From: Wietse Venema Date: Mon, 18 Dec 2017 05:00:00 +0000 (-0500) Subject: postfix-3.3-20171218 X-Git-Tag: v3.3.0-RC1~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17d5f8949c87c42179d1a708189b881aa2cda1f6;p=thirdparty%2Fpostfix.git postfix-3.3-20171218 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 6db1f677a..bb6fa3631 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23177,3 +23177,30 @@ Apologies for any names omitted. Bugfix (introduced: Postfix 3.0) missing dynamicmaps support in the Postfix sendmail command broke authorized_submit_users with a dynamically-loaded map type. File: sendmail/sendmail.c. + +20171116 + + Bugfix (introduced: Postfix 2.1): don't log warnings + that some restriction returns OK, when the access map + DISCARD feature is in effect. File: smtpd/smtpd_check.c. + +20171209 + + Documentation: the effects of owner_request_special and + reset_owner_alias on alias expansion. Files: proto/aliases, + proto/postconf.proto. + +20171215 + + Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke + Berkeley DB configurations with a relative pathname. File: + util/dict_db.c. + +20171218 + + Workaround: reportedly, FreeBSD 11.1 res_query(3) can return + -1 while h_errno==0. The DNS client now logs a warning and + sets h_errno to TRY_AGAIN. File: dns/dns_lookup.c. + + Cleanup: allow XCLIENT before STARTTLS, when TLS is required. + File: smtpd/smtpd.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 9ad62021d..3dc6949d3 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -9,9 +9,20 @@ Wish list: After I/O error, store errno in VSTREAM object before errno may be overwritten. + Is it possible for the Milter client to 'chgfrom' the sender's + DSN attributes? That is, keep existing ones or set new ones? + + Add $smtpd_sender_login_maps to proxy_read_maps. + + Add some tips for logging from container: + https://www.projectatomic.io/blog/2016/10/playing-with-docker-logging/; + syslog_name = $myhostname/postfix; mkdir + postfix check + Add postwhite as a postscreen-related project. https://github.com/stevejenkins/postwhite/blob/master/README.md + XFORWARD attributes in policy protocol? + Document postsrsd and postforward for srs-ifying. Would more fine-grained smtp_generic_maps support help? diff --git a/postfix/conf/aliases b/postfix/conf/aliases index c8f757950..941551e9d 100644 --- a/postfix/conf/aliases +++ b/postfix/conf/aliases @@ -91,13 +91,15 @@ decode: root # lowercase, in order to make database lookups case insensi- # tive. # -# In addition, when an alias exists for owner-name, delivery -# diagnostics are directed to that address, instead of to -# the originator of the message. This is typically used to -# direct delivery errors to the maintainer of a mailing -# list, who is in a better position to deal with mailing -# list delivery problems than the originator of the undeliv- -# ered mail. +# In addition, when an alias exists for owner-name, this +# will override the envelope sender address, so that deliv- +# ery diagnostics are directed to owner-name, instead of the +# originator of the message (for details, see +# owner_request_special, expand_owner_alias and +# reset_owner_alias). This is typically used to direct +# delivery errors to the maintainer of a mailing list, who +# is in a better position to deal with mailing list delivery +# problems than the originator of the undelivered mail. # # The value contains one or more of the following: # @@ -184,51 +186,51 @@ decode: root # The text below provides only a parameter summary. See # postconf(5) for more details including examples. # -# alias_database -# List of alias databases that are updated by the -# newaliases(1) command. +# alias_database (see 'postconf -d' output) +# The alias databases for local(8) delivery that are +# updated with "newaliases" or with "sendmail -bi". # -# alias_maps -# List of alias databases queried by the local(8) -# delivery agent. +# alias_maps (see 'postconf -d' output) +# The alias databases that are used for local(8) +# delivery. # -# allow_mail_to_commands -# Restrict the usage of mail delivery to external -# command. +# allow_mail_to_commands (alias, forward) +# Restrict local(8) mail delivery to external com- +# mands. # -# allow_mail_to_files -# Restrict the usage of mail delivery to external -# file. +# allow_mail_to_files (alias, forward) +# Restrict local(8) mail delivery to external files. # -# expand_owner_alias -# When delivering to an alias that has an owner- com- -# panion alias, set the envelope sender address to -# the right-hand side of the owner alias, instead -# using of the left-hand side address. +# expand_owner_alias (no) +# When delivering to an alias "aliasname" that has an +# "owner-aliasname" companion alias, set the envelope +# sender address to the expansion of the +# "owner-aliasname" alias. # -# propagate_unmatched_extensions -# A list of address rewriting or forwarding mecha- -# nisms that propagate an address extension from the -# original address to the result. Specify zero or -# more