concurrent processes, use whatever process limit is feasible for your
machine. Content inspection software can gobble up a lot of system
resources, so you don't want to have too much of it running at the same
- time. The empty null_sender feature is both necessary and available with
- Postfix 2.3 and later.
+ time. The empty null_sender setting is required with Postfix 2.3 and later.
* To turn on content filtering for mail arriving via SMTP only, append "-
o content_filter=filter:dummy" to the master.cf entry that defines the
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
+Incompatibility with snapshot 20090426
+======================================
+
+The Postfix SMTP client no longer tries to use the obsolete SSLv2
+protocol by default, as this may prevent the use of modern SSL
+features. Lack of SSLv2 support should never be a problem, since
+SSLv3 was defined in 1996, and TLSv1 in 2006. The Postfix SMTP
+server maintains SSLv2 support for backwards compatibility with
+ancient clients.
+
+Major changes with snapshot 20090426
+====================================
+
+The following improvements have been made to the Milter implementation:
+
+- Improved compatibility of the {mail_addr} and {rcpt_addr} macros.
+
+- Support for the {mail_host}, {mail_mailer}, {rcpt_host} and
+{rcpt_mailer} macros.
+
+- Milters can now request rejected recipients with the SMFIP_RCPT_REJ
+feature. In this case, {rcpt_mailer} is "error", {rcpt_host} is an
+enhanced status code, and {rcpt_addr} is descriptive text.
+
Incompatibility with snapshot 20090330
======================================
limit of 10 concurrent processes, use whatever process limit is
feasible for your machine. Content inspection software can gobble
up a lot of system resources, so you don't want to have too much
-of it running at the same time. The empty null_sender feature is
-both necessary and available with Postfix 2.3 and later. </p>
+of it running at the same time. The empty null_sender setting is
+required with Postfix 2.3 and later. </p>
<li> <p> To turn on content filtering for mail arriving via SMTP
only, append "-o <a href="postconf.5.html#content_filter">content_filter</a>=filter:dummy" to the <a href="master.5.html">master.cf</a>
<p> List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption. Starting with Postfix 2.6,
-the Postfix SMTP client will by default only use SSLv3 and TLSv1, the
-SSLv2 protocol is insecure and obsolete. </p>
+the Postfix SMTP client will by default not use the obsolete SSLv2
+protocol. </p>
<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or
colons. In the policy table (see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid
.SH smtp_tls_protocols (default: !SSLv2)
List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption. Starting with Postfix 2.6,
-the Postfix SMTP client will by default only use SSLv3 and TLSv1, the
-SSLv2 protocol is insecure and obsolete.
+the Postfix SMTP client will by default not use the obsolete SSLv2
+protocol.
.PP
In main.cf the values are separated by whitespace, commas or
colons. In the policy table (see smtp_tls_policy_maps) the only valid
s;\btls_eecdh_ultra_curve\b;<a href="postconf.5.html#tls_eecdh_ultra_curve">$&</a>;g;
s;\bfrozen_delivered_to\b;<a href="postconf.5.html#frozen_delivered_to">$&</a>;g;
- s;\bfrozen_owner_alias\b;<a href="postconf.5.html#frozen_owner_alias">$&</a>;g;
# Transport-dependent magical parameters.
limit of 10 concurrent processes, use whatever process limit is
feasible for your machine. Content inspection software can gobble
up a lot of system resources, so you don't want to have too much
-of it running at the same time. The empty null_sender feature is
-both necessary and available with Postfix 2.3 and later. </p>
+of it running at the same time. The empty null_sender setting is
+required with Postfix 2.3 and later. </p>
<li> <p> To turn on content filtering for mail arriving via SMTP
only, append "-o content_filter=filter:dummy" to the master.cf
<p> List of TLS protocols that the Postfix SMTP client will exclude or
include with opportunistic TLS encryption. Starting with Postfix 2.6,
-the Postfix SMTP client will by default only use SSLv3 and TLSv1, the
-SSLv2 protocol is insecure and obsolete. </p>
+the Postfix SMTP client will by default not use the obsolete SSLv2
+protocol. </p>
<p> In main.cf the values are separated by whitespace, commas or
colons. In the policy table (see smtp_tls_policy_maps) the only valid
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20090426"
+#define MAIL_RELEASE_DATE "20090427"
#define MAIL_VERSION_NUMBER "2.7"
#ifdef SNAPSHOT
/*
/* milter_rcpt_event() reports an RCPT TO event to the specified
/* milter instances, after sending the macros that were specified
-/* with the milter_create() rcpt_macros argument. When the flags
-/* argument is non-zero, it selects only milter instances that
-/* have at least one of the specificed flags. Known flags are:
+/* with the milter_create() rcpt_macros argument. The flags
+/* argument supports the following:
/* .IP MILTER_FLAG_WANT_RCPT_REJ
-/* This milter expects to receive rejected recipients with the
-/* {rcpt_mailer} macro set to "error".
+/* When this flag is cleared, invoke all milters. When this
+/* flag is set, invoke only milters that want to receive
+/* rejected recipients; with Sendmail V8 Milters, {rcpt_mailer}
+/* is set to "error", {rcpt_host} is set to an enhanced status
+/* code, and {rcpt_addr} is set to descriptive text.
