From: Wietse Venema Date: Fri, 30 Sep 2011 05:00:00 +0000 (-0500) Subject: postfix-2.9-20110930 X-Git-Tag: v2.9.0-RC1~36 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0aadd974cd0838e04e8251078add3c49c3e8d837;p=thirdparty%2Fpostfix.git postfix-2.9-20110930 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 5fdedc083..82b8f430e 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -16973,3 +16973,18 @@ Apologies for any names omitted. after non-blocking connect fails with 'host unreachable' that resulted in a unreasonable memory allocation request. File: util/vstream_tweak.c. + +20110921 + + Bugfix (introduced: Postfix 1.1): smtpd(8) did not sanitize + newline characters in cleanup(8) REJECT messages, causing + them to be sent out via SMTP as bare newline characters. + This happened when a REJECT pattern matched multi-line + header text. Discovered by Kevin Locke. File: smtpd/smtpd.c. + +20110922 + + Bugfix (introduced: Postfix 2.1): smtpd(8) sent multi-line + responses from a before-queue content filter as text with + bare instead of . Found during code maintenance. + File: smtpd/smtpd_proxy.c. diff --git a/postfix/README_FILES/BASIC_CONFIGURATION_README b/postfix/README_FILES/BASIC_CONFIGURATION_README index d56b703d1..d17cba986 100644 --- a/postfix/README_FILES/BASIC_CONFIGURATION_README +++ b/postfix/README_FILES/BASIC_CONFIGURATION_README @@ -167,6 +167,10 @@ to any destination. Authorized networks are defined with the mynetworks configuration parameter. The default is to authorize all clients in the IP subnetworks that the local machine is attached to. +Postfix can also be configured to relay mail from "mobile" clients that send +mail from outside an authorized network block. This is explained in the +SASL_README and TLS_README documents. + IMPORTANT: If your machine is connected to a wide area network then your default mynetworks setting may be too friendly. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index f0780e46c..9a0ca54ef 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -11,7 +11,9 @@ Wish list: Make the rules for how to use close-on-exec more explicit. - Add SASL / TLS note to BASIC_CONFIGURATION_README.html#relay_from. + Provide separate timeout control for dict_proxy client, + rewrite client, resolve client, cleanup client, and so on. + Perhaps a timeout argument to the mail_connect() routines. Trick from amavisd: save listen socket/fifo/etc state, clear their close-on-exec flags, exec the same program file to diff --git a/postfix/html/BASIC_CONFIGURATION_README.html b/postfix/html/BASIC_CONFIGURATION_README.html index ae988b6b6..bada5077e 100644 --- a/postfix/html/BASIC_CONFIGURATION_README.html +++ b/postfix/html/BASIC_CONFIGURATION_README.html @@ -258,6 +258,10 @@ with the mynetworks configuration param authorize all clients in the IP subnetworks that the local machine is attached to.

+

Postfix can also be configured to relay mail from "mobile" +clients that send mail from outside an authorized network block. +This is explained in the SASL_README and TLS_README documents.

+

IMPORTANT: If your machine is connected to a wide area network then your default mynetworks setting may be too friendly.

diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 93fe29cc3..479bf42b2 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -300,7 +300,7 @@ SMTP(8) SMTP(8) smtp_per_record_deadline (no) Change the behavior of the smtp_*_timeout time lim- its, from a time limit per read or write system - call, to a time limit to read or write a complete + call, to a time limit to send or receive a complete record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol mes- sage). @@ -707,7 +707,7 @@ SMTP(8) SMTP(8) smtp_per_record_deadline (no) Change the behavior of the smtp_*_timeout time lim- its, from a time limit per read or write system - call, to a time limit to read or write a complete + call, to a time limit to send or receive a complete record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol mes- sage). @@ -765,7 +765,7 @@ SMTP(8) SMTP(8) The network interface addresses that this mail sys- tem receives mail on. - inet_protocols (ipv4) + inet_protocols (all) The Internet protocols Postfix will attempt to use when making or accepting connections. @@ -806,7 +806,7 @@ SMTP(8) SMTP(8) tem receives mail on by way of a proxy or network address translation unit. - smtp_address_preference (ipv6) + smtp_address_preference (any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP client will try first, when a destina- tion has IPv6 and IPv4 addresses with equal MX diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index 1e6d6667c..f7875b583 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -140,7 +140,7 @@ MASTER(8) MASTER(8) The network interface addresses that this mail sys- tem receives mail on. - inet_protocols (ipv4) + inet_protocols (all) The Internet protocols Postfix will attempt to use when making or accepting connections. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 9f1d76065..8bed75e0d 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -3501,7 +3501,7 @@ IPv6 and IPv4, and each will accept only connections for the corresponding protocol.