of canonical, virtual, alias, forward, -# include, or generic. +# propagate_unmatched_extensions (canonical, virtual) +# What address lookup tables copy an address exten- +# sion from the lookup key to the lookup result. # -# owner_request_special -# Give special treatment to owner-listname and list- -# name-request addresses. +# owner_request_special (yes) +# Enable special treatment for owner-listname entries +# in the aliases(5) file, and don't split owner-list- +# name and listname-request address localparts when +# the recipient_delimiter is set to "-". # -# recipient_delimiter -# Delimiter that separates recipients from address -# extensions. +# recipient_delimiter (empty) +# The set of characters that can separate a user name +# from its extension (example: user+foo), or a .for- +# ward file name from its extension (example: .for- +# ward+foo). # # Available in Postfix version 2.3 and later: # -# frozen_delivered_to -# Update the local(8) delivery agent's Delivered-To: -# address (see prepend_delivered_header) only once, -# at the start of a delivery; do not update the -# Delivered-To: address while expanding aliases or -# .forward files. +# frozen_delivered_to (yes) +# Update the local(8) delivery agent's idea of the +# Delivered-To: address (see prepend_deliv- +# ered_header) only once, at the start of a delivery +# attempt; do not update the Delivered-To: address +# while expanding aliases or .forward files. # # STANDARDS # RFC 822 (ARPA Internet Text Messages) @@ -240,12 +242,12 @@ decode: root # postconf(5), configuration parameters # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/html/aliases.5.html b/postfix/html/aliases.5.html index 834df383b..5a8ad9a6d 100644 --- a/postfix/html/aliases.5.html +++ b/postfix/html/aliases.5.html @@ -52,52 +52,53 @@ ALIASES(5) ALIASES(5) or `@'. The name is folded to lowercase, in order to make database lookups case insensitive. - In addition, when an alias exists for owner-name, delivery diagnostics - are directed to that address, instead of to the originator of the mes- - sage. This is typically used to direct delivery errors to the main- - tainer of a mailing list, who is in a better position to deal with - mailing list delivery problems than the originator of the undelivered - mail. + In addition, when an alias exists for owner-name, this will override + the envelope sender address, so that delivery diagnostics are directed + to owner-name, instead of the originator of the message (for details, + see owner_request_special, expand_owner_alias and reset_owner_alias). + This is typically used to direct delivery errors to the maintainer of a + mailing list, who is in a better position to deal with mailing list + delivery problems than the originator of the undelivered mail. The value contains one or more of the following: address - Mail is forwarded to address, which is compatible with the RFC + Mail is forwarded to address, which is compatible with the RFC 822 standard. /file/name - Mail is appended to /file/name. See local(8) for details of - delivery to file. Delivery is not limited to regular files. + Mail is appended to /file/name. See local(8) for details of + delivery to file. Delivery is not limited to regular files. For example, to dispose of unwanted mail, deflect it to /dev/null. |command - Mail is piped into command. Commands that contain special char- - acters, such as whitespace, should be enclosed between double + Mail is piped into command. Commands that contain special char- + acters, such as whitespace, should be enclosed between double quotes. See local(8) for details of delivery to command. - When the command fails, a limited amount of command output is - mailed back to the sender. The file /usr/include/sysexits.h - defines the expected exit status codes. For example, use "|exit - 67" to simulate a "user unknown" error, and "|exit 0" to imple- + When the command fails, a limited amount of command output is + mailed back to the sender. The file /usr/include/sysexits.h + defines the expected exit status codes. For example, use "|exit + 67" to simulate a "user unknown" error, and "|exit 0" to imple- ment an expensive black hole. :include:/file/name - Mail is sent to the destinations listed in the named file. - Lines in :include: files have the same syntax as the right-hand + Mail is sent to the destinations listed in the named file. + Lines in :include: files have the same syntax as the right-hand side of alias entries. - A destination can be any destination that is described in this - manual page. However, delivery to "|command" and /file/name is - disallowed by default. To enable, edit the allow_mail_to_com- + A destination can be any destination that is described in this + manual page. However, delivery to "|command" and /file/name is + disallowed by default. To enable, edit the allow_mail_to_com- mands and allow_mail_to_files configuration parameters. ADDRESS EXTENSION - When alias database search fails, and the recipient localpart contains - the optional recipient delimiter (e.g., user+foo), the search is + When alias database search fails, and the recipient localpart contains + the optional recipient delimiter (e.g., user+foo), the search is repeated for the unextended address (e.g., user). - The propagate_unmatched_extensions parameter controls whether an + The propagate_unmatched_extensions parameter controls whether an unmatched address extension (+foo) is propagated to the result of table lookup. @@ -106,9 +107,9 @@ ALIASES(5) ALIASES(5) before database lookup. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when the table is - given in the form of regular expressions. For a description of regular - expression lookup table syntax, see regexp_table(5) or pcre_table(5). + This section describes how the table lookups change when the table is + given in the form of regular expressions. For a description of regular + expression lookup table syntax, see regexp_table(5) or pcre_table(5). NOTE: these formats do not use ":" at the end of a pattern. Each regular expression is applied to the entire search string. Thus, a @@ -121,57 +122,59 @@ ALIASES(5) ALIASES(5) reasons there is no support for $1, $2 etc. substring interpolation. SECURITY - The local(8) delivery agent disallows regular expression substitution + The local(8) delivery agent disallows regular expression substitution of $1 etc. in alias_maps, because that would open a security hole. - The local(8) delivery agent will silently ignore requests to use the - proxymap(8) server within alias_maps. Instead it will open the table + The local(8) delivery agent will silently ignore requests to use the + proxymap(8) server within alias_maps. Instead it will open the table directly. Before Postfix version 2.2, the local(8) delivery agent will terminate with a fatal error. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. The text - below provides only a parameter summary. See postconf(5) for more + The following main.cf parameters are especially relevant. The text + below provides only a parameter summary. See postconf(5) for more details including examples. - alias_database - List of alias databases that are updated by the newaliases(1) - command. + alias_database (see 'postconf -d' output) + The alias databases for local(8) delivery that are updated with + "newaliases" or with "sendmail -bi". - alias_maps - List of alias databases queried by the local(8) delivery agent. + alias_maps (see 'postconf -d' output) + The alias databases that are used for local(8) delivery. - allow_mail_to_commands - Restrict the usage of mail delivery to external command. + allow_mail_to_commands (alias, forward) + Restrict local(8) mail delivery to external commands. - allow_mail_to_files - Restrict the usage of mail delivery to external file. + allow_mail_to_files (alias, forward) + Restrict local(8) mail delivery to external files. - expand_owner_alias - When delivering to an alias that has an owner- companion alias, - set the envelope sender address to the right-hand side of the - owner alias, instead using of the left-hand side address. + expand_owner_alias (no) + When delivering to an alias "aliasname" that has an + "owner-aliasname" companion alias, set the envelope sender + address to the expansion of the "owner-aliasname" alias. - propagate_unmatched_extensions - A list of address rewriting or forwarding mechanisms that propa- - gate an address extension from the original address to the - result. Specify zero or more of canonical, virtual, alias, for- - ward, include, or generic. + propagate_unmatched_extensions (canonical, virtual) + What address lookup tables copy an address extension from the + lookup key to the lookup result. - owner_request_special - Give special treatment to owner-listname and listname-request - addresses. + owner_request_special (yes) + Enable special treatment for owner-listname entries in the + aliases(5) file, and don't split owner-listname and list- + name-request address localparts when the recipient_delimiter is + set to "-". - recipient_delimiter - Delimiter that separates recipients from address extensions. + recipient_delimiter (empty) + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its + extension (example: .forward+foo). Available in Postfix version 2.3 and later: - frozen_delivered_to - Update the local(8) delivery agent's Delivered-To: address (see - prepend_delivered_header) only once, at the start of a delivery; - do not update the Delivered-To: address while expanding aliases - or .forward files. + frozen_delivered_to (yes) + Update the local(8) delivery agent's idea of the Delivered-To: + address (see prepend_delivered_header) only once, at the start + of a delivery attempt; do not update the Delivered-To: address + while expanding aliases or .forward files. STANDARDS RFC 822 (ARPA Internet Text Messages) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 5e38bd06c..0435172c9 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -3284,10 +3284,11 @@ outside the allowed set are replaced by underscores.

