From: Wietse Z Venema Date: Sun, 5 Jan 2025 05:00:00 +0000 (-0500) Subject: postfix-3.10-20250105 X-Git-Tag: v3.10.0~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fc2dbae37c9e50af186eef277ca93c43653a0e0;p=thirdparty%2Fpostfix.git postfix-3.10-20250105 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index ec424051e..8a8d3cf51 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -28700,3 +28700,42 @@ Apologies for any names omitted. the lmtp_lhlo_timeout parameter, and added end-of-life info for the obsolete proxy_tls_session_cache_timeout parameter. File: proto/postconf.proto. + +20250104 + + Cleanup: the SMTP client complained about "missing + trw_set_tls_policy call" when a destination had a TLSRPT + policy, but TLS was disabled. File: smtp/smtp_connect.c. + + Logging: the Postfix SMTP server now logs the queue ID or + "NOQUEUE" when an SMTP session terminates abnormally (too + many errors, I/O timeout, lost connection). File: smtpd/smtpd.c. + + Cleanup: improved error handling when the sqlite: client + tries to open a non-existent database: do not attempt to + create a read-write database file; and do log the underlying + system error (example: No such file or directory). Michael + Tokarev.File: global/dict_sqlite.c. + + Feature: automatic RFC 2047 encoding for non-ASCII full + name information when Postfix generates a From: message + header. Encoding non-ASCII full names can avoid the need + to use SMTPUTF8, and therefore can avoid incompatibility + with sites that do not support SMTPUTF8. + + The new parameter "full_name_encoding_charset" (default: + "utf-8") specifies the character set of the full name in + the Postfix sendmail "-F" option, in the Postfix sendmail + "NAME" environment variable, or in the GECOS field of the + UNIX password database. + + The encoded result looks like "=?charset?Q?gibberish?= for + quoted-printable encoding, or "=?charset?B?gibberish?= for + base64 encoding. Postfix uses quoted-printable for a full + name that is short or mostly ASCII, and uses base64 otherwise. + + Files: mantools/postlink, proto/postconf.proto, cleanup/cleanup.c, + cleanup/cleanup_init.c, cleanup/cleanup_message.c, + global/ascii_header_text.c, global/ascii_header_text.h, + global/mail_params.h, global/rfc2047_code.c, global/rfc2047_code.h, + util/clean_ascii_cntrl_space.c, util/clean_ascii_cntrl_space.h. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index a0e19efe2..0a09f458c 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -26,6 +26,35 @@ now also distributed with the more recent Eclipse Public License license of their choice. Those who are more comfortable with the IPL can continue with that license. +[Feature 20250105] + +Support for automatic RFC 2047 encoding of non-ASCII "full name" +information in Postfix-generated From: message headers. Encoding +non-ASCII full names can avoid the need to use SMTPUTF8, and therefore +can avoid incompatibility with sites that do not support SMTPUTF8. + +Background: when a message without a From: header is submitted with the +Postfix sendmail(1) command, Postfix will add a From: header and will +try to use the sender's full name specified with the Postfix sendmail(1) +"-F" option, with the sendmail(1) "NAME" environment variable, or +with the GECOS field in the UNIX password database. + +This introduces a new configuration parameter "full_name_encoding_charset" +(default: utf8) which specifies the character set of the full name +information in the Postfix sendmail(1) "-F" option or "NAME" +environment variable, or in the GECOS field in the UNIX password +database. + +[Incompat 20250105] + +The SMTP server now logs the queue ID (or "NOQUEUE") when a connection +ends abnormally (timeout, lost connection, or too many errors). + +[Feature 20250105] + +The SMTP server now logs the queue ID (or "NOQUEUE") when a connection +ends abnormally (timeout, lost connection, or too many errors). + [Feature 20241104] The cleanup server now logs "queueid: canceled" when a message diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index fa0f1eac2..ab9990bc4 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -111,6 +111,7 @@ CLEANUP(8) CLEANUP(8) enable_long_queue_ids (no) Enable long, non-repeating, queue IDs (queue file names). +HEADER FORMATTING CONTROLS Available in Postfix version 3.0 and later: message_drop_headers (bcc, content-length, resent-bcc, return-path) @@ -118,9 +119,18 @@ CLEANUP(8) CLEANUP(8) after applying header_checks(5) and before invoking Milter applications. + Available in Postfix version 3.3 and later: + header_from_format (standard) The format of the Postfix-generated From: header. + Available in Postfix version 3.10 and later: + + full_name_encoding_charset (utf-8) + The character set name (also called "charset") that Postfix will + output when it automatically generates an RFC 2047 encoded full + name. + BUILT-IN CONTENT FILTERING CONTROLS Postfix built-in content filtering is meant to stop a flood of worms or viruses. It is not a general content filter. @@ -462,7 +472,7 @@ CLEANUP(8) CLEANUP(8) delay_logging_resolution_limit (2) The maximal number of digits after the decimal point when log- - ging sub-second delay values. + ging delay values. delay_warning_time (0h) The time after which the sender receives a copy of the message @@ -567,5 +577,8 @@ CLEANUP(8) CLEANUP(8) 111 8th Avenue New York, NY 10011, USA + Wietse Venema + porcupine.org + CLEANUP(8) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 4720204bd..679f04df1 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -3937,6 +3937,46 @@ Delivered-To: address, it ties up one queue file and one cleanup process instance while mail is being forwarded.

+ + +
full_name_encoding_charset +(default: utf-8)
+ +

The character set name (also called "charset") that Postfix +will output when it automatically generates an RFC 2047 encoded +full name. Encoding non-ASCII full names can avoid the need to use +SMTPUTF8, and therefore can avoid incompatibility with sites that +do not support SMTPUTF8.

+ +

The encoded names look like "=?charset?q?gibberish?=" with +quoted-printable encoding, or "=?charset?b?gibberish?=" with base64 +encoding. Postfix uses quoted-printable encoding for a full name +that is short or mostly printable ASCII, and uses base64 otherwise. +

+ +

Background: when a message without a From: header is submitted +with the Postfix sendmail(1) command, the Postfix cleanup(8) daemon +will add a From: header and will try to use the sender's full name +specified with the Postfix sendmail(1) "-F" option, with the Postfix +sendmail(1) "NAME" environment variable, or with the GECOS field +in the UNIX password database. In the latter case, Postfix will +replace the "&" character with the login name, with a lowercase +ASCII first character converted to uppercase.

+ +

NOTE: Postfix does not convert between character sets; it simply +encodes the raw bytes in a full name as printable ASCII gibberish. +The full_name_encoding_charset value specifies how a mail reader +program should display the decoded gibberish.

+ +

Specify a valid character set name such as "utf-8" or "iso-8859-1 +(specify the latter for full names that use the Latin1 encoding). +The character set name is case insensitive. When a character set +name violates RFC 2047 syntax, Postfix will log a warning and will +skip the full name.

+ +

This feature is available in Postfix ≥ 3.10.

