Workaround: reportedly, some res_query(3) implementation
can return -1 with h_errno==0. Instead of terminating with
- a panic, the DNS client now logs a warning and sets h_errno
- to TRY_AGAIN. File: dns/dns_lookup.c.
+ a panic, the Postfix DNS client now logs a warning and sets
+ h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
Cleanup: allow XCLIENT before STARTTLS, when TLS is required.
File: smtpd/smtpd.c.
Cleanup: added employer attributions for non-trivial changes
after Wietse changed employers.
+
+20180106
+
+ Compatibility: with compatibility_level < 1, the SMTP server
+ now warns for mail that would be blocked by the Postfix
+ 2.10 smtpd_relay_restrictions feature. This extends the
+ safety net for sites that upgrade from earlier Postfix
+ versions (questions on the postfix-users list show a steady
+ trickle). Files: proto/COMPATIBILITY_README.html,
+ global/mail_params[hc], smtpd/smtpd_check.c.
+
+ Cleanup: reset compatibility_level warnings after 'postfix
+ reload'. This is relevant primarily for the master daemon.
+ File: global/mail_params.c.
+
+ Cleanup: missing mailbox seek-to-end error check in the
+ local(8) delivery agent. File: local/mailbox.c.
+
+ Cleanup: incorrect mailbox seek-to-end error message in the
+ virtual(8) delivery agent. File: virtual/mailbox.c.
* Using backwards-compatible default setting chroot=y
+ * Using backwards-compatible default setting smtpd_relay_restrictions =
+ (empty)
+
* Using backwards-compatible default setting mynetworks_style=subnet
* Using backwards-compatible default setting relay_domains=$mydestination
U\bUs\bsi\bin\bng\bg b\bba\bac\bck\bkw\bwa\bar\brd\bds\bs-\b-c\bco\bom\bmp\bpa\bat\bti\bib\bbl\ble\be d\bde\bef\bfa\bau\bul\blt\bt s\bse\bet\btt\bti\bin\bng\bg a\bap\bpp\bpe\ben\bnd\bd_\b_d\bdo\bot\bt_\b_m\bmy\byd\bdo\bom\bma\bai\bin\bn=\b=y\bye\bes\bs
-The append_dot_mydomain default value has changed from "yes" to "no". As long
-as the append_dot_mydomain parameter is left at its implicit default value, and
-the backwards-compatible default setting is turned on, Postfix may log one of
-the following messages:
+The append_dot_mydomain default value has changed from "yes" to "no". This
+could result in unexpected non-delivery of email after Postfix is updated from
+an older version. The backwards-compatibility safety net is designed to prevent
+such surprises.
+
+As long as the append_dot_mydomain parameter is left at its implicit default
+value, and the compatibility_level setting is less than 1, Postfix may log one
+of the following messages:
* Messages about missing "localhost" in mydestination or other address class:
U\bUs\bsi\bin\bng\bg b\bba\bac\bck\bkw\bwa\bar\brd\bds\bs-\b-c\bco\bom\bmp\bpa\bat\bti\bib\bbl\ble\be d\bde\bef\bfa\bau\bul\blt\bt s\bse\bet\btt\bti\bin\bng\bg c\bch\bhr\bro\boo\bot\bt=\b=y\by
-The master.cf chroot default value has changed from "y" (yes) to "n" (no). As
-long as a master.cf chroot field is left at its implicit default value, and the
-backwards-compatible default setting is turned on, Postfix may log the
-following message while it reads the master.cf file:
+The master.cf chroot default value has changed from "y" (yes) to "n" (no). The
+new default avoids the need for copies of system files under the Postfix queue
+directory. However, sites with strict security requirements may want to keep
+the chroot feature enabled after updating Postfix from an older version. The
+backwards-compatibility safety net is designed allow the administrator to
+choose if they want to keep the old behavior.
