persistent EAGAIN error on a writable file descriptor.
File: util/write_buf.c.
-20081002
+20081003
Bugfix (introduced Postfix 2.1): the introduction of XFORWARD
- support resulted in inaccurate logging and (delivery agent)
- $name expansion. Specifically, Postfix no longer properly
- distinguished between local submissions and submissions
- from clients with unknown hostname etc. attributes. Files:
- smtpd/smtpd.c, qmqpd/qmqpd.c, smtp/smtp_proto.c,
- cleanup/cleanup_envelope.c.
+ support introduced cosmetic errors in the logging of client
+ attributes and in local(8)/pipe(8) $name expansion. Postfix
+ did not propagate that a message originated as a local
+ submission, and it sometimes failed to distinguish between
+ local submissions and submissions from clients with unknown
+ hostname etc. attributes. This also involves a minor change
+ to the XFORWARD protocol. Files: smtpd/smtpd.c, qmqpd/qmqpd.c,
+ smtp/smtp_proto.c, cleanup/cleanup_envelope.c, proto/XFORWARD.html.
+
+ Feature: a DUNNO lookup result in per_sender_relayhost_maps
+ stops the search without replacing the next-hop destination.
+ File: trivial-rewrite/resolve.c.
X\bXF\bFO\bOR\bRW\bWA\bAR\bRD\bD S\bSe\ber\brv\bve\ber\br o\bop\bpe\ber\bra\bat\bti\bio\bon\bn
Upon receipt of an initial XFORWARD command, the SMTP server initializes all
-XFORWARD attributes to [UNAVAILABLE]. With each XFORWARD command, the server
-overwrites attributes with the specified attribute values, and erases
-attributes whose value is specified as [UNAVAILABLE]. Attributes that are not
-specified in an XFORWARD command retain their current value.
+XFORWARD attributes to [UNAVAILABLE]. With each valid XFORWARD command, the
+server overwrites attributes with the specified values, and erases attributes
+whose value is specified as [UNAVAILABLE].
-An ADDR attribute value of [UNAVAILABLE] indicates that the next MAIL FROM
-transaction is a forwarded local submission. In this case the SMTP server
-should ignore other client attributes. This behavior is available with Postfix
-version 2.6.
+When both the NAME and ADDR attributes have a value of [UNAVAILABLE], the next
+MAIL FROM transaction corresponds to a local submission. In this case the SMTP
+server must ignore the PORT and PROTO attributes. This behavior is available
+with Postfix version 2.6.
-At the end of the next MAIL FROM transaction (i.e. RSET or DOT), all XFORWARD
+At the end of each MAIL FROM transaction (i.e. RSET or DOT), all XFORWARD
attributes are reset to the real client information, and the SMTP server is
ready to receive another initial XFORWARD command.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-Incompatibility with snapshot 20081002
+Incompatibility with snapshot 20081003
======================================
+This release fixes cosmetic bugs in the way that Postfix propagates
+the origin of email messages through SMTP-based content filters.
+This changes the results of $name expansions by the local(8) and
+pipe(8) delivery agents. With a local submission, the $client_hostname
+etc. attributes now correctly expand into the empty string, instead
+of information about the host that runs the content filter; and
+with a remote submission from a client with an unknown hostname,
+the $client_hostname attribute now correctly expands into "unknown"
+instead of the empty string.
+
There is a minor change in the way that XFORWARD attributes are
stored in queue files. These attributes are used to propagate remote
client information through an SMTP-based content filter. If you
Postfix cleanup server may log "spurious null attribute value"
warnings when it processes queue files from the newer Postfix
version. The older cleanup server will ignore the null-valued
-attributes, and no harm will be done.
+attributes. Thus, no harm will be done.
Incompatibility with snapshot 20080814
======================================
<p> Upon receipt of an initial XFORWARD command, the SMTP server
initializes all XFORWARD attributes to [UNAVAILABLE]. With each
-XFORWARD command, the server overwrites attributes with the specified
-attribute values, and erases attributes whose value is specified
-as [UNAVAILABLE]. Attributes that are not specified in an XFORWARD
-command retain their current value. </p>
+valid XFORWARD command, the server overwrites attributes with the
+specified values, and erases attributes whose value is specified
+as [UNAVAILABLE]. </p>
-<p> An ADDR attribute value of [UNAVAILABLE] indicates that the
-next MAIL FROM transaction is a forwarded local submission. In
-this case the SMTP server should ignore other client attributes.