+ +
hash_queue_depth diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 52ebdf599..83776ac55 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -148,7 +148,7 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.9 - 3.6: - smtpd_per_record_deadline (normal: no, overload: yes) + smtpd_per_record_deadline (normal: no, overload: yes) Change the behavior of the smtpd_timeout and smtpd_start- tls_timeout time limits, from a time limit per read or write system call, to a time limit to send or receive a complete @@ -179,7 +179,7 @@ SMTPD(8) SMTPD(8) Available in Postfix version 3.7 and later: - smtpd_per_request_deadline (normal: no, overload: yes) + smtpd_per_request_deadline (normal: no, overload: yes) Change the behavior of the smtpd_timeout and smtpd_start- tls_timeout time limits, from a time limit per plaintext or TLS read or write call, to a combined time limit for receiving a @@ -814,67 +814,66 @@ SMTPD(8) SMTPD(8) or accepting connections. local_recipient_maps (proxy:unix:passwd.byname $alias_maps) - Lookup tables with all names or addresses of local recipients: a - recipient address is local when its domain matches $mydestina- - tion, $inet_interfaces or $proxy_interfaces. + Lookup tables with all names or addresses of valid local recipi- + ents. unknown_local_recipient_reject_code (550) The numerical Postfix SMTP server response code when a recipient - address is local, and $local_recipient_maps specifies a list of + address is local, and $local_recipient_maps specifies a list of lookup tables that does not match the recipient. Parameters concerning known/unknown recipients of relay destinations: relay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination) - What destination domains (and subdomains thereof) this system + What destination domains (and subdomains thereof) this system will relay mail to. relay_recipient_maps (empty) - Optional lookup tables with all valid addresses in the domains + Optional lookup tables with all valid addresses in the domains that match $relay_domains. unknown_relay_recipient_reject_code (550) - The numerical Postfix SMTP server reply code when a recipient - address matches $relay_domains, and relay_recipient_maps speci- - fies a list of lookup tables that does not match the recipient + The numerical Postfix SMTP server reply code when a recipient + address matches $relay_domains, and relay_recipient_maps speci- + fies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual alias + Parameters concerning known/unknown recipients in virtual alias domains: virtual_alias_domains ($virtual_alias_maps) - Postfix is the final destination for the specified list of vir- + Postfix is the final destination for the specified list of vir- tual alias domains, that is, domains for which all addresses are aliased to addresses in other local or remote domains. virtual_alias_maps ($virtual_maps) Optional lookup tables that are often searched with a full email - address (including domain) and that apply to all recipients: - local(8), virtual, and remote; this is unlike alias_maps that - are only searched with an email address localpart (no domain) + address (including domain) and that apply to all recipients: + local(8), virtual, and remote; this is unlike alias_maps that + are only searched with an email address localpart (no domain) and that apply only to local(8) recipients. unknown_virtual_alias_reject_code (550) - The Postfix SMTP server reply code when a recipient address - matches $virtual_alias_domains, and $virtual_alias_maps speci- - fies a list of lookup tables that does not match the recipient + The Postfix SMTP server reply code when a recipient address + matches $virtual_alias_domains, and $virtual_alias_maps speci- + fies a list of lookup tables that does not match the recipient address. Parameters concerning known/unknown recipients in virtual mailbox domains: virtual_mailbox_domains ($virtual_mailbox_maps) - Postfix is the final destination for the specified list of - domains; mail is delivered via the $virtual_transport mail + Postfix is the final destination for the specified list of + domains; mail is delivered via the $virtual_transport mail delivery transport. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in the domains + Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains. unknown_virtual_mailbox_reject_code (550) - The Postfix SMTP server reply code when a recipient address - matches $virtual_mailbox_domains, and $virtual_mailbox_maps + The Postfix SMTP server reply code when a recipient address + matches $virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list of lookup tables that does not match the recip- ient address. @@ -883,7 +882,7 @@ SMTPD(8) SMTPD(8) control client request rates. line_length_limit (2048) - Upon input, long lines are chopped up into pieces of at most + Upon input, long lines are chopped up into pieces of at most this length; upon delivery, long lines are reconstructed. queue_minfree (0) @@ -891,92 +890,92 @@ SMTPD(8) SMTPD(8) tem that is needed to receive mail. message_size_limit (10240000) - The maximal size in bytes of a message, including envelope + The maximal size in bytes of a message, including envelope information. smtpd_recipient_limit (1000) - The maximal number of recipients that the Postfix SMTP server + The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. - smtpd_timeout (normal: 300s, overload: 10s) - When the Postfix SMTP server wants to send an SMTP server - response, how long the Postfix SMTP server will wait for an - underlying network write operation to complete; and when the - Postfix SMTP server Postfix wants to receive an SMTP client - request, how long the Postfix SMTP server will wait for an + smtpd_timeout (normal: 300s, overload: 10s) + When the Postfix SMTP server wants to send an SMTP server + response, how long the Postfix SMTP server will wait for an + underlying network write operation to complete; and when the + Postfix SMTP server Postfix wants to receive an SMTP client + request, how long the Postfix SMTP server will wait for an underlying network read operation to complete. smtpd_history_flush_threshold (100) - The maximal number of lines in the Postfix SMTP server command - history before it is flushed upon receipt of EHLO, RSET, or end + The maximal number of lines in the Postfix SMTP server command + history before it is flushed upon receipt of EHLO, RSET, or end of DATA. Available in Postfix version 2.3 and later: smtpd_peername_lookup (yes) - Attempt to look up the remote SMTP client hostname, and verify + Attempt to look up the remote SMTP client hostname, and verify that the name matches the client IP address. The per SMTP client connection count and request rate limits are imple- - mented in co-operation with the anvil(8) service, and are available in + mented in co-operation with the anvil(8) service, and are available in Postfix version 2.2 and later. smtpd_client_connection_count_limit (50) - How many simultaneous connections any client is allowed to make + How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_rate_limit (0) - The maximal number of connection attempts any client is allowed + The maximal number of connection attempts any client is allowed to make to this service per time unit. smtpd_client_message_rate_limit (0) - The maximal number of message delivery requests that any client - is allowed to make to this service per time unit, regardless of + The maximal number of message delivery requests that any client + is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. smtpd_client_recipient_rate_limit (0) - The maximal number of recipient addresses that any client is - allowed to send to this service per time unit, regardless of + The maximal number of recipient addresses that any client is + allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. smtpd_client_event_limit_exceptions ($mynetworks) - Clients that are excluded from smtpd_client_*_count/rate_limit + Clients that are excluded from smtpd_client_*_count/rate_limit restrictions. Available in Postfix version 2.3 and later: smtpd_client_new_tls_session_rate_limit (0) - The maximal number of new (i.e., uncached) TLS sessions that a + The maximal number of new (i.e., uncached) TLS sessions that a remote SMTP client is allowed to negotiate with this service per time unit. Available in Postfix version 2.9 - 3.6: - smtpd_per_record_deadline (normal: no, overload: yes) + smtpd_per_record_deadline (normal: no, overload: yes) Change the behavior of the smtpd_timeout and smtpd_start- - tls_timeout time limits, from a time limit per read or write - system call, to a time limit to send or receive a complete - record (an SMTP command line, SMTP response line, SMTP message + tls_timeout time limits, from a time limit per read or write + system call, to a time limit to send or receive a complete + record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol message). Available in Postfix version 3.1 and later: smtpd_client_auth_rate_limit (0) - The maximal number of AUTH commands that any client is allowed - to send to this service per time unit, regardless of whether or + The maximal number of AUTH commands that any client is allowed + to send to this service per time unit, regardless of whether or not Postfix actually accepts those commands. Available in Postfix version 3.7 and later: - smtpd_per_request_deadline (normal: no, overload: yes) + smtpd_per_request_deadline (normal: no, overload: yes) Change the behavior of the smtpd_timeout and smtpd_start- - tls_timeout time limits, from a time limit per plaintext or TLS - read or write call, to a combined time limit for receiving a - complete SMTP request and for sending a complete SMTP response. + tls_timeout time limits, from a time limit per plaintext or TLS + read or write call, to a combined time limit for receiving a + complete SMTP request and for sending a complete SMTP response. smtpd_min_data_rate (500) - The minimum plaintext data transfer rate in bytes/second for - DATA and BDAT requests, when deadlines are enabled with + The minimum plaintext data transfer rate in bytes/second for + DATA and BDAT requests, when deadlines are enabled with smtpd_per_request_deadline. header_from_format (standard) @@ -985,27 +984,27 @@ SMTPD(8) SMTPD(8) Available in Postfix version 3.8 and later: smtpd_client_ipv4_prefix_length (32) - Aggregate smtpd_client_*_count and smtpd_client_*_rate statis- + Aggregate smtpd_client_*_count and smtpd_client_*_rate statis- tics by IPv4 network blocks with the specified network prefix. smtpd_client_ipv6_prefix_length (84) - Aggregate smtpd_client_*_count and smtpd_client_*_rate statis- + Aggregate smtpd_client_*_count and smtpd_client_*_rate statis- tics by IPv6 network blocks with the specified network prefix. Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: smtpd_forbid_unauth_pipelining (Postfix >= 3.9: yes) - Disconnect remote SMTP clients that violate RFC 2920 (or 5321) + Disconnect remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later: smtpd_forbid_bare_newline (Postfix >= 3.9: normalize) - Reject or restrict input lines from an SMTP client that end in + Reject or restrict input lines from an SMTP client that end in <LF> instead of the standard <CR><LF>. smtpd_forbid_bare_newline_exclusions ($mynetworks) - Exclude the specified clients from smtpd_forbid_bare_newline + Exclude the specified clients from smtpd_forbid_bare_newline enforcement. Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and later: @@ -1015,55 +1014,55 @@ SMTPD(8) SMTPD(8) request with "smtpd_forbid_bare_newline = reject". TARPIT CONTROLS - When a remote SMTP client makes errors, the Postfix SMTP server can - insert delays before responding. This can help to slow down run-away - software. The behavior is controlled by an error counter that counts + When a remote SMTP client makes errors, the Postfix SMTP server can + insert delays before responding. This can help to slow down run-away + software. The behavior is controlled by an error counter that counts the number of errors within an SMTP session that a client makes without delivering mail. smtpd_error_sleep_time (1s) - With Postfix version 2.1 and later: the SMTP server response - delay after a client has made more than $smtpd_soft_error_limit - errors, and fewer than $smtpd_hard_error_limit errors, without + With Postfix version 2.1 and later: the SMTP server response + delay after a client has made more than $smtpd_soft_error_limit + errors, and fewer than $smtpd_hard_error_limit errors, without delivering mail. smtpd_soft_error_limit (10) - The number of errors a remote SMTP client is allowed to make - without delivering mail before the Postfix SMTP server slows + The number of errors a remote SMTP client is allowed to make + without delivering mail before the Postfix SMTP server slows down all its responses. - smtpd_hard_error_limit (normal: 20, overload: 1) - The maximal number of errors a remote SMTP client is allowed to + smtpd_hard_error_limit (normal: 20, overload: 1) + The maximal number of errors a remote SMTP client is allowed to make without delivering mail. - smtpd_junk_command_limit (normal: 100, overload: 1) - The number of junk commands (NOOP, VRFY, ETRN or RSET) that a - remote SMTP client can send before the Postfix SMTP server + smtpd_junk_command_limit (normal: 100, overload: 1) + The number of junk commands (NOOP, VRFY, ETRN or RSET) that a + remote SMTP client can send before the Postfix SMTP server starts to increment the error counter with each junk command. Available in Postfix version 2.1 and later: smtpd_recipient_overshoot_limit (1000) - The number of recipients that a remote SMTP client can send in + The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, - before the Postfix SMTP server increments the per-session error + before the Postfix SMTP server increments the per-session error count for each excess recipient. ACCESS POLICY DELEGATION CONTROLS - As of version 2.1, Postfix can be configured to delegate access policy - decisions to an external server that runs outside Postfix. See the + As of version 2.1, Postfix can be configured to delegate access policy + decisions to an external server that runs outside Postfix. See the file SMTPD_POLICY_README for more information. smtpd_policy_service_max_idle (300s) - The time after which an idle SMTPD policy service connection is + The time after which an idle SMTPD policy service connection is closed. smtpd_policy_service_max_ttl (1000s) - The time after which an active SMTPD policy service connection + The time after which an active SMTPD policy service connection is closed. smtpd_policy_service_timeout (100s) - The time limit for connecting to, writing to, or receiving from + The time limit for connecting to, writing to, or receiving from a delegated SMTPD policy server. Available in Postfix version 3.0 and later: @@ -1073,81 +1072,81 @@ SMTPD(8) SMTPD(8) The default action when an SMTPD policy service request fails. smtpd_policy_service_request_limit (0) - The maximal number of requests per SMTPD policy service connec- + The maximal number of requests per SMTPD policy service connec- tion, or zero (no limit). smtpd_policy_service_try_limit (2) - The maximal number of attempts to send an SMTPD policy service + The maximal number of attempts to send an SMTPD policy service request before giving up. smtpd_policy_service_retry_delay (1s) - The delay between attempts to resend a failed SMTPD policy ser- + The delay between attempts to resend a failed SMTPD policy ser- vice request. Available in Postfix version 3.1 and later: smtpd_policy_service_policy_context (empty) - Optional information that the Postfix SMTP server specifies in - the "policy_context" attribute of a policy service request - (originally, to share the same service endpoint among multiple + Optional information that the Postfix SMTP server specifies in + the "policy_context" attribute of a policy service request + (originally, to share the same service endpoint among multiple check_policy_service clients). ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to all the SMTP + The SMTPD_ACCESS_README document gives an introduction to all the SMTP server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating + Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions, or wait until the ETRN command - before evaluating $smtpd_client_restrictions and + before evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. parent_domain_matches_subdomains (see 'postconf -d' output) - A list of Postfix features where the pattern "example.com" also - matches subdomains of example.com, instead of requiring an + A list of Postfix features where the pattern "example.com" also + matches subdomains of example.com, instead of requiring an explicit ".example.com" pattern. smtpd_client_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client connection request. smtpd_helo_required (no) - Require that a remote SMTP client introduces itself with the - HELO or EHLO command before sending the MAIL command or other + Require that a remote SMTP client introduces itself with the + HELO or EHLO command before sending the MAIL command or other commands that require EHLO negotiation. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client MAIL FROM command. smtpd_recipient_restrictions (see 'postconf -d' output) - Optional restrictions that the Postfix SMTP server applies in - the context of a client RCPT TO command, after + Optional restrictions that the Postfix SMTP server applies in + the context of a client RCPT TO command, after smtpd_relay_restrictions. smtpd_etrn_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client ETRN command. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients to destina- + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destina- tions matching $relay_domains. smtpd_restriction_classes (empty) User-defined aliases for groups of access restrictions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables instead of + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) - Restrict the use of the permit_mx_backup SMTP access feature to + Restrict the use of the permit_mx_backup SMTP access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: @@ -1157,19 +1156,19 @@ SMTPD(8) SMTPD(8) applies in the context of the SMTP DATA command. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of RBL reply + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail from unknown - sender addresses, even when no explicit reject_unlisted_sender + Request that the Postfix SMTP server rejects mail from unknown + sender addresses, even when no explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail for unknown - recipient addresses, even when no explicit + Request that the Postfix SMTP server rejects mail for unknown + recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. Available in Postfix version 2.2 and later: @@ -1183,20 +1182,20 @@ SMTPD(8) SMTPD(8) smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination) Access restrictions for mail relay control that the Postfix SMTP - server applies in the context of the RCPT TO command, before + server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient address verifica- + Postfix version 2.1 introduces sender and recipient address verifica- tion. This feature is implemented by sending probe email messages that are not actually delivered. This feature is requested via the - reject_unverified_sender and reject_unverified_recipient access - restrictions. The status of verification probes is maintained by the - verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- - mation about how to configure and operate the Postfix sender/recipient + reject_unverified_sender and reject_unverified_recipient access + restrictions. The status of verification probes is maintained by the + verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- + mation about how to configure and operate the Postfix sender/recipient address verification service. - address_verify_poll_count (normal: 3, overload: 1) + address_verify_poll_count (normal: 3, overload: 1) How many times to query the verify(8) service for the completion of an address verification request in progress. @@ -1205,7 +1204,7 @@ SMTPD(8) SMTPD(8) fication request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification probes; prior + The sender address to use in address verification probes; prior to Postfix 2.5 the default was "postmaster". unverified_sender_reject_code (450) @@ -1213,18 +1212,18 @@ SMTPD(8) SMTPD(8) address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a recipient - address is rejected by the reject_unverified_recipient restric- + The numerical Postfix SMTP server response when a recipient + address is rejected by the reject_unverified_recipient restric- tion. Available in Postfix version 2.6 and later: unverified_sender_defer_code (450) - The numerical Postfix SMTP server response code when a sender + The numerical Postfix SMTP server response code when a sender address probe fails due to a temporary error condition. unverified_recipient_defer_code (450) - The numerical Postfix SMTP server response when a recipient + The numerical Postfix SMTP server response when a recipient address probe fails due to a temporary error condition. unverified_sender_reject_reason (empty) @@ -1236,17 +1235,17 @@ SMTPD(8) SMTPD(8) reject_unverified_recipient. unverified_sender_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_sender + The Postfix SMTP server's action when reject_unverified_sender fails due to a temporary error condition. unverified_recipient_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_recipi- + The Postfix SMTP server's action when reject_unverified_recipi- ent fails due to a temporary error condition. Available with Postfix 2.9 and later: address_verify_sender_ttl (0s) - The time between changes in the time-dependent portion of + The time between changes in the time-dependent portion of address verification probe sender addresses. ACCESS CONTROL RESPONSES @@ -1258,36 +1257,36 @@ SMTPD(8) SMTPD(8) map "reject" action. defer_code (450) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code when the client - HELO or EHLO command parameter is rejected by the + The numerical Postfix SMTP server response code when the client + HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_rbl_client, + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or reject_rhsbl_recipient restriction. non_fqdn_reject_code (504) - The numerical Postfix SMTP server reply code when a client - request is rejected by the reject_non_fqdn_helo_hostname, + The numerical Postfix SMTP server reply code when a client + request is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code when a request + The numerical Postfix SMTP server response code when a request is rejected by the reject_plaintext_session restriction. reject_code (554) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code when a client - request is rejected by the reject_unauth_destination recipient + The numerical Postfix SMTP server response code when a client + request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) @@ -1295,24 +1294,24 @@ SMTPD(8) SMTPD(8) a sender or recipient address because its domain is unknown. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code when a client - without valid address <=> name mapping is rejected by the + The numerical Postfix SMTP server response code when a client + without valid address <=> name mapping is rejected by the reject_unknown_client_hostname restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code when the host- - name specified with the HELO or EHLO command is rejected by the + The numerical Postfix SMTP server response code when the host- + name specified with the HELO or EHLO command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default Postfix SMTP server response template for a request + The default Postfix SMTP server response template for a request that is rejected by an RBL-based restriction. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_multi_recipi- + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_multi_recipi- ent_bounce restriction. rbl_reply_maps (empty) @@ -1322,52 +1321,52 @@ SMTPD(8) SMTPD(8) access_map_defer_code (450) The numerical Postfix SMTP server response code for an access(5) - map "defer" action, including "defer_if_permit" or + map "defer" action, including "defer_if_permit" or "defer_if_reject". reject_tempfail_action (defer_if_permit) - The Postfix SMTP server's action when a reject-type restriction + The Postfix SMTP server's action when a reject-type restriction fails due to a temporary error condition. unknown_helo_hostname_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unknown_helo_host- + The Postfix SMTP server's action when reject_unknown_helo_host- name fails due to a temporary error condition. unknown_address_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when - reject_unknown_sender_domain or reject_unknown_recipient_domain + The Postfix SMTP server's action when + reject_unknown_sender_domain or reject_unknown_recipient_domain fail due to a temporary error condition. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) The location of all postfix administrative commands. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that are gener- + The sender address of postmaster notifications that are gener- ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. mail_name (Postfix) - The mail system name that is displayed in Received: headers, in + The mail system name that is displayed in Received: headers, in the SMTP greeting banner, and in bounced mail. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1378,11 +1377,11 @@ SMTPD(8) SMTPD(8) The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" remote SMTP clients that have more privi- + The list of "trusted" remote SMTP clients that have more privi- leges than "strangers". myorigin ($myhostname) - The domain name that locally-posted mail appears to come from, + The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. process_id (read-only) @@ -1395,24 +1394,24 @@ SMTPD(8) SMTPD(8) The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate an email address local- + The set of characters that can separate an email address local- part, user name, or a .forward file name from its extension. smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the SMTP greeting + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT GET POST regexp:{{/^[^A-Z]/ Bogus}}) - List of commands that cause the Postfix SMTP server to immedi- + List of commands that cause the Postfix SMTP server to immedi- ately terminate the session with a 221 code. Available in Postfix version 2.5 and later: @@ -1429,7 +1428,7 @@ SMTPD(8) SMTPD(8) Available in Postfix 3.4 and later: smtpd_reject_footer_maps (empty) - Lookup tables, indexed by the complete Postfix SMTP server 4xx + Lookup tables, indexed by the complete Postfix SMTP server 4xx or 5xx response, with reject footer templates. SEE ALSO @@ -1474,6 +1473,9 @@ SMTPD(8) SMTPD(8) 111 8th Avenue New York, NY 10011, USA + Wietse Venema + porcupine.org + SASL support originally by: Till Franke SuSE Rhein/Main AG diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 2ad4c4d39..b2a4618f6 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2456,6 +2456,39 @@ Postfix releases, the behavior is as if this parameter is set to or .forward files. When an alias or .forward file changes the Delivered\-To: address, it ties up one queue file and one cleanup process instance while mail is being forwarded. +.SH full_name_encoding_charset (default: utf\-8) +The character set name (also called "charset") that Postfix +will output when it automatically generates an RFC 2047 encoded +full name. Encoding non\-ASCII full names can avoid the need to use +SMTPUTF8, and therefore can avoid incompatibility with sites that +do not support SMTPUTF8. +.PP +The encoded names look like "=?charset?q?gibberish?=" with +quoted\-printable encoding, or "=?charset?b?gibberish?=" with base64 +encoding. Postfix uses quoted\-printable encoding for a full name +that is short or mostly printable ASCII, and uses base64 otherwise. +.PP +Background: when a message without a From: header is submitted +with the Postfix \fBsendmail\fR(1) command, the Postfix \fBcleanup\fR(8) daemon +will add a From: header and will try to use the sender's full name +specified with the Postfix \fBsendmail\fR(1) "\-F" option, with the Postfix +\fBsendmail\fR(1) "NAME" environment variable, or with the GECOS field +in the UNIX password database. In the latter case, Postfix will +replace the "&" character with the login name, with a lowercase +ASCII first character converted to uppercase. +.PP +NOTE: Postfix does not convert between character sets; it simply +encodes the raw bytes in a full name as printable ASCII gibberish. +The full_name_encoding_charset value specifies how a mail reader +program should display the decoded gibberish. +.PP +Specify a valid character set name such as "utf\-8" or "iso\-8859\-1 +(specify the latter for full names that use the Latin1 encoding). +The character set name is case insensitive. When a character set +name violates RFC 2047 syntax, Postfix will log a warning and will +skip the full name. +.PP +This feature is available in Postfix >= 3.10. .SH hash_queue_depth (default: 1) The number of subdirectory levels for queue directories listed with the hash_queue_names parameter. Queue hashing is implemented by diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index f309f5d19..d1e4bf9c1 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -125,13 +125,26 @@ when not present. Available in Postfix version 2.9 and later: .IP "\fBenable_long_queue_ids (no)\fR" Enable long, non\-repeating, queue IDs (queue file names). +.SH "HEADER FORMATTING CONTROLS" +.na +.nf +.ad +.fi .PP Available in Postfix version 3.0 and later: .IP "\fBmessage_drop_headers (bcc, content\-length, resent\-bcc, return\-path)\fR" Names of message headers that the \fBcleanup\fR(8) daemon will remove after applying \fBheader_checks\fR(5) and before invoking Milter applications. +.PP +Available in Postfix version 3.3 and later: .IP "\fBheader_from_format (standard)\fR" The format of the Postfix\-generated \fBFrom:\fR header. +.PP +Available in Postfix version 3.10 and later: +.IP "\fBfull_name_encoding_charset (utf\-8)\fR" +The character set name (also called "charset") that Postfix +will output when it automatically generates an RFC 2047 encoded +full name. .SH "BUILT-IN CONTENT FILTERING CONTROLS" .na .nf @@ -422,7 +435,7 @@ How much time a Postfix daemon process may take to handle a request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub\-second delay values. +delay values. .IP "\fBdelay_warning_time (0h)\fR" The time after which the sender receives a copy of the message headers of mail that is still queued. @@ -523,3 +536,6 @@ Wietse Venema Google, Inc. 111 8th Avenue New York, NY 10011, USA + +Wietse Venema +porcupine.org diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 266322273..c68e32598 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -723,9 +723,8 @@ on by way of a proxy or network address translation unit. The Internet protocols Postfix will attempt to use when making or accepting connections. .IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR" -Lookup tables with all names or addresses of local recipients: -a recipient address is local when its domain matches $mydestination, -$inet_interfaces or $proxy_interfaces. +Lookup tables with all names or addresses of valid local +recipients. .IP "\fBunknown_local_recipient_reject_code (550)\fR" The numerical Postfix SMTP server response code when a recipient address is local, and $local_recipient_maps specifies a list of @@ -1288,6 +1287,9 @@ Google, Inc. 111 8th Avenue New York, NY 10011, USA +Wietse Venema +porcupine.org + SASL support originally by: Till Franke SuSE Rhein/Main AG diff --git a/postfix/mantools/check-postconf-undocumented b/postfix/mantools/check-postconf-undocumented old mode 100644 new mode 100755 diff --git a/postfix/mantools/check-postconf-unimplemented b/postfix/mantools/check-postconf-unimplemented old mode 100644 new mode 100755 diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 62f5624ea..b753d0871 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -1185,6 +1185,8 @@ while (<>) { s;\ballow_srv_lookup_fallback\b;$&;g; s;\bignore_srv_lookup_error\b;$&;g; + s;\bfull_name_encoding_charset\b;$&;g; + # Service-defined parameters... s;\bpolicy_time_limit\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index c0b57e705..d147b6403 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -19424,3 +19424,39 @@ handshakes, for example to troubleshoot Postfix TLSRPT support.

