to take the software under the license of their choice.
Those who are more comfortable with the IPL can continue
with that license. File: LICENSE.
+
+20180218
+
+ Cleanup: added 22 missing *_maps parameters to the default
+ proxy_read_maps setting. Files: global/mail_params.h.
+
+ Bugfix (introduced: 20120117): postconf should scan only
+ built-in or service-defined parameters for ldap, *sql, etc.
+ database names. Files: postconf/postconf_user.c.
+
+20180306
+
+ Bugfix (introduced: 19990302): when luser_relay specifies
+ a non-existent local address, the luser_relay feature becomes
+ a black hole. Reported by Jørgen Thomsen. File: local/unknown.c.
+
+20180422
+
+ Bugfix (introduced: Postfix 2.8): missing tls_server_start()
+ error propagation in tlsproxy(8) resulting in segfault after
+ TLS handshake error. Found during code maintenance. File:
+ tlsproxy/tlsproxy.c.
" $" VAR_HELO_CHECKS \
" $" VAR_MAIL_CHECKS \
" $" VAR_RELAY_CHECKS \
- " $" VAR_RCPT_CHECKS
+ " $" VAR_RCPT_CHECKS \
+ " $" VAR_VRFY_SND_DEF_XPORT_MAPS \
+ " $" VAR_VRFY_RELAY_MAPS \
+ " $" VAR_VRFY_XPORT_MAPS \
+ " $" VAR_FBCK_TRANSP_MAPS \
+ " $" VAR_LMTP_EHLO_DIS_MAPS \
+ " $" VAR_LMTP_PIX_BUG_MAPS \
+ " $" VAR_LMTP_SASL_PASSWD \
+ " $" VAR_LMTP_TLS_POLICY \
+ " $" VAR_MAILBOX_CMD_MAPS \
+ " $" VAR_MBOX_TRANSP_MAPS \
+ " $" VAR_PSC_EHLO_DIS_MAPS \
+ " $" VAR_RBL_REPLY_MAPS \
+ " $" VAR_SND_DEF_XPORT_MAPS \
+ " $" VAR_SND_RELAY_MAPS \
+ " $" VAR_SMTP_EHLO_DIS_MAPS \
+ " $" VAR_SMTP_PIX_BUG_MAPS \
+ " $" VAR_SMTP_SASL_PASSWD \
+ " $" VAR_SMTP_TLS_POLICY \
+ " $" VAR_SMTPD_EHLO_DIS_MAPS \
+ " $" VAR_SMTPD_MILTER_MAPS \
+ " $" VAR_VIRT_GID_MAPS \
+ " $" VAR_VIRT_UID_MAPS
extern char *var_proxy_read_maps;
#define VAR_PROXY_WRITE_MAPS "proxy_write_maps"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20180127"
-#define MAIL_VERSION_NUMBER "3.2.5"
+#define MAIL_RELEASE_DATE "20180519"
+#define MAIL_VERSION_NUMBER "3.2.6"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
#include <sent.h>
#include <deliver_pass.h>
#include <defer.h>
+#include <canon_addr.h>
/* Application-specific. */
#include "local.h"
+#define STREQ(x,y) (strcasecmp((x),(y)) == 0)
+
/* deliver_unknown - delivery for unknown recipients */
int deliver_unknown(LOCAL_STATE state, USER_ATTR usr_attr)
const char *myname = "deliver_unknown";
int status;
VSTRING *expand_luser;
+ VSTRING *canon_luser;
static MAPS *transp_maps;
const char *map_transport;
if (*var_luser_relay) {
state.msg_attr.unmatched = 0;
expand_luser = vstring_alloc(100);
+ canon_luser = vstring_alloc(100);
local_expand(expand_luser, var_luser_relay, &state, &usr_attr, (void *) 0);
- status = deliver_resolve_addr(state, usr_attr, STR(expand_luser));
+ /* In case luser_relay specifies a domain-less address. */
+ canon_addr_external(canon_luser, vstring_str(expand_luser));
+ /* Assumes that the address resolver won't change the address. */
+ if (STREQ(vstring_str(canon_luser), state.msg_attr.rcpt.address)) {
+ dsb_simple(state.msg_attr.why, "5.1.1",
+ "unknown user: \"%s\"", state.msg_attr.user);
+ status = bounce_append(BOUNCE_FLAGS(state.request),
+ BOUNCE_ATTR(state.msg_attr));
+ } else {
+ status = deliver_resolve_addr(state, usr_attr, STR(expand_luser));
+ }
+ vstring_free(canon_luser);
vstring_free(expand_luser);
return (status);
}
* If no alias was found for a required reserved name, toss the message
* into the bit bucket, and issue a warning instead.
