datagram-based spawn(8) service. It was too difficult to
enforce that processes terminate as expected after "postfix
reload" etc. File: spawn/spawn.c.
+
+20241205
+
+ Portability: include <sys_socket.h> for a SUNOS5 workaround.
+ Gary R. Schmidt. File: util/peekfd.c.
+
+20241210
+
+ Documentation: ESMTP parameters that are supported in Milter
+ requests to change the envelope sender address, or to add
+ an envelope recipient address. File: proto/MILTER_README.html.
+
+20241213
+
+ Bugfix (defect introduced Postfix 3.1 date 20150523): makedefs did
+ not handle Major release version of zero. Michael Tokarev. File:
+ makedefs.
+
+ Portability: changed the closefrom() result type from 'int'
+ to 'void', for compatibility with systems that have a
+ closefrom() implementation that we don't want to use.
+ Michael Tokarev. Files: util/sys_defs.h, util/sys_compat.c.
+
+20241214
+
+ Documentation: updated the postlog(1) manpage text for
+ logging to the standard error stream. File postlog/postlog.c.
+
+20241226
+
+ Bit rot: The Postfix code for logging the TLS group wasn't
+ quite right. Instead of the TLS group name, it logged the
+ underlying public key algorithm name. These names may differ
+ when some of the newer constructs are used. Viktor Dukhovni.
+ File: tls/tls_misc.c.
+
+20241230
+
+ Bugfix (defect introduced: Postfix 3.3, date 20180107) small
+ memory leak in the cleanup daemon when generating a "From:
+ full-name <addr-spec>" message header. The impact is limited
+ because the number of requests is bounded by the "max_use"
+ configuration parameter. Found during code maintenance.
+ File: cleanup/cleanup_message.c.
+
+20250101
+
+ Wietse added -DNO_CLOSEFROM support to make the change
+ 20241213 easily testable, and documented it in the makedefs(1)
+ manpage.
+
+20250102
+
+ Added pre-release checks for configuration parameters that
+ are implemented but not documented, and for configuration
+ parameters that are documented but not implemented. Files:
+ mantools/check-postconf-unimplemented,
+ mantools/check-postconf-undocumented.
+
+ Documentation: eliminated an "unused" postconf(5) entry for
+ the lmtp_lhlo_timeout parameter, and added end-of-life info
+ for the obsolete proxy_tls_session_cache_timeout parameter.
+ File: proto/postconf.proto.
# Some checks require a bin/postconf executable.
pre-release-checks: typo-check double-check missing-proxy-read-maps-check \
postlink-check postfix-files-check \
+ postconf-unimplemented-check postconf-undocumented-check \
check-table-proto check-see-postconf-d-output \
check-snapshot-nonprod
postlink-check:
$(SHLIB_ENV) mantools/check-postlink | diff /dev/null -
+postconf-undocumented-check:
+ $(SHLIB_ENV) mantools/check-postconf-undocumented | diff /dev/null -
+
+postconf-unimplemented-check:
+ $(SHLIB_ENV) mantools/check-postconf-unimplemented | diff /dev/null -
+
missing-proxy-read-maps-check:
$(SHLIB_ENV) mantools/missing-proxy-read-maps | diff /dev/null -
command information; they have no access to the message header or body, and
cannot make modifications to the message or to the envelope.
- * Postfix 2.6 ignores the optional ESMTP parameters in requests to replace
- the sender (SMFIR_CHGFROM) or to append a recipient (SMFIR_ADDRCPT_PAR).
- Postfix logs a warning message when a Milter application supplies such
- ESMTP parameters:
+ * Postfix 3.3 and later support the ESMTP parameters RET and ENVID in
+ requests to replace the envelope sender (SMFIR_CHGFROM). Postfix logs a
+ warning message when a Milter application supplies other ESMTP parameters:
+
+ warning: queue-id: cleanup_chg_from: ignoring bad ESMTP
+ parameter "whatever" in SMFI_CHGFROM request
+
+ * Postfix 3.0 and later support the ESMTP parameters NOTIFY and ORCPT in
+ requests to add an envelope recipient. Postfix logs a warning message when
+ a Milter application supplies other ESMTP parameters:
+
+ warning: queue-id: cleanup_add_rcpt: ignoring ESMTP argument
+ from Milter or header/body_checks: "whatever"
+
+ * Postfix 2.6 and later ignore optional ESMTP parameters in requests to
+ replace the sender (SMFIR_CHGFROM) or to append a recipient
+ (SMFIR_ADDRCPT_PAR). Postfix logs a warning message when a Milter
+ application supplies such ESMTP parameters:
warning: queue-id: cleanup_chg_from: ignoring ESMTP arguments "whatever"
warning: queue-id: cleanup_add_rcpt: ignoring ESMTP arguments "whatever"
Add a mail_version chek to each pluggable database client.