This feature is available in Postfix ≥ 3.10.

+ +%PARAM full_name_encoding_charset utf-8 + +

The character set name (also called "charset") that Postfix +will output when it automatically generates an RFC 2047 encoded +full name. Encoding non-ASCII full names can avoid the need to use +SMTPUTF8, and therefore can avoid incompatibility with sites that +do not support SMTPUTF8.

+ +

The encoded names look like "=?charset?q?gibberish?=" with +quoted-printable encoding, or "=?charset?b?gibberish?=" with base64 +encoding. Postfix uses quoted-printable encoding for a full name +that is short or mostly printable ASCII, and uses base64 otherwise. +

+ +

Background: when a message without a From: header is submitted +with the Postfix sendmail(1) command, the Postfix cleanup(8) daemon +will add a From: header and will try to use the sender's full name +specified with the Postfix sendmail(1) "-F" option, with the Postfix +sendmail(1) "NAME" environment variable, or with the GECOS field +in the UNIX password database. In the latter case, Postfix will +replace the "&" character with the login name, with a lowercase +ASCII first character converted to uppercase.

+ +

NOTE: Postfix does not convert between character sets; it simply +encodes the raw bytes in a full name as printable ASCII gibberish. +The full_name_encoding_charset value specifies how a mail reader +program should display the decoded gibberish.

+ +

Specify a valid character set name such as "utf-8" or "iso-8859-1 +(specify the latter for full names that use the Latin1 encoding). +The character set name is case insensitive. When a character set +name violates RFC 2047 syntax, Postfix will log a warning and will +skip the full name.

+ +

This feature is available in Postfix ≥ 3.10.