-This behavior is available with Postfix version 2.6. </p>
+<p> When both the NAME and ADDR attributes have a value of
+[UNAVAILABLE], the next MAIL FROM transaction corresponds to a local
+submission. In this case the SMTP server must ignore the PORT and
+PROTO attributes. This behavior is available with Postfix version
+2.6. </p>
-<p> At the end of the next MAIL FROM transaction (i.e. RSET or DOT),
+<p> At the end of each MAIL FROM transaction (i.e. RSET or DOT),
all XFORWARD attributes are reset to the real client information,
and the SMTP server is ready to receive another initial XFORWARD
command. </p>
<p> A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
setting. The tables are searched by the envelope sender address and
-@domain. This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
+@domain. A lookup result of DUNNO terminates the search without
+overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting. This information
+is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
<a href="postconf.5.html#default_transport">default_transport</a> and with the <a href="transport.5.html">transport(5)</a> table. </p>
<p> For safety reasons, this feature does not allow $number
.SH sender_dependent_relayhost_maps (default: empty)
A sender-dependent override for the global relayhost parameter
setting. The tables are searched by the envelope sender address and
-@domain. This information is overruled with relay_transport,
+@domain. A lookup result of DUNNO terminates the search without
+overriding the global relayhost parameter setting. This information
+is overruled with relay_transport,
default_transport and with the \fBtransport\fR(5) table.
.PP
For safety reasons, this feature does not allow $number
<p> Upon receipt of an initial XFORWARD command, the SMTP server
initializes all XFORWARD attributes to [UNAVAILABLE]. With each
-XFORWARD command, the server overwrites attributes with the specified
-attribute values, and erases attributes whose value is specified
-as [UNAVAILABLE]. Attributes that are not specified in an XFORWARD
-command retain their current value. </p>
+valid XFORWARD command, the server overwrites attributes with the
+specified values, and erases attributes whose value is specified
+as [UNAVAILABLE]. </p>
-<p> An ADDR attribute value of [UNAVAILABLE] indicates that the
-next MAIL FROM transaction is a forwarded local submission. In
-this case the SMTP server should ignore other client attributes.
-This behavior is available with Postfix version 2.6. </p>
+<p> When both the NAME and ADDR attributes have a value of
+[UNAVAILABLE], the next MAIL FROM transaction corresponds to a local
+submission. In this case the SMTP server must ignore the PORT and
+PROTO attributes. This behavior is available with Postfix version
+2.6. </p>
-<p> At the end of the next MAIL FROM transaction (i.e. RSET or DOT),
+<p> At the end of each MAIL FROM transaction (i.e. RSET or DOT),
all XFORWARD attributes are reset to the real client information,
and the SMTP server is ready to receive another initial XFORWARD
command. </p>
<p> A sender-dependent override for the global relayhost parameter
setting. The tables are searched by the envelope sender address and
-@domain. This information is overruled with relay_transport,
+@domain. A lookup result of DUNNO terminates the search without
+overriding the global relayhost parameter setting. This information
+is overruled with relay_transport,
default_transport and with the transport(5) table. </p>
<p> For safety reasons, this feature does not allow $number
#define MAIL_ATTR_VAL_UNKNOWN "unknown"
#define MAIL_ATTR_IS_EXIST(a) (*(a))
-#define MAIL_ATTR_IS_KNOWN(a) (*(a)) && strcmp((a), MAIL_ATTR_VAL_UNKNOWN)
+#define MAIL_ATTR_IS_KNOWN(a) ((*(a)) && strcmp((a), MAIL_ATTR_VAL_UNKNOWN))
/*
* XCLIENT/XFORWARD in SMTP.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20081002"
+#define MAIL_RELEASE_DATE "20081003"
#define MAIL_VERSION_NUMBER "2.6"
#ifdef SNAPSHOT
} else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_ADDR) == 0) {
if (have_log_client_attr == 0 && message->client_addr == 0)
message->client_addr = mystrdup(value);
+ } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) {
+ if (have_log_client_attr == 0 && message->client_port == 0)
+ message->client_port = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_PROTO_NAME) == 0) {
if (have_log_client_attr == 0 && message->client_proto == 0)
message->client_proto = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_HELO_NAME) == 0) {
if (have_log_client_attr == 0 && message->client_helo == 0)
message->client_helo = mystrdup(value);
- } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) {
- if (have_log_client_attr == 0 && message->client_port == 0)
- message->client_port = mystrdup(value);
}
/* Original client attributes. */
else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_NAME) == 0) {
} else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_ADDR) == 0) {
if (have_log_client_attr == 0 && message->client_addr == 0)
message->client_addr = mystrdup(value);
+ } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) {
+ if (have_log_client_attr == 0 && message->client_port == 0)
+ message->client_port = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_PROTO_NAME) == 0) {
if (have_log_client_attr == 0 && message->client_proto == 0)
message->client_proto = mystrdup(value);
} else if (strcmp(name, MAIL_ATTR_ACT_HELO_NAME) == 0) {
if (have_log_client_attr == 0 && message->client_helo == 0)
message->client_helo = mystrdup(value);
- } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) {
- if (have_log_client_attr == 0 && message->client_port == 0)
- message->client_port = mystrdup(value);
}
/* Original client attributes. */
else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_NAME) == 0) {
{
/*
- * Provenance attributes for Milter policy etc.
