From: Wietse Venema Date: Mon, 24 Jul 2006 05:00:00 +0000 (-0500) Subject: postfix-2.4-20060724 X-Git-Tag: v2.4.0-RC1~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=21b0834aa1408101f21fca2aa39ccb6fb7b75672;p=thirdparty%2Fpostfix.git postfix-2.4-20060724 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 5ba3c211f..2d849cfa1 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -12188,17 +12188,18 @@ Apologies for any names omitted. 20060510 Preliminary TLS_README and postconf(5) changes completed. + Victor Duchovni. Added smtp_tls_policy_maps and smtp_tls_protocols features to the smtp/lmtp client, changed smtp_tls_cipherlist to - only apply when TLS is mandatory. + only apply when TLS is mandatory. Victor Duchovni. 20060512 Destinations that share a common server may have distinct TLS protocol and cipherlist requirements, with mandatory TLS add the protocol and cipherlist values to the TLS session - lookup key. + lookup key. Victor Duchovni. 20060516 @@ -12228,14 +12229,14 @@ Apologies for any names omitted. The smtp_tls_policy_maps table now implements parent domain matching for destinations that are bare domains (without - enclosin [] or optional :port suffix). This allows one to + enclosing [] or optional :port suffix). This allows one to set TLS policy for a domain and all sub-domains. Victor Duchovni. 20060519 The same parameter can bind to different variables in - different daemons, ignore the variable name when eliminating + different daemons. Ignore the variable name when eliminating duplicates in extract.awk. Victor Duchovni. 20060523 @@ -12482,7 +12483,7 @@ Apologies for any names omitted. after an opportunistic TLS handshake fails. Specify "smtp_sasl_auth_enforce = no" to deliver mail anyway. File: smtp/smtp_proto.c. See workaround 20060711 for sender-dependent - SASL passwords. + SASL passwords. This was undone with the 20060719 workaround. 20060709 @@ -12523,9 +12524,10 @@ Apologies for any names omitted. after the header label and ":" in an interesting manner. It eats one space (not tab). File: milter/milter8.c. - Workaround: if sender-depedendent SASL passwords are enabled, + Workaround: if sender-dependent SASL passwords are enabled, don't defer delivery when a SASL password exists but the server doesn't announce SASL support. File: smtp/smtp_proto.c. + This was undone with the 20060719 workaround. Cleanup: format of cleanup milter reject messages. File: cleanup_milter.c. @@ -12542,7 +12544,9 @@ Apologies for any names omitted. Bugfix (bug introduced with Postfix 2.2): the Postfix SMTP client enforced Mandatory TLS only when talking to an ESMTP - server. Victor Duchovni. File: src/smtp/smtp_proto.c. + server; enforcement did not happen if Postfix could somehow + be forced to send HELO instead of EHLO. Victor Duchovni. + File: src/smtp/smtp_proto.c. 20060718 @@ -12593,14 +12597,21 @@ Apologies for any names omitted. Moreover, when mail has passed through an external content filter, we don't have sufficient information to reproduce the exact same SMTP events and Sendmail macros that Milters - received when the mail originally arrived in Postfix. File: - pickup/pickup.c. + received when the mail originally arrived in Postfix. This + change does not affect Milter applications that run behind + an after-queue content filter. File: pickup/pickup.c. Bugfix: Milters received a truncated ORCPT=xxx parameter due to destructive parsing of something that didn't have to be preserved before Milter support was added to Postfix. File: smtpd/smtpd.c. +20060724 + + Bugfix: when updating the same header multiple times, the + Postfix Milter client created a queue file that caused + delivery agents to loop. File: cleanup/cleanup_milter.c. + Wish list: Add M flag (enable multi-recipient delivery) to pipe daemon. diff --git a/postfix/README_FILES/DB_README b/postfix/README_FILES/DB_README index 3d2236971..62b852ef3 100644 --- a/postfix/README_FILES/DB_README +++ b/postfix/README_FILES/DB_README @@ -74,7 +74,7 @@ BBuuiillddiinngg PPoossttffiixx oonn BBSSDD ssyysstteem Some BSD systems ship with multiple Berkeley DB implementations. Normally, Postfix builds with the default DB version that ships with the system. -To build Postfix on BSD systems with a specific DB version, use a variant of +To build Postfix on BSD systems with a non-default DB version, use a variant of the following commands: % make tidy diff --git a/postfix/README_FILES/LINUX_README b/postfix/README_FILES/LINUX_README index 4781906c0..3325cd1d1 100644 --- a/postfix/README_FILES/LINUX_README +++ b/postfix/README_FILES/LINUX_README @@ -5,10 +5,15 @@ PPoossttffiixx aanndd LLiinnuuxx BBeerrkkeelleeyy DDBB iissssuueess Warning: if you can't compile Postfix because the file "db.h" isn't found, then -you MUST install the Berkeley DB development package (package name: db???- -devel-???) that comes with your Linux system. Only that package contains the -files that correspond to the Berkeley DB version that is used by the system -library routines. +you MUST install the Berkeley DB development package (name: db???-devel-???) +that matches your system library. You can find out what is installed with the +rpm command. For example: + + $ rrppmm --qqff //uussrr//lliibb//lliibbddbb..ssoo + db4-4.3.29-2 + +This means that you need to install db4-devel-4.3.29-2 (on some systems, +specify /lib/libdb.so in the rpm query). DO NOT download some Berkeley DB version from the network. Every Postfix program will dump core when it is built with a different Berkeley DB version diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 0a17d82fc..2a0b0e299 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -1358,13 +1358,7 @@ information: This is simply the DNS name of the server that the Postfix SMTP client connects to; this name may be obtained from other DNS lookups, such as MX lookups or CNAME lookups. Use of the hostname lookup key is - discouraged; always use the next-hop destination instead. The hostname - lookup key may not behave as you expect when SMTP connection caching is - enabled (with the smtp_connection_cache_destinations or - smtp_connection_cache_on_demand configuration parameter). Multiple - hostnames may resolve to the same IP address, and the hostname from the - SMTP connection cache overrides the hostname that Postfix uses for TLS - policy lookup or server certificate verification. + discouraged; always use the next-hop destination instead. next-hop destination This is normally the domain portion of the recipient address, but it may be overridden by information from the transport(5) table, from the @@ -1438,9 +1432,8 @@ perfect match between the server hostname and the server certificate, there is no guarantee that Postfix is connected to the right server. To avoid this loophole, take all of the following steps: - 1. Use a dedicated transport that does not cache SMTP connections. Otherwise, - the hostname from the SMTP connection cache overrides the hostname that - Postfix uses for TLS policy lookup and server certificate verification. + 1. Use a dedicated message delivery transport (for example, "securetls") as + illustrated below. 2. Eliminate MX lookups. Specify local transport(5) table entries for sensitive domains with explicit securetls:[mailhost] or securetls: @@ -1480,8 +1473,6 @@ the need for per-site table entries for secure-channel destinations. /etc/postfix/master.cf: securetls unix - - n - 100 smtp - -o smtp_connection_cache_on_demand=no - -o smtp_connection_cache_destinations= -o smtp_enforce_tls=yes -o smtp_tls_enforce_peername=yes diff --git a/postfix/html/DB_README.html b/postfix/html/DB_README.html index 3c803d077..d89fd5028 100644 --- a/postfix/html/DB_README.html +++ b/postfix/html/DB_README.html @@ -112,7 +112,7 @@ Berkeley DB versions Normally, Postfix builds with the default DB version that ships with the system.