diff --git a/postfix/proto/stop b/postfix/proto/stop index 8447195ea..22af8cf39 100644 --- a/postfix/proto/stop +++ b/postfix/proto/stop @@ -1655,5 +1655,7 @@ hs ccformat xxsql MEMCACHE +GECOS +iso ORCPT RET diff --git a/postfix/proto/stop.double-cc b/postfix/proto/stop.double-cc index d0e35864a..e80d33312 100644 --- a/postfix/proto/stop.double-cc +++ b/postfix/proto/stop.double-cc @@ -342,3 +342,4 @@ address address string length additional_info additional_info ignored ignored USE_TLSRPT USE_TLSRPT +encoded encoded text can contain only alpha digit diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 2276687a8..ff1c0f338 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -146,4 +146,7 @@ proto proto socketmap_table qmqpd qmqpd c tls tls_misc c a dependency for html html File html Makefile in master dgram_server c master mail_server h postlogd postlogd c reload etc File spawn spawn c + proto postconf proto cleanup cleanup c cleanup cleanup_init c logging to the standard error stream File postlog postlog c + Files mantools postlink proto postconf proto cleanup cleanup c + many errors I O timeout lost connection File smtpd smtpd c diff --git a/postfix/proto/stop.spell-cc b/postfix/proto/stop.spell-cc index d10fe2354..97b670546 100644 --- a/postfix/proto/stop.spell-cc +++ b/postfix/proto/stop.spell-cc @@ -1850,3 +1850,7 @@ deduplicated WS isspace ws +Charset +atext +qp +cntrl diff --git a/postfix/src/cleanup/Makefile.in b/postfix/src/cleanup/Makefile.in index 056872173..0cc020e5b 100644 --- a/postfix/src/cleanup/Makefile.in +++ b/postfix/src/cleanup/Makefile.in @@ -1157,6 +1157,7 @@ cleanup_masquerade.o: ../../include/vstring.h cleanup_masquerade.o: cleanup.h cleanup_masquerade.o: cleanup_masquerade.c cleanup_message.o: ../../include/argv.h +cleanup_message.o: ../../include/ascii_header_text.h cleanup_message.o: ../../include/attr.h cleanup_message.o: ../../include/been_here.h cleanup_message.o: ../../include/check_arg.h @@ -1193,11 +1194,13 @@ cleanup_message.o: ../../include/quote_flags.h cleanup_message.o: ../../include/rec_type.h cleanup_message.o: ../../include/record.h cleanup_message.o: ../../include/resolve_clnt.h +cleanup_message.o: ../../include/rfc2047_code.h cleanup_message.o: ../../include/split_at.h cleanup_message.o: ../../include/string_list.h cleanup_message.o: ../../include/stringops.h cleanup_message.o: ../../include/sys_defs.h cleanup_message.o: ../../include/tok822.h +cleanup_message.o: ../../include/clean_ascii_cntrl_space.h cleanup_message.o: ../../include/vbuf.h cleanup_message.o: ../../include/vstream.h cleanup_message.o: ../../include/vstring.h diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index 3073ac51d..6ef7a02d6 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -109,13 +109,24 @@ /* Available in Postfix version 2.9 and later: /* .IP "\fBenable_long_queue_ids (no)\fR" /* Enable long, non-repeating, queue IDs (queue file names). +/* HEADER FORMATTING CONTROLS +/* .ad +/* .fi /* .PP /* Available in Postfix version 3.0 and later: /* .IP "\fBmessage_drop_headers (bcc, content-length, resent-bcc, return-path)\fR" /* Names of message headers that the \fBcleanup\fR(8) daemon will remove /* after applying \fBheader_checks\fR(5) and before invoking Milter applications. +/* .PP +/* Available in Postfix version 3.3 and later: /* .IP "\fBheader_from_format (standard)\fR" /* The format of the Postfix-generated \fBFrom:\fR header. +/* .PP +/* Available in Postfix version 3.10 and later: +/* .IP "\fBfull_name_encoding_charset (utf-8)\fR" +/* The character set name (also called "charset") that Postfix +/* will output when it automatically generates an RFC 2047 encoded +/* full name. /* BUILT-IN CONTENT FILTERING CONTROLS /* .ad /* .fi @@ -390,7 +401,7 @@ /* request before it is terminated by a built-in watchdog timer. /* .IP "\fBdelay_logging_resolution_limit (2)\fR" /* The maximal number of digits after the decimal point when logging -/* sub-second delay values. +/* delay values. /* .IP "\fBdelay_warning_time (0h)\fR" /* The time after which the sender receives a copy of the message /* headers of mail that is still queued. @@ -481,6 +492,9 @@ /* Google, Inc. /* 111 8th Avenue /* New York, NY 10011, USA +/* +/* Wietse Venema +/* porcupine.org /*--*/ /* System library. */ diff --git a/postfix/src/cleanup/cleanup.h b/postfix/src/cleanup/cleanup.h index 8b0b310e4..09b1b8286 100644 --- a/postfix/src/cleanup/cleanup.h +++ b/postfix/src/cleanup/cleanup.h @@ -48,6 +48,7 @@ typedef struct CLEANUP_STATE { VSTRING *attr_buf; /* storage for named attribute */ VSTRING *temp1; /* scratch buffer, local use only */ VSTRING *temp2; /* scratch buffer, local use only */ + VSTRING *temp3; /* scratch buffer, local use only */ VSTRING *stripped_buf; /* character stripped input */ VSTREAM *src; /* current input stream */ VSTREAM *dst; /* current output stream */ diff --git a/postfix/src/cleanup/cleanup_init.c b/postfix/src/cleanup/cleanup_init.c index 446ddf2f9..8f6b3e14d 100644 --- a/postfix/src/cleanup/cleanup_init.c +++ b/postfix/src/cleanup/cleanup_init.c @@ -174,6 +174,7 @@ int var_auto_8bit_enc_hdr; /* auto-detect 8bit encoding header */ int var_always_add_hdrs; /* always add missing headers */ int var_virt_addrlen_limit; /* stop exponential growth */ char *var_hfrom_format; /* header_from_format */ +char *var_full_name_encoding_charset; /* in =?charset?encoding?gibberish=? */ int var_force_mime_iconv; /* force mime downgrade on input */ int var_cleanup_mask_stray_cr_lf; /* replace stray CR or LF with space */ @@ -245,6 +246,7 @@ const CONFIG_STR_TABLE cleanup_str_table[] = { VAR_MILT_HEAD_CHECKS, DEF_MILT_HEAD_CHECKS, &var_milt_head_checks, 0, 0, VAR_MILT_MACRO_DEFLTS, DEF_MILT_MACRO_DEFLTS, &var_milt_macro_deflts, 0, 0, VAR_HFROM_FORMAT, DEF_HFROM_FORMAT, &var_hfrom_format, 1, 0, + VAR_FULL_NAME_ENCODING_CHARSET, DEF_FULL_NAME_ENCODING_CHARSET, &var_full_name_encoding_charset, 1, 0, 0, }; diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index 1c8881d84..21d94431d 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -44,6 +44,9 @@ /* Google, Inc. /* 111 8th Avenue /* New York, NY 10011, USA +/* +/* Wietse Venema +/* porcupine.org /*--*/ /* System library. */ @@ -68,9 +71,11 @@ #include #include #include +#include /* Global library. */ +#include #include #include #include @@ -90,6 +95,7 @@ #include #include #include +#include /* Application-specific. */ @@ -662,6 +668,43 @@ static void cleanup_header_callback(void *context, int header_class, } } +/* get_fullname_hdr_text - helper wrapper */ + +static char *get_fullname_hdr_text(VSTRING *result, const char *raw_name, + const char *separator) +{ + VSTRING *sanitized; + char *ret; + + if (raw_name == 0 || *raw_name == 0) + return (0); + + /* + * TODO(wietse) in the ASCII-only path, add support to insert newline + * instead of space, to enable header folding with cleanup_fold_header(). + */ + sanitized = vstring_alloc(100); + if (clean_ascii_cntrl_space(sanitized, raw_name, strlen(raw_name)) == 0) { + ret = 0; + } else if (allascii(vstring_str(sanitized))) { + ret = make_ascii_header_text(result, + cleanup_hfrom_format == HFROM_FORMAT_CODE_STD ? + HDR_TEXT_FLAG_PHRASE : + HDR_TEXT_FLAG_COMMENT, + vstring_str(sanitized)); + } else { + ret = rfc2047_encode(result, + cleanup_hfrom_format == HFROM_FORMAT_CODE_STD ? + RFC2047_HEADER_CONTEXT_PHRASE : + RFC2047_HEADER_CONTEXT_COMMENT, + var_full_name_encoding_charset, + vstring_str(sanitized), + VSTRING_LEN(sanitized), separator); + } + vstring_free(sanitized); + return (ret); +} + /* cleanup_header_done_callback - insert missing message headers */ static void cleanup_header_done_callback(void *context) @@ -670,8 +713,6 @@ static void cleanup_header_done_callback(void *context) CLEANUP_STATE *state = (CLEANUP_STATE *) context; char time_stamp[1024]; /* XXX locale dependent? */ struct tm *tp; - TOK822 *token; - TOK822 *dummy_token; time_t tv; /* @@ -763,49 +804,31 @@ static void cleanup_header_done_callback(void *context) if ((state->hdr_rewrite_context || var_always_add_hdrs) && (state->headers_seen & (1 << (state->resent[0] ? HDR_RESENT_FROM : HDR_FROM))) == 0) { + char *fullname; + quote_822_local(state->temp1, *state->sender ? state->sender : MAIL_ADDR_MAIL_DAEMON); - if (*state->sender && state->fullname && *state->fullname) { - char *cp; - - /* Enforce some sanity on full name content. */ - while ((cp = strchr(state->fullname, '\r')) != 0 - || (cp = strchr(state->fullname, '\n')) != 0) - *cp = ' '; + if (*state->sender != 0 + && (fullname = get_fullname_hdr_text(state->temp3, + state->fullname, "\n")) != 0 + && *fullname != 0) { /* - * "From: phrase ". Quote the phrase if it contains - * specials or the "%!" legacy address operators. + * "From: phrase ". */ if (cleanup_hfrom_format == HFROM_FORMAT_CODE_STD) { - vstring_sprintf(state->temp2, "%sFrom: ", state->resent); - if (state->fullname[strcspn(state->fullname, - "%!" LEX_822_SPECIALS)] == 0) { - /* Normalize whitespace. */ - token = tok822_scan_limit(state->fullname, &dummy_token, - var_token_limit); - } else { - token = tok822_alloc(TOK822_QSTRING, state->fullname); - } - if (token) { - tok822_externalize(state->temp2, token, TOK822_STR_NONE); - tok822_free_tree(token); - vstring_strcat(state->temp2, " "); - } - vstring_sprintf_append(state->temp2, "<%s>", - vstring_str(state->temp1)); + vstring_sprintf(state->temp2, "%sFrom: %s\n<%s>", + state->resent, fullname, + vstring_str(state->temp1)); } /* * "From: addr-spec (ctext)". This is the obsolete form. */ else { - vstring_sprintf(state->temp2, "%sFrom: %s ", - state->resent, vstring_str(state->temp1)); - vstring_sprintf(state->temp1, "(%s)", state->fullname); - token = tok822_parse(vstring_str(state->temp1)); - tok822_externalize(state->temp2, token, TOK822_STR_NONE); - tok822_free_tree(token); + vstring_sprintf(state->temp2, "%sFrom: %s\n(%s)", + state->resent, vstring_str(state->temp1), + fullname); } } @@ -817,7 +840,7 @@ static void cleanup_header_done_callback(void *context) vstring_sprintf(state->temp2, "%sFrom: %s", state->resent, vstring_str(state->temp1)); } - cleanup_out_header(state, state->temp2); + cleanup_fold_header(state, state->temp2); } /* diff --git a/postfix/src/cleanup/cleanup_state.c b/postfix/src/cleanup/cleanup_state.c index efe80e66e..4899dd468 100644 --- a/postfix/src/cleanup/cleanup_state.c +++ b/postfix/src/cleanup/cleanup_state.c @@ -33,6 +33,9 @@ /* Google, Inc. /* 111 8th Avenue /* New York, NY 10011, USA +/* +/* Wietse Venema +/* porcupine.org /*--*/ /* System library. */ @@ -69,6 +72,7 @@ CLEANUP_STATE *cleanup_state_alloc(VSTREAM *src) state->attr_buf = vstring_alloc(10); state->temp1 = vstring_alloc(10); state->temp2 = vstring_alloc(10); + state->temp3 = vstring_alloc(10); if (cleanup_strip_chars) state->stripped_buf = vstring_alloc(10); state->src = src; @@ -147,6 +151,7 @@ void cleanup_state_free(CLEANUP_STATE *state) vstring_free(state->attr_buf); vstring_free(state->temp1); vstring_free(state->temp2); + vstring_free(state->temp3); if (cleanup_strip_chars) vstring_free(state->stripped_buf); if (state->fullname) diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index e1410bb7e..27e1ab961 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -37,7 +37,7 @@ SRCS = abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \ normalize_mailhost_addr.c map_search.c reject_deliver_request.c \ info_log_addr_form.c sasl_mech_filter.c login_sender_match.c \ test_main.c compat_level.c config_known_tcp_ports.c \ - hfrom_format.c + hfrom_format.c rfc2047_code.c ascii_header_text.c OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \ canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \ clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \ @@ -76,7 +76,7 @@ OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \ normalize_mailhost_addr.o map_search.o reject_deliver_request.o \ info_log_addr_form.o sasl_mech_filter.o login_sender_match.o \ test_main.o compat_level.o config_known_tcp_ports.o \ - hfrom_format.o + hfrom_format.o rfc2047_code.o ascii_header_text.o # MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf. # When hard-linking these maps, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ), # otherwise it sets the PLUGIN_* macros. @@ -113,7 +113,7 @@ HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \ maillog_client.h normalize_mailhost_addr.h map_search.h \ info_log_addr_form.h sasl_mech_filter.h login_sender_match.h \ test_main.h compat_level.h config_known_tcp_ports.h \ - hfrom_format.h + hfrom_format.h rfc2047_code.h ascii_header_text.h TESTSRC = rec2stream.c stream2rec.c recdump.c DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) CFLAGS = $(DEBUG) $(OPT) $(DEFS) @@ -130,7 +130,8 @@ TESTPROG= domain_list dot_lockfile