Cleanups. Fixed some dns_rr_create() calls in test code,
and reverted a workaround in the DNS record formatter;
files: dns/dns_rr_test.c, dns/dns_strrecord.c. Code formatting;
- file: global/nail_addr_find.c. Added missing test reference;
+ file: global/mail_addr_find.c. Added missing test reference;
file: postconf/test76.ref.
+
+20240229
+
+ Clenup: moved the new DNS_RR.flags structure member to the
+ location of a "padding" hole (two bytes for ILP32 systems,
+ 6 bytes for LP64). File: dns/dns.h.
+
+ Deprecation: removed permit_naked_ip_address, reject_maps_rbl,
+ and check_relay_domains. These have been logging deprecation
+ warnings since 2005 or earlier, and were removed from Postfix
+ documentation in 2004 (but who reads logs and documentation?).
+ Files: smtpd/smtpd_check.c, smtpd/smtpd_check_backup.ref,
+ smtpd/smtpd_exp.ref, smtpd/smtpd_deprecated.in,
+ smtpd/smtpd_deprecated.ref.
postconf postconf c postconf postconf_dbms c
File tlsmgr tlsmgr c
restrictions Files dns dns h dns dns_lookup c dns dns_rr c
+ systems 6 bytes for LP64 File dns dns h
tha
thash
THASH
-theadsafe
threadsafe
thusly
timecmp
dfhHnopqvx
fhHoqvx
foqvx
+ILP
unsigned short pref; /* T_MX and T_SRV record related */
unsigned short weight; /* T_SRV related, defined in rfc2782 */
unsigned short port; /* T_SRV related, defined in rfc2782 */
+ /* Assume that flags lives in what was previously padding */
+ unsigned short flags; /* DNS_RR_FLAG_XX, see below */
struct DNS_RR *next; /* linkage */
size_t data_len; /* actual data size */
char *data; /* a bunch of data */
- int flags; /* DNS_RR_FLAG_XX, see below */
/* Add new fields at the end, for ABI forward compatibility. */
} DNS_RR;
/*
* Use the threadsafe resolver API if available, not because it is
- * theadsafe, but because it has more functionality.
+ * threadsafe, but because it has more functionality.
*/
#ifdef USE_RES_NCALLS
static struct __res_state dns_res_state;
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20240228"
+#define MAIL_RELEASE_DATE "20240229"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
tests: smtpd_acl_test smtpd_addr_valid_test smtpd_exp_test \
smtpd_token_test smtpd_check_test4 smtpd_check_dsn_test \
smtpd_check_backup_test smtpd_dnswl_test smtpd_error_test \
- smtpd_server_test smtpd_nullmx_test smtpd_dns_filter_test
+ smtpd_server_test smtpd_nullmx_test smtpd_dns_filter_test \
+ smtpd_deprecated_test
root_tests:
diff smtpd_error.ref smtpd_check.tmp
rm -f smtpd_check.tmp
+smtpd_deprecated_test: smtpd_check smtpd_deprecated.in smtpd_deprecated.ref
+ $(SHLIB_ENV) $(VALGRIND) ./smtpd_check <smtpd_deprecated.in >smtpd_check.tmp 2>&1
+ diff smtpd_deprecated.ref smtpd_check.tmp
+ rm -f smtpd_check.tmp
+
depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \
/*
* Restriction check_relay_domains is deprecated as of Postfix 2.2.
*/
-#if 1
- static int once;
-
- if (once == 0) {
- once = 1;
- msg_warn("support for restriction \"%s\" will be removed from %s; "
- "use \"%s\" instead",
- CHECK_RELAY_DOMAINS, var_mail_name, REJECT_UNAUTH_DEST);
- }
-#endif
-
if (msg_verbose)
msg_info("%s: %s", myname, recipient);
- /*
- * Permit if the client matches the relay_domains list.
- */
- if (domain_list_match(relay_domains, state->name)) {
- if (warn_compat_break_relay_domains)
- msg_info("using backwards-compatible default setting "
- VAR_RELAY_DOMAINS "=$mydestination to permit "
- "request from client \"%s\"", state->name);
- return (SMTPD_CHECK_OK);
- }
-
- /*
- * Permit authorized destinations.
- */
- if (permit_auth_destination(state, recipient) == SMTPD_CHECK_OK)
- return (SMTPD_CHECK_OK);
-
- /*
- * Deny relaying between sites that both are not in relay_domains.
- */
- return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
- var_relay_code, "5.7.1",
- "<%s>: %s rejected: Relay access denied",
- reply_name, reply_class));
+ msg_warn("support for restriction \"%s\" has been removed in %s 3.9; "
+ "use \"%s\" instead",
+ CHECK_RELAY_DOMAINS, var_mail_name, REJECT_UNAUTH_DEST);
+ reject_server_error(state);
}
/* permit_auth_destination - OK for message relaying */
static int reject_maps_rbl(SMTPD_STATE *state)
{
const char *myname = "reject_maps_rbl";
- char *saved_domains = mystrdup(var_maps_rbl_domains);
- char *bp = saved_domains;
- char *rbl_domain;
- int result = SMTPD_CHECK_DUNNO;
- static int warned;
if (msg_verbose)
msg_info("%s: %s", myname, state->addr);
/*
* Restriction reject_maps_rbl is deprecated as of Postfix 2.1.