+
+As long as a master.cf chroot field is left at its implicit default value, and
+the compatibility_level setting is less than 1, Postfix may log the following
+message while it reads the master.cf file:
postfix/master[27664]: /etc/postfix/master.cf: line 72: using
backwards-compatible default setting chroot=y
# p\bpo\bos\bst\btc\bco\bon\bnf\bf -\b-F\bF s\bsm\bmt\btp\bp/\b/i\bin\bne\bet\bt/\b/c\bch\bhr\bro\boo\bot\bt=\b=y\by
# p\bpo\bos\bst\btf\bfi\bix\bx r\bre\bel\blo\boa\bad\bd
+U\bUs\bsi\bin\bng\bg b\bba\bac\bck\bkw\bwa\bar\brd\bds\bs-\b-c\bco\bom\bmp\bpa\bat\bti\bib\bbl\ble\be d\bde\bef\bfa\bau\bul\blt\bt s\bse\bet\btt\bti\bin\bng\bg s\bsm\bmt\btp\bpd\bd_\b_r\bre\bel\bla\bay\by_\b_r\bre\bes\bst\btr\bri\bic\bct\bti\bio\bon\bns\bs =\b= (\b(e\bem\bmp\bpt\bty\by)\b)
+
+The smtpd_relay_restrictions feature was introduced with Postfix version 2.10,
+as a safety mechanism for configuration errors in smtpd_recipient_restrictions
+that could make Postfix an open relay.
+
+The smtpd_relay_restrictions implicit default setting forbids mail to remote
+destinations from clients that don't match permit_mynetworks or
+permit_sasl_authenticated. This could result in unexpected 'Relay access
+denied' errors after Postfix is updated from an older Postfix version. The
+backwards-compatibility safety net is designed to prevent such surprises.
+
+When the compatibility_level less than 1, and the smtpd_relay_restrictions
+parameter is left at its implicit default setting, Postfix may log the
+following message:
+
+ postfix/smtpd[38463]: using backwards-compatible default setting
+ "smtpd_relay_restrictions = (empty)" to avoid "Relay access
+ denied" error for recipient "user@example.com" from client
+ "host.example.net[10.0.0.2]"
+
+If this request should not be blocked, then the system administrator should
+make the backwards-compatible setting "smtpd_relay_restrictions=" (i.e. empty)
+permanent in main.cf:
+
+ # p\bpo\bos\bst\btc\bco\bon\bnf\bf s\bsm\bmt\btp\bpd\bd_\b_r\bre\bel\bla\bay\by_\b_r\bre\bes\bst\btr\bri\bic\bct\bti\bio\bon\bns\bs=\b=
+ # p\bpo\bos\bst\btf\bfi\bix\bx r\bre\bel\blo\boa\bad\bd
+
U\bUs\bsi\bin\bng\bg b\bba\bac\bck\bkw\bwa\bar\brd\bds\bs-\b-c\bco\bom\bmp\bpa\bat\bti\bib\bbl\ble\be d\bde\bef\bfa\bau\bul\blt\bt s\bse\bet\btt\bti\bin\bng\bg m\bmy\byn\bne\bet\btw\bwo\bor\brk\bks\bs_\b_s\bst\bty\byl\ble\be=\b=s\bsu\bub\bbn\bne\bet\bt
The mynetworks_style default value has changed from "subnet" to "host". This
-parameter is used to implement the "permit_mynetworks" feature. As long as the
-mynetworks and mynetworks_style parameters are left at their implicit default
-values, and the backwards-compatible default setting is turned on, the Postfix
-SMTP server may log one of the following messages:
+parameter is used to implement the "permit_mynetworks" feature. The change
+could in unexpected 'access denied' errors after Postfix is updated from an
+older version. The backwards-compatibility safety net is designed to prevent
+such surprises.
