From: Wietse Z Venema Date: Sun, 18 Feb 2024 05:00:00 +0000 (-0500) Subject: postfix-3.9-20240218 X-Git-Tag: v3.9.0~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03382b275ace7c6759e5cd5731ddc9444819a566;p=thirdparty%2Fpostfix.git postfix-3.9-20240218 --- diff --git a/postfix/.indent.pro b/postfix/.indent.pro index 414c65204..8ee03dbe7 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -249,6 +249,7 @@ -TNVTABLE_INFO -TOPTIONS -TPCF_DBMS_INFO +-TPCF_DEPR_PARAM_INFO -TPCF_EVAL_CTX -TPCF_MASTER_EDIT_REQ -TPCF_MASTER_ENT diff --git a/postfix/HISTORY b/postfix/HISTORY index 1de0492d3..5fec159d4 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -27895,3 +27895,28 @@ Apologies for any names omitted. Cleanup: missing mongodb checks in the postconf command, missing mongodb under "postconf -m" manpage entry. Files: postconf/postconf.c, postconf/postconf_dbms.c. + +20240218 + + Deprecation: the Postfix SMTP server logs a warning when + "permit_mx_backup" is used (support for restriction + "permit_mx_backup" will be removed from Postfix; instead, + use "relay_domains"). File: smtpd/smtpd_check.c. + + Deprecation: the postconf command logs a warning when the + following parameters are specified in main.cf or master.cf: + xxx_use_tls, xxx_enforce_tls (use the corresponding + xxx_security_level setting instead); xxx_per_site (use the + corresponding xxx_policy_maps setting instead); disable_dns_lookups + (use smtp_dns_support_level instead); smtpd_tls_dh1024_param_file, + smtpd_tls_eecdh_grade (do not specify, leave at default). + Files: postconf/postconf.c, postconf/postconf_unused.c. + proto/postconf.proto. + + Cleanup: add "postconf -q" option to avoid redundant warnings + about unused or deprecated parameter settings when upgrading + or installing Postfix. Such warnings are still logged with + the commands postfix start, start-fg, check, reload, or + status. Files: postconf/postconf.c, postconf/postconf_dbms.c, + postconf/postconf.h, conf/postfix-script, conf/post-install, + postfix-install. diff --git a/postfix/conf/post-install b/postfix/conf/post-install index 2a7d99b9a..ed7c79a49 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -205,6 +205,10 @@ # Google, Inc. # 111 8th Avenue # New York, NY 10011, USA +# +# Wietse Venema +# porcupine.org +# Amawalk, NY 10501, USA #-- umask 022 @@ -291,7 +295,7 @@ test -d "$config_directory" || { # XXX Solaris does not have "test -e". instances=`test ! -f $def_config_directory/main.cf || - $POSTCONF -c $def_config_directory -h multi_instance_directories | + $POSTCONF -qc $def_config_directory -h multi_instance_directories | sed 's/,/ /'` || exit 1 update_shared_files=1 @@ -360,7 +364,7 @@ test -f $config_directory/main.cf && { case "$junk" in "") eval unset $name;; esac - eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1 + eval : \${$name=\`$POSTCONF -qc $config_directory -h $name\`} || exit 1 done } @@ -461,14 +465,14 @@ override= for name in $MOST_PARAMETERS do eval junk=\"\$$name\" - test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || { + test "$junk" = "`$POSTCONF -qc $config_directory -h $name`" || { override=1 break } done test -n "$override" && { - $POSTCONF -c $config_directory -e \ + $POSTCONF -qc $config_directory -e \ "daemon_directory = $daemon_directory" \ "command_directory = $command_directory" \ "queue_directory = $queue_directory" \ @@ -679,13 +683,13 @@ EOF # require now is that defer and deferred are hashed because those # can contain lots of files. - found=`$POSTCONF -c $config_directory -h hash_queue_names` + found=`$POSTCONF -qc $config_directory -h hash_queue_names` missing= (echo "$found" | grep defer >/dev/null) || missing="$missing defer" (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred" test -n "$missing" && { echo fixing main.cf hash_queue_names for missing $missing - $POSTCONF -c $config_directory -e hash_queue_names="$found$missing" || + $POSTCONF -qc $config_directory -e hash_queue_names="$found$missing" || exit 1 } @@ -857,14 +861,14 @@ EOF # when IPv6 support is not compiled in. See util/sys_defs.h. test "`$POSTCONF -dh inet_protocols`" = "ipv4" || - test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || { + test -n "`$POSTCONF -qc $config_directory -n inet_protocols`" || { cat </dev/null + $daemon_directory/master -t 2>/dev/null && { $FATAL the Postfix mail system is not running exit 1 @@ -244,6 +251,9 @@ check) status) + # Warn once for deprecated parameters. + $command_directory/postconf >/dev/null + $daemon_directory/master -t 2>/dev/null && { $INFO the Postfix mail system is not running exit 1 @@ -268,12 +278,12 @@ check-fatal) exit 1 } - maillog_file=`$command_directory/postconf -h maillog_file` || { + maillog_file=`$command_directory/postconf -qh maillog_file` || { $FATAL cannot execute $command_directory/postconf! exit 1 } test -n "$maillog_file" && { - $command_directory/postconf -M postlog/unix-dgram 2>/dev/null \ + $command_directory/postconf -qM postlog/unix-dgram 2>/dev/null \ | grep . >/dev/null || { $FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'" exit 1 @@ -291,6 +301,9 @@ check-fatal) check-warn) # This command is NOT part of the public interface. + # Warn once for deprecated parameters. + $command_directory/postconf >/dev/null + # Check Postfix root-owned directory owner/permissions. find $queue_directory/. $queue_directory/pid \ @@ -413,7 +426,7 @@ logrotate) for name in maillog_file maillog_file_compressor \ maillog_file_rotate_suffix do - value="`$command_directory/postconf -h $name`" + value="`$command_directory/postconf -qh $name`" case "$value" in "") $FATAL "empty '$name' parameter value - logfile rotation failed" exit 1;; diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html index 0e3e22287..87941bc78 100644 --- a/postfix/html/DATABASE_README.html +++ b/postfix/html/DATABASE_README.html @@ -352,7 +352,7 @@ See lmdb_table(5) for details.
mongodb (read-only)
MongoDB database client. Configuration details are given in -mongodb_table(5), with examples in MONGODB_README.
+mongodb_table(5), with examples in MONGODB_README.
mysql (read-only)
diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html index 25441c316..a8444a2df 100644 --- a/postfix/html/postconf.1.html +++ b/postfix/html/postconf.1.html @@ -13,7 +13,7 @@ POSTCONF(1) POSTCONF(1) SYNOPSIS Managing main.cf: - postconf [-dfhHnopvx] [-c config_dir] [-C class,...] [parameter ...] + postconf [-dfhHnopqvx] [-c config_dir] [-C class,...] [parameter ...] postconf [-epv] [-c config_dir] parameter=value ... @@ -23,7 +23,7 @@ POSTCONF(1) POSTCONF(1) Managing master.cf service entries: - postconf -M [-fovx] [-c config_dir] [service[/type] ...] + postconf -M [-foqvx] [-c config_dir] [service[/type] ...] postconf -M [-ev] [-c config_dir] service/type=value ... @@ -33,13 +33,13 @@ POSTCONF(1) POSTCONF(1) Managing master.cf service fields: - postconf -F [-fhHovx] [-c config_dir] [service[/type[/field]] ...] + postconf -F [-fhHoqvx] [-c config_dir] [service[/type[/field]] ...] postconf -F [-ev] [-c config_dir] service/type/field=value ... Managing master.cf service parameters: - postconf -P [-fhHovx] [-c config_dir] [service[/type[/parameter]] ...] + postconf -P [-fhHoqvx] [-c config_dir] [service[/type[/parameter]] ...] postconf -P [-ev] [-c config_dir] service/type/parameter=value ... @@ -439,6 +439,10 @@ POSTCONF(1) POSTCONF(1) This feature is available with Postfix 2.11 and later. + -q Do not log warnings for deprecated or unused parameters. + + This feature is available with Postfix 3.9 and later. + -t [template_file] Display the templates for text that appears at the beginning of delivery status notification (DSN) messages, without expanding diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index bdc88b4d7..82e863647 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -4956,6 +4956,9 @@ configuration parameter. See there for details.