mail_addr_crunch mail_addr_find \ mail_version mail_dict server_acl uxtext mail_parm_split \ fold_addr smtp_reply_footer mail_addr_map normalize_mailhost_addr \ haproxy_srvr map_search delivered_hdr login_sender_match \ - compat_level config_known_tcp_ports hfrom_format + compat_level config_known_tcp_ports hfrom_format rfc2047_code \ + ascii_header_text LIBS = ../../lib/lib$(LIB_PREFIX)util$(LIB_SUFFIX) LIB_DIR = ../../lib @@ -398,6 +399,12 @@ compat_level: compat_level.c $(LIB) $(LIBS) hfrom_format: hfrom_format.c $(LIB) $(LIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) +rfc2047_code: rfc2047_code.c $(LIB) $(LIBS) + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) + +ascii_header_text: ascii_header_text.c $(LIB) $(LIBS) + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) + config_known_tcp_ports: config_known_tcp_ports.c $(LIB) $(LIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) @@ -410,7 +417,8 @@ tests: tok822_test mime_tests strip_addr_test tok822_limit_test \ mail_addr_find_test mail_addr_map_test quote_822_local_test \ normalize_mailhost_addr_test haproxy_srvr_test map_search_test \ delivered_hdr_test login_sender_match_test compat_level_test \ - config_known_tcp_ports_test hfrom_format_test + config_known_tcp_ports_test hfrom_format_test rfc2047_code_test \ + ascii_header_text_test mime_tests: mime_test mime_nest mime_8bit mime_dom mime_trunc mime_cvt \ mime_cvt2 mime_cvt3 mime_garb1 mime_garb2 mime_garb3 mime_garb4 @@ -776,6 +784,12 @@ hfrom_format_test: update hfrom_format \ diff hfrom_format.ref hfrom_format.tmp rm -f hfrom_format.tmp +rfc2047_code_test: update rfc2047_code + $(SHLIB_ENV) $(VALGRIND) ./rfc2047_code + +ascii_header_text_test: update ascii_header_text + $(SHLIB_ENV) $(VALGRIND) ./ascii_header_text + clean: rm -f *.o $(LIB) *core $(TESTPROG) junk $(MAPS) @@ -838,6 +852,18 @@ anvil_clnt.o: anvil_clnt.c anvil_clnt.o: anvil_clnt.h anvil_clnt.o: mail_params.h anvil_clnt.o: mail_proto.h +ascii_header_text.o: ../../include/check_arg.h +ascii_header_text.o: ../../include/msg.h +ascii_header_text.o: ../../include/stringops.h +ascii_header_text.o: ../../include/sys_defs.h +ascii_header_text.o: ../../include/vbuf.h +ascii_header_text.o: ../../include/vstring.h +ascii_header_text.o: ascii_header_text.c +ascii_header_text.o: ascii_header_text.h +ascii_header_text.o: lex_822.h +ascii_header_text.o: mail_params.h +ascii_header_text.o: resolve_clnt.h +ascii_header_text.o: tok822.h attr_override.o: ../../include/check_arg.h attr_override.o: ../../include/msg.h attr_override.o: ../../include/stringops.h @@ -2567,6 +2593,16 @@ rewrite_clnt.o: quote_822_local.h rewrite_clnt.o: quote_flags.h rewrite_clnt.o: rewrite_clnt.c rewrite_clnt.o: rewrite_clnt.h +rfc2047_code.o: ../../include/base64_code.h +rfc2047_code.o: ../../include/check_arg.h +rfc2047_code.o: ../../include/msg.h +rfc2047_code.o: ../../include/stringops.h +rfc2047_code.o: ../../include/sys_defs.h +rfc2047_code.o: ../../include/vbuf.h +rfc2047_code.o: ../../include/vstring.h +rfc2047_code.o: lex_822.h +rfc2047_code.o: rfc2047_code.c +rfc2047_code.o: rfc2047_code.h safe_ultostr.o: ../../include/check_arg.h safe_ultostr.o: ../../include/msg.h safe_ultostr.o: ../../include/mymalloc.h diff --git a/postfix/src/global/ascii_header_text.c b/postfix/src/global/ascii_header_text.c new file mode 100644 index 000000000..76839133d --- /dev/null +++ b/postfix/src/global/ascii_header_text.c @@ -0,0 +1,310 @@ +/*++ +/* NAME +/* ascii_header_text 3h +/* SUMMARY +/* message header content formatting +/* SYNOPSIS +/* #include +/* +/* char *make_ascii_header_text( +/* VSTRING *result, +/* int flags, +/* const char *str) +/* DESCRIPTION +/* make_ascii_header_text() takes an ASCII input string and formats +/* the content for use in a header phrase or comment. +/* +/* The result value is a pointer to the result buffer string content, +/* or null to indicate that no output was produced (the input was +/* empty, or all ASCII whitespace). +/* +/* Arguments: +/* .IP result +/* The buffer that the output will overwrite. The result is +/* null-terminated. +/* .IP flags +/* One of HDR_FLAG_PHRASE or HDR_FLAG_COMMENT is required. Other +/* flags are optional. +/* .RS +/* .IP HDR_TEXT_FLAG_PHRASE +/* Generate header content that will be used as a phrase, for +/* example the full name content in "From: full-name ". +/* .IP HDR_TEXT_FLAG_COMMENT +/* Generate header content that will be used as a comment, for +/* example the full name in "From: addr-spec (full-name)". +/* .RE +/* .IP str +/* Pointer to null-terminated input storage. +/* DIAGNOSTICS +/* Panic: invalid flags argument. +/* SEE ALSO +/* rfc2047_code(3), encode header content +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/* +/* Wietse Venema +/* porcupine.org +/*--*/ + + /* + * System library. + */ +#include +#include +#include + + /* + * Utility library. + */ +#include +#include +#include +#include + + /* + * Global library. + */ +#include +#include +#include + + /* + * Self. + */ +#include + + /* + * SLMs. + */ +#define STR vstring_str +#define LEN VSTRING_LEN + +/* make_ascii_header_text - make header text for phrase or comment */ + +char *make_ascii_header_text(VSTRING *result, int flags, const char *str) +{ + const char myname[] = "make_ascii_header_text"; + const char *cp; + int ch; + int target; + + /* + * Quote or escape ASCII-only content. This factors out code from the + * Postfix 2.9 cleanup daemon, without introducing visible changes for + * text that contains only non-control characters and well-formed + * comments. See TODO()s for some basic improvements that would allow + * long inputs to be folded over multiple lines. + */ + VSTRING_RESET(result); + switch (target = (flags & HDR_TEXT_MASK_TARGET)) { + + /* + * Generate text for a phrase (for example, the full name in "From: + * full-name "). + * + * TODO(wietse) add a tok822_externalize() option to replace whitespace + * between phrase tokens with newline, so that a long full name can + * be folded. This is a user-visible change; do this early in a + * development cycle to find out if this breaks compatibility. + */ + case HDR_TEXT_FLAG_PHRASE:{ + TOK822 *dummy_token; + TOK822 *token; + + if (str[strcspn(str, "%!" LEX_822_SPECIALS)] == 0) { + token = tok822_scan_limit(str, &dummy_token, + var_token_limit); + } else { + token = tok822_alloc(TOK822_QSTRING, str); + } + if (token) { + tok822_externalize(result, token, TOK822_STR_NONE); + tok822_free_tree(token); + VSTRING_TERMINATE(result); + return (STR(result)); + } else { + /* No output was generated. */ + return (0); + } + } + break; + + /* + * Generate text for comment content, for example, the full name in + * "From: addr-spec (full-name)". We do not quote "(", ")", or "\" as + * that would be a user-visible change, but we do fix unbalanced + * parentheses or a backslash at the end. + * + * TODO(wietse): Replace whitespace with newline, so that a long full + * name can be folded). This is a user-visible change; do this early + * in a development cycle to find out if this breaks compatibility. + */ + case HDR_TEXT_FLAG_COMMENT:{ + int pc; + + for (pc = 0, cp = str; (ch = *cp) != 0; cp++) { + if (ch == '\\') { + if (cp[1] == 0) + continue; + VSTRING_ADDCH(result, ch); + ch = *++cp; + } else if (ch == '(') { + pc++; + } else if (ch == ')') { + if (pc < 1) + continue; + pc--; + } + VSTRING_ADDCH(result, ch); + } + while (pc-- > 0) + VSTRING_ADDCH(result, ')'); + VSTRING_TERMINATE(result); + return (LEN(result) && !allspace(STR(result)) ? STR(result) : 0); + } + break; + default: + msg_panic("%s: unknown target '0x%x'", myname, target); + } +} + +#ifdef TEST + +#include +#include +#include +#include + + /* + * Test structure. Some tests generate their own. + */ +typedef struct TEST_CASE { + const char *label; + int (*action) (const struct TEST_CASE *); + int flags; + const char *input; + const char *exp_output; +} TEST_CASE; + +#define PASS (0) +#define FAIL (1) + +#define NO_OUTPUT ((char *) 0) + +static int test_make_ascii_header_text(const TEST_CASE *tp) +{ + static VSTRING *result; + const char *got; + + if (result == 0) + result = vstring_alloc(100); + + got = make_ascii_header_text(result, tp->flags, tp->input); + + if (!got != !tp->exp_output) { + msg_warn("got result ``%s'', want ``%s''", + got ? got : "null", + tp->exp_output ? tp->exp_output : "null"); + return (FAIL); + } + if (got && strcmp(got, tp->exp_output) != 0) { + msg_warn("got result ``%s'', want ``%s''", got, tp->exp_output); + return (FAIL); + } + return (PASS); +} + +static const TEST_CASE test_cases[] = { + + /* + * Phrase tests. + */ + {"phrase_without_special", + test_make_ascii_header_text, + HDR_TEXT_FLAG_PHRASE, "abc def", "abc def" + }, + {"phrase_with_special", + test_make_ascii_header_text, + HDR_TEXT_FLAG_PHRASE, "foo@bar", "\"foo@bar\"" + }, + {"phrase_with_space_only", + test_make_ascii_header_text, + HDR_TEXT_FLAG_PHRASE, " ", NO_OUTPUT + }, + {"phrase_empty", + test_make_ascii_header_text, + HDR_TEXT_FLAG_PHRASE, "", NO_OUTPUT + }, + + /* + * Comment tests. + */ + {"comment_with_unopened_parens", + test_make_ascii_header_text, + HDR_TEXT_FLAG_COMMENT, ")foo )bar", "foo bar" + }, + {"comment_with_unclosed_parens", + test_make_ascii_header_text, + HDR_TEXT_FLAG_COMMENT, "(foo (bar", "(foo (bar))" + }, + {"comment_with_backslash_in_text", + test_make_ascii_header_text, + HDR_TEXT_FLAG_COMMENT, "foo\\bar", "foo\\bar" + }, + {"comment_with_backslash_at_end", + test_make_ascii_header_text, + HDR_TEXT_FLAG_COMMENT, "foo\\", "foo" + }, + {"comment_with_backslash_backslash_at_end", + test_make_ascii_header_text, + HDR_TEXT_FLAG_COMMENT, "foo\\\\", "foo\\\\" + }, + {"comment_with_space_only", + test_make_ascii_header_text, + HDR_TEXT_FLAG_COMMENT, " ", NO_OUTPUT + }, + {"comment_empty", + test_make_ascii_header_text, + HDR_TEXT_FLAG_COMMENT, "", NO_OUTPUT + }, + {0}, +}; + +int main(int argc, char **argv) +{ + const TEST_CASE *tp; + int pass = 0; + int fail = 0; + + msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR); + + for (tp = test_cases; tp->label != 0; tp++) { + int test_failed; + + msg_info("RUN %s", tp->label); + test_failed = tp->action(tp); + if (test_failed) { + msg_info("FAIL %s", tp->label); + fail++; + } else { + msg_info("PASS %s", tp->label); + pass++; + } + } + msg_info("PASS=%d FAIL=%d", pass, fail); + exit(fail != 0); +} + +#endif diff --git a/postfix/src/global/ascii_header_text.h b/postfix/src/global/ascii_header_text.h new file mode 100644 index 000000000..4b574bdd1 --- /dev/null +++ b/postfix/src/global/ascii_header_text.h @@ -0,0 +1,56 @@ +#ifndef _ASCII_HEADER_TEXT_H_INCLUDED_ +#define _ASCII_HEADER_TEXT_H_INCLUDED_ + +/*++ +/* NAME +/* ascii_header_text 3h +/* SUMMARY +/* message header content formatting +/* SYNOPSIS +/* #include +/* DESCRIPTION +/* .nf + + /* + * System library. + */ +#include + + /* + * Utility library + */ +#include + + /* + * External API. + */ +#define HDR_TEXT_FLAG_COMMENT (1<<0) /* Generate comment content */ +#define HDR_TEXT_FLAG_PHRASE (1<<1) /* Generate phrase content */ +#define HDR_TEXT_FLAG_FOLD (1<<2) /* Generate header folding hints */ + +#define HDR_TEXT_MASK_TARGET \ + (HDR_TEXT_FLAG_COMMENT | HDR_TEXT_FLAG_PHRASE) + +extern char *make_ascii_header_text(VSTRING *result, int flags, const char *in); + +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/* +/* Wietse Venema +/* porcupine.org +/*--*/ + +#endif + diff --git a/postfix/src/global/dict_sqlite.c b/postfix/src/global/dict_sqlite.c index 7d6608a66..c267ce4c6 100644 --- a/postfix/src/global/dict_sqlite.c +++ b/postfix/src/global/dict_sqlite.c @@ -59,6 +59,9 @@ #if !defined(SQLITE_VERSION_NUMBER) || (SQLITE_VERSION_NUMBER < 3005004) #define sqlite3_prepare_v2 sqlite3_prepare #endif +#if !defined(SQLITE_VERSION_NUMBER) || (SQLITE_VERSION_NUMBER < 3005000) +#define sqlite3_open_v2(fname,ppDB,flags,zVfs) sqlite_open(fname,ppDB) +#endif /* Utility library. */ @@ -320,10 +323,16 @@ DICT *dict_sqlite_open(const char *name, int open_flags, int dict_flags) dict_sqlite->parser = parser; sqlite_parse_config(dict_sqlite, name); - if (sqlite3_open(dict_sqlite->dbpath, &dict_sqlite->db)) - msg_fatal("%s:%s: Can't open database: %s\n", - DICT_TYPE_SQLITE, name, sqlite3_errmsg(dict_sqlite->db)); + if (sqlite3_open_v2(dict_sqlite->dbpath, &dict_sqlite->db, + SQLITE_OPEN_READONLY, NULL) != SQLITE_OK) { + DICT *dict = dict_surrogate(DICT_TYPE_SQLITE, name, open_flags, + dict_flags, "%s:%s: open database %s: %s: %m", + DICT_TYPE_SQLITE, name, dict_sqlite->dbpath, + sqlite3_errmsg(dict_sqlite->db)); + dict_sqlite_close(&dict_sqlite->dict); + return dict; + } dict_sqlite->dict.owner = cfg_get_owner(dict_sqlite->parser); return (DICT_DEBUG (&dict_sqlite->dict)); diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 8e02d12f5..316688903 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -4481,6 +4481,13 @@ extern char *var_smtp_tlsrpt_sockname; #define DEF_LMTP_TLSRPT_SKIP_REUSED_HS DEF_SMTP_TLSRPT_SKIP_REUSED_HS extern int var_smtp_tlsrpt_skip_reused_hs; + /* + * RFC 2047 encoding of full name info. + */ +#define VAR_FULL_NAME_ENCODING_CHARSET "full_name_encoding_charset" +#define DEF_FULL_NAME_ENCODING_CHARSET "utf-8" +extern char *var_full_name_encoding_charset; + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index ca3b424e9..b028754b0 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20250103" +#define MAIL_RELEASE_DATE "20250105" #define MAIL_VERSION_NUMBER "3.10" #ifdef SNAPSHOT diff --git a/postfix/src/global/rfc2047_code.c b/postfix/src/global/rfc2047_code.c new file mode 100644 index 000000000..b7caaeab7 --- /dev/null +++ b/postfix/src/global/rfc2047_code.c @@ -0,0 +1,761 @@ +/*++ +/* NAME +/* rfc2047_code 3 +/* SUMMARY +/* non-ASCII header content encoding +/* SYNOPSIS +/* #include +/* +/* int rfc2047_encode( +/* VSTRING *result, +/* int header_context, +/* const char *charset, +/* const char *in, +/* ssize_t len, +/* const char *out_separator) +/* DESCRIPTION +/* rfc2047_encode() encodes the input for the specified header +/* context, producing one or more encoded-word instances. The +/* result is the string value of the result buffer, or null in case +/* of error. +/* +/* rfc2047_encode() uses quoted-printable if the input is shorter +/* than 20 bytes, or if fewer than 1/2 of the input bytes need to +/* be encoded; otherwise it uses base64. +/* +/* rfc2047_encode() limits the length of an encoded-word as required +/* by RFC 2047, and produces as many encoded-word instances as +/* needed, separated with a caller-specified separator. +/* +/* Arguments: +/* .IP result +/* The buffer that the output will overwrite. The result is +/* null-terminated. +/* .IP header_context +/* Specify one of: +/* .RS +/* .IP RFC2047_HEADER_CONTEXT_COMMENT +/* The result will be used as 'comment' text, i.e. the result will +/* later be enclosed with "(" and ")". +/* .IP RFC2047_HEADER_CONTEXT_PHRASE +/* The result will be used as 'phrase' text, for example, the full +/* name for an email address. The input must not be a quoted string. +/* rfc2047_encode() logs a warning and returns null if the input +/* begins with a double quote. +/* .RE +/* .IP charset +/* Null-terminated character array with a valid character set name. +/* rfc2047_encode() logs a warning and returns null if a charset +/* value does not meet RFC 2047 syntax requirements. +/* .IP in +/* Pointer to input storage. +/* .IP len +/* The number of input bytes. rfc2047_encode() logs a warning and +/* returns null if this length is < 1. +/* .IP out_separator +/* Folding white-space text that will be inserted between +/* multiple encoded-word instances in rfc2047_encode() +/* output. rfc2047_encode() logs a warning and returns null if this +/* argument does not specify whitespace text. +/* DIAGNOSTICS +/* rfc2047_encode() returns null in case of error. See above for +/* specific error cases. +/* BUGS +/* The thresholds for switching from quoted-printable to base64 +/* encoding are arbitrary. What is optimal for one observer may be +/* suspicious for a different one. +/* SEE ALSO +/* RFC 2047, Message Header Extensions for Non-ASCII Text +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* porcupine.org +/*--*/ + + /* + * System library. + */ +#include +#include +#include + + /* + * Utility library. + */ +#include +#include +#include + + /* + * Global library. + */ +#include +#include + + /* + * The general form of an encoded-word is =?charset?encoding?encoded-text?= + * where charset and encoding are case insensitive, and encoding is B or Q. + */ + + /* + * What ASCII characters are allowed in the 'charset' or 'encoding' tokens + * of an encoded-word. + */ +#define RFC2047_ESPECIALS_STR "()<>@,;:\\\"/[]?.=" +#define RFC2047_ALLOWED_TOKEN_CHAR(c) \ + (isascii(c) && !iscntrl(c) && ch != ' ' \ + && !strchr(RFC2047_ESPECIALS_STR, ch)) + + /* + * Common definitions for the base64 and quoted-printable encoders. + */ +#define ENC_WORD_MAX_LEN 75 /* =?charset?encoding?encoded?= */ +#define ENC_WORD_PROLOG_FMT "=?%s?%c?" /* =?charset?encoding? */ +#define ENC_WORD_EPILOG_STR "?=" +#define ENC_WORD_EPILOG_LEN (sizeof(ENC_WORD_EPILOG_STR) - 1) +#define ENC_WORD_ENCODING_B64 'B' +#define ENC_WORD_ENCODING_QP 'Q' + + /* + * Per RFC 2047 section 1, an encoded-word contains only printable ASCII + * characters. Therefore, the quoted-printable encoder must always encode + * ASCII SPACE, ASCII control characters, and non-ASCII byte values. + * + * Per RFC 2047 section 4.2.(2), the quoted-printable encoder must always + * encode the "=", "?" and "_" characters. + * + * Per RFC 2047 section 5.(1) these rules are sufficient for header fields that + * contain unstructured text such as Subject, X- custom headers, etc. + */ +#define QP_ENCODE_ASCII_NON_CNTRL " =?_" + + /* + * Per RFC 2047 section 5.(2) the quoted-printable encoder for comment text + * also needs to encode "(", ")", and "\". + */ +#define QP_ENCODE_ASCII_NON_CNTRL_COMMENT_FIELD \ + (QP_ENCODE_ASCII_NON_CNTRL "()\\") + + /* + * Per RFC 2047 section 5.(3) as amended by erratum(4): when used as a + * replacement for a 'word' entity within a 'phrase', a "Q"-encoded + * encoded-text can contain only alpha digit "!", "*", "+", "-", "/", "=" + * (only if followed by two hexadecimal digits), and "_". I.e not " # $ % & + * ' ( ) , . : ; < > ? [ \ ] ^ ` { | } ~. + * + * In other words they require encoding not only RFC 5322 specials and + * characters reserved for encoded-word formatting, but they also disallow + * characters that RFC 5322 allows in atext: # $ % & ' ^ ` { | } ~. + */ +#define QP_ENCODE_ASCII_NON_CNTRL_PHRASE_WORD \ + (QP_ENCODE_ASCII_NON_CNTRL LEX_822_SPECIALS "#$%&'?^`{|}~") + + /* + * Considering the above discussion, why don't we just always base64 encode + * the input? Because results from a web search suggest that some spam + * filters penalize base64 encoding in headers. + */ + +/* rfc204_b64_encode_append - encode header_entity with base64 */ + +static char *rfc204_b64_encode(VSTRING *result, + const char *charset, + const char *in, ssize_t len, + const char *out_separator) +{ + const char *cp; + const char *in_end; + + /* + * Convert the input into one or more encoded-word's of at most 75 bytes, + * separated with a caller-specified output separator. + */ + VSTRING_RESET(result); + for (cp = in, in_end = in + len; cp < in_end; /* see below */ ) { + ssize_t enc_word_start, enc_word_prolog_len, space_avail, todo; + + /* Start an encoded-word. */ + enc_word_start = VSTRING_LEN(result); + vstring_sprintf_append(result, ENC_WORD_PROLOG_FMT, charset, + ENC_WORD_ENCODING_B64); + enc_word_prolog_len = VSTRING_LEN(result) - enc_word_start; + space_avail = ENC_WORD_MAX_LEN - ENC_WORD_EPILOG_LEN + - enc_word_prolog_len; + + /* Fill in the encoded-text portion. */ + todo = 3 * (space_avail >> 2); + if (todo > in_end - cp) + todo = in_end - cp; + (void) base64_encode_opt(result, cp, todo, BASE64_FLAG_APPEND); + + /* Finish the encoded-word. */ + (void) vstring_strcat(result, ENC_WORD_EPILOG_STR); + + /* Are we done yet? */ + if ((cp += todo) < in_end) + vstring_strcat(result, out_separator); + } + return (vstring_str(result)); +} + +/* rfc2047_qp_encode - encode header_entity with quoted-printable */ + +static char *rfc2047_qp_encode(VSTRING *result, + const char *charset, + const char *specials, + const char *in, ssize_t len, + const char *out_separator) +{ + const char *cp; + const char *in_end; + + VSTRING_RESET(result); + for (cp = in, in_end = in + len; cp < in_end; /* see below */ ) { + ssize_t enc_word_start, enc_word_prolog_len, space_avail; + int ch; + + /* Start an encoded-word. */ + enc_word_start = VSTRING_LEN(result); + vstring_sprintf_append(result, ENC_WORD_PROLOG_FMT, charset, + ENC_WORD_ENCODING_QP); + enc_word_prolog_len = VSTRING_LEN(result) - enc_word_start; + space_avail = ENC_WORD_MAX_LEN - ENC_WORD_EPILOG_LEN + - enc_word_prolog_len; + + /* Fill in the encoded-text portion. */ + for ( /* void */ ; cp < in_end && space_avail > 0; cp++) { + ch = *(unsigned char *) cp; + if (ch == 0x20) { + VSTRING_ADDCH(result, '_'); + space_avail -= 1; + } else if (!isascii(ch) || iscntrl(ch) || strchr(specials, ch)) { + if (space_avail < 3) + /* Try again in the next encoded-word. */ + break; + vstring_sprintf_append(result, "=%02X", ch); + space_avail -= 3; + } else { + VSTRING_ADDCH(result, ch); + space_avail -= 1; + } + } + + /* Finish the encoded-word and null-terminate the result. */ + (void) vstring_strcat(result, ENC_WORD_EPILOG_STR); + + /* Are we done yet? */ + if (cp < in_end) + vstring_strcat(result, out_separator); + } + return (vstring_str(result)); +} + +/* rfc2047_encode - encode header text field */ + +char *rfc2047_encode(VSTRING *result, int header_context, + const char *charset, + const char *in, ssize_t len, + const char *out_separator) +{ + const char myname[] = "rfc2047_encode"; + const unsigned char *cp; + int ch; + const char *qp_encoding_specials; + + /* + * Sanity check the null-terminated charset name. This content is + * configurable in Postfix, but there is no need to terminate the + * process. + */ + if (*charset == 0) { + msg_warn("%s: encoder called with empty charset name", myname); + return (0); + } + for (cp = (const unsigned char *) charset; (ch = *cp) != 0; cp++) { + if (!RFC2047_ALLOWED_TOKEN_CHAR(ch)) { + msg_warn("%s: invalid character: 0x%x in charset name: '%s'", + myname, ch, charset); + return (0); + } + } + + /* + * Sanity check the input size. This may be partly user controlled, so + * don't panic. + */ + if (len < 1) { + msg_warn("%s: encoder called with empty input", myname); + return (0); + } + if (!allspace(out_separator)) { + msg_warn("%s: encoder called with non-whitespace separator: '%s'", + myname, out_separator); + return (0); + } + + /* + * The RFC 2047 rules for quoted-printable encoding differ for comment + * text and phrase text. + */ + switch (header_context) { + case RFC2047_HEADER_CONTEXT_COMMENT: + qp_encoding_specials = QP_ENCODE_ASCII_NON_CNTRL_COMMENT_FIELD; + break; + case RFC2047_HEADER_CONTEXT_PHRASE: + qp_encoding_specials = QP_ENCODE_ASCII_NON_CNTRL_PHRASE_WORD; + if (*in == '"') { + msg_warn("%s: encoder called with quoted word as input: '%s'", + myname, in); + return (0); + } + break; + default: + msg_panic("%s: unexpected header_context: 0x%x", + myname, header_context); + } + + /* + * Choose between quoted-printable or base64 encoding. + * + * Header strings are short, so making multiple passes over the input is + * not a disaster. How many bytes would the encoder produce using + * quoted-printable? We don't optimize for the shortest encoding but for + * compromised readability. If the input is not short, and more than 1/2 + * of the input bytes need to be encoded, then the content is mostly not + * printable ASCII, and quoted-printable output is mostly not readable. + * But, naive spam filters may treat base64 in headers with suspicion. + */ + if (len >= 20) { + int need_to_qp = 0; + int threshold = len / 2; + const unsigned char *end = (const unsigned char *) in + len; + + for (cp = (const unsigned char *) in; cp < end; cp++) { + ch = *cp; + need_to_qp += (!isascii(ch) || isspace(ch) || iscntrl(ch) + || strchr(qp_encoding_specials, ch)); + if (need_to_qp >= threshold) + return (rfc204_b64_encode(result, charset, in, len, + out_separator)); + } + } + return (rfc2047_qp_encode(result, charset, qp_encoding_specials, + in, len, out_separator)); +} + +#ifdef TEST +#include /* fd_set */ +#include +#include +#include +#include + + /* + * TODO(wietse) make this a proper VSTREAM interface. Instead of temporarily + * swapping streams, we could temporarily swap the stream's write function. + */ + +/* vstream_swap - capture output for testing */ + +static void vstream_swap(VSTREAM *one, VSTREAM *two) +{ + VSTREAM save; + + save = *one; + *one = *two; + *two = save; +} + +/* override the printable() call in msg output, it breaks our tests */ + +char *printable_except(char *string, int replacement, const char *except) +{ + return (string); +} + + /* + * Test structure. Some tests generate their own. + */ +typedef struct TEST_CASE { + const char *label; + int (*action) (const struct TEST_CASE *); + int context; + const char *charset; + const char *input; + ssize_t in_len; + const char *out_separator; + const char *exp_output; + const char *exp_warning; +} TEST_CASE; + +#define PASS (0) +#define FAIL (1) + +#define NO_OUTPUT ((char *) 0) + +static int test_rfc2047_encode(const TEST_CASE *tp) +{ + static VSTRING *msg_buf; + static VSTRING *result; + VSTREAM *memory_stream; + const char *got; + + if (msg_buf == 0) { + msg_buf = vstring_alloc(100); + result = vstring_alloc(100); + } + /* Run the test with custom STDERR stream. */ + VSTRING_RESET(msg_buf); + VSTRING_TERMINATE(msg_buf); + if ((memory_stream = vstream_memopen(msg_buf, O_WRONLY)) == 0) + msg_fatal("open memory stream: %m"); + vstream_swap(VSTREAM_ERR, memory_stream); + got = rfc2047_encode(result, tp->context, tp->charset, tp->input, + tp->in_len != 0 ? tp->in_len : strlen(tp->input), + tp->out_separator); + vstream_swap(memory_stream, VSTREAM_ERR); + if (vstream_fclose(memory_stream)) + msg_fatal("close memory stream: %m"); + + /* Verify the results. */ + if (tp->exp_warning == 0 && VSTRING_LEN(msg_buf) > 0) { + msg_warn("got warning ``%s'', want ``null''", vstring_str(msg_buf)); + return (FAIL); + } + if (tp->exp_warning != 0 + && strcmp(vstring_str(msg_buf), tp->exp_warning) != 0) { + msg_warn("got warning ``%s'', want ``%s''", + vstring_str(msg_buf), tp->exp_warning); + return (FAIL); + } + if (!got == !tp->exp_warning) { + msg_warn("got result ``%s'', and warning ``%s''", + got ? got : "null", + tp->exp_warning ? tp->exp_warning : "null"); + return (FAIL); + } + if (!got != !tp->exp_output) { + msg_warn("got result ``%s'', want ``%s''", + got ? got : "null", + tp->exp_output ? tp->exp_output : "null"); + return (FAIL); + } + if (got && strcmp(got, tp->exp_output) != 0) { + msg_warn("got result ``%s'', want ``%s''", got, tp->exp_output); + return (FAIL); + } + return (PASS); +} + + /* + * Input/output templates for charset tests. + */ +#define CHARSET_INPUT_TEMPLATE "testme" +#define CHARSET_OUTPUT_SEPARATOR " " +#define CHARSET_CHARSET_TEMPLATE "utf-8%c" +#define CHARSET_ALLOW_TEMPLATE "=?utf-8%c?Q?testme?