-

To build Postfix on BSD systems with a specific DB version, +

To build Postfix on BSD systems with a non-default DB version, use a variant of the following commands:

diff --git a/postfix/html/LINUX_README.html b/postfix/html/LINUX_README.html index 202e30baf..65519b6b0 100644 --- a/postfix/html/LINUX_README.html +++ b/postfix/html/LINUX_README.html @@ -21,11 +21,20 @@

Warning: if you can't compile Postfix because the file "db.h" isn't found, then you MUST install the Berkeley DB development -package (package name: db???-devel-???) that comes with your Linux -system. Only that package contains the files that correspond to the -Berkeley DB version that is used by the system library routines. +package (name: db???-devel-???) that matches your system library. +You can find out what is installed with the rpm command. For example:

+
+
+$ rpm -qf /usr/lib/libdb.so
+db4-4.3.29-2
+
+
+ +

This means that you need to install db4-devel-4.3.29-2 (on +some systems, specify /lib/libdb.so in the rpm query).

+

DO NOT download some Berkeley DB version from the network. Every Postfix program will dump core when it is built with a different Berkeley DB version than the version that is used by the system diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index dcd74d232..43d6541eb 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -1842,13 +1842,7 @@ the following information:

name of the server that the Postfix SMTP client connects to; this name may be obtained from other DNS lookups, such as MX lookups or CNAME lookups. Use of the hostname lookup key is discouraged; always -use the next-hop destination instead. The hostname lookup key may -not behave as you expect when SMTP connection caching is enabled -(with the smtp_connection_cache_destinations or -smtp_connection_cache_on_demand configuration parameter). Multiple -hostnames may resolve to the same IP address, and the hostname from -the SMTP connection cache overrides the hostname that Postfix uses -for TLS policy lookup or server certificate verification. +use the next-hop destination instead.
next-hop destination
This is normally the domain portion of the recipient address, but it may be overridden by information from @@ -1947,10 +1941,8 @@ steps:

    -

  1. Use a dedicated transport that does not cache SMTP -connections. Otherwise, the hostname from the SMTP connection cache -overrides the hostname that Postfix uses for TLS policy lookup and -server certificate verification.

    +

  2. Use a dedicated message delivery transport (for example, +"securetls") as illustrated below.

  3. Eliminate MX lookups. Specify local transport(5) table entries for sensitive domains with explicit securetls:[mailhost] @@ -1998,8 +1990,6 @@ destinations.

    /etc/postfix/master.cf: securetls unix - - n - 100 smtp - -o smtp_connection_cache_on_demand=no - -o smtp_connection_cache_destinations= -o smtp_enforce_tls=yes -o smtp_tls_enforce_peername=yes diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index cf3ea6b11..b485dc1d8 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -8229,13 +8229,7 @@ use smtp_tls_policy_maps inst discouraged. Always use the full destination nexthop (enclosed in [] with a possible ":port" suffix). A recipient domain or MX-enabled transport next-hop with no port suffix may look like a bare hostname, -but is still a suitable destination. The hostname lookup key -may not behave as you expect when SMTP connection caching is enabled -(see smtp_connection_cache_destinations and -smtp_connection_cache_on_demand). Different hostnames may resolve -to the same IP address, and the hostname from the SMTP connection -cache overrides the hostname that Postfix uses for TLS policy lookup -and server certificate verification.

    +but is still a suitable destination.