+ Unify conf/postfix-wrapper and proto/postfix-wrapper (make
+ one a dependency of the other). They have diverged.
+
+ Should the SMTP client log the queue ID with the TLS status?
+
relay_recipient_maps empty should default to 'no valid
recipients'. Subject to compatibility level.
Make a reason available for messages placed on 'hold'.
+ In pipe_command() and spawn_command(), the child process
+ should call initgroups() to corrrectly the access rights
+ of interactive shell users.
+
relay_recipient_maps empty should default to 'no valid
recipients'. Subject to compatibility level.
message header or body, and cannot make modifications to the message
or to the envelope. </p>
-<li> <p> Postfix 2.6 ignores the optional ESMTP parameters in
+<li> <p> Postfix 3.3 and later support the ESMTP parameters RET and
+ENVID in requests to replace the envelope sender (SMFIR_CHGFROM).
+Postfix logs a warning message when a Milter application supplies
+other ESMTP parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_chg_from: ignoring bad ESMTP
+ parameter "<i>whatever</i>" in SMFI_CHGFROM request
+</pre>
+
+<li> <p> Postfix 3.0 and later support the ESMTP parameters NOTIFY
+and ORCPT in requests to add an envelope recipient. Postfix logs a
+warning message when a Milter application supplies other ESMTP
+parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_add_rcpt: ignoring ESMTP argument
+ from Milter or header/body_checks: "<i>whatever</i>"
+</pre>
+
+<li> <p> Postfix 2.6 and later ignore optional ESMTP parameters in
requests to replace the sender (SMFIR_CHGFROM) or to append a
recipient (SMFIR_ADDRCPT_PAR). Postfix logs a warning message when
a Milter application supplies such ESMTP parameters: </p>
non-default <i>include</i> directory. The following directives are
special:
+ <b>-DNO_CLOSEFROM</b>
+ Do not use the system closefom() implementation.
+
<b>-DNO_DB</b>
Do not build with Berkeley DB support.
by <a href="tlsmgr.8.html">tlsmgr(8)</a>, there is only one expiration time for the SMTP server cache
shared by all three services, namely <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p>
-<p> This feature is available in Postfix 2.8 and later. </p>
+<p> This feature is available in Postfix 2.8-2.10. </p>
</DD>
record. If no <i>text</i> is specified on the command line, <a href="postlog.1.html"><b>postlog</b>(1)</a> reads
from standard input and logs each input line as one record.
- By default, logging is sent to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>; when the
- standard error stream is connected to a terminal, logging is sent there
- as well.
+ Logging is sent to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard error
+ stream (with Postfix < 3.8, <a href="postlog.1.html"><b>postlog</b>(1)</a> writes to the standard error
+ stream only if that stream is connected to a terminal).
The following options are implemented:
# \fIinclude\fR directory.
# The following directives are special:
# .RS
+# .IP \fB-DNO_CLOSEFROM\fR
+# Do not use the system closefom() implementation.
# .IP \fB-DNO_DB\fR
# Do not build with Berkeley DB support.
# .IP \fB-DNO_DEVPOLL\fR
# Officially supported usage.
0) SYSTEM=`(uname -s) 2>/dev/null`
RELEASE=`(uname -r) 2>/dev/null`
- # No ${x%%y} support in Solaris 11 /bin/sh
- RELEASE_MAJOR=`expr "$RELEASE" : '\([0-9]*\)'` || exit 1
VERSION=`(uname -v) 2>/dev/null`
case "$VERSION" in
dcosx*) SYSTEM=$VERSION;;
*) echo usage: $0 [system release] 1>&2; exit 1;;
esac
+# No ${x%%y} support in Solaris 11 /bin/sh
+RELEASE_MAJOR=`echo "$RELEASE" | sed 's/[^0-9].*//'` || exit 1
+
case "$SYSTEM.$RELEASE" in
SCO_SV.3.2) SYSTYPE=SCO5
# Use the native compiler by default
\fIinclude\fR directory.