The LMTP-specific version of the smtp_enforce_tls configuration parameter. See there for details.

+

This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_security_level instead.

+

This feature is available in Postfix 2.3 and later.

@@ -5804,6 +5807,9 @@ configuration parameter. See there for details.

The LMTP-specific version of the smtp_tls_per_site configuration parameter. See there for details.

+

This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_policy_maps instead.

+

This feature is available in Postfix 2.3 and later.

@@ -5936,6 +5942,9 @@ parameter. See there for details.

The LMTP-specific version of the smtp_use_tls configuration parameter. See there for details.

+

This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_security_level instead.

+

This feature is available in Postfix 2.3 and later.

@@ -15841,6 +15850,9 @@ server. This option is therefore off by default.

STARTTLS due to insufficient privileges to access the server private key. This is intended behavior.

+

This feature is deprecated as of Postfix 3.9. Specify +smtpd_tls_security_level instead.

+

This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead.

@@ -19298,6 +19310,9 @@ but do not require that clients use TLS encryption.

STARTTLS due to insufficient privileges to access the server private key. This is intended behavior.

+

This feature is deprecated as of Postfix 3.9. Specify +smtpd_tls_security_level instead.

+

This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead.

@@ -20722,6 +20737,9 @@ to configure tlsproxy client keys and certificates is via the See smtp_enforce_tls for further details. Use tlsproxy_client_security_level instead.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_security_level instead.

+

This feature is available in Postfix 3.4 and later.

@@ -20793,6 +20811,9 @@ value.

usage policy by next-hop destination and by remote TLS server hostname. See smtp_tls_per_site for further details.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_policy_maps instead.

+

This feature is available in Postfix 3.4 and later.

@@ -20854,6 +20875,9 @@ was previously called tlsproxy_c support. See smtp_use_tls for further details. Use tlsproxy_client_security_level instead.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_security_level instead.

+

This feature is available in Postfix 3.4 and later.

@@ -20866,6 +20890,9 @@ support. See smtp_use_tls for further require that clients use TLS encryption. See smtpd_enforce_tls for further details. Use tlsproxy_tls_security_level instead.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_tls_security_level instead.

+

This feature is available in Postfix 2.8 and later.

@@ -20998,6 +21025,8 @@ private DSA key. DSA is obsolete and should not be used. See should use with non-export EDH ciphers. See smtpd_tls_dh1024_param_file for further details.

+

This feature is deprecated as of Postfix 3.9. Do not specify.

+

This feature is available in Postfix 2.8 and later.

@@ -21070,6 +21099,8 @@ the "tlsproxy_tls_chain_files elliptic-curve Diffie-Hellman (EECDH) key exchange. See smtpd_tls_eecdh_grade for further details.

+

This feature is deprecated as of Postfix 3.9. Do not specify.

+

This feature is available in Postfix 2.8 and later.

@@ -21234,6 +21265,9 @@ shared by all three services, namely smtpd_use_tls for further details. Use tlsproxy_tls_security_level instead.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_tls_security_level instead.

