From: Wietse Venema Date: Mon, 13 May 2013 05:00:00 +0000 (-0500) Subject: postfix-2.11-20130513 X-Git-Tag: v2.11.0-RC1~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f9b7ef3f0b55b1edf3d4305593803e39bfc43a3;p=thirdparty%2Fpostfix.git postfix-2.11-20130513 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index bc63c9114..c09ee5017 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -18432,6 +18432,32 @@ Apologies for any names omitted. src/smtpd/smtpd_check.c, src/trivial-rewrite/transport.c, src/trivial-rewrite/trivial-rewrite.c. +20130409 + + Documentation: pointers to other actions under "ACCEPT + ACTIONS" and "REJECT ACTIONS". File: proto/access. + +20130410 + + Cleanup: more uniform permutation in dns_rr() by Victor + Duchovni & Son. File: dns/dns_rr.c. + +20130411 + + Documentation: clarified text about result formats. Files: + proto/canonical, proto/virtual. + +20130423 + + Bugfix (introduced: Postfix 2.0): when myhostname is not + listed in mydestination, the trivial-rewrite resolver may + log "do not list in both mydestination + and ". The fix is + to re-resolve a domain-less address after adding $myhostname + as the surrogate domain, so that it pops out with the right + address-class label. Problem reported by Quanah Gibson-Mount. + File: trivial-rewrite/resolve.c. + 20130512 Feature: allow an SMTP client to skip postscreen(8) tests @@ -18441,3 +18467,15 @@ Apologies for any names omitted. postscreen/postscreen.c, postscreen/postscreen.h, postscreen/postscreen_early.c, postscreen/postscreen_state.c, postscreen/postscreen_tests.c. + +20130513 + + Bugfix (introduced: 20130512): postscreen logged no "PASS + NEW" event when the pregreet tests were turned off and the + postscreen_dnsbl_whitelist_treshold feature was turned on. + Reported by Rob McGee (/dev/rob0). Files: postscreen/postscreen.h, + postscreen/postscreen_early.c. + + Bugfix (introduced: 20130512): postscreen panic because the + logic for dnsbl result retrieval was changed. Reported by + Noel Jones. File: postscreen/postscreen_early.c. diff --git a/postfix/conf/access b/postfix/conf/access index 9df9991a4..cadc57d65 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -178,6 +178,8 @@ # mat is generated by address-based relay authoriza- # tion schemes such as pop-before-smtp. # +# For other accept actions, see "OTHER ACTIONS" below. +# # REJECT ACTIONS # Postfix version 2.3 and later support enhanced status # codes as defined in RFC 3463. When no code is specified @@ -248,6 +250,8 @@ # # This feature is available in Postfix 2.1 and later. # +# For other reject actions, see "OTHER ACTIONS" below. +# # OTHER ACTIONS # restriction... # Apply the named UCE restriction(s) (permit, reject, diff --git a/postfix/conf/canonical b/postfix/conf/canonical index 720db18cc..fc0c821ad 100644 --- a/postfix/conf/canonical +++ b/postfix/conf/canonical @@ -66,9 +66,9 @@ # TABLE FORMAT # The input format for the postmap(1) command is as follows: # -# pattern result +# pattern address # When pattern matches a mail address, replace it by -# the corresponding result. +# the corresponding address. # # blank lines and comments # Empty lines and whitespace-only lines are ignored, diff --git a/postfix/conf/virtual b/postfix/conf/virtual index 3be6ab985..9f4b3d770 100644 --- a/postfix/conf/virtual +++ b/postfix/conf/virtual @@ -65,9 +65,9 @@ # TABLE FORMAT # The input format for the postmap(1) command is as follows: # -# pattern result +# pattern address, address, ... # When pattern matches a mail address, replace it by -# the corresponding result. +# the corresponding address. # # blank lines and comments # Empty lines and whitespace-only lines are ignored, diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html index 0696fcdbf..d191bd561 100644 --- a/postfix/html/access.5.html +++ b/postfix/html/access.5.html @@ -184,6 +184,8 @@ ACCESS(5) ACCESS(5) mat is generated by address-based relay authoriza- tion schemes such as pop-before-smtp. + For other accept actions, see "OTHER ACTIONS" below. + REJECT ACTIONS Postfix version 2.3 and later support enhanced status codes as defined in RFC 3463. When no code is specified @@ -254,6 +256,8 @@ ACCESS(5) ACCESS(5) This