The following directives are special:
.RS
+.IP \fB\-DNO_CLOSEFROM\fR
+Do not use the system closefom() implementation.
.IP \fB\-DNO_DB\fR
Do not build with Berkeley DB support.
.IP \fB\-DNO_DEVPOLL\fR
line, \fBpostlog\fR(1) reads from standard input and logs each input
line as one record.
-By default, logging is sent to \fBsyslogd\fR(8) or
-\fBpostlogd\fR(8); when the
-standard error stream is connected to a terminal, logging
-is sent there as well.
+Logging is sent to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), and
+to the standard error stream (with Postfix < 3.8, \fBpostlog\fR(1)
+writes to the standard error stream only if that stream is
+connected to a terminal).
The following options are implemented:
.IP "\fB\-c \fIconfig_dir\fR"
by \fBtlsmgr\fR(8), there is only one expiration time for the SMTP server cache
shared by all three services, namely smtpd_tls_session_cache_timeout.
.PP
-This feature is available in Postfix 2.8 and later.
+This feature is available in Postfix 2.8\-2.10.
.SH tlsproxy_use_tls (default: $smtpd_use_tls)
Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. See smtpd_use_tls
--- /dev/null
+#!/bin/sh
+
+# Reports parameters that exist in postconf(1) output, but that are not
+# documented in the postconf(5) manpage.
+
+LANG=C; export LANG
+LC_ALL=C; export LC_ALL
+
+bin/postconf mail_version >/dev/null || exit 1
+
+trap 'rm -f want.tmp have.tmp stoplist.tmp 2>/dev/null' 0 1 2 3 15
+
+# Extract parameters from the postconf(5) manpage.
+
+awk '/^%PARAM/ { print $2 }' proto/postconf.proto | sort > have.tmp || exit 1
+
+# Build a stoplist for postconf(1) output.
+
+# Eliminate unwanted dynamic parameter names for delivery agents. These
+# names are prefixed by their master.cf service name (they must instead
+# be documented with fake names that have the "transport_" prefix; that
+# is implemented later in this script).
+
+for xport in error lmtp local relay retry smtp virtual
+do
+ cat <<EOF
+${xport}_delivery_slot_cost
+${xport}_delivery_slot_discount
+${xport}_delivery_slot_loan
+${xport}_destination_concurrency_failed_cohort_limit
+${xport}_destination_concurrency_limit
+${xport}_destination_concurrency_negative_feedback
+${xport}_destination_concurrency_positive_feedback
+${xport}_destination_rate_delay
+${xport}_destination_recipient_limit
+${xport}_extra_recipient_limit
+${xport}_initial_destination_concurrency
+${xport}_minimum_delivery_slots
+${xport}_recipient_limit
+${xport}_recipient_refill_delay
+${xport}_recipient_refill_limit
+${xport}_transport_rate_delay
+EOF
+done >stoplist.tmp
+
+# Eliminate other unwanted per-service parameters.
+
+#cat >>stoplist.tmp <<EOF
+#EOF
+
+# Eliminate unwanted auto-generated parameters that make no sense.
+
+cat >>stoplist.tmp <<'EOF'
+lmtp_tlsrpt_enable
+lmtp_tlsrpt_skip_reused_handshakes
+lmtp_tlsrpt_socket_name
+EOF
+
+# Build the list of parameter names that must have an entry in the
+# postconf(5) manpage.
+
+(
+# First, extract parameters from postconf(1) output, using the stock
+# configurations.
+
+bin/postconf -dHc conf | grep -F -vx -f stoplist.tmp
+
+# Next, require that all dynamically-generated parameter names for delivery
+# agents are documented as transport_mumble.
+
+cat <<EOF
+transport_delivery_slot_cost
+transport_delivery_slot_discount
+transport_delivery_slot_loan
+transport_destination_concurrency_failed_cohort_limit
+transport_destination_concurrency_limit
+transport_destination_concurrency_negative_feedback
+transport_destination_concurrency_positive_feedback
+transport_destination_rate_delay
+transport_destination_recipient_limit
+transport_extra_recipient_limit
+transport_initial_destination_concurrency
+transport_minimum_delivery_slots
+transport_recipient_limit
+transport_recipient_refill_delay
+transport_recipient_refill_limit
+transport_transport_rate_delay
+EOF
+
+# Require that other per-service parameters are documented.
+
+cat <<EOF
+transport_time_limit
+EOF
+) | sort >want.tmp || exit 1
+
+# Report parameter names that have an implementation but no documentation.
