mumble_tls_mandatory_mumble; added _mandatory_ qualifier
to names of parameters that affect only mandatory TLS.
+20060630
+
+ Features promoted from SNAPSHOT to STABLE: the "sleep"
+ pseudo restriction; Postfix daemons now read the local
+ timezone file before chrooting; trivial-rewrite now detects
+ table changes every 10 seconds, so it restarts more timely.
+
+ Features that stay #ifdef SNAPSHOT: tcp_table,
+ lmtp_sasl_tls_verified_security_options, and
+ smtp_sasl_tls_verified_security_options.
+
+ Compatibility: Sendmail does not send its own Received:
+ header to Milter applications. Offsets in header replace
+ requests are relative to the message content as received
+ (i.e. without our own Received: header), while offsets in
+ header insert requests are relative to the message as
+ delivered (i.e. they include our own Received: header).
+ This explains why dk-filter would sign our own Received:
+ header but place the signature between our own Received:
+ header and the rest of the message, violating the draft
+ domainkeys spec.
+
Wish list:
In the SMTPD policy client (encode or strip) non-printable
non-ASCII in (TLS or all) attributes.
- run real sendmail through test-milter and check the data
- for bit-wise compatibility with Postfix.
-
Are transport:nexthop null fields the same as in the case
of default_transport etc. parameters?
- Introduce the notion of required security level into smtpd(8)
- just like with smtp(8): if the level is specified, ignore
- the legacy boolean parameters.
-
Introduce structured API for tls_server_mumble() just like
with smtp(8): this eliminates ever-growing lists of arguments.
- Cleanup: declare smtp_tls_levels[] in a header file, probably
- one that is owned by the Postfix TLS library instead of
- smtp(8). Better, encapsulate the name to code conversion
- as a Postfix TLS library service routine.
-
With (non)delivery notifications, prepend an "Auto-Submitted:
auto-replied" header, as per RFC 3834.
server is not filtered by the non-SMTP filters that are described in the next
section.
+NOTE: Do not use the header_checks(5) IGNORE action to remove Postfix's own
+Received: message header. This causes problems with mail signing filters.
+Instead, keep Postfix's own Received: message header and use the header_checks
+(5) REPLACE action to sanitize information.
+
You specify SMTP-only Milter applications (there can be more than one) with the
smtpd_milters parameter. Each Milter application is identified by the name of
its listening socket; other Milter configuration options will be discussed in
that arrives via the Postfix smtpd(8) server is not filtered by the non-SMTP
filters.
+NOTE: Do not use the header_checks(5) IGNORE action to remove Postfix's own
+Received: message header. This causes problems with mail signing filters.
+Instead, keep Postfix's own Received: message header and use the header_checks
+(5) REPLACE action to sanitize information.
+
You specify non-SMTP Milter applications with the non_smtpd_milters parameter.
This parameter uses the same syntax as the smtpd_milters parameter in the
previous section. As with the SMTP-only filters, you can specify more than one
configuration can be set with:
/etc/postfix/main.cf:
- smtpd_sasl_application_name = smtpd
+ smtpd_sasl_application_name = smtpd (Postfix < 2.3)
+ smtpd_sasl_path = smtpd (Postfix 2.3 and later)
The pwcheck daemon is contained in the cyrus-sasl source tarball.
reject_authenticated_sender_login_mismatch and
reject_unauthenticated_sender_login_mismatch, and revised the docs.
* Wietse made another iteration through the code to add plug-in support for
- multiple SASL implementations.
+ multiple SASL implementations, and changed smtpd_sasl_application_name into
+ smtpd_sasl_path.
* The Dovecot SMTP server-only plug-in was originally implemented by Timo
Sirainen of Procontrol, Finland.
administrator has not excluded the "aNULL" OpenSSL cipher type.
Instead of cipher lists you can now specify cipher grades. The
-smtp_tls_ciphers, lmtp_tls_ciphers and smtpd_tls_ciphers parameters
-specify one of "high", "medium", "low", "export" or "null". See the
-documentation for details.
+smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers and
+smtpd_tls_ciphers parameters specify one of "high", "medium", "low",
+"export" or "null". See TLS_README for details.
