From: Wietse Venema Date: Mon, 9 Dec 2002 05:00:00 +0000 (-0500) Subject: postfix-1.1.12-20021209 X-Git-Tag: v2.0.0~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12d5321dee0ac11a4d2f8cd627823264d3acf947;p=thirdparty%2Fpostfix.git postfix-1.1.12-20021209 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 6b3ea022d..4b8c886e6 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -7362,8 +7362,28 @@ Apologies for any names omitted. and virtual_xx_domains, and with local_recipient_maps and the local delivery agent. File: smtpd/smtpd_check.c. +20021209 + + The Postfix installation procedure no longer sets the + "chattr +S" bit on Linux queue directories. Wietse has + gotten too annoyed with naive reviewers who complain about + performance without having a clue of what they are comparing. + + "Security": local_recipient_maps is now turned on by default, + to reject mail for non-existent users at the SMTP port. + See conf/main.cf for instructions, section REJECTING UNKNOWN + LOCAL USERS. + + Safety: detection of missing or inaccessible passwd file + database, to prevent massive complaints from people who + suddenly lose all their mail because local_recipient_maps + is now turned on by default. + Open problems: + Low: after successful delivery, per-queue window += 1/window, + after failure, queue window -= 1 (Victor). + Low: revise other local delivery agent duplicate filters. Low: all table lookups should consistently use internalized diff --git a/postfix/README_FILES/VIRTUAL_README b/postfix/README_FILES/VIRTUAL_README index 1781a0d47..ac4809854 100644 --- a/postfix/README_FILES/VIRTUAL_README +++ b/postfix/README_FILES/VIRTUAL_README @@ -62,7 +62,9 @@ virtual_mailbox_base virtual_mailbox_domains Specifies the list of domains that should be delivered to the - $virtual_transport delivery agent (default: virtual). + $virtual_transport delivery agent (default: virtual). As of + version 1.2, Postfix is smart enough that you don't have to + list every virtual domain in a Postfix transport map. virtual_mailbox_maps @@ -74,13 +76,13 @@ virtual_mailbox_maps recipient is not found the mail is bounced. In a lookup table, specify a left-hand side of @domain.tld to - match any user in the specified domain that does not have a - specific user@domain.tld entry. While searching a lookup table, - an address extension (user+foo@domain.tld) is ignored. + match any user in the specified domain that does not have her + own user@domain.tld entry. While searching a lookup table, an + address extension (user+foo@domain.tld) is ignored. If a recipient is not found the mail is returned to the sender. - For security reasons, regular expression maps are allowed but + Regular expression maps are allowed. For security reasons, regular expression substitution of $1 etc. is disallowed, because that would open a security hole. @@ -103,7 +105,7 @@ virtual_uid_maps specific user@domain.tld entry. While searching a lookup table, an address extension (user+foo@domain.tld) is ignored. - For security reasons, regular expression maps are allowed but + Regular expression maps are allowed. For security reasons, regular expression substitution of $1 etc. is disallowed, because that would open a security hole. @@ -123,7 +125,7 @@ virtual_gid_maps specific user@domain.tld entry. While searching a lookup table, an address extension (user+foo@domain.tld) is ignored. - For security reasons, regular expression maps are allowed but + Regular expression maps are allowed. For security reasons, regular expression substitution of $1 etc. is disallowed, because that would open a security hole. @@ -163,13 +165,6 @@ type. The command "postconf -m" displays possible lookup table types. /etc/postfix/main.cf: - virtual_transport = virtual - virtual_mailbox_base = /var/mail/vhosts - virtual_mailbox_maps = hash:/etc/postfix/vmailbox - virtual_minimum_uid = 100 - virtual_uid_maps = hash:/etc/postfix/vuid - virtual_gid_maps = hash:/etc/postfix/vgid - # Don't send mail to the local delivery agent. mydestination = @@ -179,6 +174,13 @@ types. virtual_mailbox_domains = $myhostname localhost.$mydomain virtual1.domain virtual2.domain + virtual_transport = virtual + virtual_mailbox_base = /var/mail/vhosts + virtual_mailbox_maps = hash:/etc/postfix/vmailbox + virtual_minimum_uid = 100 + virtual_uid_maps = hash:/etc/postfix/vuid + virtual_gid_maps = hash:/etc/postfix/vgid + Define a virtual delivery agent if the entry doesn't already exist: /etc/postfix/master.cf: @@ -224,6 +226,8 @@ type. The command "postconf -m" displays possible lookup table types. /etc/postfix/main.cf: + # All domains and users delivered by the virtual local delivery agent. + virtual_transport = virtual virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmailbox @@ -232,12 +236,12 @@ types. virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 - # All domains that are delivered by the local delivery agent. + # All domains and users delivered by the local delivery agent. + # local_recipient_maps is used by the SMTP server to reject mail + # for unknown users. + local_transport = local mydestination = $myhostname $localhost.