Bugfix: an error handler for smtp_tls_policy_maps lookups
was never invoked. File: smtp/smtp_session.c.
+
+20130403
+
+ Bugfix (introduced: Postfix 2.3): don't reuse TCP connections
+ when smtp_tls_policy_maps is specified. Victor Duchovni.
+ Found during Postfix 2.11 code maintenance. File:
+ smtp/smtp_reuse.c.
+
+20130423
+
+ Bugfix (introduced: Postfix 2.0): when myhostname is not
+ listed in mydestination, the trivial-rewrite resolver may
+ log "do not list <myhostname value> in both mydestination
+ and <name of non-mydestination domain list>". The fix is
+ to re-resolve a domain-less address after adding $myhostname
+ as the surrogate domain, so that it pops out with the right
+ address-class label. Problem reported by Quanah Gibson-Mount.
+ File: trivial-rewrite/resolve.c.
+
+20130425
+
+ Bugfix (introduced: Postfix 2.2): don't reuse TCP connections
+ when SASL authentication is enabled. SASL passwords may
+ depend on the remote SMTP server hostname, but the Postfix
+ <2.11 SMTP connection cache client does not distinguish
+ between different hostnames that resolve to the same IP
+ address. Found during Postfix 2.11 code maintenance. File:
+ smtp/smtp_connect.c.
+
+20130613
+
+ Workaround: unhelpful down-stream maintainers fail to install
+ the new smtpd_relay_restrictions safety net, causing breakage
+ that could have been avoided. We now hard-code the safety
+ net instead. Files: global/mail_params.h, conf/post-install,
+ RELEASE_NOTES.
Major changes - relay safety
----------------------------
-[Incompat 20121007] As part of a forward compatibility safety net,
-the Postfix installation procedure adds the following
-smtpd_relay_restrictions entry to main.cf when there is none:
+[Incompat 20130613] New smtpd_relay_restrictions parameter built-in
+default settings:
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
+This safety net prevents open relay problems due to mistakes
+with spam filter rules in smtpd_recipient_restrictions.
+
If your site has a complex mail relay policy configured under
-smtpd_recipient_restrictions, this safety net will defer mail that
-the built-in smtpd_relay_restrictions setting would bounce.
+smtpd_recipient_restrictions, this safety net may defer mail that
+Postfix should accept.
-To eliminate this safety net, take one of the following three
-actions:
+To fix this safety net, take one of the following actions:
- Set smtpd_relay_restrictions empty, and keep using the existing
mail relay authorization policy in smtpd_recipient_restrictions.
- Copy the existing mail relay authorization policy from
smtpd_recipient_restrictions to smtpd_relay_restrictions.
-- Set smtpd_relay_restrictions by hand to the new built-in
- policy: permit_mynetworks reject_unauth_destination.
-
There is no need to change the value of smtpd_recipient_restrictions.
-[Feature 20121007] This version introduces the smtpd_relay_restrictions
+[Feature 20130613] This version introduces the smtpd_relay_restrictions
feature for mail relay control. The new built-in default settings
are:
smtpd_relay_restrictions =
permit_mynetworks
- reject_unauth_destination
+ permit_sasl_authenticated
+ defer_unauth_destination
smtpd_recipient_restrictions =
( optional spam blocking rules would go here )
policy under smtpd_recipient_restrictions will not unexpectedly
result in a permissive mail relay policy.
-As usual, this new feature is introduced with safety nets to prevent
-surprises when a site upgrades from an earlier Postfix release.
+As of Postfix 2.10.0 the smtpd_relay_restrictions parameter built-in
+default settings are:
-1 - FORWARD COMPATIBILITY SAFETY NET: the Postfix installation
- procedure adds the following smtpd_relay_restrictions entry to
- main.cf when there is none:
-
- smtpd_relay_restrictions =
- permit_mynetworks
- permit_sasl_authenticated
- defer_unauth_destination
+ smtpd_relay_restrictions =
+ permit_mynetworks
+ permit_sasl_authenticated
+ defer_unauth_destination
- If your site has a complex mail relay policy configured under
- smtpd_recipient_restrictions, this safety net will defer mail
- that the built-in smtpd_relay_restrictions setting would bounce.
+If your site has a complex mail relay policy configured under
+smtpd_recipient_restrictions, this safety net may defer mail that
+Postfix should accept.
- To eliminate this safety net, take one of the following three
- actions:
+To migrate from an earlier Postfix release with the least amount
+of pain:
- - Set smtpd_relay_restrictions empty, and keep using the existing
- mail relay authorization policy in smtpd_recipient_restrictions.
+- Set smtpd_relay_restrictions empty, and keep using the existing
+ mail relay authorization policy in smtpd_recipient_restrictions.
- - Copy the existing mail relay authorization policy from
- smtpd_recipient_restrictions to smtpd_relay_restrictions.
+- There is no need to change the value of smtpd_recipient_restrictions.
- - Set smtpd_relay_restrictions by hand to the new built-in
- policy: permit_mynetworks reject_unauth_destination.
+To take advantage of the new smtpd_relay_restrictions feature:
- There is no need to change the value of smtpd_recipient_restrictions.
+- Copy the existing mail relay authorization policy from
+ smtpd_recipient_restrictions to smtpd_relay_restrictions.
-2 - BACKWARDS COMPATIBILITY SAFETY NET: sites that migrate from
- Postfix versions before 2.10 can set smtpd_relay_restrictions
- to the empty value, and use smtpd_recipient_restrictions exactly
- as they used it before.
+- There is no need to change the value of smtpd_recipient_restrictions.
Major changes - start-up
------------------------
$POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
}
- # Postfix 2.10.
