command must wait until its requests have reached the pickup
and qmgr servers before closing the UNIX-domain request
sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.
+
+20120522
+
+ Robustness: set LC_ALL=C in post-install to avoid surprises
+ when parsing output from Postfix or non-Postfix commands.
+ File: postfix-install.
+
+20120611
+
+ Bugfix (introduced: 20031216-21): with soft_bounce=yes, the
+ SMTP client did not move on to the next MX host or fallback
+ relay after a 5xx reply. File: smtp/smtp_trouble.c.
I\bIn\bnt\btr\bro\bod\bdu\buc\bct\bti\bio\bon\bn
-The Postfix postscreen(8) server performs triage on multiple inbound SMTP
-connections at the same time. While a single postscreen(8) process keeps
-zombies away from Postfix SMTP server processes, more Postfix SMTP server
-processes remain available for legitimate clients.
+The Postfix postscreen(8) daemon provides additional protection against mail
+server overload. One postscreen(8) process handles multiple inbound SMTP
+connections, and decides which clients may talk to a Postfix SMTP server
+process. By keeping spambots away, postscreen(8) leaves more SMTP server
+processes available for legitimate clients, and delays the onset of server
+overload conditions.
postscreen(8) maintains a temporary whitelist for clients that pass its tests;
by allowing whitelisted clients to skip tests, postscreen(8) minimizes its
(8) event-driven TLS proxy that decrypts/encrypts the sessions for multiple
SMTP clients.
+The tlsproxy(8) implementation led to the discovery of a "new" class of
+vulnerability (CVE-2011-0411) that affected multiple implementations of TLS
+over SMTP, POP, IMAP, NNTP, and FTP.
+
+postscreen(8) was officially released as part of the Postfix 2.8 stable release
+in January 2011.
+
O\bOt\bth\bhe\ber\br m\bme\bea\bas\bsu\bur\bre\bes\bs t\bto\bo o\bof\bff\bf-\b-l\blo\boa\bad\bd z\bzo\bom\bmb\bbi\bie\bes\bs
The postscreen(8) daemon, introduced with Postfix 2.8, provides additional
-protection against mail server overload. One postscreen(8) process handles all
-connections from "new" SMTP clients, and allows only well-behaved clients to
-talk to a Postfix SMTP server process. By keeping spambots away, postscreen(8)
-leaves more SMTP server processes available for legitimate clients, and delays
-the onset of server overload conditions.
+protection against mail server overload. One postscreen(8) process handles
+multiple inbound SMTP connections, and decides which clients may to talk to a
+Postfix SMTP server process. By keeping spambots away, postscreen(8) leaves
+more SMTP server processes available for legitimate clients, and delays the
+onset of server overload conditions.
C\bCr\bre\bed\bdi\bit\bts\bs
Make "rename" the default when postmapping a DB file
(later: use copy+rename for postmap -i, postmap -d).
+ "no-cache" option for selected postscreen tests?
+
+ Need primitive to find out if a map has a local lock. If
+ it doesn't (like memcache or proxied map), then postscreen
+ etc. don't need to close a cache after "postfix reload".
+ After a fork() it is OK to keep using a memcache or proxymap
+ handle, because the parent exits immediately.
+
+ Different TTL values for different DNSBL sources?
+
+ Replace master(8) SIGHUP by very simple socket protocol to
+ allow reload of a specific service.
+
Make the "trigger" service endpoint type configurable. On
non-Solaris systems, switching from fifo to unix can avoid
disk spin-up due to mtime changes (Postfix on Solaris
need to use attack-resistant code for numeric conversion.
move flush_init() etc. from defer service clients to the
- bounce daemon?