$mydomain - - # Reject unknown local recipients at the SMTP port. - local_recipient_maps = unix:passwd.byname $alias_maps Define a virtual delivery agent if the entry doesn't already exist: @@ -276,10 +280,13 @@ users you will want to separate the information that changes often (the user addresses) from the information that changes rarely (the names of hosted domains). -This example is the same as above, but it uses a separate table for -specifying the virtual domain names. +This example is the same as above, with co-existing local and +virtual domains, but it uses a separate table for specifying the +virtual domain names. /etc/postfix/main.cf: + # All domains and users delivered by the virtual local delivery agent. + virtual_transport = virtual virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmailbox @@ -288,12 +295,12 @@ specifying the virtual domain names. virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 - # All domains that are delivered by the local delivery agent. + # All domains and users delivered by the local delivery agent. + # local_recipient_maps is used by the SMTP server to reject mail + # for unknown users. + local_transport = local mydestination = $myhostname $localhost.$mydomain - - # Reject unknown local recipients at the SMTP port. - local_recipient_maps = unix:passwd.byname $alias_maps Define a virtual delivery agent if the entry doesn't already exist: diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 02c8254d5..3defcc3c4 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -12,14 +12,34 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. -Incompatible changes with Postfix snapshot 1.1.12-200212XX +Incompatible changes with Postfix snapshot 1.1.12-20021209 ========================================================== -Postfix now uses the "relay" mail delivery transport for relayed -mail (domains matching relay_domains). This may affect your -defer_transports settings. The old "smtp" transport is now the -default mail delivery transport for domains that do not match -relay_domains or any local or virtual domain name. +This release adds a new "relay" service to the Postfix master.cf +file. If your Postfix is unable to connect to the "relay" service +then you have not properly followed the installation procedure. + +The Postfix SMTP server now rejects mail for local recipients that +it does not know about. For this to work correctly, you need to +review the section titled "REJECTING UNKNOWN LOCAL USERS" in +conf/main.cf if one of the following is true: + +- You run the Postfix SMTP server chrooted (see master.cf). +- You redefined the local delivery agent in master.cf. +- You redefined the "local_transport" setting in main.cf. +- You use the mailbox_transport or fallback_transport feature + of the Postfix local delivery agent. + +Specify "local_recipient_maps =" (i.e. empty) to make the SMTP +server accept mail for all known and unknown local recipients. You +will be considered a bad network citizen, though. + +Postfix no longer defaults to the "smtp" transport for all non-local +destinations. This may affect your defer_transports settings. In +particular, Postfix now uses the "relay" mail delivery transport +for domains matching $relay_domains. The old "smtp" transport is +now the default mail delivery transport for non-local domains that +do not match relay_domains. The "virtual_maps" configuration parameter is now called "virtual_alias_maps", for consistency with "virtual_mailbox_maps". @@ -42,7 +62,12 @@ The "check_relay_domains" restriction is going away. The SMTP server logs a warning and suggests using "reject_unauth_destination" instead. -Major changes with Postfix snapshot 1.1.11-200212XX +The Postfix installation procedure no longer sets the "chattr +S" +bit on Linux queue directories. Wietse has gotten too annoyed with +naive reviewers who complain about performance without having a +clue of what they are comparing. + +Major changes with Postfix snapshot 1.1.11-20021209 =================================================== This release introduces separation of lookup tables for addresses @@ -84,9 +109,9 @@ The benefits of these changes are that: - A lot of table lookups could be