feature is available in Postfix 2.1 and later. + For other reject actions, see "OTHER ACTIONS" below. + OTHER ACTIONS restriction... Apply the named UCE restriction(s) (permit, reject, diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html index c97f910ac..58c522cef 100644 --- a/postfix/html/canonical.5.html +++ b/postfix/html/canonical.5.html @@ -52,7 +52,7 @@ CANONICAL(5) CANONICAL(5) remote_header_rewrite_domain configuration parameter spec- ifies a non-empty value. To get the behavior before Post- fix 2.2, specify "local_header_rewrite_clients = - static:all". + static:all". Typically, one would use the canonical(5) table to replace login names by Firstname.Lastname, or to clean up @@ -72,9 +72,9 @@ CANONICAL(5) CANONICAL(5) TABLE FORMAT The input format for the postmap(1) command is as follows: - pattern result + pattern address When pattern matches a mail address, replace it by - the corresponding result. + the corresponding address. blank lines and comments Empty lines and whitespace-only lines are ignored, diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 426601d76..fbddb59c3 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -8567,7 +8567,7 @@ recipient_delimiters = +- # Use .forward for mail without address extension, and for mail with # an unrecognized address extension. forward_path = $home/.forward${recipient_delimiter}${extension}, - $home/.forward, + $home/.forward diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index 5306885f2..e27077d0e 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -71,9 +71,9 @@ VIRTUAL(5) VIRTUAL(5) TABLE FORMAT The input format for the postmap(1) command is as follows: - pattern result + pattern address, address, ... When pattern matches a mail address, replace it by - the corresponding result. + the corresponding address. blank lines and comments Empty lines and whitespace-only lines are ignored, diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5 index 64d678ad5..c1f45ae58 100644 --- a/postfix/man/man5/access.5 +++ b/postfix/man/man5/access.5 @@ -172,6 +172,8 @@ Accept the address etc. that matches the pattern. An all-numerical result is treated as OK. This format is generated by address-based relay authorization schemes such as pop-before-smtp. +.PP +For other accept actions, see "OTHER ACTIONS" below. .SH "REJECT ACTIONS" .na .nf @@ -237,6 +239,8 @@ response message. Prior to Postfix 2.6, the SMTP reply code is 450. .sp This feature is available in Postfix 2.1 and later. +.PP +For other reject actions, see "OTHER ACTIONS" below. .SH "OTHER ACTIONS" .na .nf diff --git a/postfix/man/man5/canonical.5 b/postfix/man/man5/canonical.5 index 1bf8d53eb..edf2a306f 100644 --- a/postfix/man/man5/canonical.5 +++ b/postfix/man/man5/canonical.5 @@ -73,9 +73,9 @@ lookup fields can match both upper and lower case. .ad .fi The input format for the \fBpostmap\fR(1) command is as follows: -.IP "\fIpattern result\fR" +.IP "\fIpattern address\fR" When \fIpattern\fR matches a mail address, replace it by the -corresponding \fIresult\fR. +corresponding \fIaddress\fR. .IP "blank lines and comments" Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 54d126311..24013f4a6 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -5165,7 +5165,7 @@ recipient_delimiters = +- # Use .forward for mail without address extension, and for mail with # an unrecognized address extension. forward_path = $home/.forward${recipient_delimiter}${extension}, - $home/.forward, + $home/.forward .fi .ad .ft R diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5 index da139f8a1..a8c80ecd4 100644 --- a/postfix/man/man5/virtual.5 +++ b/postfix/man/man5/virtual.5 @@ -71,9 +71,9 @@ lookup fields can match both upper and lower case. .ad .fi The input format for the \fBpostmap\fR(1) command is as follows: -.IP "\fIpattern result\fR" +.IP "\fIpattern address, address, ...