+
+As long as the mynetworks and mynetworks_style parameters are left at their
+implicit default values, and the compatibility_level setting is less than 2,
+the Postfix SMTP server may log one of the following messages:
postfix/smtpd[17375]: using backwards-compatible default setting
mynetworks_style=subnet to permit request from client
U\bUs\bsi\bin\bng\bg b\bba\bac\bck\bkw\bwa\bar\brd\bds\bs-\b-c\bco\bom\bmp\bpa\bat\bti\bib\bbl\ble\be d\bde\bef\bfa\bau\bul\blt\bt s\bse\bet\btt\bti\bin\bng\bg r\bre\bel\bla\bay\by_\b_d\bdo\bom\bma\bai\bin\bns\bs=\b=$\b$m\bmy\byd\bde\bes\bst\bti\bin\bna\bat\bti\bio\bon\bn
The relay_domains default value has changed from "$mydestination" to the empty
-value. As long as the relay_domains parameter is left at its implicit default
-value, and the backwards-compatible default setting is turned on, Postfix may
-log one of the following messages.
+value. This could result in unexpected 'Relay access denied' errors or ETRN
+errors after Postfix is updated from an older version. The backwards-
+compatibility safety net is designed to prevent such surprises.
+
+As long as the relay_domains parameter is left at its implicit default value,
+and the compatibility_level setting is less than 2, Postfix may log one of the
+following messages.
* Messages about accepting mail for a remote domain:
The smtputf8_enable default value has changed from "no" to "yes. With the new
"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
-that don't request SMTPUTF8 support. With the old "no" setting, Postfix will
-accept such addresses, even if such addresses are not permitted by traditional
-SMTP standards.
+that don't request SMTPUTF8 support, after Postfix is updated from an older
+version. The backwards-compatibility safety net is designed to prevent such
+surprises.
As long as the smtputf8_enable parameter is left at its implicit default value,
-and the backwards-compatible default setting is turned on, Postfix logs a
-warning each time an SMTP command uses a non-ASCII address localpart without
-requesting SMTPUTF8 support:
+and the compatibility_level setting is less than 1, Postfix logs a warning each
+time an SMTP command uses a non-ASCII address localpart without requesting
+SMTPUTF8 support:
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII sender address
can decide if any backwards-compatible settings need to be made
permanent in main.cf or master.cf, before <a href="#turnoff">turning
off the backwards-compatibility safety net</a> as described at the
-end of this document. </p>
+end of this document. </p>
<p> The following messages may be logged: </p>
<li> <p> <a href="#chroot"> Using backwards-compatible default setting
chroot=y</a> </p>
+<li><p> <a href="#relay_restrictions"> Using backwards-compatible
+default setting smtpd_relay_restrictions = (empty)</a> </p>
+
<li> <p> <a href="#mynetworks_style"> Using backwards-compatible
default setting mynetworks_style=subnet </a> </p>
<p> When no more backwards-compatible settings need to be made
permanent, the system administrator should <a href="#turnoff">turn
off the backwards-compatibility safety net</a> as described at the
-end of this document. </p>
+end of this document. </p>
<h2> <a name="append_dot_mydomain"> Using backwards-compatible default
setting append_dot_mydomain=yes</a> </h2>
<p> The <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> default value has changed from "yes"
-to "no". As long as the <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameter is left at
-its implicit default value, and the backwards-compatible default
-setting is turned on, Postfix may log one of the following messages:</p>
+to "no". This could result in unexpected non-delivery of email after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameter is left at
+its implicit default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is
+less than 1, Postfix may log one of the following messages:</p>
<ul>
setting chroot=y</a> </h2>
<p> The <a href="master.5.html">master.cf</a> chroot default value has changed from "y" (yes)
-to "n" (no). As long as a <a href="master.5.html">master.cf</a> chroot field is left at its
-implicit default value, and the backwards-compatible default setting
-is turned on, Postfix may log the following message while it
+to "n" (no). The new default avoids the need for copies of system
+files under the Postfix queue directory. However, sites with strict
+security requirements may want to keep the chroot feature enabled
+after updating Postfix from an older version. The backwards-compatibility
+safety net is designed allow the administrator to choose if they
+want to keep the old behavior. </p>
+
+<p> As long as a <a href="master.5.html">master.cf</a> chroot field is left at its
+implicit default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting
+is less than 1, Postfix may log the following message while it
reads the <a href="master.5.html">master.cf</a> file: </p>
<blockquote>
</pre>
</blockquote>
+<h2> <a name="relay_restrictions"> Using backwards-compatible default
+setting smtpd_relay_restrictions = (empty)</a> </h2>
+
+<p> The <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> feature was introduced with Postfix
+version 2.10, as a safety mechanism for configuration errors in
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> that could make Postfix an open relay.