eliminated from the SMTP server's mail relay control and unknown user blocking code. -Better handling of unknown recipients. Each address domain class -now has its own table with known recipients, so that you can reject -mail for unknown addresses consistently. +This release introduces better handling of unknown recipients. Each +address domain class now has its own table with known recipients, +so that you can reject mail for unknown addresses consistently. Destination matches Recipients defined by Remarks -------------------------------------------------------------- diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index eafabbd65..1883e4738 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -150,6 +150,32 @@ mail_owner = postfix #mydestination = $myhostname, localhost.$mydomain, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain +# REJECTING UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names (not addresses) of users that are local with respect +# to $mydestination and $inet_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You redefined the local delivery agent in master.cf. +# +# - You redefined the "local_transport" setting in main.cf. +# +# - You use the mailbox_transport or fallback_transport feature +# of the Postfix local delivery agent (see sample-local.cf). +# +# Beware: if the Postfix SMTP server runs chrooted, you may have to +# copy the passwd (not shadow) database into the jail. This is +# system dependent. +# +local_recipient_maps = unix:passwd.byname $alias_maps + # TRUST AND RELAY CONTROL # The mynetworks parameter specifies the list of "trusted" SMTP @@ -256,23 +282,6 @@ mail_owner = postfix # #relay_recipient_maps = hash:/etc/postfix/relay_recipients -# REJECTING UNKNOWN LOCAL USERS -# -# The local_recipient_maps parameter specifies optional lookup tables -# with all names (not addresses) of users that are local with respect -# to $mydestination and $inet_interfaces. If this parameter is -# defined, then the SMTP server will reject mail for unknown local -# users. -# -# If you use the default Postfix local delivery agent for local -# delivery, uncomment the definition below. -# -# Beware: if the Postfix SMTP server runs chrooted, you may have to -# copy the passwd (not shadow) database into the jail. This is -# system dependent. -# -#local_recipient_maps = $alias_maps unix:passwd.byname - # INPUT RATE CONTROL # # The in_flow_delay configuration parameter implements mail input diff --git a/postfix/conf/post-install b/postfix/conf/post-install index 649b6fc46..ccdfc0fb5 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -253,17 +253,6 @@ test -f $config_directory/postfix-files || { exit 1 } -# -# LINUX by default does not synchronously update directories - -# that's dangerous for mail. -# -if [ -f /usr/bin/chattr ] -then - CHATTR="/usr/bin/chattr +S" -else - CHATTR=echo -fi - case `uname -s` in HP-UX*) FMT=cat;; *) FMT=fmt;; diff --git a/postfix/conf/sample-local.cf b/postfix/conf/sample-local.cf index 21141cf21..6017a8173 100644 --- a/postfix/conf/sample-local.cf +++ b/postfix/conf/sample-local.cf @@ -46,6 +46,10 @@ require_home_directory = no # :nexthop part is optional. For more details see the sample transports # file. # +# Beware: if you override the default local delivery agent then you +# also need to review the section "REJECTING UNKNOWN LOCAL USERS" +# in the main.cf file, otherwise the SMTP server will reject mail. +# local_transport = lmtp:unix:/file/name local_transport = local @@ -184,6 +188,11 @@ mailbox_command = # :nexthop part is optional. For more details see the sample transport # configuration file. # +# Beware: if you use the mailbox_transport feature for users not in +# /etc/passwd and /etc/aliases then you also need to review the +# section "REJECTING UNKNOWN LOCAL USERS" in the main.cf file, +# otherwise the SMTP server may reject mail incorrectly. +# #mailbox_transport = lmtp:unix:/file/name #mailbox_transport = cyrus mailbox_transport = @@ -197,6 +206,11 @@ mailbox_transport = # :nexthop part is optional. For more details see the sample transport # configuration file. # +# Beware: if you use the fallback_transport feature for users not in +# /etc/passwd and /etc/aliases then you also need to review the +# section "REJECTING UNKNOWN LOCAL USERS" in the main.cf file, +# otherwise the SMTP server may reject mail incorrectly. +# #fallback_transport = lmtp:unix:/file/name #fallback_transport = cyrus fallback_transport = diff --git a/postfix/html/faq.html b/postfix/html/faq.html index be06e3b8f..c6226e548 100644 --- a/postfix/html/faq.html +++ b/postfix/html/faq.html @@ -311,10 +311,6 @@ address with the wrong name