\fR" When \fIpattern\fR matches a mail address, replace it by the -corresponding \fIresult\fR. +corresponding \fIaddress\fR. .IP "blank lines and comments" Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'. diff --git a/postfix/proto/access b/postfix/proto/access index 403e080d1..12b56a378 100644 --- a/postfix/proto/access +++ b/postfix/proto/access @@ -154,6 +154,8 @@ # An all-numerical result is treated as OK. This format is # generated by address-based relay authorization schemes # such as pop-before-smtp. +# .PP +# For other accept actions, see "OTHER ACTIONS" below. # REJECT ACTIONS # .ad # .fi @@ -217,6 +219,8 @@ # Prior to Postfix 2.6, the SMTP reply code is 450. # .sp # This feature is available in Postfix 2.1 and later. +# .PP +# For other reject actions, see "OTHER ACTIONS" below. # OTHER ACTIONS # .ad # .fi diff --git a/postfix/proto/canonical b/postfix/proto/canonical index cdda91818..6fb534816 100644 --- a/postfix/proto/canonical +++ b/postfix/proto/canonical @@ -63,9 +63,9 @@ # .ad # .fi # The input format for the \fBpostmap\fR(1) command is as follows: -# .IP "\fIpattern result\fR" +# .IP "\fIpattern address\fR" # When \fIpattern\fR matches a mail address, replace it by the -# corresponding \fIresult\fR. +# corresponding \fIaddress\fR. # .IP "blank lines and comments" # Empty lines and whitespace-only lines are ignored, as # are lines whose first non-whitespace character is a `#'. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 35ca41555..4cbe12e58 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -3547,7 +3547,7 @@ recipient_delimiters = +- # Use .forward for mail without address extension, and for mail with # an unrecognized address extension. forward_path = $home/.forward${recipient_delimiter}${extension}, - $home/.forward, + $home/.forward %PARAM reject_code 554 diff --git a/postfix/proto/virtual b/postfix/proto/virtual index 8a2d28f60..fd98e2d48 100644 --- a/postfix/proto/virtual +++ b/postfix/proto/virtual @@ -61,9 +61,9 @@ # .ad # .fi # The input format for the \fBpostmap\fR(1) command is as follows: -# .IP "\fIpattern result\fR" +# .IP "\fIpattern address, address, ...\fR" # When \fIpattern\fR matches a mail address, replace it by the -# corresponding \fIresult\fR. +# corresponding \fIaddress\fR. # .IP "blank lines and comments" # Empty lines and whitespace-only lines are ignored, as # are lines whose first non-whitespace character is a `#'. diff --git a/postfix/src/dns/dns_rr.c b/postfix/src/dns/dns_rr.c index 1e566949d..8804cfd97 100644 --- a/postfix/src/dns/dns_rr.c +++ b/postfix/src/dns/dns_rr.c @@ -303,10 +303,12 @@ DNS_RR *dns_rr_shuffle(DNS_RR *list) rr_array[len] = rr; /* - * Shuffle resource records. + * Shuffle resource records. Every element has an equal chance of landing + * in slot 0. After that every remaining element has an equal chance of + * landing in slot 1, ... This is exactly n! states for n! permutations. */ - for (i = 0; i < len; i++) { - r = myrand() % len; + for (i = 0; i < len - 1; i++) { + r = i + (myrand() % (len - i)); /* Victor&Son */ rr = rr_array[i]; rr_array[i] = rr_array[r]; rr_array[r] = rr; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 5245a0958..89fb80222 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20130512" +#define MAIL_RELEASE_DATE "20130513" #define MAIL_VERSION_NUMBER "2.11" #ifdef SNAPSHOT diff --git a/postfix/src/global/resolve_clnt.c b/postfix/src/global/resolve_clnt.c index bbd1b9b3a..5b28772c1 100644 --- a/postfix/src/global/resolve_clnt.c +++ b/postfix/src/global/resolve_clnt.c @@ -386,8 +386,11 @@ int main(int argc, char **argv) VSTRING *buffer = vstring_alloc(1); while (vstring_fgets_nonl(buffer, VSTREAM_IN)) { - if ((addr = split_at(STR(buffer), ' ')) == 0 || *STR(buffer) == 0) - msg_fatal("need as input: class address"); + addr = split_at(STR(buffer), ' '); + if (*STR(buffer) == 0) + msg_fatal("need as input: class [address]"); + if (addr == 0) + addr = ""; resolve(STR(buffer), addr, &reply); } vstring_free(buffer); diff --git a/postfix/src/postscreen/postscreen.h b/postfix/src/postscreen/postscreen.h index beb725fbb..ebc048a02 100644 --- a/postfix/src/postscreen/postscreen.h +++ b/postfix/src/postscreen/postscreen.h @@ -232,6 +232,9 @@ typedef struct { #define PSC_STATE_MASK_BARLF_TODO_SKIP \ (PSC_STATE_FLAG_BARLF_TODO | PSC_STATE_FLAG_BARLF_SKIP) +#define PSC_STATE_MASK_PREGR_FAIL_DONE \ + (PSC_STATE_FLAG_PREGR_FAIL | PSC_STATE_FLAG_PREGR_DONE) + #define PSC_STATE_MASK_PIPEL_TODO_PASS_FAIL \ (PSC_STATE_MASK_PIPEL_TODO_FAIL | PSC_STATE_FLAG_PIPEL_PASS) #define PSC_STATE_MASK_NSMTP_TODO_PASS_FAIL \ diff --git a/postfix/src/postscreen/postscreen_early.c b/postfix/src/postscreen/postscreen_early.c index 54f0a5789..265bc0839 100644 --- a/postfix/src/postscreen/postscreen_early.c +++ b/postfix/src/postscreen/postscreen_early.c @@ -89,8 +89,8 @@ static void psc_early_event(int event, char *context) /* * Check if the SMTP client spoke before its turn. */ - if ((state->flags & PSC_STATE_MASK_PREGR_TODO_FAIL) - == (state->flags & PSC_STATE_MASK_PREGR_TODO_DONE)) { + if ((state->flags & PSC_STATE_FLAG_PREGR_TODO) != 0 + && (state->flags & PSC_STATE_MASK_PREGR_FAIL_DONE) == 0) { state->pregr_stamp = event_time() + var_psc_pregr_ttl; PSC_PASS_SESSION_STATE(state, "pregreet test", PSC_STATE_FLAG_PREGR_PASS); @@ -171,7 +171,8 @@ static void psc_early_event(int event, char *context) if ((read_count = recv(vstream_fileno(state->smtp_client_stream), read_buf, sizeof(read_buf) - 1, MSG_PEEK)) <= 0) { /* Avoid memory leak. */ - if (state->flags & PSC_STATE_FLAG_DNSBL_TODO) + if (state->dnsbl_score == NO_DNSBL_SCORE + && (state->flags & PSC_STATE_FLAG_DNSBL_TODO)) (void) psc_dnsbl_retrieve(state->smtp_client_addr, &state->dnsbl_name, state->dnsbl_index); @@ -188,7 +189,8 @@ static void psc_early_event(int event, char *context) switch (psc_pregr_action) { case PSC_ACT_DROP: /* Avoid memory leak. */ - if (state->flags & PSC_STATE_FLAG_DNSBL_TODO) + if (state->dnsbl_score == NO_DNSBL_SCORE + && (state->flags & PSC_STATE_FLAG_DNSBL_TODO)) (void) psc_dnsbl_retrieve(state->smtp_client_addr, &state->dnsbl_name, state->dnsbl_index); diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c index f77885436..aec804974 100644 --- a/postfix/src/smtpd/smtpd_proxy.c +++ b/postfix/src/smtpd/smtpd_proxy.c @@ -30,9 +30,6 @@ /* int expect; /* const char *format; /* -/* void smtpd_proxy_disconnect(state) -/* SMTPD_STATE *state; -/* /* void smtpd_proxy_free(state) /* SMTPD_STATE *state; /* @@ -92,10 +89,6 @@ /* In case of error, proxy->cmd() updates the state->error_mask /* and state->err fields. /* -/* smtpd_proxy_disconnect() disconnects from a proxy server. -/* The last proxy server reply or error description remains -/* available via the proxy->buffer field. -/* /* smtpd_proxy_free() destroys a proxy server handle and resets /* the state->proxy field. /* diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index c0b6d9964..d9a709e30 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -324,9 +324,18 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, tok822_free(tree->head); tree->head = 0; } - /* XXX must be localpart only, not user@domain form. */ - if (tree->head == 0) + /* XXX Re-resolve the surrogate, in case already in user@domain form. */ + if (tree->head == 0) { tree->head = tok822_scan(var_empty_addr, &tree->tail); + continue; + } + + /* XXX Re-resolve with @$myhostname for backwards compatibility. */ + if (domain == 0 && saved_domain == 0) { + tok822_sub_append(tree, tok822_alloc('@', (char *) 0)); + tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0)); + continue; + } /* * We're done. There are no domains left to strip off the address, diff --git a/postfix/src/util/poll_fd.c b/postfix/src/util/poll_fd.c index e8c7ed21f..80cd0f67d 100644 --- a/postfix/src/util/poll_fd.c +++ b/postfix/src/util/poll_fd.c @@ -27,8 +27,8 @@ /* int true_res; /* int false_res; /* DESCRIPTION -/* The functions in this module are macros that provide a -/* convenient interface to poll_fd(). +/* The read*() and write*() functions in this module are macros +/* that provide a convenient interface to poll_fd(). /* /* readable() asks the kernel if the specified file descriptor /* is readable, i.e. a read operation would not block. @@ -72,8 +72,8 @@ /* it is false. They never return an error indication. /* /* read_wait() and write_wait() return zero when the requested -/* POLL_FD_READ or POLL_FD_WRITE condition is true, -1 with -/* errno set to ETIMEDOUT when it is false. +/* POLL_FD_READ or POLL_FD_WRITE condition is true, -1 (with +/* errno set to ETIMEDOUT) when it is false. /* /* poll_fd() returns true_res when the requested POLL_FD_READ /* or POLL_FD_WRITE condition is true, false_res when it is