+
+comm -23 want.tmp have.tmp
--- /dev/null
+#!/bin/sh
+
+# Reports parameters that are documented in the postconf(5 mapage),
+# but not implemented according to postconf(1) output.
+
+LANG=C; export LANG
+LC_ALL=C; export LC_ALL
+
+bin/postconf mail_version >/dev/null || exit 1
+
+trap 'rm -f have.tmp want.tmp stoplist.tmp 2>/dev/null' 0 1 2 3 15
+
+# Extract the implemented parameter names from postconf(1) output, using
+# the stock configurations.
+
+bin/postconf -dHc conf | sort >have.tmp || exit 1
+
+# Build a stoplist for postconf(5) output.
+
+# Eliminate dynamic parameter names for delivery agents. These are
+# documented as transport_mumble.
+
+cat <<EOF >stoplist.tmp
+transport_delivery_slot_cost
+transport_delivery_slot_discount
+transport_delivery_slot_loan
+transport_destination_concurrency_failed_cohort_limit
+transport_destination_concurrency_limit
+transport_destination_concurrency_negative_feedback
+transport_destination_concurrency_positive_feedback
+transport_destination_rate_delay
+transport_destination_recipient_limit
+transport_extra_recipient_limit
+transport_initial_destination_concurrency
+transport_minimum_delivery_slots
+transport_recipient_limit
+transport_recipient_refill_delay
+transport_recipient_refill_limit
+transport_transport_rate_delay
+EOF
+
+# Eliminate other per-service transport_mumble parameters.
+
+cat <<EOF >>stoplist.tmp
+transport_time_limit
+EOF
+
+# Eliminate obsolete parameters. These are no longer implemented, but
+# still documented.
+
+cat >>stoplist.tmp <<'EOF'
+authorized_verp_clients
+enable_errors_to
+extract_recipient_limit
+fallback_relay
+lmtp_cache_connection
+lmtp_per_record_deadline
+postscreen_blacklist_action
+postscreen_dnsbl_ttl
+postscreen_dnsbl_whitelist_threshold
+postscreen_whitelist_interfaces
+sender_based_routing
+smtp_per_record_deadline
+smtp_skip_4xx_greeting
+smtp_tls_cipherlist
+smtpd_per_record_deadline
+smtpd_sasl_application_name
+smtpd_tls_cipherlist
+tls_dane_digest_agility
+tls_dane_trust_anchor_digest_enable
+tlsproxy_client_level
+tlsproxy_client_policy
+tlsproxy_tls_session_cache_timeout
+virtual_maps
+EOF
+
+# Extract parameters from the postconf(5) manpage.
+
+awk '/^%PARAM/ { print $2 }' proto/postconf.proto |
+ grep -F -vx -f stoplist.tmp | sort > want.tmp || exit 1
+
+# Report names from the postconf(5) manpage that have no implementation.
+
+comm -23 want.tmp have.tmp
message header or body, and cannot make modifications to the message
or to the envelope. </p>
-<li> <p> Postfix 2.6 ignores the optional ESMTP parameters in
+<li> <p> Postfix 3.3 and later support the ESMTP parameters RET and
+ENVID in requests to replace the envelope sender (SMFIR_CHGFROM).
+Postfix logs a warning message when a Milter application supplies
+other ESMTP parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_chg_from: ignoring bad ESMTP
+ parameter "<i>whatever</i>" in SMFI_CHGFROM request
+</pre>
+
+<li> <p> Postfix 3.0 and later support the ESMTP parameters NOTIFY
+and ORCPT in requests to add an envelope recipient. Postfix logs a
+warning message when a Milter application supplies other ESMTP
+parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_add_rcpt: ignoring ESMTP argument
+ from Milter or header/body_checks: "<i>whatever</i>"
+</pre>
+
+<li> <p> Postfix 2.6 and later ignore optional ESMTP parameters in
requests to replace the sender (SMFIR_CHGFROM) or to append a
recipient (SMFIR_ADDRCPT_PAR). Postfix logs a warning message when
a Milter application supplies such ESMTP parameters: </p>
(seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds). </p>
-%PARAM lmtp_lhlo_timeout 300s
-
-<p> The Postfix LMTP client time limit for receiving the LMTP
-greeting banner. When the remote LMTP server drops the connection
-without sending a
-greeting banner, or when it sends no greeting banner within the
-deadline, the LMTP client tries the next address on the mail
-exchanger list. </p>
-
-<p> Specify a non-zero time value (an integral value plus an optional
-one-letter suffix that specifies the time unit). Time units: s
-(seconds), m (minutes), h (hours), d (days), w (weeks).