Content filtering

-

Other transports: UUCP, FAX, etc.

@@ -2835,53 +2831,6 @@ effective.
-

Support for virus scanning

 - -Would not it be great if operating systems and applications actually -worked the way they are supposed to, instead of being as fragile -as today's products? Well, we can solve only one problem at a time. - -

- -Currently, Postfix has no hooks to let other programs inspect every -message, so the scanning has to be done before mail enters Postfix -or while mail leaves Postfix, for example at mailbox delivery time. - -

- -Examples: - -

- -

-    /etc/postfix/main.cf:
-        mailbox_command = /some/program ...
-
- -

- -This example specifies a command that delivers all local mail to -mailbox. See the sample main.cf file for examples. In -/etc/aliases, you must specify an alias for root that -directs mail to a real person, otherwise mail sent to root -will not work as expected. - -

- -

-    /etc/postfix/main.cf:
-        mailbox_transport = foo
-
- -

- -This example delegates local mailbox delivery to the transport -foo as configured in /etc/postfix/master.cf. If you -follow this route you will build something around the pipe mailer. -See examples in master.cf. - -

-

Using UUCP over TCP

This subject comes up whenever someone asks about a "domain in diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index 6cf7e66aa..2be94cdcd 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -20,7 +20,7 @@ SRCS = been_here.c bounce.c canon_addr.c cleanup_strerror.c clnt_stream.c \ tok822_resolve.c tok822_rewrite.c tok822_tree.c xtext.c bounce_log.c \ flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \ verp_sender.c match_parent_style.c mime_state.c header_token.c \ - strip_addr.c virtual8_maps_find.c hold_message.c + strip_addr.c virtual8_maps.c hold_message.c OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \ debug_peer.o debug_process.o defer.o deliver_completed.o \ deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \ @@ -42,7 +42,7 @@ OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \ tok822_resolve.o tok822_rewrite.o tok822_tree.o xtext.o bounce_log.o \ flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \ verp_sender.o match_parent_style.o mime_state.o header_token.o \ - strip_addr.o virtual8_maps_find.o hold_message.o + strip_addr.o virtual8_maps.o hold_message.o HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \ config.h debug_peer.h debug_process.h defer.h deliver_completed.h \ deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \ @@ -60,7 +60,7 @@ HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \ sys_exits.h timed_ipc.h tok822.h xtext.h bounce_log.h flush_clnt.h \ mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \ match_parent_style.h quote_flags.h mime_state.h header_token.h \ - lex_822.h strip_addr.h virtual8.h hold_message.h + lex_822.h strip_addr.h virtual8_maps.h hold_message.h TESTSRC = rec2stream.c stream2rec.c recdump.c WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ @@ -74,7 +74,7 @@ TESTPROG= domain_list dot_lockfile mail_addr_crunch mail_addr_find \ off_cvt quote_822_local rec2stream recdump resolve_clnt \ resolve_local rewrite_clnt stream2rec string_list tok822_parse \ quote_821_local mail_conf_time mime_state strip_addr \ - virtual8_maps_find + virtual8_maps LIBS = ../../lib/libutil.a LIB_DIR = ../../lib @@ -227,7 +227,7 @@ strip_addr: $(LIB) $(LIBS) $(CC) -DTEST $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) mv junk $@.o -virtual8_maps_find: $(LIB) $(LIBS) +virtual8_maps: $(LIB) $(LIBS) mv $@.o junk $(CC) -DTEST $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) mv junk $@.o @@ -291,10 +291,10 @@ strip_addr_test: strip_addr strip_addr.ref diff strip_addr.ref strip_addr.tmp rm -f strip_addr.tmp -virtual8_test: virtual8_maps_find virtual8_map virtual8.in virtual8.ref \ +virtual8_test: virtual8_maps virtual8_map virtual8.in virtual8.ref \ ../postmap/postmap ../postmap/postmap hash:virtual8_map - ./virtual8_maps_find virtual8.tmp + ./virtual8_maps virtual8.tmp diff virtual8.ref virtual8.tmp rm -f virtual8.tmp virtual8_map.db @@ -1196,18 +1196,18 @@ verp_sender.o: ../../include/vstring.h verp_sender.o: ../../include/vbuf.h verp_sender.o: mail_params.h verp_sender.o: verp_sender.h -virtual8_maps_find.o: virtual8_maps_find.c -virtual8_maps_find.o: ../../include/sys_defs.h -virtual8_maps_find.o: ../../include/msg.h -virtual8_maps_find.o: ../../include/mymalloc.h -virtual8_maps_find.o: maps.h -virtual8_maps_find.o: ../../include/dict.h -virtual8_maps_find.o: ../../include/vstream.h -virtual8_maps_find.o: ../../include/vbuf.h -virtual8_maps_find.o: ../../include/argv.h -virtual8_maps_find.o: mail_params.h -virtual8_maps_find.o: strip_addr.h -virtual8_maps_find.o: virtual8.h +virtual8_maps.o: virtual8_maps.c +virtual8_maps.o: ../../include/sys_defs.h +virtual8_maps.o: ../../include/msg.h +virtual8_maps.o: ../../include/mymalloc.h +virtual8_maps.o: maps.h +virtual8_maps.o: ../../include/dict.h +virtual8_maps.o: ../../include/vstream.h +virtual8_maps.o: ../../include/vbuf.h +virtual8_maps.o: ../../include/argv.h +virtual8_maps.o: mail_params.h +virtual8_maps.o: strip_addr.h +virtual8_maps.o: virtual8_maps.h xtext.o: xtext.c xtext.o: ../../include/sys_defs.h xtext.o: ../../include/vstream.h diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 43ff78bf0..178d82a0d 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1275,7 +1275,7 @@ extern char *var_smtpd_exp_filter; * Heuristic to reject most unknown recipients at the SMTP port. */ #define VAR_LOCAL_RCPT_MAPS "local_recipient_maps" -#define DEF_LOCAL_RCPT_MAPS "" +#define DEF_LOCAL_RCPT_MAPS "unix:passwd.byname $alias_maps" extern char *var_local_rcpt_maps; /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 297ee6d68..7af1eb35c 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20021208" +#define MAIL_RELEASE_DATE "20021209" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION "1.1.12-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/virtual8_maps_find.c b/postfix/src/global/virtual8_maps.c similarity index 98% rename from postfix/src/global/virtual8_maps_find.c rename to postfix/src/global/virtual8_maps.c index 321e0fb4c..332cc8e04 100644 --- a/postfix/src/global/virtual8_maps_find.c +++ b/postfix/src/global/virtual8_maps.c @@ -1,10 +1,10 @@ /*++ /* NAME -/* virtual8_maps_find 3 +/* virtual8_maps 3 /* SUMMARY /* virtual delivery agent map lookups /* SYNOPSIS -/* #include +/* #include /* /* MAPS *virtual8_maps_create(title, map_names, flags) /* const char *title; @@ -87,7 +87,7 @@ #include #include #include -#include +#include /* Application-specific. */ diff --git a/postfix/src/global/virtual8.h b/postfix/src/global/virtual8_maps.h similarity index 84% rename from postfix/src/global/virtual8.h rename to postfix/src/global/virtual8_maps.h index 110ac7deb..4261413b8 100644 --- a/postfix/src/global/virtual8.h +++ b/postfix/src/global/virtual8_maps.h @@ -1,13 +1,13 @@ -#ifndef _VIRTUAL8_H_INCLUDED_ -#define _VIRTUAL8_H_INCLUDED_ +#ifndef _VIRTUAL8_MAPS_H_INCLUDED_ +#define _VIRTUAL8_MAPS_H_INCLUDED_ /*++ /* NAME -/* virtual8 3h +/* virtual8_maps 3h /* SUMMARY /* virtual delivery agent compatibility /* SYNOPSIS -/* #include +/* #include /* DESCRIPTION /* .nf diff --git a/postfix/src/local/Makefile.in b/postfix/src/local/Makefile.in index 82c704f41..15539ceed 