+

This feature is available in Postfix 2.8 and later.

diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1 index c5049432e..41218063f 100644 --- a/postfix/man/man1/postconf.1 +++ b/postfix/man/man1/postconf.1 @@ -12,7 +12,7 @@ Postfix configuration utility .ti -4 \fBManaging main.cf:\fR -\fBpostconf\fR [\fB\-dfhHnopvx\fR] [\fB\-c \fIconfig_dir\fR] +\fBpostconf\fR [\fB\-dfhHnopqvx\fR] [\fB\-c \fIconfig_dir\fR] [\fB\-C \fIclass,...\fR] [\fIparameter ...\fR] \fBpostconf\fR [\fB\-epv\fR] [\fB\-c \fIconfig_dir\fR] @@ -27,7 +27,7 @@ Postfix configuration utility .ti -4 \fBManaging master.cf service entries:\fR -\fBpostconf\fR \fB\-M\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-M\fR [\fB\-foqvx\fR] [\fB\-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR]\fI ...\fR] \fBpostconf\fR \fB\-M\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] @@ -42,7 +42,7 @@ Postfix configuration utility .ti -4 \fBManaging master.cf service fields:\fR -\fBpostconf\fR \fB\-F\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-F\fR [\fB\-fhHoqvx\fR] [\fB\-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR] \fBpostconf\fR \fB\-F\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] @@ -51,7 +51,7 @@ Postfix configuration utility .ti -4 \fBManaging master.cf service parameters:\fR -\fBpostconf\fR \fB\-P\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR] +\fBpostconf\fR \fB\-P\fR [\fB\-fhHoqvx\fR] [\fB\-c \fIconfig_dir\fR] [\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR] \fBpostconf\fR \fB\-P\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] @@ -463,6 +463,10 @@ service type fields that are omitted will be handled as "*" wildcard fields. This feature is available with Postfix 2.11 and later. +.IP \fB\-q\fR +Do not log warnings for deprecated or unused parameters. + +This feature is available with Postfix 3.9 and later. .IP "\fB\-t\fR [\fItemplate_file\fR]" Display the templates for text that appears at the beginning of delivery status notification (DSN) messages, without diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index d73298abb..7cf173fb5 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3144,6 +3144,9 @@ This feature is available in Postfix 2.11 and later. The LMTP\-specific version of the smtp_enforce_tls configuration parameter. See there for details. .PP +This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_security_level instead. +.PP This feature is available in Postfix 2.3 and later. .SH lmtp_fallback_relay (default: empty) Optional list of relay hosts for LMTP destinations that can't be @@ -3555,6 +3558,9 @@ This feature is available in Postfix 2.3 and later. The LMTP\-specific version of the smtp_tls_per_site configuration parameter. See there for details. .PP +This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_policy_maps instead. +.PP This feature is available in Postfix 2.3 and later. .SH lmtp_tls_policy_maps (default: empty) The LMTP\-specific version of the smtp_tls_policy_maps @@ -3615,6 +3621,9 @@ This feature is available in Postfix 3.0 and later. The LMTP\-specific version of the smtp_use_tls configuration parameter. See there for details. .PP +This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_security_level instead. +.PP This feature is available in Postfix 2.3 and later. .SH lmtp_xforward_timeout (default: 300s) The Postfix LMTP client time limit for sending the XFORWARD command, @@ -10960,6 +10969,9 @@ Note 2: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer STARTTLS due to insufficient privileges to access the server private key. This is intended behavior. .PP +This feature is deprecated as of Postfix 3.9. Specify +smtpd_tls_security_level instead. +.PP This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead. .SH smtpd_error_sleep_time (default: 1s) @@ -13802,6 +13814,9 @@ Note: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer STARTTLS due to insufficient privileges to access the server private key. This is intended behavior. .PP +This feature is deprecated as of Postfix 3.9. Specify +smtpd_tls_security_level instead. +.PP This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead. .SH smtputf8_autodetect_classes (default: sendmail, verify) @@ -14875,6 +14890,9 @@ Enforcement mode: require that SMTP servers use TLS encryption. See smtp_enforce_tls for further details. Use tlsproxy_client_security_level instead. .PP +This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_security_level instead. +.PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_fingerprint_digest (default: $smtp_tls_fingerprint_digest) The message digest algorithm used to construct remote TLS server @@ -14910,6 +14928,9 @@ Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS usage policy by next\-hop destination and by remote TLS server hostname. See smtp_tls_per_site for further details. .PP +This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_policy_maps instead. +.PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_policy (default: $smtp_tls_policy_maps) Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS @@ -14941,12 +14962,18 @@ Opportunistic mode: use TLS when a remote server announces TLS support. See smtp_use_tls for further details. Use tlsproxy_client_security_level instead. .PP +This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_security_level instead. +.PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_enforce_tls (default: $smtpd_enforce_tls) Mandatory TLS: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. See smtpd_enforce_tls for further details. Use tlsproxy_tls_security_level instead. .PP +This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_tls_security_level instead. +.PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_service_name (default: tlsproxy) The name of the \fBtlsproxy\fR(8) service entry in master.cf. This @@ -15013,6 +15040,8 @@ File with DH parameters that the Postfix \fBtlsproxy\fR(8) server should use with non\-export EDH ciphers. See smtpd_tls_dh1024_param_file for further details. .PP +This feature is deprecated as of Postfix 3.9. Do not specify. +.PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_dh512_param_file (default: $smtpd_tls_dh512_param_file) File with DH parameters that the Postfix \fBtlsproxy\fR(8) server @@ -15055,6 +15084,8 @@ The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral elliptic\-curve Diffie\-Hellman (EECDH) key exchange. See smtpd_tls_eecdh_grade for further details. .PP +This feature is deprecated as of Postfix 3.9. Do not specify. +.PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_enable_rpk (default: $smtpd_tls_enable_rpk) Request that remote SMTP clients send an RFC7250 raw public key @@ -15140,6 +15171,9 @@ Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. See smtpd_use_tls for further details. Use tlsproxy_tls_security_level instead. .PP +This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_tls_security_level instead. +.PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_watchdog_timeout (default: 10s) How much time a \fBtlsproxy\fR(8) process may take to process local diff --git a/postfix/postfix-install b/postfix/postfix-install index 5c7d844d2..563ee27ac 100644 --- a/postfix/postfix-install +++ b/postfix/postfix-install @@ -193,6 +193,10 @@ # Google, Inc. # 111 8th Avenue # New York, NY 10011, USA +# +# Wietse Venema +# porcupine.org +# Amawalk, NY 10501, USA #-- # Initialize. @@ -521,7 +525,7 @@ test -f $CONFIG_DIRECTORY/main.cf && { case "$junk" in "") eval unset $name;; esac - eval : \${$name=\`bin/postconf -c $CONFIG_DIRECTORY -hx $name\`} || + eval : \${$name=\`bin/postconf -qc $CONFIG_DIRECTORY -hx $name\`} || exit 1 done } @@ -862,7 +866,7 @@ do esac done -bin/postconf -c $CONFIG_DIRECTORY -e \ +bin/postconf -qc $CONFIG_DIRECTORY -e \ "daemon_directory = $daemon_directory" \ "data_directory = $data_directory" \ "command_directory = $command_directory" \ diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 0da915282..ef3fb5536 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -9833,6 +9833,9 @@ but do not require that clients use TLS encryption.