-The default time unit is s (seconds). </p>
-
%PARAM lmtp_mail_timeout 300s
<p>
by tlsmgr(8), there is only one expiration time for the SMTP server cache
shared by all three services, namely smtpd_tls_session_cache_timeout. </p>
-<p> This feature is available in Postfix 2.8 and later. </p>
+<p> This feature is available in Postfix 2.8-2.10. </p>
%PARAM tlsproxy_use_tls $smtpd_use_tls
ccformat
xxsql
MEMCACHE
+ORCPT
+RET
a dependency for html html File html Makefile in
master dgram_server c master mail_server h postlogd postlogd c
reload etc File spawn spawn c
+ logging to the standard error stream File postlog postlog c
v'expr
roff
diffs
+CLOSEFROM
}
if (token) {
tok822_externalize(state->temp2, token, TOK822_STR_NONE);
- tok822_free(token);
+ tok822_free_tree(token);
vstring_strcat(state->temp2, " ");
}
vstring_sprintf_append(state->temp2, "<%s>",
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20241202"
+#define MAIL_RELEASE_DATE "20250103"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT
/* line, \fBpostlog\fR(1) reads from standard input and logs each input
/* line as one record.
/*
-/* By default, logging is sent to \fBsyslogd\fR(8) or
-/* \fBpostlogd\fR(8); when the
-/* standard error stream is connected to a terminal, logging
-/* is sent there as well.
+/* Logging is sent to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), and
+/* to the standard error stream (with Postfix < 3.8, \fBpostlog\fR(1)
+/* writes to the standard error stream only if that stream is
+/* connected to a terminal).
/*
/* The following options are implemented:
/* .IP "\fB-c \fIconfig_dir\fR"
if (SSL_version(ssl) < TLS1_3_VERSION)
return;
- if (tls_get_peer_dh_pubkey(ssl, &dh_pkey)) {
+ /*
+ * On the client side, a TLS 1.3 KEM has no server key, just ciphertext
+ * to decapsulate, but, as of OpenSSL 3.0, the client can still obtain
+ * the negotiated group name directly.
+ */
+ if (!kex_name)
+ kex_name = TLS_GROUP_NAME(ssl);
+
+ if (kex_name == NULL && tls_get_peer_dh_pubkey(ssl, &dh_pkey)) {
switch (nid = EVP_PKEY_id(dh_pkey)) {
default:
kex_name = OBJ_nid2sn(EVP_PKEY_type(nid));
EVP_PKEY_free(dh_pkey);
}
- /*
- * On the client side, a TLS 1.3 KEM has no server key, just ciphertext
- * to decapsulate, but, as of OpenSSL 3.0, the client can still obtain
- * the negotiated group name directly. We nevertheless still try to get
- * the group details from the peer key first, which works with OpenSSL
- * 1.1.1 and retains the original output format for the (EC)DH groups.
- */
- if (!kex_name)
- kex_name = TLS_GROUP_NAME(ssl);
-
/*
* On the client end, the certificate may be present, but not used, so we
* check via SSL_get_signature_nid(). This means that local signature
#include <sys_defs.h>
#include <sys/ioctl.h>
+#ifdef SUNOS5
+#include <sys/socket.h> /* shutdown(2) */
+#endif
#ifdef FIONREAD_IN_SYS_FILIO_H
#include <sys/filio.h>
#endif
/* closefrom() - closes all file descriptors from the given one up */
-int closefrom(int lowfd)
+void closefrom(int lowfd)
{
int fd_limit = open_limit(0);
int fd;
*/
if (lowfd < 0) {
errno = EBADF;
- return (-1);
+ return;
}
if (fd_limit > 500)
fd_limit = 500;
for (fd = lowfd; fd < fd_limit; fd++)
(void) close(fd);
-
- return (0);
}
#endif
#undef HAVE_POSIX_GETPW_R
#endif
+#ifdef NO_CLOSEFROM
+#undef HAS_CLOSEFROM
+#endif
+
#ifdef NO_DB
#undef HAS_DB
#endif
#endif
#ifndef HAS_CLOSEFROM
-extern int closefrom(int);
+extern void closefrom(int);
#endif
projects / thirdparty / postfix.git / commitdiff