When IPv4 support is enabled via the inet_protocols parameter, -Postfix will do DNS type A record lookups, and will convert +Postfix will look up DNS type A records, and will convert IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date IPV6_V6ONLY support (RFC 3493).

@@ -6807,6 +6807,7 @@ to the configured before/after 220 greeting tests. /etc/postfix/main.cf: postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr + postscreen_blacklist_action = enforce 
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index 93fe29cc3..479bf42b2 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -300,7 +300,7 @@ SMTP(8)                                                                SMTP(8)
        smtp_per_record_deadline (no)
               Change the behavior of the smtp_*_timeout time lim-
               its, from a time limit per  read  or  write  system
-              call,  to  a time limit to read or write a complete
+              call, to a time limit to send or receive a complete
               record (an SMTP command line, SMTP  response  line,
               SMTP  message  content  line,  or TLS protocol mes-
               sage).
@@ -707,7 +707,7 @@ SMTP(8)                                                                SMTP(8)
        smtp_per_record_deadline (no)
               Change the behavior of the smtp_*_timeout time lim-
               its,  from  a  time  limit per read or write system
-              call, to a time limit to read or write  a  complete
+              call, to a time limit to send or receive a complete
               record  (an  SMTP command line, SMTP response line,
               SMTP message content line,  or  TLS  protocol  mes-
               sage).
@@ -765,7 +765,7 @@ SMTP(8)                                                                SMTP(8)
               The network interface addresses that this mail sys-
               tem receives mail on.
 
-       inet_protocols (ipv4)
+       inet_protocols (all)
               The  Internet protocols Postfix will attempt to use
               when making or accepting connections.
 
@@ -806,7 +806,7 @@ SMTP(8)                                                                SMTP(8)
               tem receives mail on by way of a proxy  or  network
               address translation unit.
 
-       smtp_address_preference (ipv6)
+       smtp_address_preference (any)
               The address type ("ipv6", "ipv4" or "any") that the
               Postfix SMTP client will try first, when a destina-
               tion  has  IPv6  and  IPv4  addresses with equal MX
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index fe412be52..5e7f529e3 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -707,7 +707,7 @@ SMTPD(8)                                                              SMTPD(8)
               tem  receives  mail on by way of a proxy or network
               address translation unit.
 
