+++ /dev/null
-Wish list:
-
- Collect random bits and pieces in one SOHO_README document:
- smtp_generic_maps, sender_dependent_mumble,
- smtp_sasl_auth_cache_name/time.
-
- See if "pickup =o content_filter=smtp:127.0.0.1" can be
- made a viable alternative to the use of non_smtpd_milters.
-
- Consolidate duplicated code *_server_accept_{pass,inet}().
-
- Consolidate duplicated code in {inet,unix,upass}_trigger.c.
-
- In the SMTP client, handle 421 replies in smtp_loop() by
- having the input function raise a flag after detecting 421
- (kill connection caching and be sure to do the right thing
- with RSET probes), leave the smtp_loop() per-command reply
- handlers unchanged, and have the smtp_loop() reader loop
- bail out with smtp_site_fail("server disconnected after
- %s", where), but only in the case that it isn't already in
- the final state. But first we need to clean up the handling
- of do/don't cache, expired, bad and dead sessions.
-
- Make event_drain() a proper event loop; update the zero mask,
- and don't ignore a non-empty timer queue.
-
- Combine smtpd_peer.c and qmqpd_peer.c into a single function
- that produces a client context object, and provide attribute
- print/scan routines that pass these client context objects
- around. With this, we no longer have to update a multiple
- pieces of code when a client attribute is added. Ditto for
- SASL and TLS context.
-
- Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof
- Postfix for remote connections with MSS > 8 kbytes.
-
- Absent a formal spec, model IPv6 RBL lookups after the IPv6
- PTR lookups (one zone per hex nibble, nibbles in reversed
- order). How to specify whether to query an RBL server for
- status info about an IPv6 address? One could argue that as
- long as IPv6 traffic is small an unsupported lookup doesn't
- matter; and once IPv6 takes off, the RBL servers better
- start supporting IPv6 client status information.
-
- Don't log "warning: XXXXX: undeliverable postmaster
- notification discarded" for spam from outside.
-
- Really need a cleanup driver that allows testing against
- Milter applications instead of synthetic events. This would
- have to provide stubs for clients that talk to Postfix
- daemon processes. See if this approach can also be used for
- other daemons.
-
- smtpd(8) exempts $address_verify_sender from access controls,
- but it doesn't know whether cleanup(8) or delivery agents
- modify the sender. Would it be possible to "calibrate" this
- exemption, perhaps by having delivery agents pass the probe
- sender to the verify server, keeping in mind that the probe
- sender may differ per delivery agent due to output rewriting.
-
- Update attr_print/scan() so they can send/receive file
- descriptors. This simplifies kludgy code in many daemons.
-
- Make adding date/from/etc. conditional. Perhaps on header
- rewrite context? Do we need a more powerful concept than
- local_header_rewrite_clients/remote_header_rewrite_domain?
-
- Would there be a problem adding $smtpd_mumble_restrictions
- and $smtpd_sender_login_maps to the default proxy_read_maps
- settings?
-
- Remove defer(8) and trace(8) references and man pages. These
- are services not program names. On the other hand we have
- man pages for lmtp(8) and smtp(8), but not for relay(8).
- Likewise, retry(8) does not have a man page.
-
- Bind all deliveries to the same local delivery process,
- making Postfix perform as poorly as monolithic mailers, but
- giving a possibility to eliminate duplicate deliveries.
-
- Maybe declare loop when resolve_local(mxhost) is true?
-
- Update message content length when adding/removing headers.
-
- Need scache size limit.
-
- Make postcat header/body aware so people can grep headers.
- What headers? primary, mime, nested? What body? Does it
- include the mime and attached headers?
-
- Make postmap header/body aware so people can test multi-line
- header checks. What headers? primary, mime, nested? What
- body? Does it include the mime and attached headers?
-
- REDIRECT should override original recipient info, and
- probably override DSN as well.
-
- Find out if with Sendmail, a Milter "add recipient" request
- results in NOTIFY=NONE as Postfix does now.
-
- Update FILTER_README with mailing list suggestions to tag
- with a badness indicator and then filter down-stream.
-
- Either document or remove the internal_mail_filter_classes
- feature (it's disabled by default).
-
- Build a command-line test driver for the cleanup engine.
- This allows us to test it with arbitrary record sequences
- without having to use a live mail queue.
-
- Make null local-part handling configurable: either expand
- into mailer-daemon (current bahavior) or disallow (strict
- behavior, currently implemented only in the SMTP server).
-
- Plan for time_t larger than long, or wait for LP64 to
- dominate the world?
-
- The type of var_message_limit (and other file size/offset
- configuration parameters or internal protocol attributes)
- should be changed from int to off_t. This also requires
- checking all expressions in which var_message_limit etc.
- appears: qmqpd, netstring, deliver_request, ...
-
- Add M flag (enable multi-recipient delivery) to pipe daemon.
-
- The usage of TLScontext->cache_type is unclear. It specifies
- a TLS session cache type (smtpd, smtp, or lmtp), but it is
- sometimes used as an indicator that TLS session caching is
- unavailable. In reality, that decision is made by not
- registering call-back functions for cache maintenance.