    Specify a next-hop destination or server hostname on the left-hand side; no wildcards are allowed. The next-hop destination is either diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html index 28e5cc5d9..16184d224 100644 --- a/postfix/html/postsuper.1.html +++ b/postfix/html/postsuper.1.html @@ -30,7 +30,7 @@ POSTSUPER(1) POSTSUPER(1) Options: -c config_dir - The main.cf configuration file is in the named + The main.cf configuration file is in the named directory instead of the default configuration directory. See also the MAIL_CONFIG environment setting below. @@ -136,12 +136,32 @@ POSTSUPER(1) POSTSUPER(1) case. A requeued message is moved to the maildrop queue, - from where it is copied by the pickup daemon to a - new file whose name is guaranteed to match the new - queue file inode number. The new queue file is sub- - jected again to mail address rewriting and substi- - tution. This is useful when rewriting rules or vir- - tual mappings have changed. + from where it is copied by the pickup(8) and + cleanup(8) daemons to a new queue file. In many + respects its handling differs from that of a new + local submission. + + o The message is not subjected to the + smtpd_milters or non_smtpd_milters settings. + When mail has passed through an external + content filter, this would produce incorrect + results with Milter applications that depend + on original SMTP connection state informa- + tion. + + o The message is subjected again to mail + address rewriting and substitution. This is + useful when rewriting rules or virtual map- + pings have changed. + + The address rewriting context (local or + remote) is the same as when the message was + received. + + o The message is subjected to the same con- + tent_filter settings (if any) as used for + new local mail submissions. This is useful + when content_filter settings have changed. Warning: Postfix queue IDs are reused. There is a very small possibility that postsuper(1) requeues @@ -180,21 +200,21 @@ POSTSUPER(1) POSTSUPER(1) ENVIRONMENT MAIL_CONFIG - Directory with the main.cf file. + Directory with the main.cf file. BUGS Mail that is not sanitized by Postfix (i.e. mail in the maildrop queue) cannot be placed "on hold". CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant + The following main.cf parameters are especially relevant to this program. The text below provides only a parameter summary. See postconf(5) for more details including exam- ples. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and - master.cf configuration files. + The default location of the Postfix main.cf and + master.cf configuration files. hash_queue_depth (1) The number of subdirectory levels for queue direc- diff --git a/postfix/implementation-notes/MILTER b/postfix/implementation-notes/MILTER index 587500cff..16137f530 100644 --- a/postfix/implementation-notes/MILTER +++ b/postfix/implementation-notes/MILTER @@ -61,8 +61,8 @@ If Postfix does not implement a specific macro, people can usually work around it. But we should avoid inconsistency. If Postfix can make macro X available at Milter protocol stage Y, then it must also be able to make that macro available at all later Milter -protocol stages, even those that are handled by a different Postfix -process. +protocol stages, even when some of those stages are handled by a +different Postfix process. Thus, when adding Milter support for a specific Sendmail-like macro to the SMTP server: @@ -95,17 +95,11 @@ to queue file, then there is no need to Milter it again. We might want to take a similar approach with external (signing or blocking) content filters: don't filter mail that has already been -filtered. Unfortunately, this is complicated by the fact that mail -can make multiple iterations through Postfix (for example, when -multiple external content filters are configured). Mail that was -caught by "postsuper -r" somewhere in the middle if this trip should -not be allowed to slip past any filters. To achieve this, we would -have to preserve its current "content_filter" record that specifies -what needs to be done next. This is the opposite of normal "postsuper --r" usage, which is most often intended to remove unwanted -"content_filter" records. We could add a postsuper command-line -option to re-queue and preserve "content_filter" records, but is -is unlikely that humans will ever be able to use this correctly. +filtered, and don't filter mail that didn't need to be filtered. +Such mail can be recognized by the absence of a "content_filter" +record. To make the implementation efficient, the cleanup server +would have to record the presence of a "content_filter" record in +the queue file header. Message envelope or content modifications ========================================= diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1 index 23347ef1f..2b803854b 100644 --- a/postfix/man/man1/postsuper.1 +++ b/postfix/man/man1/postsuper.1 @@ -127,13 +127,31 @@ the program reads queue IDs from standard input. Specify \fB-r ALL\fR to requeue all messages. As a safety measure, the word \fBALL\fR must be specified in upper case. .sp -A requeued message is moved to the \fBmaildrop\fR queue, from -where it is copied by the pickup daemon to a new file whose name -is guaranteed to match the new queue file inode number. The -new queue file is subjected again to mail address rewriting and -substitution. This is useful when rewriting rules or virtual -mappings have changed. +A requeued message is moved to the \fBmaildrop\fR queue, +from where it is copied by the \fBpickup\fR(8) and +\fBcleanup\fR(8) daemons to a new queue file. In many +respects its handling differs from that of a new local +submission. +.RS +.IP \(bu +The message is not subjected to the smtpd_milters or +non_smtpd_milters settings. When mail has passed through +an external content filter, this would produce incorrect +results with Milter applications that depend on original +SMTP connection state information. +.IP \(bu +The message is subjected again to mail address rewriting +and substitution. This is useful when rewriting rules or +virtual mappings have changed. .sp +The address rewriting context (local or remote) is the same +as when the message was received. +.IP \(bu +The message is subjected to the same content_filter settings +(if any) as used for new local mail submissions. This is +useful when content_filter settings have changed. +.RE +.IP Warning: Postfix queue IDs are reused. There is a very small possibility that \fBpostsuper\fR(1) requeues the wrong message file when it is executed while the Postfix mail diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 4a085fda4..8484d0216 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -4683,13 +4683,7 @@ Use of the bare hostname as the per-site table lookup key is discouraged. Always use the full destination nexthop (enclosed in [] with a possible ":port" suffix). A recipient domain or MX-enabled transport next-hop with no port suffix may look like a bare hostname, -but is still a suitable \fIdestination\fR. The hostname lookup key -may not behave as you expect when SMTP connection caching is enabled -(see smtp_connection_cache_destinations and -smtp_connection_cache_on_demand). Different hostnames may resolve -to the same IP address, and the hostname from the SMTP connection -cache overrides the hostname that Postfix uses for TLS policy lookup -and server certificate verification. +but is still a suitable \fIdestination\fR. .PP Specify a next-hop destination or server hostname on the left-hand side; no wildcards are allowed. The next-hop destination is either diff --git a/postfix/proto/DB_README.html b/postfix/proto/DB_README.html index 505cbba8c..896817b25 100644 --- a/postfix/proto/DB_README.html +++ b/postfix/proto/DB_README.html @@ -112,7 +112,7 @@ Berkeley DB versions Normally, Postfix builds with the default DB version that ships with the system.