+ bounce daemon? Postfix works best when work can be spread
+ out over many clients, instead of over a few servers.
multi_connect() function that takes a list of inet:host:port
and/or unix:pathname specs, with an explicit "inet" prefix
<h2> <a name="intro">Introduction</a> </h2>
-<p> The Postfix <a href="postscreen.8.html">postscreen(8)</a> server performs triage on multiple
-inbound SMTP connections at the same time. While a single <a href="postscreen.8.html">postscreen(8)</a>
-process keeps zombies away from Postfix SMTP server processes, more
-Postfix SMTP server processes remain available for legitimate
-clients. </p>
+<p> The Postfix <a href="postscreen.8.html">postscreen(8)</a> daemon provides additional protection
+against mail server overload. One <a href="postscreen.8.html">postscreen(8)</a> process handles
+multiple inbound SMTP connections, and decides which clients may
+talk to a Postfix SMTP server process. By keeping spambots away,
+<a href="postscreen.8.html">postscreen(8)</a> leaves more SMTP server processes available for
+legitimate clients, and delays the onset of <a
+href="STRESS_README.html">server overload</a> conditions. </p>
<p> <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary whitelist for clients that
pass its tests; by allowing whitelisted clients to skip tests,
implementation introduces the <a href="tlsproxy.8.html">tlsproxy(8)</a> event-driven TLS proxy
that decrypts/encrypts the sessions for multiple SMTP clients. </p>
+<p> The <a href="tlsproxy.8.html">tlsproxy(8)</a> implementation led to the discovery of a "new"
+class of vulnerability (<a
+href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411"
+>CVE-2011-0411</a>) that affected multiple implementations of TLS
+over SMTP, POP, IMAP, NNTP, and FTP. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> was officially released as part of the Postfix
+2.8 stable release in January 2011.</p>
+
</body>
</html>
<p> The <a href="postscreen.8.html">postscreen(8)</a> daemon, introduced with Postfix 2.8, provides
additional protection against mail server overload. One <a href="postscreen.8.html">postscreen(8)</a>
-process handles all connections from "new" SMTP clients, and allows
-only well-behaved clients to talk to a Postfix SMTP server process.
-By keeping spambots away, <a href="postscreen.8.html">postscreen(8)</a> leaves more SMTP server
-processes available for legitimate clients, and delays the onset
-of server overload conditions. </p>
+process handles multiple inbound SMTP connections, and decides which
+clients may to talk to a Postfix SMTP server process. By keeping
+spambots away, <a href="postscreen.8.html">postscreen(8)</a> leaves more SMTP server processes
+available for legitimate clients, and delays the onset of server
+overload conditions. </p>
<h2><a name="credits"> Credits </a></h2>
<p>
The UNIX system account that owns the Postfix queue and most Postfix
-daemon processes. Specify the name of a user account that does
-not share a group with other accounts and that owns no other files
+daemon processes. Specify the name of an unprivileged user account
+that does not share a user or group ID with other accounts, and that
+owns no other files
or processes on the system. In particular, don't specify nobody
or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.
</p>
<b>postscreen</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server performs triage on multi-
- ple inbound SMTP connections at the same time. While a
- single <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process keeps spambots away from
- Postfix SMTP server processes, more Postfix SMTP server
- processes remain available for legitimate clients.
+ The Postfix <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server provides additional pro-
+ tection against mail server overload. One <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ process handles multiple inbound SMTP connections, and
+ decides which clients may talk to a Postfix SMTP server
+ process. By keeping spambots away, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> leaves
+ more SMTP server processes available for legitimate
+ clients.
This program should not be used on SMTP ports that receive
mail from end-user clients (MUAs). In a typical deploy-
the SMTP greeting banner, and in bounced mail.
.SH mail_owner (default: postfix)
The UNIX system account that owns the Postfix queue and most Postfix
-daemon processes. Specify the name of a user account that does
-not share a group with other accounts and that owns no other files
+daemon processes. Specify the name of an unprivileged user account
+that does not share a user or group ID with other accounts, and that
+owns no other files
or processes on the system. In particular, don't specify nobody
or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.
.PP
.SH DESCRIPTION
.ad
.fi
-The Postfix \fBpostscreen\fR(8) server performs triage on
-multiple inbound SMTP connections at the same time. While
-a single \fBpostscreen\fR(8) process keeps spambots away
-from Postfix SMTP server processes, more Postfix SMTP server
-processes remain available for legitimate clients.