Incompatibility with Postfix snapshot 20060614
==============================================
that arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the
non-SMTP filters that are described in the next section. </p>
+<p> NOTE: Do not use the <a href="header_checks.5.html">header_checks(5)</a> IGNORE action to remove
+Postfix's own Received: message header. This causes problems with
+mail signing filters. Instead, keep Postfix's own Received: message
+header and use the <a href="header_checks.5.html">header_checks(5)</a> REPLACE action to sanitize
+information. </p>
+
<p> You specify SMTP-only Milter applications (there can be more
than one) with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. Each Milter application
is identified by the name of its listening socket; other Milter
via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the non-SMTP
filters. </p>
+<p> NOTE: Do not use the <a href="header_checks.5.html">header_checks(5)</a> IGNORE action to remove
+Postfix's own Received: message header. This causes problems with
+mail signing filters. Instead, keep Postfix's own Received: message
+header and use the <a href="header_checks.5.html">header_checks(5)</a> REPLACE action to sanitize
+information. </p>
+
<p> You specify non-SMTP Milter applications with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>
parameter. This parameter uses the same syntax as the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>
parameter in the previous section. As with the SMTP-only filters,
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
- smtpd_sasl_application_name = smtpd
+ smtpd_sasl_application_name = smtpd (Postfix < 2.3)
+ <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = smtpd (Postfix 2.3 and later)
</pre>
</blockquote>
<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a> and
<a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a>, and revised the docs.
-<li> Wietse made another iteration through the code to add
-plug-in support for multiple SASL implementations.
+<li> Wietse made another iteration through the code to add plug-in
+support for multiple SASL implementations, and changed
+smtpd_sasl_application_name into <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.
<li> The Dovecot SMTP server-only plug-in was originally implemented by
Timo Sirainen of Procontrol, Finland.
</p>
<p>
-This feature is available in Postfix 2.1 and later.
+This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
+it was renamed to <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.
</p>
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
-<p> This feature is available in Postfix 2.3 and later. </p>
+<p> This feature is available in Postfix 2.3 and later. In earlier
+releases it was called smtpd_sasl_application. </p>
</DD>
is \fBsmtpd\fR, corresponding to a SASL configuration file named
\fBsmtpd.conf\fR.
.PP
-This feature is available in Postfix 2.1 and later.
+This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
+it was renamed to smtpd_sasl_path.
.SH smtpd_sasl_auth_enable (default: no)
Enable SASL authentication in the Postfix SMTP server. By default,
the Postfix SMTP server does not use authentication.
\fBsmtpd_sasl_type\fR. Typically this specifies the name of a
configuration file or rendezvous point.
.PP
-This feature is available in Postfix 2.3 and later.
+This feature is available in Postfix 2.3 and later. In earlier
+releases it was called smtpd_sasl_application.
.SH smtpd_sasl_security_options (default: noanonymous)
SASL security options; as of Postfix 2.3 the list of available
features depends on the SASL server implementation that is selected
that arrives via the Postfix smtpd(8) server is not filtered by the
non-SMTP filters that are described in the next section. </p>
+<p> NOTE: Do not use the header_checks(5) IGNORE action to remove
+Postfix's own Received: message header. This causes problems with
+mail signing filters. Instead, keep Postfix's own Received: message
+header and use the header_checks(5) REPLACE action to sanitize
+information. </p>
+
<p> You specify SMTP-only Milter applications (there can be more
than one) with the smtpd_milters parameter. Each Milter application
is identified by the name of its listening socket; other Milter
via the Postfix smtpd(8) server is not filtered by the non-SMTP
filters. </p>
+<p> NOTE: Do not use the header_checks(5) IGNORE action to remove
+Postfix's own Received: message header. This causes problems with
+mail signing filters. Instead, keep Postfix's own Received: message
+header and use the header_checks(5) REPLACE action to sanitize
+information. </p>
+
<p> You specify non-SMTP Milter applications with the non_smtpd_milters
parameter. This parameter uses the same syntax as the smtpd_milters
parameter in the previous section. As with the SMTP-only filters,
<blockquote>
<pre>
/etc/postfix/main.cf:
- smtpd_sasl_application_name = smtpd
+ smtpd_sasl_application_name = smtpd (Postfix < 2.3)
+ smtpd_sasl_path = smtpd (Postfix 2.3 and later)
</pre>
</blockquote>
reject_authenticated_sender_login_mismatch and
reject_unauthenticated_sender_login_mismatch, and revised the docs.