=" +#define CHARSET_REJECT_TEMPLATE \ + "rfc2047_code: warning: rfc2047_encode: invalid character: " \ + "0x%x in charset name: 'utf-8%c'\n" + +static int validates_charset(const TEST_CASE *tp) +{ + VSTRING *charset; + VSTRING *exp_output; + VSTRING *exp_warning; + TEST_CASE test; + int ch; + int ret; + fd_set asciimap; + +#define SET_RANGE(map, min, max) do { \ + int _n; \ + for (_n = (min); _n <= (max); _n++) \ + FD_SET(_n, (map)); \ + } while (0); +#define SET_SINGLE(map, n) do { \ + FD_SET(n, (map)); \ + } while (0); + + /* + * Initialize a bitmap with characters that are allowed in a charset + * name. + */ + FD_ZERO(&asciimap); + SET_SINGLE(&asciimap, '!'); + SET_RANGE(&asciimap, '#', '\''); + SET_RANGE(&asciimap, '*', '+'); + SET_SINGLE(&asciimap, '-'); + SET_RANGE(&asciimap, '0', '9'); + SET_RANGE(&asciimap, 'A', 'Z'); + SET_RANGE(&asciimap, '^', '~'); + + charset = vstring_alloc(10); + exp_output = vstring_alloc(100); + exp_warning = vstring_alloc(100); + + test.label = tp->label; + test.action = 0; + test.context = RFC2047_HEADER_CONTEXT_COMMENT; + test.input = CHARSET_INPUT_TEMPLATE; + test.in_len = 0; + test.out_separator = CHARSET_OUTPUT_SEPARATOR; + + /* TODO: 0x0 in charset. */ + for (ret = 0, ch = 0x1; ret == 0 && ch <= 0xff; ch++) { + vstring_sprintf(charset, CHARSET_CHARSET_TEMPLATE, ch); + test.charset = vstring_str(charset); + if (FD_ISSET(ch, &asciimap)) { + vstring_sprintf(exp_output, CHARSET_ALLOW_TEMPLATE, ch); + test.exp_output = vstring_str(exp_output); + test.exp_warning = 0; + } else { + test.exp_output = 0; + vstring_sprintf(exp_warning, CHARSET_REJECT_TEMPLATE, ch, ch); + test.exp_warning = vstring_str(exp_warning); + } + ret = test_rfc2047_encode(&test); + } + + vstring_free(charset); + vstring_free(exp_output); + vstring_free(exp_warning); + return (ret == 0 ? PASS : FAIL); +} + + /* + * Specify an explicit input length, so that we can input a null byte. + */ +#define ENCODE_INPUT_TEMPLATE "testme %c" +#define ENCODE_INPUT_LEN (sizeof(ENCODE_INPUT_TEMPLATE) - 2) +#define ENCODE_OUTPUT_SEPARATOR "\n" +#define ENCODE_CHARSET "utf-8" +#define ENCODE_AS_SELF_TEMPLATE "=?utf-8?Q?testme_%c?=" +#define ENCODE_AS_QP_TEMPLATE "=?utf-8?Q?testme_=%02X?=" +#define ENCODE_AS_CTRL_TEMPLATE "=?utf-8?Q?testme_?=" + + /* + * TODO(wietse) split into 'encodes non-control text' and 'rejects control + * text'1 + */ + +static int encodes_text(const char *label, + int context, + const char *specials) +{ + VSTRING *input; + VSTRING *exp_output; + TEST_CASE test; + int ch; + int ret; + fd_set asciimap; + const char *cp; + + /* + * Initialize a bitmap with characters that need no encoding. + */ + FD_ZERO(&asciimap); + SET_RANGE(&asciimap, 0x20, 0x7e); /* ASCII non-controls */ + for (cp = specials; (ch = *(unsigned char *) cp) != 0; cp++) + FD_CLR(ch, &asciimap); + + input = vstring_alloc(100); + exp_output = vstring_alloc(100); + + /* + * TODO(wietse) We don't use VSTRING_LEN(input) to determine how much + * output was written. When the output contains a null byte, + * VSTRING_LEN(input) will be smaller than ENCODE_INPUT_LEN because + * vbuf_print() still supports systems without snprintf() and relies on + * the equivalent of strlen() to find out how much was written. + */ + test.label = label; + test.action = 0; + test.context = context; + test.charset = "utf-8"; + test.in_len = ENCODE_INPUT_LEN; + test.out_separator = ENCODE_OUTPUT_SEPARATOR; + test.exp_warning = 0; + + for (ret = 0, ch = 0x0; ret == 0 && ch <= 0xff; ch++) { + vstring_sprintf(input, ENCODE_INPUT_TEMPLATE, ch); + test.input = vstring_str(input); + if (FD_ISSET(ch, &asciimap)) { + vstring_sprintf(exp_output, ENCODE_AS_SELF_TEMPLATE, ch); + } else if (ch == ' ') { + vstring_sprintf(exp_output, ENCODE_AS_SELF_TEMPLATE, '_'); + } else { + vstring_sprintf(exp_output, ENCODE_AS_QP_TEMPLATE, ch); + } + test.exp_output = vstring_str(exp_output); + ret = test_rfc2047_encode(&test); + } + + vstring_free(input); + vstring_free(exp_output); + return (ret == 0 ? PASS : FAIL); +} + +static int encodes_comment_text(const TEST_CASE *tp) +{ + const char specials[] = { + /* RFC 2047 encoded-word formatting. */ + ' ', '_', '=', '?', + + /* Not allowed in RFC 5322 ctext. */ + '(', ')', '\\', + + 0, + }; + + return (encodes_text(tp->label, RFC2047_HEADER_CONTEXT_COMMENT, specials)); +} + +static int encodes_phrase_text(const TEST_CASE *tp) +{ + const char specials[] = { + /* RFC 2047 encoded-word formatting. */ + ' ', '_', '=', '?', + + /* RFC 5322 specials. */ + '"', '(', ')', ',', '.', ':', ';', '<', '>', '@', '[', '\\', ']', + + /* Not allowed in RFC 2047 section 5(3). */ + '#', '$', '%', '&', '\'', '^', '`', '{', '|', '}', '~', + + 0, + }; + + return (encodes_text(tp->label, RFC2047_HEADER_CONTEXT_PHRASE, specials)); +} + +static const TEST_CASE test_cases[] = { + + /* + * Smoke test. If this fails then all bets are off. + */ + {"comment_needs_no_encoding", + test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_COMMENT, "utf-8", + "testme", 0, " ", "=?utf-8?Q?testme?=" + }, + + /* + * Charset validation. + */ + {"validates_charset_not_empty", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_COMMENT, /* charset= */ "", + "testme", 0, " ", NO_OUTPUT, "rfc2047_code: warning: rfc2047_encode: " + "encoder called with empty charset name\n" + }, + {"validates_charset", validates_charset}, + {"encodes_comment_text", encodes_comment_text}, + {"encodes_long_comment_text", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_COMMENT, "utf-8", + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + 0, "\n", + "=?utf-8?Q?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAA?=\n=?utf-8?Q?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + "AAAAAAAAAAAAAAAAAAAAAAAA?=" + }, + + /* + * Encoding validation. + */ + {"validates_input_not_empty", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_COMMENT, "utf-8", + /* input= */ "", 0, " ", NO_OUTPUT, "rfc2047_code: warning: " + "rfc2047_encode: encoder called with empty input\n" + }, + {"validates_whitespace_separator", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_COMMENT, "utf-8", + "whatever", 0, "foo", NO_OUTPUT, "rfc2047_code: warning: " + "rfc2047_encode: encoder called with non-whitespace separator: " + "'foo'\n" + }, + {"validates_non_quoted_word", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_PHRASE, "utf-8", + "\"whatever", 0, " ", NO_OUTPUT, "rfc2047_code: warning: " + "rfc2047_encode: encoder called with quoted word as input: " + "'\"whatever'\n" + }, + {"encodes_phrase_text", encodes_phrase_text}, + {"encodes_long_phrase_text", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_PHRASE, "utf-8", + "000102030405060708091011121314151617181920212223242526272829" + "303132333435363738394041424344454647484950515253545556575859" + "606162636465666768697071727374757677787980818283848586878889", + 0, "\n", + "=?utf-8?Q?00010203040506070809101112131415161718192021222324" + "2526272829303?=\n=?utf-8?Q?132333435363738394041424344454647" + "484950515253545556575859606162?=\n=?utf-8?Q?6364656667686970" + "71727374757677787980818283848586878889?=" + }, + {"encodes_mostly_ascii_as_qp", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_PHRASE, "utf-8", + "some non-ascii Δημοσ embedded in ascii", 0, "\n", + "=?utf-8?Q?some_non-ascii_=CE=94=CE=B7=CE=BC=CE=BF=CF=83_embe" + "dded_in_ascii?=" + }, + {"encodes_whole_qp_triplets_1x", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_PHRASE, "utf-8", + "x some small amount of non-ascii Δημοσ embedded in ascii", 0, "\n", + "=?utf-8?Q?x_some_small_amount_of_non-ascii_=CE=94=CE=B7=CE=BC=CE=B" + "F=CF=83?=\n=?utf-8?Q?_embedded_in_ascii?=" + }, + {"encodes_whole_qp_triplets_2x", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_PHRASE, "utf-8", + "xx some small amount of non-ascii Δημοσ embedded in ascii", 0, "\n", + "=?utf-8?Q?xx_some_small_amount_of_non-ascii_=CE=94=CE=B7=CE=BC=CE=B" + "F=CF?=\n=?utf-8?Q?=83_embedded_in_ascii?=" + }, + {"encodes_mostly_non_ascii_as_b64", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_PHRASE, "utf-8", + "mostly non-ascii Δημοσθένους", 0, "\n", + "=?utf-8?B?bW9zdGx5IG5vbi1hc2NpaSDOlM63zrzOv8+DzrjhvbPOvc6/z4XPgg==?=" + }, + {"encodes_whole_b64_quads_4x", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_PHRASE, "utf-8", + "xxxx mostly non-ascii Δημοσθένους", 0, "\n", + "=?utf-8?B?eHh4eCBtb3N0bHkgbm9uLWFzY2lpIM6UzrfOvM6/z4POuOG9s869zr/Phc" + "+C?=" + }, + {"encodes_whole_b64_quads_5x", test_rfc2047_encode, + RFC2047_HEADER_CONTEXT_PHRASE, "utf-8", + "xxxxx mostly non-ascii Δημοσθένους", 0, "\n", + "=?utf-8?B?eHh4eHggbW9zdGx5IG5vbi1hc2NpaSDOlM63zrzOv8+DzrjhvbPOvc6/z4" + "XP?=\n=?utf-8?B?gg==?=" + }, + {0}, +}; + +int main(int argc, char **argv) +{ + const TEST_CASE *tp; + int pass = 0; + int fail = 0; + + msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR); + + for (tp = test_cases; tp->label != 0; tp++) { + int test_failed; + + msg_info("RUN %s", tp->label); + test_failed = tp->action(tp); + if (test_failed) { + msg_info("FAIL %s", tp->label); + fail++; + } else { + msg_info("PASS %s", tp->label); + pass++; + } + } + msg_info("PASS=%d FAIL=%d", pass, fail); + exit(fail != 0); +} + +#endif diff --git a/postfix/src/global/rfc2047_code.h b/postfix/src/global/rfc2047_code.h new file mode 100644 index 000000000..77365bf8a --- /dev/null +++ b/postfix/src/global/rfc2047_code.h @@ -0,0 +1,39 @@ +#ifndef _RFC2047_ENCODE_H_INCLUDED_ +#define _RFC2047_ENCODE_H_INCLUDED_ + +/*++ +/* NAME +/* rfc2047_code 3h +/* SUMMARY +/* non-ASCII header content encoding +/* SYNOPSIS +/* #include +/* DESCRIPTION +/* .nf + + /* + * Utility library. + */ +#include + + /* + * External API. + */ +#define RFC2047_HEADER_CONTEXT_COMMENT (1) +#define RFC2047_HEADER_CONTEXT_PHRASE (2) + +extern char *rfc2047_encode(VSTRING *result, int header_context, + const char *charset, + const char *in, ssize_t len, + const char *out_separator); + +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* porcupine.org +/*--*/ + +#endif diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index ea943fe77..550462ae4 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -921,6 +921,7 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop, */ #ifdef USE_TLSRPT if (smtp_mode && var_smtp_tlsrpt_enable + && state->tls->level > TLS_LEV_NONE && !valid_hostaddr(domain, DONT_GRIPE)) smtp_tlsrpt_create_wrapper(state, domain); else @@ -1099,7 +1100,7 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop, * problem, then we must report correct information. */ #ifdef USE_TLSRPT - if (state->tlsrpt && state->tls->level > TLS_LEV_NONE) { + if (state->tlsrpt) { smtp_tlsrpt_set_tls_policy(state); smtp_tlsrpt_set_tcp_connection(state); } diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 0c2c64019..42a82893f 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -679,9 +679,8 @@ /* The Internet protocols Postfix will attempt to use when making /* or accepting