-
- Postfix TLS library code should copy any strings that it
- receives from the application, instead of passing them
- around as pointers. TLScontext->cache_type is a case in
- point.
-
- Are transport:nexthop null fields the same as in the case
- of default_transport etc. parameters?
-
- Don't lose bits when converting st_dev into maildir file
- name. It's 64 bits on Linux. Found with the BEAM source
- code analyzer. Is this really a problem, or are they just
- using 64 bits for upwards compatibility with LP64 systems?
-
- Do or don't introduce unknown_reverse_client_reject_code.
-
- Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
- UNIX).
-
- Tempfail when a Milter application wants content access,
- while it is configured in an SMTP server that runs before
- the smtpd_proxy filter.
-
- Log DSN original recipient when rejecting mail.
-
- Keep whitespace between label and ":"?
-
- Make the map case folding/locking options configurable, if
- not at run-time then at least at compile time so we get
- consistent behavior across applications.
-
- Investigate what it would take to eliminate oqmgr, and to
- make the old behavior configurable in a unified queue
- manager. This would shave another 2.7 KLOC from the source
- footprint.
-
- Document the case folding strategy for match_list like
- features.
-
- Eliminate the (incoming,deferred)->active rename operation.
-
- Softbounce fallback-to-ISP for SOHO users. This requires
- playing with the soft_error test in the smtp_trouble.c
- module, and avoiding delivery to backup MX hosts.
-
- In the SMTP server, set a "pipelining detected" flag at the
- start of a session and at protocol synchronization points,
- so that reject_unauth_pipelining can be specified in any
- access rule.
-
- Centralize main.cf parameter input so that defaults work
- consistently. What about parameter names that are prefixed
- with mail delivery transport names?
-
- Fix default time unit handling so that we can have a default
- bounce lifetime of $maximal_queue_lifetime, without causing
- panics when a non-default maximal_queue_lifetime setting
- includes no time unit.
-
- After the 20051222 ISASCII paranoia, lowercase() lowercases
- ASCII text only.
-
- Privacy: remove local command/pathname details from remote
- delivery status reports, and log them via local msg_warn().
-
- Is it safe to cache a connection after it has been used for
- more than some number of address verification probes?
-
- Try to recognize that Resent- headers appear in blocks,
- newest block first. But don't break on incorrect header
- block organization.
-
- Hard limits on cache sizes (anvil, specifically).
-
- Laptop friendliness: make the qmgr remember when the next
- deferred queue scan needs to be done, and have the pickup
- server stat() the maildrop directory before searching it.
-
- Low: replace_sender/replace_recipient actions in access
- maps?
-
- Low: configurable order of local(8) delivery methods.
-
- Med: local and remote source port and IP address for smtpd
- policy hook.
-
- Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
- to limit the total time spent trying to connect.
-
- Med: transform IPv4-in-IPv6 address literals to IPv4 form
- when comparing against local IP addresses?
-
- Med: transform IPv4-in-IPv6 address literals to IPv4 form
- when eliminating MX mailer loops?
-
- Med: Postfix requires [] around IPv6 address information
- in match lists such as mynetworks, debug_peer_list etc.,
- but the [] must not be specified in access(5) maps. Other
- places don't care. For now, this gotcha is documented in
- IPV6_README and in postconf(5) with each feature that may
- use IPv6 address information. The general recommendation
- is not to use [] unless absolutely necessary.
-
- Med: the partial address matching of IPv6 addresses in
- access(5) maps is a bit lame: it repeatedly truncates the
- last ":octetpair" from the printable address representation
- until a match is found or until truncation is no longer
- possible. Since one or more ":" are usually omitted from
- the printable IPv6 address representation, this does not
- really try all the possibilities that one might expect to
- be tried. For now, this gotcha is documented in access(5).
-
- Med: the TLS certificate verification depth parameters never
- worked.
-
- Low: reject HELO with any domain name or IP address that
- this MTA is the final destination for.
-
- Low: should the Delivered-To: test in local(8) be configurable?
-
- Low: make mail_addr_find() lookup configurable.
-
- Low: update events.c so that 1-second timer requests do not
- suffer from rounding errors. This is needed for 1-second
- SMTP session caching time limits. A 1-second interval would
- become arbitrarily short when an event is scheduled just
- before the current second rolls over.
-
- Low: configurable internal/system locking method.
-
- Low: add INSTALL section for pre-existing Postfix systems.
-
- Low: add INSTALL section for pre-existing RPM Postfixes.
-
- Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
-
- Low: noise filter: allow smtp(8) to retry immediately if
- all MXes return a quick ECONNRESET or 4xx reply during the
- initial handshake. Retry once? How many times?
-
- Low: make post-install a "postfix-only script" so it can
- take data from the environment instead of main.cf.
-
- Low: randomize deferred mail backoff.
-
- Med: separate ulimit for delivery to command?
-
- Med: postsuper -r should do something with recipients in
- bounce logfiles, to make sure the sender will be notified.
- To be perfectly safe, no process other than the queue manager
- should move a queue file away from the active queue.
