From: Wietse Z Venema Date: Fri, 19 Dec 2025 05:00:00 +0000 (-0500) Subject: postfix-3.11-20251219 X-Git-Tag: v3.11.0-RC1~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1534f6c4a160276f5a7575911fc7b39c5922b7a9;p=thirdparty%2Fpostfix.git postfix-3.11-20251219 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 4f1d8f8d9..ac2103930 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -30180,7 +30180,7 @@ Apologies for any names omitted. TODO: unit test coverage. -20211218 +20251218 Feature: the postqueue command now also lists recipients in bounce logfiles (in JSON output, this uses a new object @@ -30191,7 +30191,20 @@ Apologies for any names omitted. returned to the sender. Files: showq/showq.c, postqueue/showq_compat.c, postqueue/showq_json.c. - Wordsmiting: after a queue manager request failure to + Wordsmithing: after a queue manager request failure to generate a verp-style delivery status notification, log "verp-bounce failed" instead of "verp failed". File: global/abounce.c. + +20251219 + + Documentation: added multi_instance_directories to the list + of parameters that can authorize a non-default configuration + directory name, and made the descriptions consistent with + each other. Files: global/mail_conf.c, postdrop/postdrop.c, + postlog/postlog.c, postqueue/postqueue.c. + + Bugfix (defect introduced: 20251218): showq/postqueue + protocol mismatch, caused by a missing update for a code + path in the showq daemon. Problem reported by Florian + Piekert, diagnosed by John Fawcett. File: showq/showq.c. diff --git a/postfix/html/postdrop.1.html b/postfix/html/postdrop.1.html index 7ea46ffb8..d8945cb10 100644 --- a/postfix/html/postdrop.1.html +++ b/postfix/html/postdrop.1.html @@ -46,32 +46,33 @@ POSTDROP(1) POSTDROP(1) ENVIRONMENT MAIL_CONFIG Directory with the main.cf file. In order to avoid exploitation - of set-group ID privileges, a non-standard directory is allowed + of set-group ID privileges, a non-default directory is allowed only if: - o The name is listed in the standard main.cf file with the - alternate_config_directories configuration parameter. + o The name is listed in the default main.cf file with the + alternate_config_directories or multi_instance_directo- + ries configuration parameter. o The command is invoked by the super-user. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. alternate_config_directories (empty) A list of non-default Postfix configuration directories that may - be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with the "-C" option), or via the + be specified with "-c config_directory" on the command line (in + the case of sendmail(1), with the "-C" option), or via the MAIL_CONFIG environment parameter. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. import_environment (see 'postconf -d' output) - The list of environment variables that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment variables that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. queue_directory (see 'postconf -d' output) @@ -81,33 +82,33 @@ POSTDROP(1) POSTDROP(1) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". trigger_timeout (10s) - The time limit for sending a trigger to a Postfix daemon (for + The time limit for sending a trigger to a Postfix daemon (for example, the pickup(8) or qmgr(8) daemon). Available in Postfix version 2.2 and later: authorized_submit_users (static:anyone) - List of users who are authorized to submit mail with the send- + List of users who are authorized to submit mail with the send- mail(1) command (and with the privileged postdrop(1) helper com- mand). Available in Postfix version 3.6 and later: local_login_sender_maps (static:*) - A list of lookup tables that are searched by the UNIX login + A list of lookup tables that are searched by the UNIX login name, and that return a list of allowed envelope sender patterns separated by space or comma. empty_address_local_login_sender_maps_lookup_key (<>) - The lookup key to be used in local_login_sender_maps tables, + The lookup key to be used in local_login_sender_maps tables, instead of the null sender address. recipient_delimiter (empty) - The set of characters that can separate an email address local- + The set of characters that can separate an email address local- part, user name, or a .forward file name from its extension. FILES diff --git a/postfix/html/postlog.1.html b/postfix/html/postlog.1.html index a2f25860c..f207c2274 100644 --- a/postfix/html/postlog.1.html +++ b/postfix/html/postlog.1.html @@ -28,63 +28,72 @@ POSTLOG(1) POSTLOG(1) The following options are implemented: -c config_dir - Read the main.cf configuration file in the named directory - instead of the default configuration directory. + The main.cf configuration file is in the named directory instead + of the default configuration directory. See also the MAIL_CONFIG + environment setting below. -i (obsolete) - Include the process ID in the logging tag. This flag is ignored + Include the process ID in the logging tag. This flag is ignored as of Postfix 3.4, where the PID is always included. -p priority (default: info) - Specifies the logging severity: info, warn, error, fatal, or - panic. With Postfix 3.1 and later, the program will pause for 1 - second after reporting a fatal or panic condition, just like + Specifies the logging severity: info, warn, error, fatal, or + panic. With Postfix 3.1 and later, the program will pause for 1 + second after reporting a fatal or panic condition, just like other Postfix programs. - -t tag Specifies the logging tag, that is, the identifying name that - appears at the beginning of each logging record. A default tag + -t tag Specifies the logging tag, that is, the identifying name that + appears at the beginning of each logging record. A default tag is used when none is specified. - -v Enable verbose logging for debugging purposes. Multiple -v + -v Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose. SECURITY - The postlog(1) command is designed to run with set-groupid privileges, - so that it can connect to the postlogd(8) daemon process (Postfix 3.7 - and later; earlier implementations of this command must not have + The postlog(1) command is designed to run with set-groupid privileges, + so that it can connect to the postlogd(8) daemon process (Postfix 3.7 + and later; earlier implementations of this command must not have set-groupid or set-userid permissions). ENVIRONMENT MAIL_CONFIG - Directory with the main.cf file. + Directory with the main.cf file. In order to avoid exploitation + of set-group ID privileges, a non-default directory is allowed + only if: + + o The name is listed in the default main.cf file with the + alternate_config_directories or multi_instance_directo- + ries configuration parameter. + + o The command is invoked by the super-user. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- + The following main.cf parameters are especially relevant to this pro- gram. - The text below provides only a parameter summary. See postconf(5) for + The text below provides only a parameter summary. See postconf(5) for more details including examples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. import_environment (see 'postconf -d' output) - The list of environment variables that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment variables that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix 3.4 and later: maillog_file (empty) - The name of an optional logfile that is written by the Postfix + The name of an optional logfile that is written by the Postfix postlogd(8) service. postlog_service_name (postlog) @@ -93,7 +102,7 @@ POSTLOG(1) POSTLOG(1) Available in Postfix 3.9 and later: maillog_file_permissions (0600) - The file access permissions that will be set when the file + The file access permissions that will be set when the file $maillog_file is created for the first time, or when the file is created after an existing file is rotated. diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index 605743958..692593e4e 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -175,27 +175,28 @@ POSTQUEUE(1) POSTQUEUE(1) ENVIRONMENT MAIL_CONFIG Directory with the main.cf file. In order to avoid exploitation - of set-group ID privileges, a non-standard directory is allowed + of set-group ID privileges, a non-default directory is allowed only if: - o The name is listed in the standard main.cf file with the - alternate_config_directories configuration parameter. + o The name is listed in the default main.cf file with the + alternate_config_directories or multi_instance_directo- + ries configuration parameter. o The command is invoked by the super-user. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. alternate_config_directories (empty) A list of non-default Postfix configuration directories that may - be specified with "-c config_directory" on the command line (in - the case of sendmail(1), with the "-C" option), or via the + be specified with "-c config_directory" on the command line (in + the case of sendmail(1), with the "-C" option), or via the MAIL_CONFIG environment parameter. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. command_directory (see 'postconf -d' output) @@ -206,8 +207,8 @@ POSTQUEUE(1) POSTQUEUE(1) tion logfiles with mail that is queued to those destinations. import_environment (see 'postconf -d' output) - The list of environment variables that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment variables that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. queue_directory (see 'postconf -d' output) @@ -217,11 +218,11 @@ POSTQUEUE(1) POSTQUEUE(1) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". trigger_timeout (10s) - The time limit for sending a trigger to a Postfix daemon (for + The time limit for sending a trigger to a Postfix daemon (for example, the pickup(8) or qmgr(8) daemon). Available in Postfix version 2.2 and later: diff --git a/postfix/man/man1/postdrop.1 b/postfix/man/man1/postdrop.1 index 9dffd688e..eb7cfd1a6 100644 --- a/postfix/man/man1/postdrop.1 +++ b/postfix/man/man1/postdrop.1 @@ -51,12 +51,13 @@ INT, QUIT or TERM signal, the queue file is deleted. .fi .IP MAIL_CONFIG Directory with the \fBmain.cf\fR file. In order to avoid exploitation -of set\-group ID privileges, a non\-standard directory is allowed only +of set\-group ID privileges, a non\-default directory is allowed only if: .RS .IP \(bu -The name is listed in the standard \fBmain.cf\fR file with the -\fBalternate_config_directories\fR configuration parameter. +The name is listed in the default \fBmain.cf\fR file with the +\fBalternate_config_directories\fR or +\fBmulti_instance_directories\fR configuration parameter. .IP \(bu The command is invoked by the super\-user. .RE diff --git a/postfix/man/man1/postlog.1 b/postfix/man/man1/postlog.1 index a8c70b8ef..137befc3c 100644 --- a/postfix/man/man1/postlog.1 +++ b/postfix/man/man1/postlog.1 @@ -30,8 +30,9 @@ connected to a terminal). The following options are implemented: .IP "\fB\-c \fIconfig_dir\fR" -Read the \fBmain.cf\fR configuration file in the named directory -instead of the default configuration directory. +The \fBmain.cf\fR configuration file is in the named directory +instead of the default configuration directory. See also the +MAIL_CONFIG environment setting below. .IP "\fB\-i\fR (obsolete)" Include the process ID in the logging tag. This flag is ignored as of Postfix 3.4, where the PID is always included. @@ -64,7 +65,17 @@ set\-groupid or set\-userid permissions). .ad .fi .IP MAIL_CONFIG -Directory with the \fBmain.cf\fR file. +Directory with the \fBmain.cf\fR file. In order to avoid exploitation +of set\-group ID privileges, a non\-default directory is allowed only +if: +.RS +.IP \(bu +The name is listed in the default \fBmain.cf\fR file with the +\fBalternate_config_directories\fR or +\fBmulti_instance_directories\fR configuration parameter. +.IP \(bu +The command is invoked by the super\-user. +.RE .SH "CONFIGURATION PARAMETERS" .na .nf diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1 index d3c4341b0..cf770b0b8 100644 --- a/postfix/man/man1/postqueue.1 +++ b/postfix/man/man1/postqueue.1 @@ -176,12 +176,13 @@ and to the standard error stream. .fi .IP MAIL_CONFIG Directory with the \fBmain.cf\fR file. In order to avoid exploitation -of set\-group ID privileges, a non\-standard directory is allowed only +of set\-group ID privileges, a non\-default directory is allowed only if: .RS .IP \(bu -The name is listed in the standard \fBmain.cf\fR file with the -\fBalternate_config_directories\fR configuration parameter. +The name is listed in the default \fBmain.cf\fR file with the +\fBalternate_config_directories\fR or +\fBmulti_instance_directories\fR configuration parameter. .IP \(bu The command is invoked by the super\-user. .RE diff --git a/postfix/proto/stop.double-cc b/postfix/proto/stop.double-cc index 22de7611b..df20b9258 100644 --- a/postfix/proto/stop.double-cc +++ b/postfix/proto/stop.double-cc @@ -351,3 +351,4 @@ void void pol_stats_revert POL_STATS pstats feature feature etc feature feature etc where policies policy policy domain If null this defaults to the +bounce bounce defer trace diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 1110496ce..bf96a7fae 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -262,3 +262,7 @@ proto proto REQUIRETLS_README html global mail_params hc smtp smtp c smtpd smtpd c trivial rewrite trivial rewrite c Files makedefs bounce bounce c cleanup cleanup_init c Portability makedefs postalias postalias c util dict_debug c + returned to the sender Files showq showq c + Piekert diagnosed by John Fawcett File showq showq c + each other Files global mail_conf c postdrop postdrop c + postlog postlog c postqueue