STARTTLS due to insufficient privileges to access the server private key. This is intended behavior.

+

This feature is deprecated as of Postfix 3.9. Specify +smtpd_tls_security_level instead.

+

This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead.

@@ -9849,6 +9852,9 @@ server. This option is therefore off by default.

STARTTLS due to insufficient privileges to access the server private key. This is intended behavior.

+

This feature is deprecated as of Postfix 3.9. Specify +smtpd_tls_security_level instead.

+

This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead.

@@ -10989,6 +10995,9 @@ configuration parameter. See there for details.

The LMTP-specific version of the smtp_tls_per_site configuration parameter. See there for details.

+

This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_policy_maps instead.

+

This feature is available in Postfix 2.3 and later.

%PARAM lmtp_generic_maps @@ -11094,6 +11103,9 @@ configuration parameter. See there for details.

The LMTP-specific version of the smtp_use_tls configuration parameter. See there for details.

+

This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_security_level instead.

+

This feature is available in Postfix 2.3 and later.

%PARAM lmtp_enforce_tls no @@ -11101,6 +11113,9 @@ parameter. See there for details.

The LMTP-specific version of the smtp_enforce_tls configuration parameter. See there for details.

+

This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_security_level instead.

+

This feature is available in Postfix 2.3 and later.

%PARAM lmtp_tls_security_level @@ -15731,6 +15746,9 @@ for details.

require that clients use TLS encryption. See smtpd_enforce_tls for further details. Use tlsproxy_tls_security_level instead.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_tls_security_level instead.

+

This feature is available in Postfix 2.8 and later.

%PARAM tlsproxy_tls_CAfile $smtpd_tls_CAfile @@ -15805,6 +15823,8 @@ smtpd_tls_dcert_file for further details.

should use with non-export EDH ciphers. See smtpd_tls_dh1024_param_file for further details.

+

This feature is deprecated as of Postfix 3.9. Do not specify.

+

This feature is available in Postfix 2.8 and later.

%PARAM tlsproxy_tls_dh512_param_file $smtpd_tls_dh512_param_file @@ -15857,6 +15877,8 @@ the "tlsproxy_tls_chain_files" parameter.

elliptic-curve Diffie-Hellman (EECDH) key exchange. See smtpd_tls_eecdh_grade for further details.

+

This feature is deprecated as of Postfix 3.9. Do not specify.

+

This feature is available in Postfix 2.8 and later.

%PARAM tlsproxy_tls_exclude_ciphers $smtpd_tls_exclude_ciphers @@ -15961,6 +15983,9 @@ shared by all three services, namely smtpd_tls_session_cache_timeout.

but do not require that clients use TLS encryption. See smtpd_use_tls for further details. Use tlsproxy_tls_security_level instead.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_tls_security_level instead.

+

This feature is available in Postfix 2.8 and later.

%PARAM smtpd_reject_footer @@ -17764,6 +17789,9 @@ was previously called tlsproxy_client_level.

usage policy by next-hop destination and by remote TLS server hostname. See smtp_tls_per_site for further details.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_policy_maps instead.

+

This feature is available in Postfix 3.4 and later.

%PARAM tlsproxy_client_policy $smtp_tls_policy_maps @@ -17790,6 +17818,9 @@ was previously called tlsproxy_client_policy.

support. See smtp_use_tls for further details. Use tlsproxy_client_security_level instead.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_security_level instead.

+

This feature is available in Postfix 3.4 and later.

%PARAM tlsproxy_client_enforce_tls $smtp_enforce_tls @@ -17798,6 +17829,9 @@ tlsproxy_client_security_level instead.

See smtp_enforce_tls for further details. Use tlsproxy_client_security_level instead.

+

This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_security_level instead.

+

This feature is available in Postfix 3.4 and later.