+</p>
+
+<p> The <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> implicit default setting forbids
+mail to remote destinations from clients that don't match
+<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> or <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>. This could result
+in unexpected 'Relay access denied' errors after Postfix is updated
+from an older Postfix version. The backwards-compatibility safety
+net is designed to prevent such surprises. </p>
+
+<p> When the <a href="postconf.5.html#compatibility_level">compatibility_level</a> less than 1, and the
+<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> parameter is left at its implicit default
+setting, Postfix may log the following message: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[38463]: using backwards-compatible default setting
+ "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = (empty)" to avoid "Relay access
+ denied" error for recipient "user@example.com" from client
+ "host.example.net[10.0.0.2]"
+</pre>
+</blockquote>
+
+<p> If this request should not be blocked, then the system
+administrator should make the backwards-compatible setting
+"<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=" (i.e. empty) permanent in <a href="postconf.5.html">main.cf</a>:
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
<h2> <a name="mynetworks_style"> Using backwards-compatible default
setting mynetworks_style=subnet</a> </h2>
<p> The <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> default value has changed from "subnet"
to "host". This parameter is used to implement the "<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>"
-feature. As long as the <a href="postconf.5.html#mynetworks">mynetworks</a> and <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameters
-are left at their implicit default values, and the backwards-compatible
-default setting is turned on, the Postfix SMTP server may log one
-of the following messages: </p>
+feature. The change could in unexpected 'access denied' errors after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the <a href="postconf.5.html#mynetworks">mynetworks</a> and <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameters are
+left at their implicit default values, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a>
+setting is less than 2, the Postfix SMTP server may log one of the
+following messages: </p>
<blockquote>
<pre>
setting relay_domains=$mydestination </a> </h2>
<p> The <a href="postconf.5.html#relay_domains">relay_domains</a> default value has changed from "$<a href="postconf.5.html#mydestination">mydestination</a>"
-to the empty value. As long as the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter is left
-at its implicit default value, and the backwards-compatible default
-setting is turned on, Postfix may log one of the following messages.
-</p>
+to the empty value. This could result in unexpected 'Relay access
+denied' errors or ETRN errors after Postfix is updated from an older
+version. The backwards-compatibility safety net is designed to
+prevent such surprises. </p>
+
+<p> As long as the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter is left at its implicit
+default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is less than 2,
+Postfix may log one of the following messages. </p>
<ul>
<p> The <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> default value has changed from "no" to "yes.