(default: no)

-When delivering to an alias "aliasname" that has an "owner-aliasname" -companion alias, set the envelope sender address to the expansion -of the "owner-aliasname" alias. Normally, Postfix sets the envelope -sender address to the name of the "owner-aliasname" alias. +When delivering to an alias "aliasname" that has an +"owner-aliasname" companion alias, set the envelope sender +address to the expansion of the "owner-aliasname" alias. +Normally, Postfix sets the envelope sender address to the name of +the "owner-aliasname" alias.

@@ -7410,10 +7411,10 @@ This feature is available in Postfix 3.1 and later. (default: yes)

-Give special treatment to owner-listname and listname-request -address localparts: don't split such addresses when the -recipient_delimiter is set to "-". This feature is useful for -mailing lists. +Enable special treatment for owner-listname entries in the +aliases(5) file, and don't split owner-listname and +listname-request address localparts when the recipient_delimiter +is set to "-". This feature is useful for mailing lists.

@@ -9625,7 +9626,8 @@ Postfix releases, the behavior is as if this parameter is set to "yes".

As documented in aliases(5), when an alias name has a -companion alias named owner-name, delivery errors will be +companion alias named owner-name, this will replace the +envelope sender address, so that delivery errors will be reported to the owner alias instead of the sender. This configuration is recommended for mailing lists.

@@ -9655,7 +9657,9 @@ to other mailing list members.