100644 --- a/postfix/src/local/Makefile.in +++ b/postfix/src/local/Makefile.in @@ -437,6 +437,8 @@ resolve.o: ../../include/resolve_clnt.h resolve.o: ../../include/rewrite_clnt.h resolve.o: ../../include/tok822.h resolve.o: ../../include/mail_params.h +resolve.o: ../../include/defer.h +resolve.o: ../../include/bounce.h resolve.o: local.h resolve.o: ../../include/been_here.h resolve.o: ../../include/deliver_request.h diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in index 840ae5f4d..09e8f6883 100644 --- a/postfix/src/smtpd/Makefile.in +++ b/postfix/src/smtpd/Makefile.in @@ -196,9 +196,10 @@ smtpd_check.o: ../../include/ctable.h smtpd_check.o: ../../include/mac_expand.h smtpd_check.o: ../../include/mac_parse.h smtpd_check.o: ../../include/dns.h -smtpd_check.o: ../../include/namadr_list.h +smtpd_check.o: ../../include/string_list.h smtpd_check.o: ../../include/match_list.h smtpd_check.o: ../../include/match_ops.h +smtpd_check.o: ../../include/namadr_list.h smtpd_check.o: ../../include/domain_list.h smtpd_check.o: ../../include/mail_params.h smtpd_check.o: ../../include/canon_addr.h @@ -212,7 +213,7 @@ smtpd_check.o: ../../include/maps.h smtpd_check.o: ../../include/mail_addr_find.h smtpd_check.o: ../../include/match_parent_style.h smtpd_check.o: ../../include/strip_addr.h -smtpd_check.o: ../../include/virtual8.h +smtpd_check.o: ../../include/virtual8_maps.h smtpd_check.o: ../../include/cleanup_user.h smtpd_check.o: ../../include/record.h smtpd_check.o: ../../include/rec_type.h diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 30ebe052e..6f126746f 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -306,7 +306,7 @@ #include #include #include -#include +#include #include #include #include @@ -1462,6 +1462,8 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient, if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0) return (SMTPD_CHECK_OK); domain += 1; + if (reply->flags & RESOLVE_CLASS_LOCAL) + return (SMTPD_CHECK_OK); /* * Skip source-routed non-local or virtual mail (uncertain destination). @@ -3158,16 +3160,19 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient) * Reject mail to unknown addresses in local domains (domains that match * $mydestination or $inet_interfaces). * - * XXX For now, we throw up our hands when a transport mapping overrides the - * default local delivery transport. - * * XXX Use the less expensive maps_find() (case is already folded) instead * of the baroque mail_addr_find(). But then we have to strip the domain * and deal with address extensions ourselves. + * + * XXX But that would break sites that use the virtual delivery agent for + * local delivery, because the virtual delivery agent requires + * user@domain style addresses in its user database. */ if ((reply->flags & RESOLVE_CLASS_LOCAL) && *var_local_rcpt_maps +#if 0 && strcmp(STR(reply->transport), var_local_transport) == 0 +#endif && NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) { (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE, "%d <%s>: User unknown", 550, recipient); @@ -3176,12 +3181,11 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient) /* * Reject mail to unknown addresses in virtual mailbox domains. - * - * XXX For now, we throw up our hands when a transport mapping overrides the - * default virtual delivery transport. */ if ((reply->flags & RESOLVE_CLASS_VIRTUAL) +#if 0 && strcmp(STR(reply->transport), var_virt_transport) == 0 +#endif && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))) { (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE, "%d <%s>: User unknown", 550, recipient); @@ -3190,13 +3194,12 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient) /* * Reject