With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
-addresses from clients that don't request SMTPUTF8 support. With
-the old "no" setting, Postfix will accept such addresses, even if
-such addresses are not permitted by traditional SMTP standards. </p>
+addresses from clients that don't request SMTPUTF8 support, after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
<p> As long as the <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> parameter is left at its implicit
-default value, and the backwards-compatible default setting is
-turned on, Postfix logs a warning each time an SMTP command uses a
+default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is
+less than 1, Postfix logs a warning each time an SMTP command uses a
non-ASCII address localpart without requesting SMTPUTF8 support: </p>
<blockquote>
can decide if any backwards-compatible settings need to be made
permanent in main.cf or master.cf, before <a href="#turnoff">turning
off the backwards-compatibility safety net</a> as described at the
-end of this document. </p>
+end of this document. </p>
<p> The following messages may be logged: </p>
<li> <p> <a href="#chroot"> Using backwards-compatible default setting
chroot=y</a> </p>
+<li><p> <a href="#relay_restrictions"> Using backwards-compatible
+default setting smtpd_relay_restrictions = (empty)</a> </p>
+
<li> <p> <a href="#mynetworks_style"> Using backwards-compatible
default setting mynetworks_style=subnet </a> </p>
<p> When no more backwards-compatible settings need to be made
permanent, the system administrator should <a href="#turnoff">turn
off the backwards-compatibility safety net</a> as described at the
-end of this document. </p>
+end of this document. </p>
<h2> <a name="append_dot_mydomain"> Using backwards-compatible default
setting append_dot_mydomain=yes</a> </h2>
<p> The append_dot_mydomain default value has changed from "yes"
-to "no". As long as the append_dot_mydomain parameter is left at
-its implicit default value, and the backwards-compatible default
-setting is turned on, Postfix may log one of the following messages:</p>
+to "no". This could result in unexpected non-delivery of email after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the append_dot_mydomain parameter is left at
+its implicit default value, and the compatibility_level setting is
+less than 1, Postfix may log one of the following messages:</p>
<ul>
setting chroot=y</a> </h2>
<p> The master.cf chroot default value has changed from "y" (yes)
-to "n" (no). As long as a master.cf chroot field is left at its
-implicit default value, and the backwards-compatible default setting
-is turned on, Postfix may log the following message while it
+to "n" (no). The new default avoids the need for copies of system
+files under the Postfix queue directory. However, sites with strict
+security requirements may want to keep the chroot feature enabled
+after updating Postfix from an older version. The backwards-compatibility
+safety net is designed allow the administrator to choose if they
+want to keep the old behavior. </p>
+
+<p> As long as a master.cf chroot field is left at its
+implicit default value, and the compatibility_level setting
+is less than 1, Postfix may log the following message while it
reads the master.cf file: </p>
<blockquote>
</pre>
</blockquote>
+<h2> <a name="relay_restrictions"> Using backwards-compatible default
+setting smtpd_relay_restrictions = (empty)</a> </h2>
+
+<p> The smtpd_relay_restrictions feature was introduced with Postfix
+version 2.10, as a safety mechanism for configuration errors in
+smtpd_recipient_restrictions that could make Postfix an open relay.
+</p>
+
+<p> The smtpd_relay_restrictions implicit default setting forbids
+mail to remote destinations from clients that don't match
+permit_mynetworks or permit_sasl_authenticated. This could result
+in unexpected 'Relay access denied' errors after Postfix is updated
+from an older Postfix version. The backwards-compatibility safety
+net is designed to prevent such surprises. </p>
+
+<p> When the compatibility_level less than 1, and the
+smtpd_relay_restrictions parameter is left at its implicit default
+setting, Postfix may log the following message: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[38463]: using backwards-compatible default setting
+ "smtpd_relay_restrictions = (empty)" to avoid "Relay access
+ denied" error for recipient "user@example.com" from client
+ "host.example.net[10.0.0.2]"
+</pre>
+</blockquote>
+
+<p> If this request should not be blocked, then the system
+administrator should make the backwards-compatible setting
+"smtpd_relay_restrictions=" (i.e. empty) permanent in main.cf:
+
+<blockquote>
+<pre>
+# <b>postconf smtpd_relay_restrictions=</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
<h2> <a name="mynetworks_style"> Using backwards-compatible default
setting mynetworks_style=subnet</a> </h2>
<p> The mynetworks_style default value has changed from "subnet"
to "host". This parameter is used to implement the "permit_mynetworks"
-feature. As long as the mynetworks and mynetworks_style parameters
-are left at their implicit default values, and the backwards-compatible
-default setting is turned on, the Postfix SMTP server may log one
-of the following messages: </p>
+feature. The change could in unexpected 'access denied' errors after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the mynetworks and mynetworks_style parameters are
+left at their implicit default values, and the compatibility_level
+setting is less than 2, the Postfix SMTP server may log one of the
+following messages: </p>
<blockquote>
<pre>
setting relay_domains=$mydestination </a> </h2>
<p> The relay_domains default value has changed from "$mydestination"
-to the empty value. As long as the relay_domains parameter is left
-at its implicit default value, and the backwards-compatible default
-setting is turned on, Postfix may log one of the following messages.