-       inet_protocols (ipv4)
+       inet_protocols (all)
               The Internet protocols Postfix will attempt to  use
               when making or accepting connections.
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 7ab27437c..98f6fd6bc 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1990,7 +1990,7 @@ IPv6 and IPv4, and each will accept only connections for the
 corresponding protocol.
 .PP
 When IPv4 support is enabled via the inet_protocols parameter,
-Postfix will do DNS type A record lookups, and will convert
+Postfix will look up DNS type A records, and will convert
 IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
 IPv4 form (1.2.3.4).  The latter is needed on hosts that pre-date
 IPV6_V6ONLY support (RFC 3493).
@@ -3886,6 +3886,7 @@ Example:
 /etc/postfix/main.cf:
     postscreen_access_list = permit_mynetworks,
 		cidr:/etc/postfix/postscreen_access.cidr
+    postscreen_blacklist_action = enforce
 .fi
 .ad
 .ft R
diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8
index cf158f2f3..9bb63f346 100644
--- a/postfix/man/man8/master.8
+++ b/postfix/man/man8/master.8
@@ -130,7 +130,7 @@ invoked with the -D option.
 .IP "\fBinet_interfaces (all)\fR"
 The network interface addresses that this mail system receives
 mail on.
-.IP "\fBinet_protocols (ipv4)\fR"
+.IP "\fBinet_protocols (all)\fR"
 The Internet protocols Postfix will attempt to use when making
 or accepting connections.
 .IP "\fBimport_environment (see 'postconf -d' output)\fR"
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index af15614df..2c9fc2675 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -260,8 +260,8 @@ DNS Resolver options for the Postfix SMTP client.
 Available in Postfix version 2.9 and later:
 .IP "\fBsmtp_per_record_deadline (no)\fR"
 Change the behavior of the smtp_*_timeout time limits, from a
-time limit per read or write system call, to a time limit to read
-or write a complete record (an SMTP command line, SMTP response
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).
 .SH "MIME PROCESSING CONTROLS"
 .na
@@ -558,8 +558,8 @@ operations.
 Available in Postfix version 2.9 and later:
 .IP "\fBsmtp_per_record_deadline (no)\fR"
 Change the behavior of the smtp_*_timeout time limits, from a
-time limit per read or write system call, to a time limit to read
-or write a complete record (an SMTP command line, SMTP response
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).
 .SH "TROUBLE SHOOTING CONTROLS"
 .na
@@ -605,7 +605,7 @@ Disable DNS lookups in the Postfix SMTP and LMTP clients.
 .IP "\fBinet_interfaces (all)\fR"
 The network interface addresses that this mail system receives
 mail on.
-.IP "\fBinet_protocols (ipv4)\fR"
+.IP "\fBinet_protocols (all)\fR"
 The Internet protocols Postfix will attempt to use when making
 or accepting connections.
 .IP "\fBipc_timeout (3600s)\fR"
@@ -630,7 +630,7 @@ The process name of a Postfix command or daemon process.
 .IP "\fBproxy_interfaces (empty)\fR"
 The network interface addresses that this mail system receives mail
 on by way of a proxy or network address translation unit.
-.IP "\fBsmtp_address_preference (ipv6)\fR"
+.IP "\fBsmtp_address_preference (any)\fR"
 The address type ("ipv6", "ipv4" or "any") that the Postfix
 SMTP client will try first, when a destination has IPv6 and IPv4
 addresses with equal MX preference.
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index 9150ec351..e001b1f03 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -575,7 +575,7 @@ mail on.
 .IP "\fBproxy_interfaces (empty)\fR"
 The network interface addresses that this mail system receives mail
 on by way of a proxy or network address translation unit.
-.IP "\fBinet_protocols (ipv4)\fR"
+.IP "\fBinet_protocols (all)\fR"
 The Internet protocols Postfix will attempt to use when making
 or accepting connections.
 .IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
diff --git a/postfix/proto/BASIC_CONFIGURATION_README.html b/postfix/proto/BASIC_CONFIGURATION_README.html
index 46e422fa8..9b2e6d9dc 100644
--- a/postfix/proto/BASIC_CONFIGURATION_README.html
+++ b/postfix/proto/BASIC_CONFIGURATION_README.html
@@ -258,6 +258,10 @@ with the mynetworks configuration parameter. The default is to
 authorize all clients in the IP subnetworks that the local machine
 is attached to. 

 
+
 Postfix can also be configured to relay mail from "mobile"
+clients that send mail from outside an authorized network block.
+This is explained in the SASL_README and TLS_README documents. 

+
 
 IMPORTANT: If your machine is connected to a wide area network
 then your default mynetworks setting may be too friendly. 

 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index f5f405d9f..4abb04d87 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -1928,7 +1928,7 @@ IPv6 and IPv4, and each will accept only connections for the
 corresponding protocol.  

 
 
 When IPv4 support is enabled via the inet_protocols parameter,
-Postfix will do DNS type A record lookups, and will convert
+Postfix will look up DNS type A records, and will convert
 IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
 IPv4 form (1.2.3.4).  The latter is needed on hosts that pre-date
 IPV6_V6ONLY support (RFC 3493). 