    -

    To build Postfix on BSD systems with a specific DB version, +

    To build Postfix on BSD systems with a non-default DB version, use a variant of the following commands:

    diff --git a/postfix/proto/LINUX_README.html b/postfix/proto/LINUX_README.html index ffefbf2ea..b2a7b5057 100644 --- a/postfix/proto/LINUX_README.html +++ b/postfix/proto/LINUX_README.html @@ -21,11 +21,20 @@

    Warning: if you can't compile Postfix because the file "db.h" isn't found, then you MUST install the Berkeley DB development -package (package name: db???-devel-???) that comes with your Linux -system. Only that package contains the files that correspond to the -Berkeley DB version that is used by the system library routines. +package (name: db???-devel-???) that matches your system library. +You can find out what is installed with the rpm command. For example:

    +
    +
    +$ rpm -qf /usr/lib/libdb.so
+db4-4.3.29-2
+
    +
    + +

    This means that you need to install db4-devel-4.3.29-2 (on +some systems, specify /lib/libdb.so in the rpm query).

    +

    DO NOT download some Berkeley DB version from the network. Every Postfix program will dump core when it is built with a different Berkeley DB version than the version that is used by the system diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html index 00e7cbd93..df965a3b7 100644 --- a/postfix/proto/TLS_README.html +++ b/postfix/proto/TLS_README.html @@ -1842,13 +1842,7 @@ the following information:

    name of the server that the Postfix SMTP client connects to; this name may be obtained from other DNS lookups, such as MX lookups or CNAME lookups. Use of the hostname lookup key is discouraged; always -use the next-hop destination instead. The hostname lookup key may -not behave as you expect when SMTP connection caching is enabled -(with the smtp_connection_cache_destinations or -smtp_connection_cache_on_demand configuration parameter). Multiple -hostnames may resolve to the same IP address, and the hostname from -the SMTP connection cache overrides the hostname that Postfix uses -for TLS policy lookup or server certificate verification.
+use the next-hop destination instead.
next-hop destination
This is normally the domain portion of the recipient address, but it may be overridden by information from @@ -1947,10 +1941,8 @@ steps:

    -

  1. Use a dedicated transport that does not cache SMTP -connections. Otherwise, the hostname from the SMTP connection cache -overrides the hostname that Postfix uses for TLS policy lookup and -server certificate verification.

    +

  2. Use a dedicated message delivery transport (for example, +"securetls") as illustrated below.

  3. Eliminate MX lookups. Specify local transport(5) table entries for sensitive domains with explicit securetls:[mailhost] @@ -1998,8 +1990,6 @@ destinations.