*/
-#define STREQ(x,y) (strcasecmp(x,y) == 0)
-
if (STREQ(state.msg_attr.user, MAIL_ADDR_MAIL_DAEMON)
|| STREQ(state.msg_attr.user, MAIL_ADDR_POSTMASTER)) {
msg_warn("required alias not found: %s", state.msg_attr.user);
}
SCAN_USER_PARAMETER_VALUE(cparam_value, PCF_PARAM_FLAG_USER, local_scope);
#ifdef LEGACY_DBMS_SUPPORT
- pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter,
- local_scope);
+#define PCF_BUILTIN_PARAMETER(node) ((node)->flags & PCF_PARAM_FLAG_BUILTIN)
+#define PCF_SERVICE_PARAMETER(node) ((node)->flags & PCF_PARAM_FLAG_SERVICE)
+
+ if (node != 0
+ && (PCF_BUILTIN_PARAMETER(node) || PCF_SERVICE_PARAMETER(node)))
+ pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter,
+ local_scope);
#endif
}
}
config_directory = .
db = memcache
-foo_domain = bar
header_checks = ldap:hh
hh_domain = whatever
yy = aap
zz_domain = whatever
+./postconf: warning: ./main.cf: unused parameter: foo_domain=bar
./postconf: warning: ./main.cf: unused parameter: zz=$yy
./postconf: warning: ./main.cf: unused parameter: aa_domain=whatever
./postconf: warning: ./main.cf: unused parameter: xx=proxy:ldap:foo
config_directory = .
-ldapfoo_domain = bar
-memcachefoo_domain = bar
-mysqlfoo_domain = bar
-pgsqlfoo_domain = bar
-sqlitefoo_domain = bar
./postconf: warning: ./main.cf: unused parameter: sqlitexx=proxy:sqlite:sqlitefoo
./postconf: warning: ./main.cf: unused parameter: pgsqlxx=proxy:pgsql:pgsqlfoo
+./postconf: warning: ./main.cf: unused parameter: ldapfoo_domain=bar
./postconf: warning: ./main.cf: unused parameter: memcachefoo_domainx=bar
./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domain=bar
./postconf: warning: ./main.cf: unused parameter: memcachexx=proxy:memcache:memcachefoo
./postconf: warning: ./main.cf: unused parameter: mysqlxx=proxy:mysql:mysqlfoo
./postconf: warning: ./main.cf: unused parameter: ldapxx=proxy:ldap:ldapfoo
./postconf: warning: ./main.cf: unused parameter: ldapfoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: memcachefoo_domain=bar
./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domainx=bar
./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domainx=bar
+./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domain=bar
+./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domain=bar
/* tlsp_start_tls - turn on TLS or force disconnect */
-static void tlsp_start_tls(TLSP_STATE *state)
+static int tlsp_start_tls(TLSP_STATE *state)
{
TLS_SERVER_START_PROPS props;
static char *cipher_grade;
if (state->tls_context == 0) {
tlsp_state_free(state);
- return;
+ return (-1);
}
/*
* XXX Do we care about certificate verification results? Not as long as
* postscreen(8) doesn't actually receive email.
*/
+ return (0);
}
/* tlsp_get_fd_event - receive final postscreen(8) hand-off information */
* Perform the TLS layer before-handshake initialization. We perform the
* remainder after the TLS handshake completes.
*/
- tlsp_start_tls(state);
+ if (tlsp_start_tls(state) < 0)
+ return;
/*
* Trigger the initial proxy server I/Os.
projects / thirdparty / postfix.git / commitdiff