mail to unknown addresses in relay domains. - * - * XXX For now, we throw up our hands when a transport mapping overrides the - * default relay transport. */ if ((reply->flags & RESOLVE_CLASS_RELAY) && *var_relay_rcpt_maps +#if 0 && strcmp(STR(reply->transport), var_relay_transport) == 0 +#endif && NOMATCH(relay_rcpt_maps, CONST_STR(reply->recipient))) { (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE, "%d <%s>: User unknown", 550, recipient); diff --git a/postfix/src/trivial-rewrite/Makefile.in b/postfix/src/trivial-rewrite/Makefile.in index f41bfa562..3ff0eb8e6 100644 --- a/postfix/src/trivial-rewrite/Makefile.in +++ b/postfix/src/trivial-rewrite/Makefile.in @@ -70,6 +70,7 @@ resolve.o: ../../include/vstream.h resolve.o: ../../include/vstring_vstream.h resolve.o: ../../include/split_at.h resolve.o: ../../include/valid_hostname.h +resolve.o: ../../include/stringops.h resolve.o: ../../include/mail_params.h resolve.o: ../../include/mail_proto.h resolve.o: ../../include/iostuff.h @@ -82,6 +83,15 @@ resolve.o: ../../include/quote_822_local.h resolve.o: ../../include/quote_flags.h resolve.o: ../../include/tok822.h resolve.o: ../../include/resolve_clnt.h +resolve.o: ../../include/domain_list.h +resolve.o: ../../include/match_list.h +resolve.o: ../../include/match_ops.h +resolve.o: ../../include/string_list.h +resolve.o: ../../include/match_parent_style.h +resolve.o: ../../include/maps.h +resolve.o: ../../include/dict.h +resolve.o: ../../include/argv.h +resolve.o: ../../include/mail_addr_find.h resolve.o: trivial-rewrite.h resolve.o: transport.h rewrite.o: rewrite.c diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index 29603e5b5..8b11cf78d 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -104,6 +104,7 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, TOK822 *domain = 0; char *destination; const char *blame = 0; + const char *rcpt_domain; *flags = 0; @@ -228,6 +229,9 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, * * With virtual, relay, or other non-local destinations, give the highest * precedence to delivery transport associated next-hop information. + * + * XXX Nag if the domain is listed in multiple domain lists. The effect is + * implementation defined, and may break when internals change. */ dict_errno = 0; if (domain != 0) { @@ -238,6 +242,10 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, *flags |= RESOLVE_FLAG_ERROR; if (virt_alias_doms && string_list_match(virt_alias_doms, STR(nexthop))) { + if (virt_mailbox_doms + && string_list_match(virt_mailbox_doms, STR(nexthop))) + msg_warn("do not list domain %s in BOTH %s and %s", + STR(nexthop), VAR_VIRT_ALIAS_DOMS, VAR_VIRT_MAILBOX_DOMS); vstring_strcpy(channel, var_error_transport); vstring_strcpy(nexthop, "User unknown"); blame = VAR_ERROR_TRANSPORT; @@ -277,8 +285,22 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, /* * Local delivery. Set up the default local transport and the default * next-hop hostname (myself). + * + * XXX Nag if the domain is listed in multiple domain lists. The effect is + * implementation defined, and may break when internals change. */ else { + if ((rcpt_domain = strrchr(STR(nextrcpt), '@')) != 0) { + rcpt_domain++; + if (virt_alias_doms + && string_list_match(virt_alias_doms, rcpt_domain)) + msg_warn("do not list domain %s in BOTH %s and %s", + rcpt_domain, VAR_MYDEST, VAR_VIRT_ALIAS_DOMS); + if (virt_mailbox_doms + && string_list_match(virt_mailbox_doms, rcpt_domain)) + msg_warn("do not list domain %s in BOTH %s and %s", + rcpt_domain, VAR_MYDEST, VAR_VIRT_MAILBOX_DOMS); + } vstring_strcpy(channel, var_local_transport); blame = VAR_LOCAL_TRANSPORT; if ((destination = split_at(STR(channel), ':')) == 0 diff --git a/postfix/src/util/dict_unix.c b/postfix/src/util/dict_unix.c index 44834c36f..5047278c3 100644 --- a/postfix/src/util/dict_unix.c +++ b/postfix/src/util/dict_unix.c @@ -41,6 +41,7 @@ #include "sys_defs.h" #include +#include #include #include #include @@ -65,14 +66,24 @@ static const char *dict_unix_getpwnam(DICT *unused_dict, const char *key) { struct passwd *pwd; static VSTRING *buf; + static int sanity_checked; dict_errno = 0; if ((pwd = getpwnam(key)) == 0) { + if (sanity_checked == 0) { + sanity_checked = 1; + errno = 0; + if (getpwuid(0) == 0) { + msg_warn("cannot access UNIX passwd file info: %m"); + dict_errno = DICT_ERR_RETRY; + } + } return (0); } else { if (buf == 0) buf = vstring_alloc(10); + sanity_checked = 1; vstring_sprintf(buf, "%s:%s:%ld:%ld:%s:%s:%s", pwd->pw_name, pwd->pw_passwd, (long) pwd->pw_uid, (long) pwd->pw_gid, pwd->pw_gecos, pwd->pw_dir, @@ -88,14 +99,24 @@ static const char *dict_unix_getgrnam(DICT *unused_dict, const char *key) struct group *grp; static VSTRING *buf; char **cpp; + static int sanity_checked; dict_errno = 0; if ((grp = getgrnam(key)) == 0) { + if (sanity_checked == 0) { + sanity_checked = 1; + errno = 0; + if (getgrgid(0) == 0) { + msg_warn("cannot access UNIX group file info: %m"); + dict_errno = DICT_ERR_RETRY; + } + } return (0); } else { if (buf == 0) buf = vstring_alloc(10); + sanity_checked = 1; vstring_sprintf(buf, "%s:%s:%ld:", grp->gr_name, grp->gr_passwd, (long) grp->gr_gid); for (cpp = grp->gr_mem; *cpp; cpp++) { @@ -144,5 +165,5 @@ DICT *dict_unix_open(const char *map, int unused_flags, int dict_flags) dict_unix->dict.lookup = lp->lookup; dict_unix->dict.close = dict_unix_close; dict_unix->dict.flags = dict_flags | DICT_FLAG_FIXED; - return (DICT_DEBUG(&dict_unix->dict)); + return (DICT_DEBUG (&dict_unix->dict)); } diff --git a/postfix/src/virtual/Makefile.in b/postfix/src/virtual/Makefile.in index 05153384f..da2dc414b 100644 --- a/postfix/src/virtual/Makefile.in +++ b/postfix/src/virtual/Makefile.in @@ -85,7 +85,7 @@ mailbox.o: ../../include/defer.h mailbox.o: ../../include/bounce.h mailbox.o: ../../include/sent.h mailbox.o: ../../include/mail_params.h -mailbox.o: ../../include/virtual8.h +mailbox.o: ../../include/virtual8_maps.h mailbox.o: ../../include/maps.h mailbox.o: ../../include/dict.h mailbox.o: ../../include/argv.h @@ -163,7 +163,7 @@ virtual.o: ../../include/deliver_request.h virtual.o: ../../include/deliver_completed.h virtual.o: ../../include/mail_params.h virtual.o: ../../include/mail_conf.h -virtual.o: ../../include/virtual8.h +virtual.o: ../../include/virtual8_maps.h virtual.o: ../../include/maps.h virtual.o: ../../include/mail_server.h virtual.o: virtual.h diff --git a/postfix/src/virtual/mailbox.c b/postfix/src/virtual/mailbox.c index d9e9491d8..442dc3e7a 100644 --- a/postfix/src/virtual/mailbox.c +++ b/postfix/src/virtual/mailbox.c @@ -60,7 +60,7 @@ #include #include #include -#include +#include #ifndef EDQUOT #define EDQUOT EFBIG diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index 29c1b1bfd..40767955d 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -271,7 +271,7 @@ #include #include #include -#include +#include /* Single server skeleton. */ @@ -449,7 +449,7 @@ int main(int argc, char **argv) VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0, VAR_VIRT_UID_MAPS, DEF_VIRT_UID_MAPS, &var_virt_uid_maps, 0, 0, VAR_VIRT_GID_MAPS, DEF_VIRT_GID_MAPS, &var_virt_gid_maps, 0, 0, - VAR_VIRT_MAILBOX_BASE, DEF_VIRT_MAILBOX_BASE, &var_virt_mailbox_base, 0, 0, + VAR_VIRT_MAILBOX_BASE, DEF_VIRT_MAILBOX_BASE, &var_virt_mailbox_base, 1, 0, VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0, 0, };