-<li> Wietse made another iteration through the code to add
-plug-in support for multiple SASL implementations.
+<li> Wietse made another iteration through the code to add plug-in
+support for multiple SASL implementations, and changed
+smtpd_sasl_application_name into smtpd_sasl_path.
<li> The Dovecot SMTP server-only plug-in was originally implemented by
Timo Sirainen of Procontrol, Finland.
</p>
<p>
-This feature is available in Postfix 2.1 and later.
+This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
+it was renamed to smtpd_sasl_path.
</p>
%PARAM strict_7bit_headers no
<b>smtpd_sasl_type</b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
-<p> This feature is available in Postfix 2.3 and later. </p>
+<p> This feature is available in Postfix 2.3 and later. In earlier
+releases it was called smtpd_sasl_application. </p>
%PARAM smtp_sasl_path
static off_t cleanup_find_header(CLEANUP_STATE *state, ssize_t index,
const char *header_label, VSTRING *buf,
int *prec_type,
- int allow_ptr_backup)
+ int allow_ptr_backup,
+ int skip_headers)
{
const char *myname = "cleanup_find_header";
off_t curr_offset; /* offset after found record */
int rec_type;
int last_type;
ssize_t len;
+ int hdr_count = 0;
if (msg_verbose)
msg_info("%s: index %ld name \"%s\"",
* duplicate some of its logic here and in the routines that delete or
* modify header records. To minimize the duplication we define an ugly
* macro that is used in all code that scans for header boundaries.
+ *
+ * XXX Sendmail compatibility (based on Sendmail 8.13.6 measurements).
+ *
+ * - When changing Received: header #1, we change the Received: header that
+ * follows our own one; a request to change Received: header #0 is
+ * silently treated as a request to change Received: header #1.
+ *
+ * - When changing Date: header #1, we change the first Date: header; a
+ * request to change Date: header #0 is silently treated as a request to
+ * change Date: header #1.
+ *
+ * Thus, header change requests are relative to the content as received,
+ * that is, the content after our own Received: header. They can affect
+ * only the headers that the MTA actually exposes to mail filter
+ * applications.
+ *
+ * - However, when inserting a header at position 0, the new header appears
+ * before our own Received: header, and when inserting at position 1, the
+ * new header appears after our own Received: header.
+ *
+ * Thus, header insert operations are relative to the content as delivered,
+ * that is, the content including our own Received: header.
*/
#define GET_NEXT_TEXT_OR_PTR_RECORD(rec_type, state, buf, curr_offset) \
if ((rec_type = rec_get_raw(state->dst, buf, 0, REC_FLAG_NONE)) < 0) \
break;
}
/* This the start of a message header. */
+ else if (hdr_count++ < skip_headers)
+ continue;
else if ((header_label == 0
|| (strncasecmp(header_label, STR(buf), len) == 0
&& (IS_SPACE_TAB(STR(buf)[len])
*/
#define NO_HEADER_NAME ((char *) 0)
#define ALLOW_PTR_BACKUP 1
+#define SKIP_ONE_HEADER 1
+#define DONT_SKIP_HEADERS 0
if (index < 1)
index = 1;
old_rec_offset = cleanup_find_header(state, index, NO_HEADER_NAME,
old_rec_buf, &old_rec_type,
- ALLOW_PTR_BACKUP);
+ ALLOW_PTR_BACKUP,
+ DONT_SKIP_HEADERS);
if (old_rec_offset < 0) {
cleanup_add_header(context, new_hdr_name, new_hdr_value);
} else {
rec_buf = vstring_alloc(100);
old_rec_offset = cleanup_find_header(state, index, new_hdr_name,
rec_buf, &last_type,
- NO_PTR_BACKUP);
+ NO_PTR_BACKUP,
+ SKIP_ONE_HEADER);
if (old_rec_offset < 0) {
cleanup_add_header(context, new_hdr_name, new_hdr_value);
} else {
*/
rec_buf = vstring_alloc(100);
header_offset = cleanup_find_header(state, index, hdr_name, rec_buf,
- &last_type, NO_PTR_BACKUP);
+ &last_type, NO_PTR_BACKUP,
+ SKIP_ONE_HEADER);
/* Memory usage for header offsets is limited by header_size_limit. */
if (header_offset > 0) {
ssize_t off_len = 1;
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20060629"
-#define MAIL_VERSION_NUMBER "2.3-RC1"
+#define MAIL_RELEASE_DATE "20060630"
+#define MAIL_VERSION_NUMBER "2.3-RC2"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER
* Optionally, restrict the damage that this process can do.