+ * Logging attribute for the Postfix 2.3+ cleanup server.
+ */
+ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_LOG_ORIGIN, state->namaddr);
+
+ /*
+ * For consistency with the smtpd Milter client, we need to provide the
+ * real client attributes to the cleanup Milter client. This does not
+ * matter much with qmqpd which speaks to trusted clients only, but we
+ * want to be sure that the cleanup input protocol is ready when a new
+ * type of network daemon is added to receive mail from the Internet.
+ *
+ * See also the comments in smtpd.c.
*/
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_ACT_CLIENT_NAME, state->name);
}
/*
- * Use the XFORWARD command to send local/remote submission information.
+ * Use XFORWARD to forward the origin of this email message across an
+ * SMTP-based content filter. Send client attribute information even in
+ * the case of local submissions, which have no client attributes. This
+ * fixes a minor problem that was introduced with Postfix 2.1: no client
+ * attribute information was sent in the case of local submissions, and
+ * therefore local submissions appeared to originate from the SMTP-based
+ * content filter. To make this work we introduced one change to the
+ * XFORWARD protocol: when both NAME and ADDR values are [UNAVAILABLE],
+ * this is a local submission.
*/
send_name_addr =
var_smtp_send_xforward
if (SMTPD_STAND_ALONE(state) == 0) {
/*
- * Forwarded client attributes.
+ * Forwarded client attributes. These propagate original client
+ * information through an SMTP-based content filter, to improve
+ * the logging from an after-filter MTA. They are also used in
+ * $name expansions by the local(8) and pipe(8) delivery agents.
*
* In the case of a forwarded remote submission, store original
* client attributes in our own internal representation: either
- * actual values or "unknown"; don't bother with storing
- * non-existent HELO attributes.
+ * actual values or "unknown". This fixes a problem that was
+ * introduced with Postfix 2.1: "unknown" got treated the same
+ * way as "non-existent". As before, we don't store non-existent
+ * HELO attributes.
*
* In the case of a forwarded local submission, specify explicitly
- * that the original client attributes are non-existent.
+ * that the original client attributes are non-existent. This
+ * fixes another problem that was introduced with Postfix 2.1:
+ * forwarded local submissions could not override the content
+ * filter's own client attributes, so the message would appear to
+ * originate from the content filter. To make this work we
+ * introduced one change to the XFORWARD protocol: when both NAME
+ * and ADDR values are [UNAVAILABLE], this is a local submission.
*/
if (state->xforward.flags & SMTPD_STATE_XFORWARD_CLIENT_MASK) {
- if (MAIL_ATTR_IS_KNOWN(FORWARD_ADDR(state))) {
+ if (MAIL_ATTR_IS_KNOWN(FORWARD_NAME(state))
+ || MAIL_ATTR_IS_KNOWN(FORWARD_ADDR(state))) {
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_LOG_CLIENT_NAME, FORWARD_NAME(state));
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_LOG_CLIENT_ADDR, FORWARD_ADDR(state));
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_LOG_CLIENT_PORT, FORWARD_PORT(state));
- rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
- MAIL_ATTR_LOG_ORIGIN, FORWARD_NAMADDR(state));
if (FORWARD_HELO(state))
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_LOG_HELO_NAME, FORWARD_HELO(state));
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_LOG_PROTO_NAME, FORWARD_PROTO(state));
} else {
- /* Local submission. */
+ /* Local submission. See also qmgr_message_read(). */
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_LOG_CLIENT_ADDR, MAIL_ATTR_VAL_NONEXIST);
}
}
+ /*
+ * Logging attribute for the Postfix 2.3+ cleanup server.
+ */
+ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_LOG_ORIGIN, FORWARD_NAMADDR(state));
+
/*
* Attributes with actual client information. These are used by
- * Milters in case mail is re-injected with "postsuper -R".
+ * the smtpd Milter client for policy decisions. Mail that is
+ * requeued with "postsuper -r" is not subject to processing by
+ * the cleanup Milter client, because a) it has already been
+ * filtered, and b) we don't have sufficient information to
+ * reproduce the exact same SMTP events and Sendmail macros that
+ * the smtpd Milter client received when the message originally
+ * arrived in Postfix.
*/
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_ACT_CLIENT_NAME, state->name);
&& (relay = mail_addr_find(rp->snd_relay_info, *sender ?
sender : var_null_relay_maps_key,
(char **) 0)) != 0)
- vstring_strcpy(nexthop, relay);
+ vstring_strcpy(nexthop, strcasecmp(relay, "DUNNO") == 0 ?
+ rcpt_domain : relay);
else if (*RES_PARAM_VALUE(rp->relayhost))
vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost));
else
projects / thirdparty / postfix.git / commitdiff