- # Safety net for incompatible changes due to the introduction
- # of the smtpd_relay_restrictions feature to separate the
- # mail relay policy from the spam blocking policy.
- # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
- # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
- # POSTFIX BEFORE 2.10.
- test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
- cat <<EOF | ${FMT}
- COMPATIBILITY: editing $config_directory/main.cf, overriding
- smtpd_relay_restrictions to prevent inbound mail from
- unexpectedly bouncing.
- Specify an empty smtpd_relay_restrictions value to keep using
- smtpd_recipient_restrictions as before.
-EOF
- $POSTCONF -c $config_directory "smtpd_relay_restrictions = \
- permit_mynetworks permit_sasl_authenticated \
- defer_unauth_destination" || exit 1
- }
+# Disabled because unhelpful down-stream maintainers disable the safety net.
+# # Postfix 2.10.
+# # Safety net for incompatible changes due to the introduction
+# # of the smtpd_relay_restrictions feature to separate the
+# # mail relay policy from the spam blocking policy.
+# # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
+# # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
+# # POSTFIX BEFORE 2.10.
+# test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
+# cat <<EOF | ${FMT}
+# COMPATIBILITY: editing $config_directory/main.cf, overriding
+# smtpd_relay_restrictions to prevent inbound mail from
+# unexpectedly bouncing.
+# Specify an empty smtpd_relay_restrictions value to keep using
+# smtpd_recipient_restrictions as before.
+#EOF
+# $POSTCONF -c $config_directory "smtpd_relay_restrictions = \
+# permit_mynetworks permit_sasl_authenticated \
+# defer_unauth_destination" || exit 1
+# }
}
# A reminder if this is the first time Postfix is being installed.
</DD>
<DT><b><a name="smtpd_relay_restrictions">smtpd_relay_restrictions</a>
-(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b></DT><DD>
+(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b></DT><DD>
<p> Access restrictions for mail relay control that the Postfix
SMTP server applies in the context of the RCPT TO command, before
.br
.PP
This feature is available in Postfix 2.1 and later.
-.SH smtpd_relay_restrictions (default: permit_mynetworks, reject_unauth_destination)
+.SH smtpd_relay_restrictions (default: permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination)
Access restrictions for mail relay control that the Postfix
SMTP server applies in the context of the RCPT TO command, before
smtpd_recipient_restrictions.
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
</pre>
-%PARAM smtpd_relay_restrictions permit_mynetworks, reject_unauth_destination
+%PARAM smtpd_relay_restrictions permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
<p> Access restrictions for mail relay control that the Postfix
SMTP server applies in the context of the RCPT TO command, before
#define VAR_RELAY_CHECKS "smtpd_relay_restrictions"
#define DEF_RELAY_CHECKS PERMIT_MYNETWORKS ", " \
- REJECT_UNAUTH_DEST
+ PERMIT_SASL_AUTH ", " \
+ DEFER_UNAUTH_DEST
extern char *var_relay_checks;
#define VAR_RCPT_CHECKS "smtpd_recipient_restrictions"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20130211"
-#define MAIL_VERSION_NUMBER "2.10.0"
+#define MAIL_RELEASE_DATE "20130622"
+#define MAIL_VERSION_NUMBER "2.10.1"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
(dst)->pregr_stamp = PSC_TIME_STAMP_INVALID; \
(dst)->dnsbl_stamp = PSC_TIME_STAMP_INVALID; \
(dst)->pipel_stamp = PSC_TIME_STAMP_INVALID; \
+ (dst)->nsmtp_stamp = PSC_TIME_STAMP_INVALID; \
(dst)->barlf_stamp = PSC_TIME_STAMP_INVALID; \
(dst)->penal_stamp = PSC_TIME_STAMP_INVALID; \
} while (0)
state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK;
/*
- * XXX Disable connection caching when sender-dependent authentication is
+ * XXX Disable connection caching when SASL authentication is
* enabled. We must not send someone elses mail over an authenticated
* connection, and we must not send mail that requires authentication
* over a connection that wasn't authenticated.
*/
- if (var_smtp_sender_auth)
+ if (var_smtp_sasl_passwd && *var_smtp_sasl_passwd)
return;
if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) {
* credentials or the wrong TLS policy.
*/
if ((var_smtp_tls_per_site && *var_smtp_tls_per_site)
- || (var_smtp_sasl_passwd && *var_smtp_sasl_passwd))
+ || (var_smtp_tls_policy && *var_smtp_tls_policy))
return (0);
/*
if (TLScontext->log_mask &
(TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT))
msg_info("%s: subject_CN=%s, issuer_CN=%s, "
- "fingerprint %s, pkey_fingerprint=%s", props->namaddr,
+ "fingerprint=%s, pkey_fingerprint=%s", props->namaddr,
TLScontext->peer_CN, TLScontext->issuer_CN,
TLScontext->peer_fingerprint,
TLScontext->peer_pkey_fprint);
tok822_free(tree->head);
tree->head = 0;
}
- /* XXX must be localpart only, not user@domain form. */
- if (tree->head == 0)
+ /* XXX Re-resolve the surrogate, in case already in user@domain form. */
+ if (tree->head == 0) {
tree->head = tok822_scan(var_empty_addr, &tree->tail);
+ continue;
+ }
+
+ /* XXX Re-resolve with @$myhostname for backwards compatibility. */
+ if (domain == 0 && saved_domain == 0) {
+ tok822_sub_append(tree, tok822_alloc('@', (char *) 0));
+ tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0));
+ continue;
+ }
/*
* We're done. There are no domains left to strip off the address,
projects / thirdparty / postfix.git / commitdiff