%PARAM smtpd_tls_chain_files diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 690f12b79..95abfddde 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -108,4 +108,11 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html postlogd postlogd c qmgr qmgr c qmqpd qmqpd c trivial rewrite trivial rewrite c strategies File smtp smtp c + postconf postconf c postconf postconf_dbms c postconf postconf h + postconf postconf c postconf postconf_unused c + postfix start start fg check reload status Files + Files postconf postconf c postconf postconf_unused c + the commands postfix start start fg check reload or + status Files postconf postconf c postconf postconf_dbms c + postconf postconf h conf postfix script conf post install postconf postconf c postconf postconf_dbms c diff --git a/postfix/proto/stop.spell-cc b/postfix/proto/stop.spell-cc index db5c3564c..2516b151e 100644 --- a/postfix/proto/stop.spell-cc +++ b/postfix/proto/stop.spell-cc @@ -1835,3 +1835,7 @@ Dextrous Mongo SUD qtype +depr +dfhHnopqvx +fhHoqvx +foqvx diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 94c51864f..d1dd2cf8d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20240216" +#define MAIL_RELEASE_DATE "20240218" #define MAIL_VERSION_NUMBER "3.9" #ifdef SNAPSHOT diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in index 079824ab4..6df6dfa36 100644 --- a/postfix/src/postconf/Makefile.in +++ b/postfix/src/postconf/Makefile.in @@ -56,7 +56,7 @@ tests: test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 \ test42 test43 test44 test45 test46 test47 test48 test49 test50 test51 \ test52 test53 test54 test55 test56 test57 test58 test59 test60 test61 \ test62 test63 test64 test65 test66 test67 test68 test69 test70 test71 \ - test72 test73 test74 test75 + test72 test73 test74 test75 test76 root_tests: @@ -1044,6 +1044,27 @@ test75: $(PROG) test75.ref diff test75.ref test75.tmp rm -f main.cf master.cf test75.tmp +# Warn about unused, deprecated, or deleted parameters. +test76: $(PROG) test76.ref + rm -f main.cf master.cf + touch main.cf master.cf + $(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -c. \ + config_directory=. \ + deleted-test-only=whatever \ + disable_dns_lookups=no \ + lmtp_use_tls=no \ + smtpd_tls_dh1024_param_file=auto >test76.tmp 2>&1 + touch -t 197601010000 main.cf + echo foo unix - n n - 0 other >> master.cf + echo ' -o alias_maps=foo' >> master.cf + echo ' -o smtp_enforce_tls=yes' >> master.cf + touch -t 197601010000 master.cf + $(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -nc. >>test76.tmp 2>&1 + diff test76.ref test76.tmp + $(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -qnc. >/dev/null 2>test76.tmp + diff /dev/null test76.tmp + rm -f main.cf master.cf test76.tmp + printfck: $(OBJS) $(PROG) rm -rf printfck mkdir printfck diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c index 5a10f5e96..74f13b2cd 100644 --- a/postfix/src/postconf/postconf.c +++ b/postfix/src/postconf/postconf.c @@ -8,7 +8,7 @@ /* .ti -4 /* \fBManaging main.cf:\fR /* -/* \fBpostconf\fR [\fB-dfhHnopvx\fR] [\fB-c \fIconfig_dir\fR] +/* \fBpostconf\fR [\fB-dfhHnopqvx\fR] [\fB-c \fIconfig_dir\fR] /* [\fB-C \fIclass,...\fR] [\fIparameter ...\fR] /* /* \fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconfig_dir\fR] @@ -23,7 +23,7 @@ /* .ti -4 /* \fBManaging master.cf service entries:\fR /* -/* \fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR] +/* \fBpostconf\fR \fB-M\fR [\fB-foqvx\fR] [\fB-c \fIconfig_dir\fR] /* [\fIservice\fR[\fB/\fItype\fR]\fI ...\fR] /* /* \fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] @@ -38,7 +38,7 @@ /* .ti -4 /* \fBManaging master.cf service fields:\fR /* -/* \fBpostconf\fR \fB-F\fR [\fB-fhHovx\fR] [\fB-c \fIconfig_dir\fR] +/* \fBpostconf\fR \fB-F\fR [\fB-fhHoqvx\fR] [\fB-c \fIconfig_dir\fR] /* [\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR] /* /* \fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] @@ -47,7 +47,7 @@ /* .ti -4 /* \fBManaging master.cf service parameters:\fR /* -/* \fBpostconf\fR \fB-P\fR [\fB-fhHovx\fR] [\fB-c \fIconfig_dir\fR] +/* \fBpostconf\fR \fB-P\fR [\fB-fhHoqvx\fR] [\fB-c \fIconfig_dir\fR] /* [\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR] /* /* \fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR] @@ -457,6 +457,10 @@ /* wildcard fields. /* /* This feature is available with Postfix 2.11 and later. +/* .IP \fB-q\fR +/* Do not log warnings for deprecated or unused parameters. +/* +/* This feature is available with Postfix 3.9 and later. /* .IP "\fB-t\fR [\fItemplate_file\fR]" /* Display the templates for text that appears at the beginning /* of delivery status notification (DSN) messages, without @@ -784,6 +788,8 @@ static void pcf_check_compat_options(int optval) const int (*op)[2]; int excess; + optval &= ~PCF_DEF_MODE; + for (op = pcf_compat_options; op[0][0] != 0; op++) { if ((optval & *op[0]) != 0 && (excess = (optval & ~((*op)[0] | (*op)[1]))) != 0) @@ -849,7 +855,7 @@ int main(int argc, char **argv) /* * Parse JCL. */ - while ((ch = GETOPT(argc, argv, "aAbc:C:deEfFhHlmMno:pPtT:vxX#")) > 0) { + while ((ch = GETOPT(argc, argv, "aAbc:C:deEfFhHlmMno:pPqtT:vxX#")) > 0) { switch (ch) { case 'a': pcf_cmd_mode |= PCF_SHOW_SASL_SERV; @@ -917,6 +923,9 @@ int main(int argc, char **argv) case 'P': pcf_cmd_mode |= PCF_MASTER_PARAM; break; + case 'q': + pcf_cmd_mode &= ~(PCF_WARN_UNUSED_DEPRECATED); + break; case 't': pcf_cmd_mode |= PCF_DUMP_DSN_TEMPL; if (ext_argv) @@ -1033,7 +1042,7 @@ int