connections. /* .IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR" -/* Lookup tables with all names or addresses of local recipients: -/* a recipient address is local when its domain matches $mydestination, -/* $inet_interfaces or $proxy_interfaces. +/* Lookup tables with all names or addresses of valid local +/* recipients. /* .IP "\fBunknown_local_recipient_reject_code (550)\fR" /* The numerical Postfix SMTP server response code when a recipient /* address is local, and $local_recipient_maps specifies a list of @@ -1222,6 +1221,9 @@ /* 111 8th Avenue /* New York, NY 10011, USA /* +/* Wietse Venema +/* porcupine.org +/* /* SASL support originally by: /* Till Franke /* SuSE Rhein/Main AG @@ -6113,20 +6115,26 @@ static void smtpd_proto(SMTPD_STATE *state) * troubles. */ if (state->reason && state->where) { + const char *queue_id_or_noqueue = (state->queue_id ? + state->queue_id : "NOQUEUE"); + if (strcmp(state->where, SMTPD_AFTER_DATA) == 0) { - msg_info("%s after %s (%lu bytes) from %s", /* 2.5 compat */ + msg_info("%s: %s after %s (%lu bytes) from %s", /* 2.5 compat */ + queue_id_or_noqueue, state->reason, SMTPD_CMD_DATA, /* 2.5 compat */ (long) (state->act_size + vstream_peek(state->client)), state->namaddr); } else if (strcmp(state->where, SMTPD_AFTER_BDAT) == 0) { - msg_info("%s after %s (%lu bytes) from %s", + msg_info("%s: %s after %s (%lu bytes) from %s", + queue_id_or_noqueue, state->reason, SMTPD_CMD_BDAT, (long) (state->act_size + VSTRING_LEN(state->buffer) + VSTRING_LEN(state->bdat_get_buffer)), state->namaddr); } else if (strcmp(state->where, SMTPD_AFTER_EOM) || strcmp(state->reason, REASON_LOST_CONNECTION)) { - msg_info("%s after %s from %s", + msg_info("%s: %s after %s from %s", + queue_id_or_noqueue, state->reason, state->where, state->namaddr); } } diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index ce1a37ee9..c97efb1cb 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -487,7 +487,6 @@ tls_proxy_server_scan.o: ../../include/vstring.h tls_proxy_server_scan.o: tls.h tls_proxy_server_scan.o: tls_proxy.h tls_proxy_server_scan.o: tls_proxy_server_scan.c -tls_rsa.o: tls_rsa.c tls_scache.o: ../../include/argv.h tls_scache.o: ../../include/check_arg.h tls_scache.o: ../../include/dict.h diff --git a/postfix/src/tls/tls_rsa.c b/postfix/src/tls/tls_rsa.c deleted file mode 100644 index e69de29bb..000000000 diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index e7566a726..7df6ffd94 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -46,7 +46,8 @@ SRCS = alldig.c allprint.c argv.c argv_split.c attr_clnt.c attr_print0.c \ sane_strtol.c hash_fnv.c ldseed.c mkmap_cdb.c mkmap_db.c mkmap_dbm.c \ mkmap_fail.c mkmap_lmdb.c mkmap_open.c mkmap_sdbm.c inet_prefix_top.c \ inet_addr_sizes.c quote_for_json.c mystrerror.c \ - sane_sockaddr_to_hostaddr.c normalize_ws.c valid_uri_scheme.c + sane_sockaddr_to_hostaddr.c normalize_ws.c valid_uri_scheme.c \ + clean_ascii_cntrl_space.c OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \ attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \ attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \ @@ -94,7 +95,7 @@ OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \ sane_strtol.o hash_fnv.o ldseed.o mkmap_db.o mkmap_dbm.o \ mkmap_fail.o mkmap_open.o inet_prefix_top.o inet_addr_sizes.o \ quote_for_json.o mystrerror.o sane_sockaddr_to_hostaddr.o \ - normalize_ws.o valid_uri_scheme.o + normalize_ws.o valid_uri_scheme.o clean_ascii_cntrl_space.o # MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf. # When hard-linking these, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ), # otherwise it sets the PLUGIN_* macros. @@ -126,7 +127,8 @@ HDRS = argv.h attr.h attr_clnt.h auto_clnt.h base64_code.h binhash.h \ valid_utf8_hostname.h midna_domain.h dict_union.h dict_inline.h \ check_arg.h argv_attr.h msg_logger.h logwriter.h byte_mask.h \ known_tcp_ports.h sane_strtol.h hash_fnv.h ldseed.h mkmap.h \ - inet_prefix_top.h inet_addr_sizes.h valid_uri_scheme.h + inet_prefix_top.h inet_addr_sizes.h valid_uri_scheme.h \ + clean_ascii_cntrl_space.h TESTSRC = fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \ stream_test.c dup2_pass_on_exec.c DEFS = -I. -D$(SYSTYPE) @@ -149,7 +151,7 @@ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \ vbuf_print split_qnameval vstream msg_logger byte_mask \ known_tcp_ports dict_stream find_inet binhash hash_fnv argv \ clean_env inet_prefix_top printable readlline quote_for_json \ - normalize_ws valid_uri_scheme + normalize_ws valid_uri_scheme clean_ascii_cntrl_space PLUGIN_MAP_SO = $(LIB_PREFIX)pcre$(LIB_SUFFIX) $(LIB_PREFIX)lmdb$(LIB_SUFFIX) \ $(LIB_PREFIX)cdb$(LIB_SUFFIX) $(LIB_PREFIX)sdbm$(LIB_SUFFIX) HTABLE_FIX = NORANDOMIZE=1 @@ -623,6 +625,11 @@ valid_uri_scheme: $(LIB) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) mv junk $@.o +clean_ascii_cntrl_space: $(LIB) + mv $@.o junk + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) + mv junk $@.o + tests: all valid_hostname_test mac_expand_test dict_test unescape_test \ hex_quote_test ctable_test inet_addr_list_test base64_code_test \ attr_scan64_test attr_scan0_test host_port_test dict_tests \ @@ -634,7 +641,7 @@ tests: all valid_hostname_test mac_expand_test dict_test unescape_test \ vstream_test byte_mask_tests mystrtok_test known_tcp_ports_test \ binhash_test argv_test inet_prefix_top_test printable_test \ valid_utf8_string_test readlline_test quote_for_json_test \ - normalize_ws_test valid_uri_scheme_test + normalize_ws_test valid_uri_scheme_test clean_ascii_cntrl_space_test dict_tests: all dict_test \ dict_pcre_tests dict_cidr_test dict_thash_test dict_static_test \ @@ -1117,6 +1124,9 @@ normalize_ws_test: normalize_ws valid_uri_scheme_test: valid_uri_scheme $(SHLIB_ENV) ${VALGRIND} ./valid_uri_scheme +clean_ascii_cntrl_space_test: clean_ascii_cntrl_space + $(SHLIB_ENV) ${VALGRIND} ./clean_ascii_cntrl_space + depend: $(MAKES) (sed '1,/^# do not edit/!d' Makefile.in; \ set -e; for i in [a-z][a-z0-9]*.c; do \ @@ -2827,6 +2837,14 @@ trimblanks.o: sys_defs.h trimblanks.o: trimblanks.c trimblanks.o: vbuf.h trimblanks.o: vstring.h +clean_ascii_cntrl_space.o: check_arg.h +clean_ascii_cntrl_space.o: stringops.h +clean_ascii_cntrl_space.o: sys_defs.h +clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c +clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h +clean_ascii_cntrl_space.o: vbuf.h +clean_ascii_cntrl_space.o: vstream.h +clean_ascii_cntrl_space.o: vstring.h unescape.o: check_arg.h unescape.o: stringops.h unescape.o: sys_defs.h diff --git a/postfix/src/util/clean_ascii_cntrl_space.c b/postfix/src/util/clean_ascii_cntrl_space.c new file mode 100644 index 000000000..81f2ee53f --- /dev/null +++ b/postfix/src/util/clean_ascii_cntrl_space.c @@ -0,0 +1,244 @@ +/*++ +/* NAME +/* clean_ascii_cntrl_space 3h +/* SUMMARY +/* censor control characters and normalize whitespace +/* SYNOPSIS +/* #include +/* +/* char *clean_ascii_cntrl_space( +/* VSTRING *result, +/* const char *str, +/* ssize_t len) +/* DESCRIPTION +/* clean_ascii_cntrl_space() sanitizes input by replacing ASCII +/* control characters with ASCII SPACE, by replacing a sequence +/* of multiple ASCII SPACE characters with one ASCII SPACE, and by +/* eliminating leading and trailing ASCII SPACE. +/* +/* The result value is a pointer to the result buffer's string +/* content, or null when no output was generated (for example +/* all input characters were ASCII SPACE, or were replaced with +/* ASCII SPACE). +/* +/* Arguments: +/* .IP result +/* The buffer that the output will overwrite. The result is +/* null-terminated. +/* .IP str +/* Pointer to input storage. +/* .IP len +/* The number of input bytes. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* porcupine.org +/*--*/ + + /* + * System library. + */ +#include +#include + + /* + * Utility library. + */ +#include +#include +#include + + /* + * SLMs. + */ +#define STR vstring_str +#define LEN VSTRING_LEN +#define END vstring_end + +/* clean_ascii_cntrl_space - replace control characters, normalize whitespace */ + +char *clean_ascii_cntrl_space(VSTRING *result, const char *str, ssize_t len) +{ + const char *cp; + const char *str_end; + int ch, prev_ch; + + VSTRING_RESET(result); + for (cp = str, prev_ch = ' ', str_end = str + len; cp < str_end; cp++) { + ch = *(unsigned char *) cp; + if (ISCNTRL(ch)) + ch = ' '; + if (ch == ' ' && (prev_ch == ' ' || cp[1] == 0)) + continue; + VSTRING_ADDCH(result, ch); + prev_ch = ch; + } + if (LEN(result) > 0 && END(result)[-1] == ' ') + vstring_truncate(result, LEN(result) - 1); + VSTRING_TERMINATE(result); + return ((LEN(result) == 0 || allspace(STR(result))) ? 0 : STR(result)); +} + +#ifdef TEST +#include +#include + +#include +#include +#include + + /* + * Test structure. Some tests generate their own. + */ +typedef struct TEST_CASE { + const char *label; + int (*action) (const struct TEST_CASE *); + const char *input; + ssize_t inlen; + const char *exp_output; +} TEST_CASE; + +#define NO_OUTPUT ((char *) 0) + +#define PASS (0) +#define FAIL (1) + +static VSTRING *input; +static VSTRING *exp_output; + +static int test_clean_ascii_cntrl_space(const TEST_CASE *tp) +{ + static VSTRING *result; + const char *got; + + if (result == 0) + result = vstring_alloc(100); + + got = clean_ascii_cntrl_space(result, tp->input, tp->inlen); + + if (!got != !tp->exp_output) { + msg_warn("got result ``%s'', want ``%s''", + got ? got : "null", + tp->exp_output ? tp->exp_output : "null"); + return (FAIL); + } + if (got && strcmp(got, tp->exp_output) != 0) { + msg_warn("got result ``%s'', want ``%s''", got, tp->exp_output); + return (FAIL); + } + return (PASS); +} + +static int passes_all_non_controls(const TEST_CASE *tp) +{ + TEST_CASE test; + int ch; + + VSTRING_RESET(input); + for (ch = 0x21; ch < 0x7f; ch++) + VSTRING_ADDCH(input, ch); + VSTRING_TERMINATE(input); + test.label = tp->label; + test.action = test_clean_ascii_cntrl_space; + test.input = STR(input); + test.inlen = strlen(STR(input)); + test.exp_output = test.input; + return (test_clean_ascii_cntrl_space(&test)); +} + +static int replaces_all_controls(const TEST_CASE *tp) +{ + TEST_CASE test; + int ch; + + test.label = tp->label; + test.action = test_clean_ascii_cntrl_space; + + for (ch = 1; ch <= 0x7f; ch++) { + if (ch == 0x20) + ch = 0x7f; + vstring_sprintf(input, "0x%02x>%c<", ch, ch); + test.input = STR(input); + test.inlen = LEN(input); + vstring_sprintf(exp_output, "0x%02x> <", ch); + test.exp_output = STR(exp_output); + if (test_clean_ascii_cntrl_space(&test) != PASS) + return (FAIL); + } + return (PASS); +} + +static const TEST_CASE test_cases[] = { + {"passes_all_non_controls", + passes_all_non_controls, + }, + {"replaces_all_controls", + replaces_all_controls, + }, + {"collapses_multiple_controls", + test_clean_ascii_cntrl_space, + "x\x01\x02yx", 4, "x y" + }, + {"collapses_control_space", + test_clean_ascii_cntrl_space, + "x\x01 y", 4, "x y" + }, + {"collapses_space_control", + test_clean_ascii_cntrl_space, + "x \x01y", 4, "x y" + }, + {"collapses_multiple_space", + test_clean_ascii_cntrl_space, + "x y", 4, "x y" + }, + {"strips_leading_control_space", + test_clean_ascii_cntrl_space, + "\x01 xy", 4, "xy", + }, + {"strips_leading_space_control", + test_clean_ascii_cntrl_space, + " \x01xy", 4, "xy", + }, + {"strips_trailing_space_control", + test_clean_ascii_cntrl_space, + "x \x01", 5, "x", + }, + {"strips_trailing_control_space", + test_clean_ascii_cntrl_space, + "x\x01\x01 ", 5, "x", + }, + {0}, +}; + +int main(int argc, char **argv) +{ + const TEST_CASE *tp; + int pass = 0; + int fail = 0; + + msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR); + + input = vstring_alloc(300); + exp_output = vstring_alloc(300); + + for (tp = test_cases; tp->label != 0; tp++) { + int test_failed; + + msg_info("RUN %s", tp->label); + test_failed = tp->action(tp); + if (test_failed) { + msg_info("FAIL %s", tp->label); + fail++; + } else { + msg_info("PASS %s", tp->label); + pass++; + } + } + msg_info("PASS=%d FAIL=%d", pass, fail); + exit(fail != 0); +} + +#endif diff --git a/postfix/src/util/clean_ascii_cntrl_space.h b/postfix/src/util/clean_ascii_cntrl_space.h new file mode 100644 index 000000000..2fa95c57e --- /dev/null +++ b/postfix/src/util/clean_ascii_cntrl_space.h @@ -0,0 +1,33 @@ +#ifndef _UNCNTRL_H_INCLUDED_ +#define _UNCNTRL_H_INCLUDED_ + +/*++ +/* NAME +/* clean_ascii_cntrl_space 3h +/* SUMMARY +/* sane control character removal +/* SYNOPSIS +/* #include +/* DESCRIPTION +/* .nf + + /* + * Utility library. + */ +#include + + /* + * External interface. + */ +extern char *clean_ascii_cntrl_space(VSTRING *result, const char *input, ssize_t len); + +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* porcupine.org +/*--*/ + +#endif