*/
resolve_local_init();
-#ifdef SNAPSHOT
tzset();
-#endif
chroot_uid(root_dir, user_name);
/*
* Optionally, restrict the damage that this process can do.
*/
resolve_local_init();
-#ifdef SNAPSHOT
tzset();
-#endif
chroot_uid(root_dir, user_name);
/*
* Optionally, restrict the damage that this process can do.
*/
resolve_local_init();
-#ifdef SNAPSHOT
tzset();
-#endif
chroot_uid(root_dir, user_name);
/*
typedef struct {
MILTER8 *milter; /* milter client */
ARGV *macros; /* end-of-body macros */
+ int hdr_count; /* header counter */
const char *resp; /* milter application response */
} MILTER_MSG_CONTEXT;
char *cp;
int skip_reply;
+ /*
+ * XXX Sendmail compatibility. Don't expose our first (received) header
+ * to mail filter applications. See also cleanup_milter.c for code to
+ * ensure that header replace requests are relative to the message
+ * content as received, that is, without our own first (received) header,
+ * while header insert requests are relative to the message as delivered,
+ * that is, including our own first (received) header.
+ *
+ * XXX But this breaks when they delete our own Received: header with
+ * header_checks before it reaches the queue file. Even then we must not
+ * expose the first header to mail filter applications, otherwise the
+ * dk-filter signature will be inserted at the wrong position. It should
+ * precede the headers that it signs.
+ */
+ if (msg_ctx->hdr_count++ == 0)
+ return;
+
/*
* Sendmail 8 sends multi-line headers as text separated by newline.
*
}
msg_ctx.milter = milter;
msg_ctx.macros = macros;
+ msg_ctx.hdr_count = 0;
msg_ctx.resp = 0;
mime_state =
mime_state_alloc(MIME_OPT_DISABLE_MIME,
static sfsistat test_eom(SMFICTX *ctx)
{
printf("test_eom\n");
+#if 0
+ if (smfi_insheader(ctx, 1, "Received", "insert at 1") == MI_FAILURE)
+ fprintf(stderr, "smfi_insheader failed");
+#endif
+#if 0
+ if (smfi_chgheader(ctx, "Received", 1, "change received #1") == MI_FAILURE)
+ fprintf(stderr, "smfi_chgheader failed");
+#endif
+#if 0
+ if (smfi_chgheader(ctx, "date", 0, "change date #0") == MI_FAILURE)
+ fprintf(stderr, "smfi_chgheader failed");
+#endif
return (test_reply(ctx, test_eom_reply));
}
{
"test-milter",
SMFI_VERSION,
- SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_CHGHDRS,
+ SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_ADDHDRS | SMFIF_CHGHDRS,
test_connect,
test_helo,
test_mail,
450, "4.7.0",
"<%s>: %s rejected: defer_if_reject requested",
reply_name, reply_class);
-#ifdef SNAPSHOT
} else if (strcasecmp(name, SLEEP) == 0) {
if (cpp[1] == 0 || alldig(cpp[1]) == 0) {
msg_warn("restriction %s must be followed by number", SLEEP);
"Server configuration error"));
} else
sleep(atoi(*++cpp));
-#endif
} else if (strcasecmp(name, REJECT_PLAINTEXT_SESSION) == 0) {
status = reject_plaintext_session(state);
}
#endif
-#ifdef SNAPSHOT
-
static void check_table_stats(int unused_event, char *unused_context)
{
const char *table;
event_request_timer(check_table_stats, (char *) 0, 10);
}
-#endif
-
/* pre_jail_init - initialize before entering chroot jail */
static void pre_jail_init(char *unused_name, char **unused_argv)
transport_post_init(resolve_regular.transport_info);
if (resolve_verify.transport_info)
transport_post_init(resolve_verify.transport_info);
-#ifdef SNAPSHOT
check_table_stats(0, (char *) 0);
-#endif
/*
* This process is called by clients that already enforce the max_idle
projects / thirdparty / postfix.git / commitdiff