main(int argc, char **argv) pcf_set_parameters(override_params->argv); pcf_register_builtin_parameters(basename(argv[0]), getpid()); pcf_register_service_parameters(); - pcf_register_user_parameters(); + pcf_register_user_parameters(pcf_cmd_mode); if (pcf_cmd_mode & PCF_MASTER_FLD) pcf_show_master_fields(VSTREAM_OUT, pcf_cmd_mode, argc - optind, argv + optind); @@ -1043,7 +1052,8 @@ int main(int argc, char **argv) else pcf_show_master_entries(VSTREAM_OUT, pcf_cmd_mode, argc - optind, argv + optind); - pcf_flag_unused_master_parameters(); + if (pcf_cmd_mode & PCF_WARN_UNUSED_DEPRECATED) + pcf_flag_unused_master_parameters(); } /* @@ -1095,7 +1105,7 @@ int main(int argc, char **argv) pcf_read_master(PCF_WARN_ON_OPEN_ERROR); pcf_register_service_parameters(); if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0) - pcf_register_user_parameters(); + pcf_register_user_parameters(pcf_cmd_mode); /* * Show the requested values. @@ -1104,11 +1114,12 @@ int main(int argc, char **argv) argv + optind); /* - * Flag unused parameters. This makes no sense with "postconf -d", - * because that ignores all the user-specified parameters and - * user-specified macro expansions in main.cf. + * Flag unused or deprecated parameters. This makes no sense with + * "postconf -d", because that ignores all the user-specified + * parameters and user-specified macro expansions in main.cf. */ - if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0) { + if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0 + && (pcf_cmd_mode & PCF_WARN_UNUSED_DEPRECATED) != 0) { pcf_flag_unused_main_parameters(); pcf_flag_unused_master_parameters(); } diff --git a/postfix/src/postconf/postconf.h b/postfix/src/postconf/postconf.h index 24a1ed782..b42245c78 100644 --- a/postfix/src/postconf/postconf.h +++ b/postfix/src/postconf/postconf.h @@ -46,8 +46,9 @@ #define PCF_MASTER_PARAM (1<<19) /* manage master.cf -o name=value */ #define PCF_HIDE_VALUE (1<<20) /* hide main.cf/master.cf =value */ #define PCF_SHOW_TLS (1<<21) /* TLS support introspection */ +#define PCF_WARN_UNUSED_DEPRECATED (1<<22) /* As the name says */ -#define PCF_DEF_MODE 0 +#define PCF_DEF_MODE (PCF_WARN_UNUSED_DEPRECATED) /* * Structure for one "valid parameter" (built-in, service-defined or valid @@ -274,12 +275,12 @@ typedef struct { /* * postconf_user.c. */ -extern void pcf_register_user_parameters(void); +extern void pcf_register_user_parameters(int); /* * postconf_dbms.c */ -extern void pcf_register_dbms_parameters(const char *, +extern void pcf_register_dbms_parameters(int, const char *, const char *(*) (const char *, int, PCF_MASTER_ENT *), PCF_MASTER_ENT *); diff --git a/postfix/src/postconf/postconf_dbms.c b/postfix/src/postconf/postconf_dbms.c index 3320875d8..105ae85ea 100644 --- a/postfix/src/postconf/postconf_dbms.c +++ b/postfix/src/postconf/postconf_dbms.c @@ -6,8 +6,9 @@ /* SYNOPSIS /* #include /* -/* void pcf_register_dbms_parameters(param_value, flag_parameter, +/* void pcf_register_dbms_parameters(mode, param_value, flag_parameter, /* local_scope) +/* int mode; /* const char *param_value; /* const char *(flag_parameter) (const char *, int, PCF_MASTER_ENT *); /* PCF_MASTER_ENT *local_scope; @@ -17,6 +18,9 @@ /* the database name to a database-defined suffix. /* /* Arguments: +/* .IP mode +/* If PCF_WARN_UNUSED_DEPRECATED is set, warn about unused +/* database settings. /* .IP param_value /* A parameter value to be searched for "type:table" strings. /* When a database type is found that supports legacy-style @@ -172,7 +176,8 @@ static const PCF_DBMS_INFO pcf_dbms_info[] = { /* pcf_check_dbms_client - look for unused names in client configuration */ -static void pcf_check_dbms_client(const PCF_DBMS_INFO *dp, const char *cf_file) +static void pcf_check_dbms_client(int mode, const PCF_DBMS_INFO *dp, + const char *cf_file) { DICT *dict; VSTREAM *fp; @@ -226,19 +231,21 @@ static void pcf_check_dbms_client(const PCF_DBMS_INFO *dp, const char *cf_file) * code, because a database client parameter namespace is unlike the * parameter namespaces in main.cf or master.cf. */ - for (cpp = dp->db_suffixes; *cpp; cpp++) - (void) dict_del(dict, *cpp); - for (dir = DICT_SEQ_FUN_FIRST; - dict->sequence(dict, dir, &name, &value) == DICT_STAT_SUCCESS; - dir = DICT_SEQ_FUN_NEXT) - msg_warn("%s: unused parameter: %s=%s", dict_spec, name, value); + if (mode & PCF_WARN_UNUSED_DEPRECATED) { + for (cpp = dp->db_suffixes; *cpp; cpp++) + (void) dict_del(dict, *cpp); + for (dir = DICT_SEQ_FUN_FIRST; + dict->sequence(dict, dir, &name, &value) == DICT_STAT_SUCCESS; + dir = DICT_SEQ_FUN_NEXT) + msg_warn("%s: unused parameter: %s=%s", dict_spec, name, value); + } } myfree(dict_spec); } /* pcf_register_dbms_helper - parse one possible database type:name */ -static void pcf_register_dbms_helper(char *str_value, +static void pcf_register_dbms_helper(int mode, char *str_value, const char *(flag_parameter) (const char *, int, PCF_MASTER_ENT *), PCF_MASTER_ENT *local_scope, int recurse) @@ -267,8 +274,8 @@ static void pcf_register_dbms_helper(char *str_value, myfree(err); } if (recurse) - pcf_register_dbms_helper(db_type, flag_parameter, local_scope, - recurse); + pcf_register_dbms_helper(mode, db_type, flag_parameter, + local_scope, recurse); continue; } @@ -296,7 +303,7 @@ static void pcf_register_dbms_helper(char *str_value, for (dp = pcf_dbms_info; dp->db_type != 0; dp++) { if (strcmp(db_type, dp->db_type) == 0) { if (dp->db_class == PCF_DBMS_CLASS_CLIENT) - pcf_check_dbms_client(dp, prefix); + pcf_check_dbms_client(mode, dp, prefix); break; } } @@ -330,8 +337,8 @@ static void pcf_register_dbms_helper(char *str_value, break; } } - pcf_register_dbms_helper(prefix, flag_parameter, local_scope, - next_recurse); + pcf_register_dbms_helper(mode, prefix, flag_parameter, + local_scope, next_recurse); continue; } else { for (dp = pcf_dbms_info; dp->db_type != 0; dp++) { @@ -356,7 +363,7 @@ static void pcf_register_dbms_helper(char *str_value, /* pcf_register_dbms_parameters - look for database_type:prefix_name */ -void pcf_register_dbms_parameters(const char *param_value, +void pcf_register_dbms_parameters(int mode, const char *param_value, const char *(flag_parameter) (const char *, int, PCF_MASTER_ENT *), PCF_MASTER_ENT *local_scope) { @@ -372,7 +379,8 @@ void pcf_register_dbms_parameters(const char *param_value, buffer = vstring_alloc(100); bufp = pcf_expand_parameter_value(buffer, PCF_SHOW_EVAL, param_value, local_scope); - pcf_register_dbms_helper(bufp, flag_parameter, local_scope, PCF_DBMS_RECURSE); + pcf_register_dbms_helper(mode, bufp, flag_parameter, local_scope, + PCF_DBMS_RECURSE); } #endif diff --git a/postfix/src/postconf/postconf_unused.c b/postfix/src/postconf/postconf_unused.c index d4416f851..a7e4febf7 100644 --- a/postfix/src/postconf/postconf_unused.c +++ b/postfix/src/postconf/postconf_unused.c @@ -2,7 +2,7 @@ /* NAME /* postconf_unused 3 /* SUMMARY -/* report unused parameters +/* report unused or deprecated parameters /* SYNOPSIS /* #include /* @@ -15,11 +15,11 @@ /* In other words, don't call these functions with "postconf /* -d" which ignores user-defined main.cf settings. /* -/* pcf_flag_unused_main_parameters() reports unused "name=value" -/* entries in main.cf. +/* pcf_flag_unused_main_parameters() reports unused or deprecated +/* "name=value" entries in main.cf. /* -/* pcf_flag_unused_master_parameters() reports unused "-o -/* name=value" entries in master.cf. +/* pcf_flag_unused_master_parameters() reports unused or +/* deprecated "-o name=value" entries in master.cf. /* DIAGNOSTICS /* Problems are reported to the standard error stream. /* LICENSE @@ -31,6 +31,10 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* porcupine.org +/* Amawalk, NY 10501, USA /*--*/ /* System library. */ @@ -52,12 +56,66 @@ #include + /* + * Deprecated parameter names and suggested alternatives. If we keep deleted + * parameter names in the table, a warning can still suggest alternatives. + * The downside of keeping deleted names in the table is that we may falsely + * warn about a user-defined parameter whose name matches that of a deleted + * parameter. + */ +typedef struct { + char *name; + char *alternative; +} PCF_DEPR_PARAM_INFO; + +static const PCF_DEPR_PARAM_INFO pcf_depr_param_info[] = { + + /* + * Parameters with deprecation warnings as of Postfix 3.9. The + * disable_dns_lookups parameter was documented as deprecated since + * Postfix 2.11 but nothing was logged. + */ + "disable_dns_lookups", "specify smtp_dns_support_level", + "lmtp_use_tls", "specify lmtp_tls_security_level", + "postscreen_use_tls", "specify postscreen_tls_security_level", + "smtp_use_tls", "specify smtp_tls_security_level", + "smtpd_use_tls", "specify smtpd_tls_security_level", + "tlsproxy_client_use_tls", "specify tlsproxy_client_security_level", + "tlsproxy_use_tls", "specify tlsproxy_tls_security_level", + "lmtp_enforce_tls", "lmtp_tls_security_level", + "postscreen_enforce_tls", "specify postscreen_tls_security_level", + "smtp_enforce_tls", "specify smtp_tls_security_level", + "smtpd_enforce_tls", "specify smtpd_tls_security_level", + "tlsproxy_client_enforce_tls", "specify tlsproxy_client_security_level", + "tlsproxy_enforce_tls", "specify tlsproxy_tls_security_level", + "lmtp_tls_per_site", "specify lmtp_tls_policy_maps", + "smtp_tls_per_site", "specify smtp_tls_policy_maps", + "tlsproxy_client_per_site", "specify tlsproxy_client_policy_maps", + "smtpd_tls_dh1024_param_file", "do not specify (leave at default)", + "smtpd_tls_eecdh_grade", "do not specify (leave at default)", + "deleted-test-only", "do not specify", /* For testing */ + 0, +}; +static HTABLE *pcf_depr_param_table; + +/* pcf_init_depr_params - initialize lookup table */ + +static void pcf_init_depr_params(void) +{ + const PCF_DEPR_PARAM_INFO *dp; + + pcf_depr_param_table = htable_create(30); + for (dp = pcf_depr_param_info; dp->name; dp++) + (void) htable_enter(pcf_depr_param_table, dp->name, (void *) dp); +} + /* pcf_flag_unused_parameters - warn about unused parameters */ static void pcf_flag_unused_parameters(DICT *dict, const char *conf_name, PCF_MASTER_ENT *local_scope) { const char *myname = "pcf_flag_unused_parameters"; + const PCF_DEPR_PARAM_INFO *dp; const char *param_name; const char *param_value; int how; @@ -67,23 +125,55 @@ static void pcf_flag_unused_parameters(DICT *dict, const char *conf_name, */ if (pcf_param_table == 0) msg_panic("%s: global parameter table is not initialized", myname); + if (dict->sequence == 0) + msg_panic("%s: parameter dictionary %s has no iterator", + myname, conf_name); + + /* + * One-time initialization. + */ + if (pcf_depr_param_table == 0) + pcf_init_depr_params(); /* * Iterate over all entries, and flag parameter names that aren't used - * anywhere. Show the warning message at the end of the output. + * anywhere, or that are deprecated. Show the warning message(s) after + * the end of the stdout output. */ - if (dict->sequence == 