/* .PP
/* milter_data_event() reports a DATA event to the specified
/* milter instances, after sending the macros that were specified
if (state->recipient[0] == 0)
return ("");
if (state->milter_reject_text) {
+ /* 554 5.7.1 <user@example.com>: Relay access denied */
vstring_strcpy(state->expand_buf, state->milter_reject_text + 4);
cp = split_at(STR(state->expand_buf), ' ');
return (cp ? split_at(cp, ' ') : cp);
if (state->recipient == 0)
return (0);
if (state->milter_reject_text) {
+ /* 554 5.7.1 <user@example.com>: Relay access denied */
vstring_strcpy(state->expand_buf, state->milter_reject_text + 4);
(void) split_at(STR(state->expand_buf), ' ');
return (STR(state->expand_buf));
argv_split.o: argv.h
argv_split.o: argv_split.c
argv_split.o: mymalloc.h
+argv_split.o: msg.h
argv_split.o: stringops.h
argv_split.o: sys_defs.h
argv_split.o: vbuf.h
extern ARGV *argv_free(ARGV *);
extern ARGV *argv_split(const char *, const char *);
+extern ARGV *argv_split_count(const char *, const char *, ssize_t);
extern ARGV *argv_split_append(ARGV *, const char *, const char *);
#define ARGV_END ((char *) 0)
/* ARGV *argv_split(string, delim)
/* const char *string;
/*
+/* ARGV *argv_split_count(string, delim, count)
+/* const char *string;
+/* ssize_t count;
+/*
/* ARGV *argv_split_append(argv, string, delim)
/* ARGV *argv;
/* const char *string;
/* to the delimiters specified in \fIdelim\fR. The result is
/* a null-terminated string array.
/*
+/* argv_split_count() is like argv_split() but stops splitting
+/* input after at most \fIcount\fR -1 times and leaves the
+/* remainder, if any, in the last array element. It is an error
+/* to specify a count < 1.
+/*
/* argv_split_append() performs the same operation as argv_split(),
/* but appends the result to an existing string array.
/* SEE ALSO
/* System libraries. */
#include <sys_defs.h>
+#include <string.h>
/* Application-specific. */
#include "mymalloc.h"
#include "stringops.h"
#include "argv.h"
+#include "msg.h"
/* argv_split - split string into token array */
return (argvp);
}
+/* argv_split_count - split string into token array */
+
+ARGV *argv_split_count(const char *string, const char *delim, ssize_t count)
+{
+ ARGV *argvp = argv_alloc(1);
+ char *saved_string = mystrdup(string);
+ char *bp = saved_string;
+ char *arg;
+
+ if (count < 1)
+ msg_panic("argv_split_count: bad count: %ld", (long) count);
+ while (count-- > 1 && (arg = mystrtok(&bp, delim)) != 0)
+ argv_add(argvp, arg, (char *) 0);
+ if (*bp)
+ bp += strspn(bp, delim);
+ if (*bp)
+ argv_add(argvp, bp, (char *) 0);
+ argv_terminate(argvp);
+ myfree(saved_string);
+ return (argvp);
+}
+
/* argv_split_append - split string into token array, append to array */
ARGV *argv_split_append(ARGV *argvp, const char *string, const char *delim)
VSTREAM_CTL_TIMEOUT, AUTH_TIMEOUT,
VSTREAM_CTL_END);
- /* XXX Encapsulate for logging. */
+ /* XXX Encapsulate for logging. */
vstream_fprintf(sasl_stream,
"VERSION\t%u\t%u\n"
"CPID\t%u\n",
}
success = 0;
line_str = vstring_alloc(256);
- /* XXX Encapsulate for logging. */
+ /* XXX Encapsulate for logging. */
while (vstring_get_nonl(line_str, sasl_stream) != VSTREAM_EOF) {
line = vstring_str(line_str);
const char *myname = "xsasl_dovecot_handle_reply";
char *line, *cmd;
- /* XXX Encapsulate for logging. */
+ /* XXX Encapsulate for logging. */
while (vstring_get_nonl(server->sasl_line,
server->impl->sasl_stream) != VSTREAM_EOF) {
line = vstring_str(server->sasl_line);
server->service, server->server_addr,
server->client_addr);
if (server->tls_flag)
- /* XXX Encapsulate for logging. */
+ /* XXX Encapsulate for logging. */
vstream_fputs("\tsecured", server->impl->sasl_stream);
if (init_response) {
* initial response is already base64 encoded, so we can send it
* directly.
*/
- /* XXX Encapsulate for logging. */
+ /* XXX Encapsulate for logging. */
vstream_fprintf(server->impl->sasl_stream,
"\tresp=%s", init_response);
}
vstring_strcpy(reply, "Invalid base64 data in continued response");
return XSASL_AUTH_FAIL;
}
- /* XXX Encapsulate for logging. */
+ /* XXX Encapsulate for logging. */
vstream_fprintf(server->impl->sasl_stream,
"CONT\t%u\t%s\n", server->last_request_id, request);
if (vstream_fflush(server->impl->sasl_stream) == VSTREAM_EOF) {
projects / thirdparty / postfix.git / commitdiff