Unfortunately, older Postfix releases reset the owner-alias attribute when delivering mail to a child alias that does not have -its own owner alias. The local(8) delivery agent then attempts to +its own owner alias. To be precise, this resets only the decision +to create a new queue file, not the decision to override the envelope +sender address. The local(8) delivery agent then attempts to deliver local addresses as soon as they come out of child alias expansion. If delivery to any address from child alias expansion fails with a temporary error condition, the entire mailing list may diff --git a/postfix/man/Makefile.in b/postfix/man/Makefile.in index e01ce2824..cd70044e7 100644 --- a/postfix/man/Makefile.in +++ b/postfix/man/Makefile.in @@ -253,69 +253,111 @@ man1/newaliases.1: echo .so man1/sendmail.1 >$@ man5/access.5: ../proto/access + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/aliases.5: ../proto/aliases + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/bounce.5: ../proto/bounce + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/canonical.5: ../proto/canonical + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/cidr_table.5: ../proto/cidr_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/generic.5: ../proto/generic + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/header_checks.5: ../proto/header_checks + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/body_checks.5: ../proto/header_checks echo .so man5/header_checks.5 >$@ man5/ldap_table.5: ../proto/ldap_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/lmdb_table.5: ../proto/lmdb_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/master.5: ../proto/master + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/memcache_table.5: ../proto/memcache_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/mysql_table.5: ../proto/mysql_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/socketmap_table.5: ../proto/socketmap_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/sqlite_table.5: ../proto/sqlite_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/nisplus_table.5: ../proto/nisplus_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/pcre_table.5: ../proto/pcre_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/pgsql_table.5: ../proto/pgsql_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/regexp_table.5: ../proto/regexp_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/relocated.5: ../proto/relocated + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/transport.5: ../proto/transport + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/virtual.5: ../proto/virtual + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk ../mantools/srctoman - $? >$@ man5/postfix-wrapper.5: ../proto/postfix-wrapper diff --git a/postfix/man/man5/aliases.5 b/postfix/man/man5/aliases.5 index 0016218e1..1140d4937 100644 --- a/postfix/man/man5/aliases.5 +++ b/postfix/man/man5/aliases.5 @@ -56,9 +56,12 @@ Use double quotes when the name contains any special characters such as whitespace, `#', `:', or `@'. The \fIname\fR is folded to lowercase, in order to make database lookups case insensitive. .PP -In addition, when an alias exists for \fBowner\-\fIname\fR, delivery -diagnostics are directed to that address, instead of to the originator -of the message. +In addition, when an alias exists for \fBowner\-\fIname\fR, +this will override the envelope sender address, so that +delivery diagnostics are directed to \fBowner\-\fIname\fR, +instead of the originator of the message (for details, see +\fBowner_request_special\fR, \fBexpand_owner_alias\fR and +\fBreset_owner_alias\fR). This is typically used to direct delivery errors to the maintainer of a mailing list, who is in a better position to deal with mailing list delivery problems than the originator of the undelivered mail. @@ -155,37 +158,37 @@ agent will terminate with a fatal error. The following \fBmain.cf\fR parameters are especially relevant. The text below provides only a parameter summary. See \fBpostconf\fR(5) for more details including examples. -.IP \fBalias_database\fR -List of alias databases that are updated by the -\fBnewaliases\fR(1) command. -.IP \fBalias_maps\fR -List of alias databases queried by the \fBlocal\fR(8) delivery agent. -.IP \fBallow_mail_to_commands\fR -Restrict the usage of mail delivery to external command. -.IP \fBallow_mail_to_files\fR -Restrict the usage of mail delivery to external file. -.IP \fBexpand_owner_alias\fR -When delivering to an alias that has an \fBowner\-\fR companion alias, -set the envelope sender address to the right\-hand side of the -owner alias, instead using of the left\-hand side address. -.IP \fBpropagate_unmatched_extensions\fR -A list of address rewriting or forwarding mechanisms that -propagate an address extension from the original address -to the result. Specify zero or more of \fBcanonical\fR, -\fBvirtual\fR, \fBalias\fR, \fBforward\fR, \fBinclude\fR, -or \fBgeneric\fR. -.IP \fBowner_request_special\fR -Give special treatment to \fBowner\-\fIlistname\fR and -\fIlistname\fB\-request\fR -addresses. -.IP \fBrecipient_delimiter\fR -Delimiter that separates recipients from address extensions. +.IP "\fBalias_database (see 'postconf -d' output)\fR" +The alias databases for \fBlocal\fR(8) delivery that are updated with +"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR". +.IP "\fBalias_maps (see 'postconf -d' output)\fR" +The alias databases that are used for \fBlocal\fR(8) delivery. +.IP "\fBallow_mail_to_commands (alias, forward)\fR" +Restrict \fBlocal\fR(8) mail delivery to external commands. +.IP "\fBallow_mail_to_files (alias, forward)\fR" +Restrict \fBlocal\fR(8) mail delivery to external files. +.IP "\fBexpand_owner_alias (no)\fR" +When delivering to an alias "\fIaliasname\fR" that has an +"owner\-\fIaliasname\fR" companion alias, set the envelope sender +address to the expansion of the "owner\-\fIaliasname\fR" alias. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate a user name from its +extension (example: user+foo), or a .forward file name from its +extension (example: .forward+foo). .PP Available in Postfix version 2.3 and later: -.IP \fBfrozen_delivered_to\fR -Update the local(8) delivery agent's Delivered\-To: address -(see prepend_delivered_header) only once, at the start of -a delivery; do not update the Delivered\-To: address while +.IP "\fBfrozen_delivered_to (yes)\fR" +Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To: +address (see prepend_delivered_header) only once, at the start of +a delivery attempt; do not update the Delivered\-To: address while expanding aliases or .forward files. .SH "STANDARDS" .na diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 7f1d5d501..cbdd24191 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2057,10 +2057,11 @@ outside the allowed set are replaced by underscores. .PP This feature is available in Postfix 2.2 and later. .SH expand_owner_alias (default: no) -When delivering to an alias "aliasname" that has an "owner\-aliasname" -companion alias, set the envelope sender address to the expansion -of the "owner\-aliasname" alias. Normally, Postfix sets the envelope -sender address to the name of the "owner\-aliasname" alias. +When delivering to an alias "\fIaliasname\fR" that has an +"owner\-\fIaliasname\fR" companion alias, set the envelope sender +address to the expansion of the "owner\-\fIaliasname\fR" alias. +Normally, Postfix sets the envelope sender address to the name of +the "owner\-\fIaliasname\fR" alias. .SH export_environment (default: see "postconf \-d" output) The list of environment variables that a Postfix process will export to non\-Postfix processes. The TZ variable is needed for sane @@ -4518,10 +4519,10 @@ Example: .PP This feature is available in Postfix 3.1 and later. .SH owner_request_special (default: yes) -Give special treatment to owner\-listname and listname\-request -address localparts: don't split such addresses when the -recipient_delimiter is set to "\-". This feature is useful for -mailing lists. +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". This feature is useful for mailing lists. .SH parent_domain_matches_subdomains (default: see "postconf \-d" output) A list of Postfix features where the pattern "example.com" also matches subdomains of example.com, @@ -5963,7 +5964,8 @@ Postfix releases, the behavior is as if this parameter is set to "yes". .PP As documented in \fBaliases\fR(5), when an alias \fIname\fR has a -companion alias named owner\-\fIname\fR, delivery errors will be +companion alias named owner\-\fIname\fR, this will replace the +envelope sender address, so that delivery errors will be reported to the owner alias instead of the sender. This configuration is recommended for mailing lists. .PP @@ -5993,7 +5995,9 @@ to other mailing list members. .PP Unfortunately, older Postfix releases reset the owner\-alias attribute when delivering mail to a child alias that does not have -its own owner alias. The \fBlocal\fR(8) delivery agent then attempts to +its own owner alias. To be precise, this resets only the decision +to create a new queue file, not the decision to override the envelope +sender address. The \fBlocal\fR(8) delivery agent then attempts to deliver local addresses as soon as they come out of child alias expansion. If delivery to any address from child alias expansion fails with a temporary error condition, the entire mailing list may diff --git a/postfix/proto/aliases b/postfix/proto/aliases index 1c33bed0b..6442ac1d5 100644 --- a/postfix/proto/aliases +++ b/postfix/proto/aliases @@ -50,9 +50,12 @@ # such as whitespace, `#', `:', or `@'. The \fIname\fR is folded to # lowercase, in order to make database lookups case insensitive. # .PP -# In addition, when an alias exists for \fBowner-\fIname\fR, delivery -# diagnostics are directed to that address, instead of to the originator -# of the message. +# In addition, when an alias exists for \fBowner-\fIname\fR, +# this will override the envelope sender address, so that +# delivery diagnostics are directed to \fBowner-\fIname\fR, +# instead of the originator of the message (for details, see +# \fBowner_request_special\fR, \fBexpand_owner_alias\fR and +# \fBreset_owner_alias\fR). # This is typically used to direct delivery errors to the maintainer of # a mailing list, who is in a better position to deal with mailing # list delivery problems than the originator of the undelivered mail. @@ -139,37 +142,37 @@ # The following \fBmain.cf\fR parameters are especially relevant. # The text below provides only a parameter summary. See # \fBpostconf\fR(5) for more details including examples. -# .IP \fBalias_database\fR -# List of alias databases that are updated by the -# \fBnewaliases\fR(1) command. -# .IP \fBalias_maps\fR -# List of alias databases queried by the \fBlocal\fR(8) delivery agent. -# .IP \fBallow_mail_to_commands\fR -# Restrict the usage of mail delivery to external command. -# .IP \fBallow_mail_to_files\fR -# Restrict the usage of mail delivery to external file. -# .IP \fBexpand_owner_alias\fR -# When delivering to an alias that has an \fBowner-\fR companion alias, -# set the envelope sender address to the right-hand side of the -# owner alias, instead using of the left-hand side address. -# .IP \fBpropagate_unmatched_extensions\fR -# A list of address rewriting or forwarding mechanisms that -# propagate an address extension from the original address -# to the result. Specify zero or more of \fBcanonical\fR, -# \fBvirtual\fR, \fBalias\fR, \fBforward\fR, \fBinclude\fR, -# or \fBgeneric\fR. -# .IP \fBowner_request_special\fR -# Give special treatment to \fBowner-\fIlistname\fR and -# \fIlistname\fB-request\fR -# addresses. -# .IP \fBrecipient_delimiter\fR -# Delimiter that separates recipients from address extensions. +# .IP "\fBalias_database (see 'postconf -d' output)\fR" +# The alias databases for \fBlocal\fR(8) delivery that are updated with +# "\fBnewaliases\fR" or with "\fBsendmail -bi\fR". +# .IP "\fBalias_maps (see 'postconf -d' output)\fR" +# The alias databases that are used for \fBlocal\fR(8) delivery. +# .IP "\fBallow_mail_to_commands (alias, forward)\fR" +# Restrict \fBlocal\fR(8) mail delivery to external commands. +# .IP "\fBallow_mail_to_files (alias, forward)\fR" +# Restrict \fBlocal\fR(8) mail delivery to external files. +# .IP "\fBexpand_owner_alias (no)\fR" +# When delivering to an alias "\fIaliasname\fR" that has an +# "owner-\fIaliasname\fR" companion alias, set the envelope sender +# address to the expansion of the "owner-\fIaliasname\fR" alias. +# .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +# What address lookup tables copy an address extension from the lookup +# key to the lookup result. +# .IP "\fBowner_request_special (yes)\fR" +# Enable special treatment for owner-\fIlistname\fR entries in the +# \fBaliases\fR(5) file, and don't split owner-\fIlistname\fR and +# \fIlistname\fR-request address localparts when the recipient_delimiter +# is set to "-". +# .IP "\fBrecipient_delimiter (empty)\fR" +# The set of characters that can separate a user name from its +# extension (example: user+foo), or a .forward file name from its +# extension (example: .forward+foo). # .PP # Available in Postfix version 2.3 and later: -# .IP \fBfrozen_delivered_to\fR -# Update the local(8) delivery agent's Delivered-To: address -# (see prepend_delivered_header) only once, at the start of -# a delivery; do not update the Delivered-To: address while +# .IP "\fBfrozen_delivered_to (yes)\fR" +# Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To: +# address (see prepend_delivered_header) only once, at the start of +# a delivery attempt; do not update the Delivered-To: address while # expanding aliases or .forward files. # STANDARDS # RFC 822 (ARPA Internet Text Messages) diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 3a73e6205..162b724fe 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -7722,10 +7722,11 @@ This feature is available in Postfix 2.0 and later. %PARAM expand_owner_alias no