-</p>
+to the empty value. This could result in unexpected 'Relay access
+denied' errors or ETRN errors after Postfix is updated from an older
+version. The backwards-compatibility safety net is designed to
+prevent such surprises. </p>
+
+<p> As long as the relay_domains parameter is left at its implicit
+default value, and the compatibility_level setting is less than 2,
+Postfix may log one of the following messages. </p>
<ul>
<p> The smtputf8_enable default value has changed from "no" to "yes.
With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
-addresses from clients that don't request SMTPUTF8 support. With
-the old "no" setting, Postfix will accept such addresses, even if
-such addresses are not permitted by traditional SMTP standards. </p>
+addresses from clients that don't request SMTPUTF8 support, after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
<p> As long as the smtputf8_enable parameter is left at its implicit
-default value, and the backwards-compatible default setting is
-turned on, Postfix logs a warning each time an SMTP command uses a
+default value, and the compatibility_level setting is
+less than 1, Postfix logs a warning each time an SMTP command uses a
non-ASCII address localpart without requesting SMTPUTF8 support: </p>
<blockquote>
/* int warn_compat_break_app_dot_mydomain;
/* int warn_compat_break_smtputf8_enable;
/* int warn_compat_break_chroot;
+/* int warn_compat_break_relay_restrictions;
/*
/* int warn_compat_break_relay_domains;
/* int warn_compat_break_flush_domains;
int warn_compat_break_app_dot_mydomain;
int warn_compat_break_smtputf8_enable;
int warn_compat_break_chroot;
+int warn_compat_break_relay_restrictions;
/* check_myhostname - lookup hostname and validate */
if (mail_conf_lookup(VAR_MYNETWORKS) == 0
&& mail_conf_lookup(VAR_MYNETWORKS_STYLE) == 0)
warn_compat_break_mynetworks_style = 1;
+ } else { /* for 'postfix reload' */
+ warn_compat_break_relay_domains = 0;
+ warn_compat_break_flush_domains = 0;
+ warn_compat_break_mynetworks_style = 0;
}
/*
if (mail_conf_lookup(VAR_SMTPUTF8_ENABLE) == 0)
warn_compat_break_smtputf8_enable = 1;
warn_compat_break_chroot = 1;
+
+ /*
+ * Grandfathered in to help sites migrating from Postfix <2.10.
+ */
+ if (mail_conf_lookup(VAR_RELAY_CHECKS) == 0)
+ warn_compat_break_relay_restrictions = 1;
+ } else { /* for 'postfix reload' */
+ warn_compat_break_app_dot_mydomain = 0;
+ warn_compat_break_smtputf8_enable = 0;
+ warn_compat_break_chroot = 0;
+ warn_compat_break_relay_restrictions = 0;
}
}
extern int warn_compat_break_app_dot_mydomain;
extern int warn_compat_break_smtputf8_enable;
extern int warn_compat_break_chroot;
+extern int warn_compat_break_relay_restrictions; /* Postfix 2.10. */
extern int warn_compat_break_relay_domains;
extern int warn_compat_break_flush_domains;
extern char *var_mail_checks;
#define VAR_RELAY_CHECKS "smtpd_relay_restrictions"
-#define DEF_RELAY_CHECKS PERMIT_MYNETWORKS ", " \
+#define DEF_RELAY_CHECKS "${{$compatibility_level} < {1} ? " \
+ "{} : {" PERMIT_MYNETWORKS ", " \
PERMIT_SASL_AUTH ", " \
- DEFER_UNAUTH_DEST
+ DEFER_UNAUTH_DEST "}}"
extern char *var_relay_checks;
+ /*
+ * For warn_compat_break_relay_domains check. Same as DEF_RELAY_CHECKS
+ * except that it evaluates to DUNNO instead of REJECT.