@@ -12907,6 +12907,7 @@ to the configured before/after 220 greeting tests. 
 /etc/postfix/main.cf:
     postscreen_access_list = permit_mynetworks, 
 		cidr:/etc/postfix/postscreen_access.cidr
+    postscreen_blacklist_action = enforce
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 0bedcb733..e4ace936f 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20110918"
+#define MAIL_RELEASE_DATE	"20110930"
 #define MAIL_VERSION_NUMBER	"2.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c
index 6167fc431..cc41e57d9 100644
--- a/postfix/src/master/master.c
+++ b/postfix/src/master/master.c
@@ -114,7 +114,7 @@
 /* .IP "\fBinet_interfaces (all)\fR"
 /*	The network interface addresses that this mail system receives
 /*	mail on.
-/* .IP "\fBinet_protocols (ipv4)\fR"
+/* .IP "\fBinet_protocols (all)\fR"
 /*	The Internet protocols Postfix will attempt to use when making
 /*	or accepting connections.
 /* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index b00ea7719..7cbee76de 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -238,8 +238,8 @@
 /*	Available in Postfix version 2.9 and later:
 /* .IP "\fBsmtp_per_record_deadline (no)\fR"
 /*	Change the behavior of the smtp_*_timeout time limits, from a
-/*	time limit per read or write system call, to a time limit to read
-/*	or write a complete record (an SMTP command line, SMTP response
+/*	time limit per read or write system call, to a time limit to send
+/*	or receive a complete record (an SMTP command line, SMTP response
 /*	line, SMTP message content line, or TLS protocol message).
 /* MIME PROCESSING CONTROLS
 /* .ad
@@ -524,8 +524,8 @@
 /*	Available in Postfix version 2.9 and later:
 /* .IP "\fBsmtp_per_record_deadline (no)\fR"
 /*	Change the behavior of the smtp_*_timeout time limits, from a
-/*	time limit per read or write system call, to a time limit to read
-/*	or write a complete record (an SMTP command line, SMTP response
+/*	time limit per read or write system call, to a time limit to send
+/*	or receive a complete record (an SMTP command line, SMTP response
 /*	line, SMTP message content line, or TLS protocol message).
 /* TROUBLE SHOOTING CONTROLS
 /* .ad
@@ -567,7 +567,7 @@
 /* .IP "\fBinet_interfaces (all)\fR"
 /*	The network interface addresses that this mail system receives
 /*	mail on.
-/* .IP "\fBinet_protocols (ipv4)\fR"
+/* .IP "\fBinet_protocols (all)\fR"
 /*	The Internet protocols Postfix will attempt to use when making
 /*	or accepting connections.
 /* .IP "\fBipc_timeout (3600s)\fR"
@@ -592,7 +592,7 @@
 /* .IP "\fBproxy_interfaces (empty)\fR"
 /*	The network interface addresses that this mail system receives mail
 /*	on by way of a proxy or network address translation unit.
-/* .IP "\fBsmtp_address_preference (ipv6)\fR"
+/* .IP "\fBsmtp_address_preference (any)\fR"
 /*	The address type ("ipv6", "ipv4" or "any") that the Postfix
 /*	SMTP client will try first, when a destination has IPv6 and IPv4
 /*	addresses with equal MX preference.
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 6bc2a68bb..35d5cca12 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -535,7 +535,7 @@
 /* .IP "\fBproxy_interfaces (empty)\fR"
 /*	The network interface addresses that this mail system receives mail
 /*	on by way of a proxy or network address translation unit.
-/* .IP "\fBinet_protocols (ipv4)\fR"
+/* .IP "\fBinet_protocols (all)\fR"
 /*	The Internet protocols Postfix will attempt to use when making
 /*	or accepting connections.
 /* .IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
@@ -3057,6 +3057,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 	if (state->err == 0) {
 	    why = vstring_alloc(10);
 	    state->err = mail_stream_finish(state->dest, why);
+	    printable(STR(why), ' ');
 	} else
 	    mail_stream_cleanup(state->dest);
 	state->dest = 0;
diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c
index 9952c1e9d..03a3aa837 100644
--- a/postfix/src/smtpd/smtpd_proxy.c
+++ b/postfix/src/smtpd/smtpd_proxy.c
@@ -788,7 +788,7 @@ static int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
 	 */
 	if (LEN(proxy->buffer) < var_line_limit) {
 	    if (VSTRING_LEN(proxy->buffer))
-		VSTRING_ADDCH(proxy->buffer, '\n');
+		vstring_strcat(proxy->buffer, "\r\n");
 	    vstring_strcat(proxy->buffer, STR(buffer));
 	}