-When delivering to an alias "aliasname" that has an "owner-aliasname" -companion alias, set the envelope sender address to the expansion -of the "owner-aliasname" alias. Normally, Postfix sets the envelope -sender address to the name of the "owner-aliasname" alias. +When delivering to an alias "aliasname" that has an +"owner-aliasname" companion alias, set the envelope sender +address to the expansion of the "owner-aliasname" alias. +Normally, Postfix sets the envelope sender address to the name of +the "owner-aliasname" alias.

%PARAM fallback_transport @@ -8069,10 +8070,10 @@ or reject_non_fqdn_recipient restriction. %PARAM owner_request_special yes

-Give special treatment to owner-listname and listname-request -address localparts: don't split such addresses when the -recipient_delimiter is set to "-". This feature is useful for -mailing lists. +Enable special treatment for owner-listname entries in the +aliases(5) file, and don't split owner-listname and +listname-request address localparts when the recipient_delimiter +is set to "-". This feature is useful for mailing lists.

%PARAM permit_mx_backup_networks @@ -14725,7 +14726,8 @@ Postfix releases, the behavior is as if this parameter is set to "yes".

As documented in aliases(5), when an alias name has a -companion alias named owner-name, delivery errors will be +companion alias named owner-name, this will replace the +envelope sender address, so that delivery errors will be reported to the owner alias instead of the sender. This configuration is recommended for mailing lists.

@@ -14755,7 +14757,9 @@ to other mailing list members.