+The Postfix \fBpostscreen\fR(8) server provides additional
+protection against mail server overload. One \fBpostscreen\fR(8)
+process handles multiple inbound SMTP connections, and decides
+which clients may talk to a Postfix SMTP server process.
+By keeping spambots away, \fBpostscreen\fR(8) leaves more
+SMTP server processes available for legitimate clients.
This program should not be used on SMTP ports that receive
mail from end-user clients (MUAs). In a typical deployment,
"
BACKUP_IFS="$IFS"
+# This script uses outputs from Postfix and non-Postfix commands.
+# Override all LC_* settings and LANG for robustness.
+LC_ALL=C; export LC_ALL
+
USAGE="Usage: $0 [name=value] [option]
-non-interactive Do not ask for installation parameters.
-package Build a ready-to-install package.
<h2> <a name="intro">Introduction</a> </h2>
-<p> The Postfix postscreen(8) server performs triage on multiple
-inbound SMTP connections at the same time. While a single postscreen(8)
-process keeps zombies away from Postfix SMTP server processes, more
-Postfix SMTP server processes remain available for legitimate
-clients. </p>
+<p> The Postfix postscreen(8) daemon provides additional protection
+against mail server overload. One postscreen(8) process handles
+multiple inbound SMTP connections, and decides which clients may
+talk to a Postfix SMTP server process. By keeping spambots away,
+postscreen(8) leaves more SMTP server processes available for
+legitimate clients, and delays the onset of <a
+href="STRESS_README.html">server overload</a> conditions. </p>
<p> postscreen(8) maintains a temporary whitelist for clients that
pass its tests; by allowing whitelisted clients to skip tests,
implementation introduces the tlsproxy(8) event-driven TLS proxy
that decrypts/encrypts the sessions for multiple SMTP clients. </p>
+<p> The tlsproxy(8) implementation led to the discovery of a "new"
+class of vulnerability (<a
+href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411"
+>CVE-2011-0411</a>) that affected multiple implementations of TLS
+over SMTP, POP, IMAP, NNTP, and FTP. </p>
+
+<p> postscreen(8) was officially released as part of the Postfix
+2.8 stable release in January 2011.</p>
+
</body>
</html>
<p> The postscreen(8) daemon, introduced with Postfix 2.8, provides
additional protection against mail server overload. One postscreen(8)
-process handles all connections from "new" SMTP clients, and allows
-only well-behaved clients to talk to a Postfix SMTP server process.
-By keeping spambots away, postscreen(8) leaves more SMTP server
-processes available for legitimate clients, and delays the onset
-of server overload conditions. </p>
+process handles multiple inbound SMTP connections, and decides which
+clients may to talk to a Postfix SMTP server process. By keeping
+spambots away, postscreen(8) leaves more SMTP server processes
+available for legitimate clients, and delays the onset of server
+overload conditions. </p>
<h2><a name="credits"> Credits </a></h2>
<p>
The UNIX system account that owns the Postfix queue and most Postfix
-daemon processes. Specify the name of a user account that does
-not share a group with other accounts and that owns no other files
+daemon processes. Specify the name of an unprivileged user account
+that does not share a user or group ID with other accounts, and that
+owns no other files
or processes on the system. In particular, don't specify nobody
or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.
</p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20120520"
+#define MAIL_RELEASE_DATE "20120617"
#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT
/* SYNOPSIS
/* \fBpostscreen\fR [generic Postfix daemon options]
/* DESCRIPTION
-/* The Postfix \fBpostscreen\fR(8) server performs triage on
-/* multiple inbound SMTP connections at the same time. While
-/* a single \fBpostscreen\fR(8) process keeps spambots away
-/* from Postfix SMTP server processes, more Postfix SMTP server
-/* processes remain available for legitimate clients.
+/* The Postfix \fBpostscreen\fR(8) server provides additional
+/* protection against mail server overload. One \fBpostscreen\fR(8)
+/* process handles multiple inbound SMTP connections, and decides
+/* which clients may talk to a Postfix SMTP server process.