postqueue c diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history index 9b32215d8..4d200d5ba 100644 --- a/postfix/proto/stop.spell-history +++ b/postfix/proto/stop.spell-history @@ -120,3 +120,4 @@ pgnd jl Ankit Kulkarni +Wordsmithing diff --git a/postfix/src/global/mail_conf.c b/postfix/src/global/mail_conf.c index d604c152b..34c7d3c2b 100644 --- a/postfix/src/global/mail_conf.c +++ b/postfix/src/global/mail_conf.c @@ -35,8 +35,8 @@ /* file, and stores its values into a global configuration /* dictionary. When the configuration directory name is not /* trusted, this function requires that the directory name is -/* authorized with the alternate_config_directories setting -/* in the default main.cf file. +/* authorized with the alternate_config_directories or +/* multi_instance_directories setting in the default main.cf file. /* /* This function requires that all configuration directory /* override mechanisms set the MAIL_CONFIG environment variable, diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 3bb6755a0..7d495424c 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20251218" +#define MAIL_RELEASE_DATE "20251219" #define MAIL_VERSION_NUMBER "3.11" #ifdef SNAPSHOT diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c index 66c9ea585..f7771ea79 100644 --- a/postfix/src/postdrop/postdrop.c +++ b/postfix/src/postdrop/postdrop.c @@ -39,12 +39,13 @@ /* .fi /* .IP MAIL_CONFIG /* Directory with the \fBmain.cf\fR file. In order to avoid exploitation -/* of set-group ID privileges, a non-standard directory is allowed only +/* of set-group ID privileges, a non-default directory is allowed only /* if: /* .RS /* .IP \(bu -/* The name is listed in the standard \fBmain.cf\fR file with the -/* \fBalternate_config_directories\fR configuration parameter. +/* The name is listed in the default \fBmain.cf\fR file with the +/* \fBalternate_config_directories\fR or +/* \fBmulti_instance_directories\fR configuration parameter. /* .IP \(bu /* The command is invoked by the super-user. /* .RE diff --git a/postfix/src/postlog/postlog.c b/postfix/src/postlog/postlog.c index ce6b3c0f9..200a68ee7 100644 --- a/postfix/src/postlog/postlog.c +++ b/postfix/src/postlog/postlog.c @@ -24,8 +24,9 @@ /* /* The following options are implemented: /* .IP "\fB-c \fIconfig_dir\fR" -/* Read the \fBmain.cf\fR configuration file in the named directory -/* instead of the default configuration directory. +/* The \fBmain.cf\fR configuration file is in the named directory +/* instead of the default configuration directory. See also the +/* MAIL_CONFIG environment setting below. /* .IP "\fB-i\fR (obsolete)" /* Include the process ID in the logging tag. This flag is ignored as /* of Postfix 3.4, where the PID is always included. @@ -54,7 +55,17 @@ /* .ad /* .fi /* .IP MAIL_CONFIG -/* Directory with the \fBmain.cf\fR file. +/* Directory with the \fBmain.cf\fR file. In order to avoid exploitation +/* of set-group ID privileges, a non-default directory is allowed only +/* if: +/* .RS +/* .IP \(bu +/* The name is listed in the default \fBmain.cf\fR file with the +/* \fBalternate_config_directories\fR or +/* \fBmulti_instance_directories\fR configuration parameter. +/* .IP \(bu +/* The command is invoked by the super-user. +/* .RE /* CONFIGURATION PARAMETERS /* .ad /* .fi diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c index 2f1ee88f2..ecfe344d5 100644 --- a/postfix/src/postqueue/postqueue.c +++ b/postfix/src/postqueue/postqueue.c @@ -160,12 +160,13 @@ /* .fi /* .IP MAIL_CONFIG /* Directory with the \fBmain.cf\fR file. In order to avoid exploitation -/* of set-group ID privileges, a non-standard directory is allowed only +/* of set-group ID privileges, a non-default directory is allowed only /* if: /* .RS /* .IP \(bu -/* The name is listed in the standard \fBmain.cf\fR file with the -/* \fBalternate_config_directories\fR configuration parameter. +/* The name is listed in the default \fBmain.cf\fR file with the +/* \fBalternate_config_directories\fR or +/* \fBmulti_instance_directories\fR configuration parameter. /* .IP \(bu /* The command is invoked by the super-user. /* .RE diff --git a/postfix/src/showq/showq.c b/postfix/src/showq/showq.c index 9c2755493..89ac9cf39 100644 --- a/postfix/src/showq/showq.c +++ b/postfix/src/showq/showq.c @@ -285,6 +285,7 @@ static void showq_report(VSTREAM *client, char *queue, char *id, SEND_ATTR_STR(MAIL_ATTR_ORCPT, have_orcpt), SEND_ATTR_STR(MAIL_ATTR_RECIP, STR(printable_quoted_addr)), + SEND_ATTR_STR(MAIL_ATTR_LOG_CLASS, ""), SEND_ATTR_STR(MAIL_ATTR_WHY, ""), ATTR_TYPE_END); have_orcpt = 0;