Unfortunately, older Postfix releases reset the owner-alias attribute when delivering mail to a child alias that does not have -its own owner alias. The local(8) delivery agent then attempts to +its own owner alias. To be precise, this resets only the decision +to create a new queue file, not the decision to override the envelope +sender address. The local(8) delivery agent then attempts to deliver local addresses as soon as they come out of child alias expansion. If delivery to any address from child alias expansion fails with a temporary error condition, the entire mailing list may diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c index 4c7a9ede5..0d4041683 100644 --- a/postfix/src/cleanup/cleanup_envelope.c +++ b/postfix/src/cleanup/cleanup_envelope.c @@ -314,7 +314,7 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, state->queue_id, buf); else state->qmgr_opts |= - QMGR_READ_FLAG_FROM_DSN(state->dsn_notify = junk); + QMGR_READ_FLAG_FROM_DSN(state->dsn_notify = junk); return; } if (type == REC_TYPE_ORCP) { diff --git a/postfix/src/dns/dns_lookup.c b/postfix/src/dns/dns_lookup.c index f41a2a6c2..8617eaa77 100644 --- a/postfix/src/dns/dns_lookup.c +++ b/postfix/src/dns/dns_lookup.c @@ -397,6 +397,14 @@ static int dns_res_search(const char *name, int class, int type, /* Prepare for returning a null-padded server reply. */ memset(answer, 0, anslen); len = res_query(name, class, type, answer, anslen); + /* Begin FreeBSD 11.1 workaround. */ + if (len < 0 && h_errno == 0) { + SET_H_ERRNO(TRY_AGAIN); + msg_warn("res_query(\"%s\", %d, %d, %p, %d) returns %d with h_errno==0" + " -- setting h_errno=TRY_AGAIN", + name, class, type, answer, anslen, len); + } + /* End FreeBSD 11.1 workaround. */ if (len > 0) { SET_H_ERRNO(0); } else if (keep_notfound && NOT_FOUND_H_ERRNO(h_errno)) { diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 3844757a1..a30b51f7c 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20171028" +#define MAIL_RELEASE_DATE "20171218" #define MAIL_VERSION_NUMBER "3.3" #ifdef SNAPSHOT diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 40d49f623..3deb6fc8e 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -4835,7 +4835,7 @@ typedef struct SMTPD_CMD { static SMTPD_CMD smtpd_cmd_table[] = { {SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,}, {SMTPD_CMD_EHLO, ehlo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,}, - {SMTPD_CMD_XCLIENT, xclient_cmd,}, + {SMTPD_CMD_XCLIENT, xclient_cmd, SMTPD_CMD_FLAG_PRE_TLS}, {SMTPD_CMD_XFORWARD, xforward_cmd,}, #ifdef USE_TLS {SMTPD_CMD_STARTTLS, starttls_cmd, SMTPD_CMD_FLAG_PRE_TLS,}, diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index ea7d3870e..e16152238 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -4044,7 +4044,7 @@ static int is_map_command(SMTPD_STATE *state, const char *name, static void forbid_whitelist(SMTPD_STATE *state, const char *name, int status, const char *target) { - if (status == SMTPD_CHECK_OK) { + if (state->discard == 0 && status == SMTPD_CHECK_OK) { msg_warn("restriction %s returns OK for %s", name, target); msg_warn("this is not allowed for security reasons"); msg_warn("use DUNNO instead of OK if you want to make an exception"); diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c index e3d341060..956d2c3f5 100644 --- a/postfix/src/util/dict_db.c +++ b/postfix/src/util/dict_db.c @@ -615,6 +615,7 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, struct stat st; DB *db = 0; char *db_path = 0; + VSTRING *db_base_buf = 0; int lock_fd = -1; int dbfd; @@ -671,6 +672,7 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, #define FREE_RETURN(e) do { \ DICT *_dict = (e); if (db) DICT_DB_CLOSE(db); \ if (lock_fd >= 0) (void) close(lock_fd); \ + if (db_base_buf) vstring_free(db_base_buf); \ if (db_path) myfree(db_path); return (_dict); \ } while (0) @@ -735,18 +737,22 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, msg_panic("db_create null result"); if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0) msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM); + db_base_buf = vstring_alloc(100); #if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \ (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0) - if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0) + if ((errno = db->open(db, 0, sane_basename(db_base_buf, db_path), + 0, type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4) - if ((errno = db->open(db, db_path, 0, type, db_flags, 0644)) != 0) + if ((errno = db->open(db, sane_basename(db_base_buf, db_path), 0, + type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #else #error "Unsupported Berkeley DB version" #endif + vstring_free(db_base_buf); if ((errno = db->fd(db, &dbfd)) != 0) msg_fatal("get database file descriptor: %m"); #endif