-
- This could involve tagging a queue file, and use up another
- permission bit (postsuper tags a "hot" file, qmgr requeues it).
-
- Low: postsuper re-run after renaming files, but only a
- limited number of times.
-
- Low: smtp-source may block when sending large test messages.
-
- Med: find a way to log the sender address when MAIL FROM
- is rejected due to lack of disk space.
-
- Low: revise other local delivery agent duplicate filters.
-
- Low: all table lookups should consistently use internalized
- (unquoted) or externalized (quoted) forms as lookup keys.
- smtpd, qmgr, local, etc. use unquoted address forms as keys.
- cleanup uses quoted forms.
-
- Low: have a configurable list of errno values for mailbox
- or maildir delivery that result in deferral rather than
- bouncing mail. What about "killed by signal" exits?
-
- Low: after reorganizing configuration parameters, add flags
- to all parameters whose value can be read from file.
-
- Medium: need in-process caching for map lookups. LDAP servers
- seem to need this in particular. Need a way to expire cached
- results that are too old.
-
- Low: generic showq protocol, to allow for more intelligent
- processing than just mailq. Maybe marry this with postsuper.
-
- Low: default domain for appending to unqualified recipients,
- so that unqualified names can be delivered locally.
-
- Low: The $process_id_directory setting is not used anywhere
- in Postfix. Problem reported by Michael Smith, texas.net.
- This should be documented, or better, the code should warn
- about attempts to set read-only parameters.
-
- Low: postconf -e edits parameters that postconf won't list.
-
- Low: while converting 8bit text to quoted-printable, perhaps
- use =46rom to avoid having to produce >From when delivering
- to mailbox.
-
- virtual_mailbox_path expression like forward_path, so that
- people can specify prefix and suffix.
auth_cache = (SMTP_SASL_AUTH_CACHE *) mymalloc(sizeof(*auth_cache));
auth_cache->dict = dict_open(map, O_CREAT | O_RDWR, CACHE_DICT_OPEN_FLAGS);
auth_cache->ttl = ttl;
- auth_cache->dsn = mymalloc(100);
- auth_cache->text = mymalloc(100);
+ auth_cache->dsn = mystrdup("");
+ auth_cache->text = mystrdup("");
return (auth_cache);
}
* password has changed.
*/
-/* smtp_sasl_make_auth_cache_key - format auth failure cache lookup key */
+/* smtp_sasl_auth_cache_make_key - format auth failure cache lookup key */
-static char *smtp_sasl_make_auth_cache_key(const char *host, const char *user)
+static char *smtp_sasl_auth_cache_make_key(const char *host, const char *user)
{
VSTRING *buf = vstring_alloc(100);
return (vstring_export(buf));
}
-/* smtp_sasl_make_auth_cache_pass - hash the auth failure cache password */
+/* smtp_sasl_auth_cache_make_pass - hash the auth failure cache password */
-static char *smtp_sasl_make_auth_cache_pass(const char *password)
+static char *smtp_sasl_auth_cache_make_pass(const char *password)
{
VSTRING *buf = vstring_alloc(2 * SHA_DIGEST_LENGTH);
return (vstring_export(buf));
}
-/* smtp_sasl_make_auth_cache_value - format auth failure cache value */
+/* smtp_sasl_auth_cache_make_value - format auth failure cache value */
-static char *smtp_sasl_make_auth_cache_value(const char *password,
+static char *smtp_sasl_auth_cache_make_value(const char *password,
const char *dsn,
const char *rep_str)
{
char *pwd_hash;
unsigned long now = (unsigned long) time((time_t *) 0);
- pwd_hash = smtp_sasl_make_auth_cache_pass(password);
+ pwd_hash = smtp_sasl_auth_cache_make_pass(password);
vstring_sprintf(val_buf, "%lu;%s;%s;%s", now, pwd_hash, dsn, rep_str);
myfree(pwd_hash);
return (vstring_export(val_buf));
} else if (time_stamp + auth_cache->ttl < now) {
valid = 0;
} else {
- curr_hash = smtp_sasl_make_auth_cache_pass(password);
+ curr_hash = smtp_sasl_auth_cache_make_pass(password);
valid = (strcmp(cache_hash, curr_hash) == 0);
myfree(curr_hash);
}
const char *entry;
int valid = 0;
- key = smtp_sasl_make_auth_cache_key(session->host, session->sasl_username);
+ key = smtp_sasl_auth_cache_make_key(session->host, session->sasl_username);
if ((entry = dict_get(auth_cache->dict, key)) != 0)
if ((valid = smtp_sasl_auth_cache_valid(auth_cache, entry,
session->sasl_passwd)) == 0)
char *key;
char *value;
- key = smtp_sasl_make_auth_cache_key(session->host, session->sasl_username);
- value = smtp_sasl_make_auth_cache_value(session->sasl_passwd,
+ key = smtp_sasl_auth_cache_make_key(session->host, session->sasl_username);
+ value = smtp_sasl_auth_cache_make_value(session->sasl_passwd,
resp->dsn, resp->str);
dict_put(auth_cache->dict, key, value);
projects / thirdparty / postfix.git / commitdiff