+ */
+#define FAKE_RELAY_CHECKS PERMIT_MYNETWORKS ", " \
+ PERMIT_SASL_AUTH ", " \
+ PERMIT_AUTH_DEST
+
#define VAR_RCPT_CHECKS "smtpd_recipient_restrictions"
#define DEF_RCPT_CHECKS ""
extern char *var_rcpt_checks;
#define VAR_SMTPD_MILTER_MAPS "smtpd_milter_maps"
#define DEF_SMTPD_MILTER_MAPS ""
extern char *var_smtpd_milter_maps;
+
#define SMTPD_MILTERS_DISABLE "DISABLE"
#define VAR_CLEANUP_MILTERS "non_smtpd_milters"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20171229"
+#define MAIL_RELEASE_DATE "20180106"
#define MAIL_VERSION_NUMBER "3.3"
#ifdef SNAPSHOT
int deliver_status;
int copy_flags;
VSTRING *biff;
- long end;
+ off_t end;
struct stat st;
uid_t spool_uid;
gid_t spool_gid;
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else {
- end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
+ if ((end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END)) < 0)
+ msg_fatal("seek mailbox file %s: %m", myname, mailbox);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
copy_flags, "\n", why);
}
static ARGV *helo_restrctions;
static ARGV *mail_restrctions;
static ARGV *relay_restrctions;
+static ARGV *fake_relay_restrctions;
static ARGV *rcpt_restrctions;
static ARGV *etrn_restrctions;
static ARGV *data_restrctions;
var_mail_checks);
relay_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
var_relay_checks);
+ if (warn_compat_break_relay_restrictions)
+ fake_relay_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
+ FAKE_RELAY_CHECKS);
rcpt_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
var_rcpt_checks);
etrn_restrctions = smtpd_check_parse(SMTPD_CHECK_PARSE_ALL,
* Apply restrictions in the order as specified. We allow relay
* restrictions to be empty, for sites that require backwards
* compatibility.
+ *
+ * If compatibility_level < 1 and smtpd_relay_restrictions is left at its
+ * default value, find out if the new smtpd_relay_restrictions default
+ * value would block the request, without logging REJECT messages.
+ * Approach: evaluate fake relay restrictions (permit_mynetworks,
+ * permit_sasl_authenticated, permit_auth_destination) and log a warning
+ * if the result is DUNNO instead of OK, i.e. a reject_unauth_destinatin
+ * at the end would have blocked the request.
*/
SMTPD_CHECK_RESET();
- restrctions[0] = relay_restrctions;
- restrctions[1] = rcpt_restrctions;
+ restrctions[0] = rcpt_restrctions;
+ restrctions[1] = warn_compat_break_relay_restrictions ?
+ fake_relay_restrctions : relay_restrctions;
for (n = 0; n < 2; n++) {
status = setjmp(smtpd_check_buf);
if (status == 0 && restrctions[n]->argc)
status = generic_checks(state, restrctions[n],
recipient, SMTPD_NAME_RECIPIENT, CHECK_RECIP_ACL);
+ if (n == 1 && warn_compat_break_relay_restrictions
+ && status == SMTPD_CHECK_DUNNO) {
+ msg_info("using backwards-compatible default setting \""
+ VAR_RELAY_CHECKS " = (empty)\" to avoid \"Relay "
+ "access denied\" error for recipient \"%s\" from "
+ "client \"%s\"", state->recipient, state->namaddr);
+ }
if (status == SMTPD_CHECK_REJECT)
break;
}
VAR_STRICT_MBOX_OWNER);
} else {
if (vstream_fseek(mp->fp, (off_t) 0, SEEK_END) < 0)
- msg_fatal("%s: seek queue file %s: %m",
+ msg_fatal("%s: seek mailbox file %s: %m",
myname, VSTREAM_PATH(mp->fp));
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
copy_flags, "\n", why);
projects / thirdparty / postfix.git / commitdiff