0) - msg_panic("%s: parameter dictionary %s has no iterator", - myname, conf_name); for (how = DICT_SEQ_FUN_FIRST; dict->sequence(dict, how, ¶m_name, ¶m_value) == 0; how = DICT_SEQ_FUN_NEXT) { + + /* + * Flag a parameter that is not used (deleted name, or incorrect + * name). + */ if (PCF_PARAM_TABLE_LOCATE(pcf_param_table, param_name) == 0 && (local_scope == 0 || PCF_PARAM_TABLE_LOCATE(local_scope->valid_names, param_name) == 0)) { vstream_fflush(VSTREAM_OUT); - msg_warn("%s/%s: unused parameter: %s=%s", - var_config_dir, conf_name, param_name, param_value); + if ((dp = (const PCF_DEPR_PARAM_INFO *) + htable_find(pcf_depr_param_table, param_name)) != 0) { + msg_warn("%s/%s: support for parameter %s has been removed;" + " instead, %s", var_config_dir, conf_name, + param_name, dp->alternative); + } else { + msg_warn("%s/%s: unused parameter: %s=%s", + var_config_dir, conf_name, param_name, param_value); + } + } + + /* + * Flag a parameter that is used but deprecated. Note that this may + * falsely complain about a user-defined parameter whose name matches + * that of a deleted parameter. + */ + else if ((dp = (const PCF_DEPR_PARAM_INFO *) + htable_find(pcf_depr_param_table, param_name)) != 0) { + vstream_fflush(VSTREAM_OUT); + msg_warn("%s/%s: support for parameter %s will be removed;" + " instead, %s", var_config_dir, conf_name, + param_name, dp->alternative); } } } diff --git a/postfix/src/postconf/postconf_user.c b/postfix/src/postconf/postconf_user.c index 5942ec098..46f4d6180 100644 --- a/postfix/src/postconf/postconf_user.c +++ b/postfix/src/postconf/postconf_user.c @@ -6,7 +6,7 @@ /* SYNOPSIS /* #include /* -/* void pcf_register_user_parameters() +/* void pcf_register_user_parameters(int mode) /* DESCRIPTION /* Postfix has multiple parameter name spaces: the global /* main.cf parameter name space, and the local parameter name @@ -40,6 +40,10 @@ /* to instantiate legacy per-dbms parameters, and to examine /* per-dbms configuration files. This is limited to the content /* of global and local, built-in and per-service, parameters. +/* +/* Arguments: +/* .IP mode +/* Passed on to pcf_register_dbms_parameters(). /* DIAGNOSTICS /* Problems are reported to the standard error stream. /* LICENSE @@ -224,7 +228,7 @@ static const char *pcf_lookup_eval(const char *dict_name, const char *name) /* pcf_scan_user_parameter_namespace - scan parameters in name space */ -static void pcf_scan_user_parameter_namespace(const char *dict_name, +static void pcf_scan_user_parameter_namespace(int mode, const char *dict_name, PCF_MASTER_ENT *local_scope) { const char *myname = "pcf_scan_user_parameter_namespace"; @@ -308,7 +312,7 @@ static void pcf_scan_user_parameter_namespace(const char *dict_name, */ if (node != 0 && (PCF_BUILTIN_PARAMETER(node) || PCF_SERVICE_PARAMETER(node))) - pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter, + pcf_register_dbms_parameters(mode, cparam_value, pcf_flag_user_parameter, local_scope); #endif } @@ -345,7 +349,7 @@ static void pcf_scan_default_parameter_values(HTABLE *valid_params, /* pcf_register_user_parameters - add parameters with user-defined names */ -void pcf_register_user_parameters(void) +void pcf_register_user_parameters(int mode) { const char *myname = "pcf_register_user_parameters"; PCF_MASTER_ENT *masterp; @@ -403,7 +407,7 @@ void pcf_register_user_parameters(void) */ for (masterp = pcf_master_table; masterp->argv != 0; masterp++) if (masterp->all_params != 0) - pcf_scan_user_parameter_namespace(masterp->name_space, masterp); + pcf_scan_user_parameter_namespace(mode, masterp->name_space, masterp); /* * Scan parameter values that are left at their defaults in the global @@ -418,5 +422,5 @@ void pcf_register_user_parameters(void) /* * Scan the explicit name=value entries in the global name space. */ - pcf_scan_user_parameter_namespace(CONFIG_DICT, (PCF_MASTER_ENT *) 0); + pcf_scan_user_parameter_namespace(mode, CONFIG_DICT, (PCF_MASTER_ENT *) 0); } diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 975fcbe79..d541e40a2 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -1672,6 +1672,9 @@ static int check_relay_domains(SMTPD_STATE *state, char *recipient, { const char *myname = "check_relay_domains"; + /* + * Restriction check_relay_domains is deprecated as of Postfix 2.2. + */ #if 1 static int once; @@ -2015,10 +2018,21 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient, DNS_RR *middle; DNS_RR *rest; int dns_status; + static int once; if (msg_verbose) msg_info("%s: %s", myname, recipient); + /* + * Restriction permit_mx_backup is deprecated as of Postfix 3.9. + */ + if (once == 0) { + once = 1; + msg_warn("support for restriction \"%s\" will be removed from %s; " + "instead, use \"%s\"", + PERMIT_MX_BACKUP, var_mail_name, VAR_RELAY_DOMAINS); + } + /* * Resolve the address. */ @@ -3913,6 +3927,9 @@ static int reject_maps_rbl(SMTPD_STATE *state) if (msg_verbose) msg_info("%s: %s", myname, state->addr); + /* + * Restriction reject_maps_rbl is deprecated as of Postfix 2.1. + */ if (warned == 0) { warned++; msg_warn("support for restriction \"%s\" will be removed from %s; " @@ -4509,6 +4526,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, state->helo_name, SMTPD_NAME_HELO); } } else if (strcasecmp(name, PERMIT_NAKED_IP_ADDR) == 0) { + /* permit_naked_ip_addr is deprecated as of Postfix 2.0. */ msg_warn("restriction %s is deprecated. Use %s or %s instead", PERMIT_NAKED_IP_ADDR, PERMIT_MYNETWORKS, PERMIT_SASL_AUTH); if (state->helo_name) {