    /etc/postfix/master.cf: securetls unix - - n - 100 smtp - -o smtp_connection_cache_on_demand=no - -o smtp_connection_cache_destinations= -o smtp_enforce_tls=yes -o smtp_tls_enforce_peername=yes diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index b0e109933..0918f8db9 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -8670,13 +8670,7 @@ use smtp_tls_policy_maps instead.

    discouraged. Always use the full destination nexthop (enclosed in [] with a possible ":port" suffix). A recipient domain or MX-enabled transport next-hop with no port suffix may look like a bare hostname, -but is still a suitable destination. The hostname lookup key -may not behave as you expect when SMTP connection caching is enabled -(see smtp_connection_cache_destinations and -smtp_connection_cache_on_demand). Different hostnames may resolve -to the same IP address, and the hostname from the SMTP connection -cache overrides the hostname that Postfix uses for TLS policy lookup -and server certificate verification.

    +but is still a suitable destination.

    Specify a next-hop destination or server hostname on the left-hand side; no wildcards are allowed. The next-hop destination is either diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index 152c5c484..15052e3b7 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -779,6 +779,10 @@ static const char *cleanup_upd_header(void *context, ssize_t index, * The lookup result will never be a pointer record. * * Index 1 is the first matching header instance. + * + * XXX When a header is updated repeatedly we create jumps to jumps. To + * eliminate this, rewrite the loop below so that we can start with the + * pointer record that points to the header that's being edited. */ #define DONT_SAVE_RECORD 0 #define NO_PTR_BACKUP 0 @@ -826,7 +830,8 @@ static const char *cleanup_upd_header(void *context, ssize_t index, avail_space += read_offset - saved_read_offset; jumped = 1; } - if (rec_goto(state->dst, STR(rec_buf)) < 0) { + if (rec_goto(state->dst, STR(rec_buf)) < 0 + || (read_offset = vstream_ftell(state->dst)) < 0) { msg_warn("%s: read file %s: %m", myname, cleanup_path); CLEANUP_UPD_HEADER_RETURN(cleanup_milter_error(state, errno)); @@ -1761,7 +1766,7 @@ int main(int unused_argc, char **argv) msg_warn("bad add_header argument count: %d", argv->argc); } else { flatten_args(arg_buf, argv->argv + 2); - cleanup_add_header(state, argv->argv[2], STR(arg_buf)); + cleanup_add_header(state, argv->argv[1], STR(arg_buf)); } } else if (strcmp(argv->argv[0], "ins_header") == 0) { if (argv->argc < 3) { diff --git a/postfix/src/cleanup/cleanup_milter.in1 b/postfix/src/cleanup/cleanup_milter.in1 index d47d7eb15..e1929af74 100644 --- a/postfix/src/cleanup/cleanup_milter.in1 +++ b/postfix/src/cleanup/cleanup_milter.in1 @@ -9,4 +9,6 @@ ins_header 2 X-Test-Header test header value 2 del_header 2 X-Test-Header ins_header 3 X-Test-Header test header value 3 upd_header 1 X X-replaced-header replacement header text +upd_header 1 X X-replaced-header replacement header text +upd_header 1 X X-replaced-header replacement header text close diff --git a/postfix/src/cleanup/cleanup_milter.ref1 b/postfix/src/cleanup/cleanup_milter.ref1 index 0a54d2e6d..5fea0c699 100644 --- a/postfix/src/cleanup/cleanup_milter.ref1 +++ b/postfix/src/cleanup/cleanup_milter.ref1 @@ -38,8 +38,10 @@ 1353 pointer_record: 1193 1193 deleted_text: X-Test-Header: test header value 1 1229 pointer_record: 1370 - 1370 regular_text: X: X-replaced-header replacement header text - 1416 pointer_record: 881 + 1370 pointer_record: 1433 + 1433 pointer_record: 1496 + 1496 regular_text: X: X-replaced-header replacement header text + 1542 pointer_record: 881 881 regular_text: Y: 1234567 893 regular_text: Message-Id: <20060514010427.E0F703D1E36@tail.porcupine.org> 954 regular_text: Date: Sat, 13 May 2006 21:04:18 -0400 (EDT) diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b1f57e022..51265c66e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20060722" +#define MAIL_RELEASE_DATE "20060724" #define MAIL_VERSION_NUMBER "2.4" #ifdef SNAPSHOT diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c index 1cc8bb424..04514a448 100644 --- a/postfix/src/pickup/pickup.c +++ b/postfix/src/pickup/pickup.c @@ -221,9 +221,7 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info, * mail system against unreasonable inputs. This also requires that we * limit the size of envelope records written by the local posting agent. * - * Allow attribute records if the queue file is owned by the mail system - * (postsuper -r) or if the attribute specifies the MIME body type - * (sendmail -B). + * Records with named attributes are filtered by postdrop(1). * * We must allow PTR records here because of "postsuper -r". */ @@ -249,6 +247,8 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info, /* * XXX Workaround: REC_TYPE_FILT (used in envelopes) == REC_TYPE_CONT * (used in message content). + * + * As documented in postsuper(1), ignore content filter record. */ if (*expected != REC_TYPE_CONTENT[0]) { if (type == REC_TYPE_FILT) @@ -322,7 +322,7 @@ static int pickup_copy(VSTREAM *qfile, VSTREAM *cleanup, } /* - * Add content inspection transport. + * Add content inspection transport. See also postsuper(1). */ if (*var_filter_xport) rec_fprintf(cleanup, REC_TYPE_FILT, "%s", var_filter_xport); @@ -344,7 +344,10 @@ static int pickup_copy(VSTREAM *qfile, VSTREAM *cleanup, * For messages belonging to $mail_owner also log the maildrop queue id. * This supports message tracking for mail requeued via "postsuper -r". */ - if (info->st.st_uid == var_owner_uid) { +#define MAIL_IS_REQUEUED(info) \ + ((info)->st.st_uid == var_owner_uid && ((info)->st.st_mode & S_IROTH) == 0) + + if (MAIL_IS_REQUEUED(info)) { msg_info("%s: uid=%d from=<%s> orig_id=%s", info->id, (int) info->st.st_uid, info->sender, ((name = strrchr(info->path, '/')) != 0 ? @@ -456,7 +459,8 @@ static int pickup_file(PICKUP_INFO *info) cleanup_flags = input_transp_cleanup(CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_EXTERNAL, pickup_input_transp_mask); - if (info->st.st_uid == var_owner_uid && (info->st.st_mode & S_IROTH) == 0) + /* As documented in postsuper(1). */ + if (MAIL_IS_REQUEUED(info)) cleanup_flags &= ~CLEANUP_FLAG_MILTER; cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service); diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c index 94c55aa11..e3636cdf7 100644 --- a/postfix/src/postsuper/postsuper.c +++ b/postfix/src/postsuper/postsuper.c @@ -121,13 +121,31 @@ /* Specify \fB-r ALL\fR to requeue all messages. As a safety /* measure, the word \fBALL\fR must be specified in upper case. /* .sp -/* A requeued message is moved to the \fBmaildrop\fR queue, from -/* where it is copied by the pickup daemon to a new file whose name -/* is guaranteed to match the new queue file inode number. The -/* new queue file is subjected again to mail address rewriting and -/* substitution. This is useful when rewriting rules or virtual -/* mappings have changed. +/* A requeued message is moved to the \fBmaildrop\fR queue, +/* from where it is copied by the \fBpickup\fR(8) and +/* \fBcleanup\fR(8) daemons to a new queue file. In many +/* respects its handling differs from that of a new local +/* submission. +/* .RS +/* .IP \(bu +/* The message is not subjected to the smtpd_milters or +/* non_smtpd_milters settings. When mail has passed through +/* an external content filter, this would produce incorrect +/* results with Milter applications that depend on original +/* SMTP connection state information. +/* .IP \(bu +/* The message is subjected again to mail address rewriting +/* and substitution. This is useful when rewriting rules or +/* virtual mappings have changed. /* .sp +/* The address rewriting context (local or remote) is the same +/* as when the message was received. +/* .IP \(bu +/* The message is subjected to the same content_filter settings +/* (if any) as used for new local mail submissions. This is +/* useful when content_filter settings have changed. +/* .RE +/* .IP /* Warning: Postfix queue IDs are reused. /* There is a very small possibility that \fBpostsuper\fR(1) requeues /* the wrong message file when it is executed while the Postfix mail