and added a test for the case that they specify a lookup
table on the right-hand side of an SMTPD access map.
File: smtpd/smtpd_access.c.
+
+ Cleanup: removed spurious sender address checks for <>.
+
+ Cleanup: the smtp client now consistently logs host[address]
+ for all connection attempts.
-Incompatible changes with snapshot 19990910
+Incompatible changes with snapshot 19990911
===========================================
- You can not longer use virtual, canonical or aliases tables as
SMTPD access control tables. Use the permit_recipient_map feature
instead. The loss is compensated for.
-Major changes with snapshot 19990910
+Major changes with snapshot 19990911
====================================
- Per-client/helo/sender/recipient UCE restrictions: you can now
won't stop mail to broken aliases or to users with broken .forward
files, though.
-All this is great for non-relaying sites. A good example with
-permit_recipient_map for relaying sites still needs to be found.
+For a relaying site, the best we can do is something like:
+
+ smtpd_recipient_restrictions =
+ permit_mynetworks
+ reject_unauth_destination
+ reject_unknown_sender_domain
+ ...other checks to reject non-FQDN, RBL, access maps...
+ permit_recipient_map unix:passwd.byname
+ permit_recipient_map hash:/etc/canonical
+ permit_recipient_map hash:/etc/postfix/virtual
+ permit_recipient_map hash:/etc/aliases
+ reject
Unfortunately, permit_recipient_map does not combine well with
-permit_mynetworks, because permit_mynetworks accepts mail for ALL
-destinations, including ALL LOCAL destinations.
+permit_mynetworks, because permit_mynetworks accepts mail for
+non-existent local recipients.
Unfortunately, permit_recipient_map does not combine well with
-check_relay_domains, because check_relay_domains permits mail for
-ALL LOCAL destinations.
+check_relay_domains, because check_relay_domains permits either
+rejects mail, or accepts mail for non-existent local recipients.
Incompatible changes with postfix-19990906
==========================================
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-19990910"
+#define DEF_MAIL_VERSION "Snapshot-19990911"
extern char *var_mail_version;
/* LICENSE
memcpy((char *) &sin.sin_addr, addr->data, sizeof(sin.sin_addr));
if (msg_verbose)
- msg_info("%s: trying: %s/%s port %d...",
+ msg_info("%s: trying: %s[%s] port %d...",
myname, addr->name, inet_ntoa(sin.sin_addr), ntohs(port));
if (var_smtp_conn_tmout > 0) {
non_blocking(sock, NON_BLOCKING);
conn_stat = connect(sock, (struct sockaddr *) & sin, sizeof(sin));
}
if (conn_stat < 0) {
- vstring_sprintf(why, "connect to %s: %m", addr->name);
+ vstring_sprintf(why, "connect to %s[%s]: %m",
+ addr->name, inet_ntoa(sin.sin_addr));
smtp_errno = SMTP_RETRY;
close(sock);
return (0);
* Skip this host if it takes no action within some time limit.
*/
if (read_wait(sock, var_smtp_helo_tmout) < 0) {
- vstring_sprintf(why, "connect to %s: read timeout", addr->name);
+ vstring_sprintf(why, "connect to %s[%s]: read timeout",
+ addr->name, inet_ntoa(sin.sin_addr));
smtp_errno = SMTP_RETRY;
close(sock);
return (0);
*/
stream = vstream_fdopen(sock, O_RDWR);
if ((ch = VSTREAM_GETC(stream)) == VSTREAM_EOF) {
- vstring_sprintf(why, "connect to %s: server dropped connection",
- addr->name);
+ vstring_sprintf(why, "connect to %s[%s]: server dropped connection",
+ addr->name, inet_ntoa(sin.sin_addr));
smtp_errno = SMTP_RETRY;
vstream_fclose(stream);
return (0);
* Skip this host if it sends a 4xx greeting.
*/
if (ch == '4' && var_smtp_skip_4xx_greeting) {
- vstring_sprintf(why, "connect to %s: server refused mail service",
- addr->name);
+ vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
+ addr->name, inet_ntoa(sin.sin_addr));
smtp_errno = SMTP_RETRY;
vstream_fclose(stream);
return (0);
* Sender mail address restrictions.
*/
else if (is_map_command(name, CHECK_SENDER_ACL, &cpp)) {
- if (state->sender)
+ if (state->sender && *state->sender)
status = check_mail_access(state, *cpp, state->sender,
state->sender,
SMTPD_NAME_SENDER, def_acl);
} else if (strcasecmp(name, REJECT_UNKNOWN_ADDRESS) == 0) {
- if (state->sender)
+ if (state->sender && *state->sender)
status = reject_unknown_address(state, state->sender,
state->sender, SMTPD_NAME_SENDER);
} else if (strcasecmp(name, REJECT_UNKNOWN_SENDDOM) == 0) {
- if (state->sender)
+ if (state->sender && *state->sender)
status = reject_unknown_address(state, state->sender,
state->sender, SMTPD_NAME_SENDER);
} else if (strcasecmp(name, REJECT_NON_FQDN_SENDER) == 0) {
projects / thirdparty / postfix.git / commitdiff
