Bugfix: sanitize server responses before storing them in
the verify database, to avoid Postfix warnings about malformed
UTF8. File: verify/verify.c.
+
+20191215
+
+ Future proofing: the Postfix DNS library logs a warning if
+ the DNS_REQ_FLAG_NCACHE_TTL dns_lookup flag is set and the
+ RES_DNSRCH or RES_DEFNAMES resolver flags are set, and
+ disables those resolver flags. File: dns/dns_lookup.c.
+
+20191230
+
+ Documentation: added the 'X' flag (final delivery) to the
+ pipe-based final delivery examples in the default master.cf
+ file. File: conf/master.cf
+
+20201005
+
+ Workaround: postlog clients open the socket before entering
+ the chroot jail and before dropping privileges. This is needed
+ on MacOS and would not hurt otherwise. Files: util/msg_logger.[hc],
+ global/maillog_client.c.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
-# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
-# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
small subset of clients. </p>
<p> The default "strong" curve is rated in NSA <a
-href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
B</a> for information classified up to SECRET. </p>
<p> Note: elliptic curve names are poorly standardized; different
of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p>
<p> This default "ultra" curve is rated in NSA <a
-href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
B</a> for information classified up to TOP SECRET. </p>
<p> If you want to take maximal advantage of ciphers that offer <a
/* available. The per-record reply TTL specifies how long the
/* DNS_NOTFOUND answer is valid. The caller should pass the
/* record(s) to dns_rr_free().
+/* Logs a warning if the RES_DNSRCH or RES_DEFNAMES resolver
+/* flags are set, and disables those flags.
/* .RE
/* .IP ltype
/* The resource record types to be looked up. In the case of
if (flags & RES_USE_DNSSEC)
flags |= RES_USE_EDNS0;
+ /*
+ * Can't append domains: we need the right SOA TTL.
+ */
+#define APPEND_DOMAIN_FLAGS (RES_DNSRCH | RES_DEFNAMES)
+
+ if (keep_notfound && (flags & APPEND_DOMAIN_FLAGS)) {
+ msg_warn("negative caching disables RES_DEFNAMES and RES_DNSRCH");
+ flags &= ~APPEND_DOMAIN_FLAGS;
+ }
+
/*
* Save and restore resolver options that we overwrite, to avoid
* surprising behavior in other code that also invokes the resolver.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20191214"
+#define MAIL_RELEASE_DATE "20200105"
#define MAIL_VERSION_NUMBER "3.5"
#ifdef SNAPSHOT
if (var_maillog_file && *var_maillog_file) {
ARGV *good_prefixes = argv_split(var_maillog_file_pfxs,
CHARS_COMMA_SP);
- char **cpp;
+ char **cpp;
for (cpp = good_prefixes->argv; /* see below */ ; cpp++) {
if (*cpp == 0)
}
if (service_path != import_service_path)
myfree(service_path);
+ msg_logger_control(CA_MSG_LOGGER_CTL_CONNECT_NOW,
+ CA_MSG_LOGGER_CTL_END);
}
/*
/* .IP CA_MSG_LOGGER_CTL_DISABLE
/* Disable the msg_logger. This remains in effect until the
/* next msg_logger_init() call.
+/* .IP CA_MSG_LOGGER_CTL_CONNECT_NOW
+/* Close the logging socket if it was already open, and open
+/* the logging socket now, if permitted by current settings.
+/* Otherwise, the open is delayed until a logging request.
/* SEE ALSO
/* msg(3) diagnostics module
/* BUGS
static int msg_logger_fallback_only_override = 0;
static int msg_logger_enable = 0;
+#define MSG_LOGGER_NEED_SOCKET() (msg_logger_fallback_only_override == 0)
+
/*
* Other state.
*/
#define STR(x) vstring_str(x)
#define LEN(x) VSTRING_LEN(x)
+/* msg_logger_connect - connect to logger service */
+
+static void msg_logger_connect(void)
+{
+ if (msg_logger_sock == MSG_LOGGER_SOCK_NONE) {
+ msg_logger_sock = unix_dgram_connect(msg_logger_unix_path, BLOCKING);
+ if (msg_logger_sock >= 0)
+ close_on_exec(msg_logger_sock, CLOSE_ON_EXEC);
+ }
+}
+
+/* msg_logger_disconnect - disconnect from logger service */
+
+static void msg_logger_disconnect(void)
+{
+ if (msg_logger_sock != MSG_LOGGER_SOCK_NONE) {
+ (void) close(msg_logger_sock);
+ msg_logger_sock = MSG_LOGGER_SOCK_NONE;
+ }
+}
/* msg_logger_print - log info to service or file */
* will report ENOENT if the endpoint does not exist, ECONNREFUSED if no
* server has opened the endpoint.
*/
- if (msg_logger_fallback_only_override == 0
- && msg_logger_sock == MSG_LOGGER_SOCK_NONE) {
- msg_logger_sock = unix_dgram_connect(msg_logger_unix_path, BLOCKING);
- if (msg_logger_sock >= 0)
- close_on_exec(msg_logger_sock, CLOSE_ON_EXEC);
- }
+ if (MSG_LOGGER_NEED_SOCKET())
+ msg_logger_connect();
if (msg_logger_sock != MSG_LOGGER_SOCK_NONE) {
send(msg_logger_sock, STR(msg_logger_buf), LEN(msg_logger_buf), 0);
} else if (msg_logger_fallback_fn) {
switch (name) {
case MSG_LOGGER_CTL_FALLBACK_ONLY:
msg_logger_fallback_only_override = 1;
- if (msg_logger_sock != MSG_LOGGER_SOCK_NONE) {
- (void) close(msg_logger_sock);
- msg_logger_sock = MSG_LOGGER_SOCK_NONE;
- }
+ msg_logger_disconnect();
break;
case MSG_LOGGER_CTL_FALLBACK_FN:
msg_logger_fallback_fn = va_arg(ap, MSG_LOGGER_FALLBACK_FN);
case MSG_LOGGER_CTL_DISABLE:
msg_logger_enable = 0;
break;
+ case MSG_LOGGER_CTL_CONNECT_NOW:
+ msg_logger_disconnect();
+ if (MSG_LOGGER_NEED_SOCKET())
+ msg_logger_connect();
+ break;
default:
msg_panic("%s: bad name %d", myname, name);
}
#define MSG_LOGGER_CTL_FALLBACK_ONLY 1
#define MSG_LOGGER_CTL_FALLBACK_FN 2
#define MSG_LOGGER_CTL_DISABLE 3
+#define MSG_LOGGER_CTL_CONNECT_NOW 4
/* Safer API: type-checked arguments, external use. */
#define CA_MSG_LOGGER_CTL_END MSG_LOGGER_CTL_END
MSG_LOGGER_CTL_FALLBACK_FN, CHECK_VAL(MSG_LOGGER_CTL, \
MSG_LOGGER_FALLBACK_FN, (v))
#define CA_MSG_LOGGER_CTL_DISABLE MSG_LOGGER_CTL_DISABLE
+#define CA_MSG_LOGGER_CTL_CONNECT_NOW MSG_LOGGER_CTL_CONNECT_NOW
CHECK_VAL_HELPER_DCL(MSG_LOGGER_CTL, MSG_LOGGER_FALLBACK_FN);
projects / thirdparty / postfix.git / commitdiff
