client. Files: postconf.c, xsasl_{client,server}.c.
Feature: new SMTPD policy attributes "encryption_protocol",
- "encryption_cypher" and "encryption_keysize", to distinguish
+ "encryption_cipher" and "encryption_keysize", to distinguish
plaintext from encrypted connections.
+20051221
+
+ Privacy: the new Cyrus SASL server plug-in replaces "no
+ user" errors by "authentication failed" errors. File:
+ xsasl/xsasl_cyrus_server.c.
+
Open problems:
Reject numeric domains only when strict envelope syntax is
* The "encryption_*" attributes (Postfix 2.3 and later) specify information
about how the connection is encrypted. With plaintext connections the
- protocol and cypher attributes are empty and the keysize is zero.
+ protocol and cipher attributes are empty and the keysize is zero.
The following is specific to SMTPD delegated policy requests:
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
specify information about how the connection is encrypted. With
- plaintext connections the protocol and cypher attributes are
+ plaintext connections the protocol and cipher attributes are
empty and the keysize is zero. </p>
</ul>
queue file. For this mode of operation, the program
expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- Alternatively, the SMTP server takes an established con-
- nection on standard input and deposits messages directly
- into the <b>maildrop</b> queue. In this so-called stand-alone
- mode, the SMTP server can accept mail even while the mail
- system is not running.
+ Alternatively, the SMTP server be can run in stand-alone
+ mode; this is traditionally obtained with "<b>sendmail -bs</b>".
+ When the SMTP server runs stand-alone with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b>
+ privileges, it receives mail even while the mail system is
+ not running, deposits messages directly into the <b>maildrop</b>
+ queue, and disables the SMTP server's access policies. As
+ of Postfix version 2.3, the SMTP server refuses to receive
+ mail from the network when it runs with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b>
+ privileges.
The SMTP server implements a variety of policies for con-
nection requests, and for parameters given to <b>HELO, ETRN,</b>
Report the SASL authenticated user name in the
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.
- <b>smtpd_sasl_path (smtpd)</b>
+ <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
single queue file. For this mode of operation, the program
expects to be run from the \fBmaster\fR(8) process manager.
-Alternatively, the SMTP server takes an established
-connection on standard input and deposits messages directly
-into the \fBmaildrop\fR queue. In this so-called stand-alone
-mode, the SMTP server can accept mail even while the mail
-system is not running.
+Alternatively, the SMTP server be can run in stand-alone
+mode; this is traditionally obtained with "\fBsendmail
+-bs\fR". When the SMTP server runs stand-alone with non
+$\fBmail_owner\fR privileges, it receives mail even while
+the mail system is not running, deposits messages directly
+into the \fBmaildrop\fR queue, and disables the SMTP server's
+access policies. As of Postfix version 2.3, the SMTP server
+refuses to receive mail from the network when it runs with
+non $\fBmail_owner\fR privileges.
The SMTP server implements a variety of policies for connection
requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
specify information about how the connection is encrypted. With
- plaintext connections the protocol and cypher attributes are
+ plaintext connections the protocol and cipher attributes are
empty and the keysize is zero. </p>
</ul>
#define MAIL_ATTR_CCERT_ISSSUER "ccert_issuer"
#define MAIL_ATTR_CCERT_FINGERPRINT "ccert_fingerprint"
#define MAIL_ATTR_CRYPTO_PROTOCOL "encryption_protocol"
-#define MAIL_ATTR_CRYPTO_CYPHER "encryption_cipher"
+#define MAIL_ATTR_CRYPTO_CIPHER "encryption_cipher"
#define MAIL_ATTR_CRYPTO_KEYSIZE "encryption_keysize"
/*
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20051220"
+#define MAIL_RELEASE_DATE "20051221"
#define MAIL_VERSION_NUMBER "2.3"
#ifdef SNAPSHOT
/* single queue file. For this mode of operation, the program
/* expects to be run from the \fBmaster\fR(8) process manager.
/*
-/* Alternatively, the SMTP server takes an established
-/* connection on standard input and deposits messages directly
-/* into the \fBmaildrop\fR queue. In this so-called stand-alone
-/* mode, the SMTP server can accept mail even while the mail
-/* system is not running.
+/* Alternatively, the SMTP server be can run in stand-alone
+/* mode; this is traditionally obtained with "\fBsendmail
+/* -bs\fR". When the SMTP server runs stand-alone with non
+/* $\fBmail_owner\fR privileges, it receives mail even while
+/* the mail system is not running, deposits messages directly
+/* into the \fBmaildrop\fR queue, and disables the SMTP server's
+/* access policies. As of Postfix version 2.3, the SMTP server
+/* refuses to receive mail from the network when it runs with
+/* non $\fBmail_owner\fR privileges.
/*
/* The SMTP server implements a variety of policies for connection
/* requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR
#define IF_ENCRYPTED(x) ((state->tls_context && ((x) != 0)) ? (x) : "")
ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_PROTOCOL,
IF_ENCRYPTED(state->tls_context->protocol),
- ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_CYPHER,
+ ATTR_TYPE_STR, MAIL_ATTR_CRYPTO_CIPHER,
IF_ENCRYPTED(state->tls_context->cipher_name),
ATTR_TYPE_NUM, MAIL_ATTR_CRYPTO_KEYSIZE,
state->tls_context->cipher_usebits,
inet_addr_list_append(addr_list, SOCK_ADDR_PTR(&addr));
memset((char *) &mask.sin6_addr, ~0, sizeof(mask.sin6_addr));
- mask_addr((char *) &mask.sin6_addr, sizeof(mask.sin6_addr), plen);
+ mask_addr((unsigned char *) &mask.sin6_addr,
+ sizeof(mask.sin6_addr), plen);
inet_addr_list_append(mask_list, SOCK_ADDR_PTR(&mask));
}
vstring_free(addrbuf);
- Create the Postfix makefiles from the top-level directory:
% make makefiles CCARGS='-DUSE_SASL_AUTH -DUSE_FOOBAR_SASL \
- -DDEF_CLIENT_SASL_TYPE=\"foobar\" -DDEF_SERVER_TYPE=\"foobar\" \
+ -DDEF_CLIENT_SASL_TYPE=\"foobar\" -DDEF_SERVER_SASL_TYPE=\"foobar\" \
-I/some/where/include' AUXLIBS='-L/some/where/lib -lfoobar'
Yes, you can have different default SASL implementation types for
myname, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_MORE);
} else {
+ if (sasl_status == SASL_NOUSER) /* privacy */
+ sasl_status = SASL_BADAUTH;
vstring_strcpy(reply, xsasl_cyrus_strerror(sasl_status));
return (XSASL_AUTH_FAIL);
}
projects / thirdparty / postfix.git / commitdiff