+/* By keeping spambots away, \fBpostscreen\fR(8) leaves more
+/* SMTP server processes available for legitimate clients.
/*
/* This program should not be used on SMTP ports that receive
/* mail from end-user clients (MUAs). In a typical deployment,
* XXX Some Berkeley DB versions break with close-after-fork. Every new
* version is an improvement over its predecessor.
*/
- if (psc_cache_map != 0) {
+ if (psc_cache_map != 0 /* XXX && psc_cache_map requires locking */) {
dict_cache_close(psc_cache_map);
psc_cache_map = 0;
}
smtp_trouble.o: ../../include/header_opts.h
smtp_trouble.o: ../../include/htable.h
smtp_trouble.o: ../../include/mail_error.h
+smtp_trouble.o: ../../include/mail_params.h
smtp_trouble.o: ../../include/maps.h
smtp_trouble.o: ../../include/match_list.h
smtp_trouble.o: ../../include/mime_state.h
#include <mail_error.h>
#include <dsn_buf.h>
#include <dsn.h>
+#include <mail_params.h>
/* Application-specific. */
RECIPIENT *rcpt;
int status;
int soft_error = (STR(why->status)[0] == '4');
+ int soft_bounce_error = (STR(why->status)[0] == '5' && var_soft_bounce);
int nrcpt;
/*
* delivery to a backup server. Just log something informative to show
* why we're skipping this host.
*/
- if (soft_error && (state->misc_flags & SMTP_MISC_FLAG_FINAL_SERVER) == 0) {
+ if ((soft_error || soft_bounce_error)
+ && (state->misc_flags & SMTP_MISC_FLAG_FINAL_SERVER) == 0) {
msg_info("%s: %s", request->queue_id, STR(why->reason));
for (nrcpt = 0; nrcpt < SMTP_RCPT_LEFT(state); nrcpt++) {
rcpt = request->rcpt_list.info + nrcpt;
state->status |= status;
}
if ((state->misc_flags & SMTP_MISC_FLAG_COMPLETE_SESSION) == 0
- && throttle_queue && soft_error && request->hop_status == 0)
+ && throttle_queue && (soft_error || soft_bounce_error)
+ && request->hop_status == 0)
request->hop_status = DSN_COPY(&why->dsn);
}
DSN_BUF *why = state->why;
int status;
int soft_error;
+ int soft_bounce_error;
va_list ap;
/*
vsmtp_fill_dsn(state, mta_name, resp->dsn, resp->str, format, ap);
va_end(ap);
soft_error = STR(why->status)[0] == '4';
+ soft_bounce_error = (STR(why->status)[0] == '5' && var_soft_bounce);
if (state->session && mta_name)
smtp_check_code(state->session, resp->code);
* for trying other mail servers. Just log something informative to show
* why we're skipping this recipient now.
*/
- if (soft_error && (state->misc_flags & SMTP_MISC_FLAG_FINAL_SERVER) == 0) {
+ if ((soft_error || soft_bounce_error)
+ && (state->misc_flags & SMTP_MISC_FLAG_FINAL_SERVER) == 0) {
msg_info("%s: %s", request->queue_id, STR(why->reason));
SMTP_RCPT_KEEP(state, rcpt);
}
non_blocking(fd, NON_BLOCKING);
state = (SINK_STATE *) mymalloc(sizeof(*state));
state->stream = vstream_fdopen(fd, O_RDWR);
+ vstream_tweak_sock(state->stream);
netstring_setup(state->stream, var_tmout);
event_enable_read(fd, read_length, (char *) state);
}
state->client_addr.buf);
non_blocking(fd, NON_BLOCKING);
state->stream = vstream_fdopen(fd, O_RDWR);
+ vstream_tweak_sock(state->stream);
state->buffer = vstring_alloc(1024);
state->read_fn = command_read;
state->data_state = ST_ANY;
projects / thirdparty / postfix.git / commitdiff