*/
- if (warned == 0) {
- warned++;
- msg_warn("support for restriction \"%s\" will be removed from %s; "
- "use \"%s domain-name\" instead",
- REJECT_MAPS_RBL, var_mail_name, REJECT_RBL_CLIENT);
- }
- while ((rbl_domain = mystrtok(&bp, CHARS_COMMA_SP)) != 0) {
- result = reject_rbl_addr(state, rbl_domain, state->addr,
- SMTPD_NAME_CLIENT);
- if (result != SMTPD_CHECK_DUNNO)
- break;
- }
-
- /*
- * Clean up.
- */
- myfree(saved_domains);
+ msg_warn("support for restriction \"%s\" has been removed in %s 3.9; "
+ "use \"%s domain-name\" instead",
+ REJECT_MAPS_RBL, var_mail_name, REJECT_RBL_CLIENT);
- return (result);
+ reject_server_error(state);
}
#ifdef USE_SASL_AUTH
}
} else if (strcasecmp(name, PERMIT_NAKED_IP_ADDR) == 0) {
/* permit_naked_ip_addr is deprecated as of Postfix 2.0. */
- msg_warn("restriction %s is deprecated. Use %s or %s instead",
- PERMIT_NAKED_IP_ADDR, PERMIT_MYNETWORKS, PERMIT_SASL_AUTH);
- if (state->helo_name) {
- if (state->helo_name[strspn(state->helo_name, "0123456789.:")] == 0
- && (status = reject_invalid_hostaddr(state, state->helo_name,
- state->helo_name, SMTPD_NAME_HELO)) == 0)
- status = smtpd_acl_permit(state, name, SMTPD_NAME_HELO,
- state->helo_name, NO_PRINT_ARGS);
- }
+ msg_warn("restriction %s has been removed in %s 3.9;"
+ " use %s or %s instead",
+ PERMIT_NAKED_IP_ADDR, var_mail_name,
+ PERMIT_MYNETWORKS, PERMIT_SASL_AUTH);
+ reject_server_error(state);
} else if (is_map_command(state, name, CHECK_HELO_NS_ACL, &cpp)) {
if (state->helo_name) {
status = check_server_access(state, *cpp, state->helo_name,
>>> recipient_restrictions permit_mx_backup,reject
OK
>>> rcpt wietse@wzv.porcupine.org
+./smtpd_check: warning: support for restriction "permit_mx_backup" will be removed from Postfix; instead, use "relay_domains"
OK
>>> rcpt wietse@backup.porcupine.org
OK
--- /dev/null
+#
+# permit_naked_ip_address
+#
+client foo 127.0.0.2
+recipient_restrictions permit_naked_ip_address
+helo 127.0.0.2
+mail sname@sdomain.example
+rcpt rname@rdomain.example
+#
+# check_relay_domains
+#
+client foo 127.0.0.2
+recipient_restrictions check_relay_domains
+relay_domains foo
+helo 127.0.0.2
+mail sname@sdomain.example
+rcpt rname@rdomain.example
+#
+# reject_maps_rbl is already covered elsewhere.
+#
--- /dev/null
+>>> #
+>>> # permit_naked_ip_address
+>>> #
+>>> client foo 127.0.0.2
+OK
+>>> recipient_restrictions permit_naked_ip_address
+OK
+>>> helo 127.0.0.2
+OK
+>>> mail sname@sdomain.example
+OK
+>>> rcpt rname@rdomain.example
+./smtpd_check: warning: restriction permit_naked_ip_address has been removed in Postfix 3.9; use permit_mynetworks or permit_sasl_authenticated instead
+./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain.example> to=<rname@rdomain.example> proto=SMTP helo=<127.0.0.2>
+451 4.3.5 Server configuration error
+>>> #
+>>> # check_relay_domains
+>>> #
+>>> client foo 127.0.0.2
+OK
+>>> recipient_restrictions check_relay_domains
+OK
+>>> relay_domains foo
+OK
+>>> helo 127.0.0.2
+OK
+>>> mail sname@sdomain.example
+OK
+>>> rcpt rname@rdomain.example
+./smtpd_check: warning: support for restriction "check_relay_domains" has been removed in Postfix 3.9; use "reject_unauth_destination" instead
+./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain.example> to=<rname@rdomain.example> proto=SMTP helo=<127.0.0.2>
+451 4.3.5 Server configuration error
+>>> #
+>>> # reject_maps_rbl is already covered elsewhere.
+>>> #
>>> client spike.porcupine.org 168.100.3.2
OK
>>> rcpt rname@rdomain
-./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead
-OK
+./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; use "reject_rbl_client domain-name" instead
+./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
+451 4.3.5 Server configuration error
>>> client foo 127.0.0.2
OK
>>> rcpt rname@rdomain
-./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
-554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test
+./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; use "reject_rbl_client domain-name" instead
+./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
+451 4.3.5 Server configuration error
>>> #
>>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org
OK
projects / thirdparty / postfix.git / commitdiff
