 
        p = vstring_str(line_buffer);
+       trimblanks(p, 0)[0] = 0;                /* Trim space at end */
        re_delimiter = *p++;
        regexp = p;
 

diff --git a/postfix/src/util/dict_regexp.c b/postfix/src/util/dict_regexp.c
index 0d4eaf852352693c00d706117c6050e3cbc5f5ef..1debbe96ff2c99cbaa620b52413f5e0a3f628215 100644 (file)
--- a/postfix/src/util/dict_regexp.c
+++ b/postfix/src/util/dict_regexp.c
@@ -365,6 +365,8 @@ DICT   *dict_regexp_open(const char *map, int unused_flags, int dict_flags)
        if (*p == 0)                            /* Skip blank lines */
            continue;
 
+       trimblanks(p, 0)[0] = 0;                /* Trim space at end */
+
        rule = dict_regexp_parseline(lineno, p, &nsub, map_fp);
        if (rule) {
            if (nsub > max_nsub)