From: Wietse Venema Date: Sat, 1 Mar 2003 05:00:00 +0000 (-0500) Subject: postfix-2.0.5-20030301 X-Git-Tag: v2.1-RC1-20040331~76 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27970e52450b82dc32ba2e71e95e4b701641284a;p=thirdparty%2Fpostfix.git postfix-2.0.5-20030301 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index ea741cb8b..79b0a655f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -7854,6 +7854,40 @@ Apologies for any names omitted. did not eliminate virtual expansion duplicates with the same original recipient. File: cleanup/cleanup_out_recipient.c. +20030223 + + Cleanup: added postmap/postalias -p option (do not inherit + the source file permissions when creating a new file), for + completeness. A feature that can't be turned off is a bug. + Files: postmap/postmap.c, postalias/postalias.c. + + Bugfix: smtpd_hard/soft_error_limit off-by-one error, so + that the real limit was one larger than the configured + value. File: smtpd/smtpd.c, smtpd/smtpd_chat.c. + +20030226 + + Safety: proxymap server defense against potential deadlock + when some library routine wants to open a proxied table. + Instead, proxymap opens the requested table directly. File: + proxymap/proxymap.c. + + Portability: updated AIX 5.x system dependent definitions. + File: util/sys_defs.h. + +20030227 + + Bugfix: added mynetworks to the list of proxy_read_maps + parameter settings that are pre-authorized to use proxied + table lookups. File: global/mail_params.h. + + Cleanup: daemons now log what table has changed before + restarting. Files: dict.c, and anything that invoked + dict_changed(). + + Cleanup: more consistency in the naming of lookup table + handles as generated by maps(3) and by match_list(3). + Open problems: Med: make qmgr recipient bounce/defer activity asynchronous diff --git a/postfix/README_FILES/FILTER_README b/postfix/README_FILES/FILTER_README index 63f99ee9a..e59ccfa51 100644 --- a/postfix/README_FILES/FILTER_README +++ b/postfix/README_FILES/FILTER_README @@ -343,9 +343,9 @@ new parameter: # cleanup service (defined further below). # smtp inet n - n - - smtpd - -o cleanup_service=pre-cleanup + -o cleanup_service_name=pre-cleanup pickup fifo n - n 60 1 pickup - -o cleanup_service=pre-cleanup + -o cleanup_service_name=pre-cleanup # # ------------------------------------------------------------------ # diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index f4765c11f..b4004cf8e 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -22,6 +22,15 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. +Incompatible changes with Postfix snapshot 2.0.3-20030227 +========================================================= + +The smtpd_hard_error_limit and smtpd_soft_error_limit values now +behave as documented, that is, smtpd_hard_error_limit=1 causes +Postfix to disconnect upon the first client error. Previously, +there was an off-by-one error causing Postfix to change behavior +after smtpd_hard/soft_error_limit+1 errors. + Incompatible changes with Postfix snapshot 2.0.3-20030125 ========================================================= diff --git a/postfix/conf/transport b/postfix/conf/transport index 73c15dbce..3ae93a7f0 100644 --- a/postfix/conf/transport +++ b/postfix/conf/transport @@ -101,8 +101,8 @@ # dependent. In the case of SMTP, specify host:service for a # non-default server port, and use [host] or [host]:port in # order to disable MX (mail exchanger) DNS lookups. The [] -# form can also be used with IP addresses instead of host- -# names. +# form is required when you specify an IP address instead of +# a hostname. # # A null transport and null nexthop result means "do not # change": use the delivery transport and nexthop informa- diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index b19ca66ec..e8a582d77 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -5,7 +5,7 @@ POSTALIAS(1) POSTALIAS(1) postalias - Postfix alias database maintenance SYNOPSIS - postalias [-Nfinorvw] [-c config_dir] [-d key] [-q key] + postalias [-Nfinoprvw] [-c config_dir] [-d key] [-q key] [file_type:]file_name ... DESCRIPTION @@ -24,45 +24,53 @@ POSTALIAS(1) POSTALIAS(1) the entire database, in order to avoid surprises in spec- tator programs. + The format of Postfix alias input files is described in + aliases(5). + Options: - -N Include the terminating null character that termi- - nates lookup keys and values. By default, Postfix + -N Include the terminating null character that termi- + nates lookup keys and values. By default, Postfix does whatever is the default for the host operating system. -c config_dir - Read the main.cf configuration file in the named + Read the main.cf configuration file in the named directory instead of the default configuration directory. - -d key Search the specified maps for key and remove one - entry per map. The exit status is zero when the + -d key Search the specified maps for key and remove one + entry per map. The exit status is zero when the requested information was found. If a key value of - is specified, the program reads key values from the standard input stream. The exit - status is zero when at least one of the requested + status is zero when at least one of the requested keys was found. -f Do not fold the lookup key to lower case while cre- ating or querying a map. - -i Incremental mode. Read entries from standard input + -i Incremental mode. Read entries from standard input and do not truncate an existing database. By - default, postalias creates a new database from the + default, postalias creates a new database from the entries in file_name. - -n Don't include the terminating null character that - terminates lookup keys and values. By default, - Postfix does whatever is the default for the host + -n Don't include the terminating null character that + terminates lookup keys and values. By default, + Postfix does whatever is the default for the host operating system. - -o Do not release root privileges when processing a - non-root input file. By default, postalias drops - root privileges and runs as the source file owner + -o Do not release root privileges when processing a + non-root input file. By default, postalias drops + root privileges and runs as the source file owner instead. + -p Do not inherit the file access permissions from the + input file when creating a new file. Instead, cre- + ate a new file with default access permissions + (mode 0644). + -q key Search the specified maps for key and print the first value found on the standard output stream. The exit status is zero when the requested informa- @@ -153,6 +161,7 @@ POSTALIAS(1) POSTALIAS(1) SEE ALSO aliases(5) format of alias database input file. + local(5) Postfix local delivery agent. sendmail(1) mail posting and compatibility interface. LICENSE diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index e589047c1..0873220c9 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -5,7 +5,7 @@ POSTMAP(1) POSTMAP(1) postmap - Postfix lookup table management SYNOPSIS - postmap [-Nfinorvw] [-c config_dir] [-d key] [-q key] + postmap [-Nfinoprvw] [-c config_dir] [-d key] [-q key] [file_type:]file_name ... DESCRIPTION @@ -24,6 +24,7 @@ POSTMAP(1) POSTMAP(1) the entire table, in order to avoid surprises in spectator programs. +INPUT FILE FORMAT The format of a lookup table input file is as follows: o A table entry has the form @@ -45,8 +46,7 @@ POSTMAP(1) POSTMAP(1) whitespace. The key is mapped to lowercase to make mapping lookups case insensitive. - Options: - +COMMAND-LINE ARGUMENTS -N Include the terminating null character that termi- nates lookup keys and values. By default, Postfix does whatever is the default for the host operating @@ -84,25 +84,30 @@ POSTMAP(1) POSTMAP(1) privileges and runs as the source file owner instead. - -q key Search the specified maps for key and print the - first value found on the standard output stream. + -p Do not inherit the file access permissions from the + input file when creating a new file. Instead, cre- + ate a new file with default access permissions + (mode 0644). + + -q key Search the specified maps for key and print the + first value found on the standard output stream. The exit status is zero when the requested informa- tion was found. If a key value of - is specified, the program reads - key values from the standard input stream and - prints one line of key value output for each key - that was found. The exit status is zero when at + key values from the standard input stream and + prints one line of key value output for each key + that was found. The exit status is zero when at least one of the requested keys was found. - -r When updating a table, do not warn about duplicate + -r When updating a table, do not warn about duplicate entries; silently replace them. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. - -w When updating a table, do not warn about duplicate + -w When updating a table, do not warn about duplicate entries; silently ignore them. Arguments: @@ -110,28 +115,28 @@ POSTMAP(1) POSTMAP(1) file_type The type of database to be produced. - btree The output file is a btree file, named - file_name.db. This is available only on + btree The output file is a btree file, named + file_name.db. This is available only on systems with support for db databases. - dbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available only on systems with support for + dbm The output consists of two files, named + file_name.pag and file_name.dir. This is + available only on systems with support for dbm databases. - hash The output file is a hashed file, named - file_name.db. This is available only on + hash The output file is a hashed file, named + file_name.db. This is available only on systems with support for db databases. - Use the command postconf -m to find out what types - of database your Postfix installation can support. + Use the command postconf -m to find out what types + of database your Postfix installation can support. - When no file_type is specified, the software uses - the database type specified via the + When no file_type is specified, the software uses + the database type specified via the default_database_type configuration parameter. file_name - The name of the lookup table source file when + The name of the lookup table source file when rebuilding a database. DIAGNOSTICS @@ -139,8 +144,8 @@ POSTMAP(1) POSTMAP(1) stream. No output means no problems. Duplicate entries are skipped and are flagged with a warning. - postmap terminates with zero exit status in case of suc- - cess (including successful postmap -q lookup) and termi- + postmap terminates with zero exit status in case of suc- + cess (including successful postmap -q lookup) and termi- nates with non-zero exit status in case of failure. ENVIRONMENT @@ -152,20 +157,20 @@ POSTMAP(1) POSTMAP(1) CONFIGURATION PARAMETERS default_database_type - Default output database type. On many UNIX sys- - tems, the default database type is either hash or + Default output database type. On many UNIX sys- + tems, the default database type is either hash or dbm. berkeley_db_create_buffer_size - Amount of buffer memory to be used when creating a + Amount of buffer memory to be used when creating a Berkeley DB hash or btree lookup table. berkeley_db_read_buffer_size - Amount of buffer memory to be used when reading a + Amount of buffer memory to be used when reading a Berkeley DB hash or btree lookup table. LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/proxymap.8.html b/postfix/html/proxymap.8.html index 12dad01ac..4ea05c096 100644 --- a/postfix/html/proxymap.8.html +++ b/postfix/html/proxymap.8.html @@ -29,10 +29,10 @@ PROXYMAP(8) PROXYMAP(8) tions" errors. The solution: virtual_alias_maps = - proxy:mysql:/etc/postfix/virtual.cf + proxy:mysql:/etc/postfix/virtual_alias.cf The total number of connections is limited by the - number of proxymap server server processes. + number of proxymap server processes. The proxymap server implements the following requests: diff --git a/postfix/html/spawn.8.html b/postfix/html/spawn.8.html index 34b342798..cf7d27797 100644 --- a/postfix/html/spawn.8.html +++ b/postfix/html/spawn.8.html @@ -1,5 +1,4 @@ 
-
 SPAWN(8)                                                 SPAWN(8)
 
 NAME
@@ -98,6 +97,5 @@ SPAWN(8)                                                 SPAWN(8)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                         SPAWN(8)
diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html index 774c557f5..3d63496b8 100644 --- a/postfix/html/transport.5.html +++ b/postfix/html/transport.5.html @@ -102,8 +102,8 @@ TRANSPORT(5) TRANSPORT(5) dependent. In the case of SMTP, specify host:service for a non-default server port, and use [host] or [host]:port in order to disable MX (mail exchanger) DNS lookups. The [] - form can also be used with IP addresses instead of host- - names. + form is required when you specify an IP address instead of + a hostname. A null transport and null nexthop result means "do not change": use the delivery transport and nexthop informa- diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1 index e7fc82ef0..5ad1dae2e 100644 --- a/postfix/man/man1/postalias.1 +++ b/postfix/man/man1/postalias.1 @@ -9,7 +9,7 @@ Postfix alias database maintenance .na .nf .fi -\fBpostalias\fR [\fB-Nfinorvw\fR] [\fB-c \fIconfig_dir\fR] +\fBpostalias\fR [\fB-Nfinoprvw\fR] [\fB-c \fIconfig_dir\fR] [\fB-d \fIkey\fR] [\fB-q \fIkey\fR] [\fIfile_type\fR:]\fIfile_name\fR ... .SH DESCRIPTION @@ -28,6 +28,9 @@ postponed, and an exclusive, advisory, lock is placed on the entire database, in order to avoid surprises in spectator programs. +The format of Postfix alias input files is described in +\fBaliases\fR(5). + Options: .IP \fB-N\fR Include the terminating null character that terminates lookup keys @@ -58,6 +61,10 @@ the host operating system. Do not release root privileges when processing a non-root input file. By default, \fBpostalias\fR drops root privileges and runs as the source file owner instead. +.IP \fB-p\fR +Do not inherit the file access permissions from the input file +when creating a new file. Instead, create a new file with default +access permissions (mode 0644). .IP "\fB-q \fIkey\fR" Search the specified maps for \fIkey\fR and print the first value found on the standard output stream. The exit status is zero @@ -146,6 +153,7 @@ RFC 822 (ARPA Internet Text Messages) .na .nf aliases(5) format of alias database input file. +local(5) Postfix local delivery agent. sendmail(1) mail posting and compatibility interface. .SH LICENSE .na diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index 9c6400b19..b66ec181a 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -9,7 +9,7 @@ Postfix lookup table management .na .nf .fi -\fBpostmap\fR [\fB-Nfinorvw\fR] [\fB-c \fIconfig_dir\fR] +\fBpostmap\fR [\fB-Nfinoprvw\fR] [\fB-c \fIconfig_dir\fR] [\fB-d \fIkey\fR] [\fB-q \fIkey\fR] [\fIfile_type\fR:]\fIfile_name\fR ... .SH DESCRIPTION @@ -29,7 +29,11 @@ While the table update is in progress, signal delivery is postponed, and an exclusive, advisory, lock is placed on the entire table, in order to avoid surprises in spectator programs. - +.SH INPUT FILE FORMAT +.na +.nf +.ad +.fi The format of a lookup table input file is as follows: .IP \(bu A table entry has the form @@ -48,8 +52,11 @@ surrounding white space is stripped off. Unlike with Postfix alias databases, quotes cannot be used to protect lookup keys that contain special characters such as `#' or whitespace. The \fIkey\fR is mapped to lowercase to make mapping lookups case insensitive. - -Options: +.SH COMMAND-LINE ARGUMENTS +.na +.nf +.ad +.fi .IP \fB-N\fR Include the terminating null character that terminates lookup keys and values. By default, Postfix does whatever is the default for @@ -79,6 +86,10 @@ the host operating system. Do not release root privileges when processing a non-root input file. By default, \fBpostmap\fR drops root privileges and runs as the source file owner instead. +.IP \fB-p\fR +Do not inherit the file access permissions from the input file +when creating a new file. Instead, create a new file with default +access permissions (mode 0644). .IP "\fB-q \fIkey\fR" Search the specified maps for \fIkey\fR and print the first value found on the standard output stream. The exit status is zero diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5 index f244a96c1..e4c69f372 100644 --- a/postfix/man/man5/transport.5 +++ b/postfix/man/man5/transport.5 @@ -102,7 +102,7 @@ The interpretation of the nexthop field is transport dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR in order to disable MX (mail exchanger) DNS lookups. The [] form -can also be used with IP addresses instead of hostnames. +is required when you specify an IP address instead of a hostname. A null \fItransport\fR and null \fInexthop\fR result means "do not change": use the delivery transport and nexthop information diff --git a/postfix/man/man8/proxymap.8 b/postfix/man/man8/proxymap.8 index b36119748..a801de872 100644 --- a/postfix/man/man8/proxymap.8 +++ b/postfix/man/man8/proxymap.8 @@ -33,10 +33,10 @@ in "too many connections" errors. The solution: .sp virtual_alias_maps = .ti +4 -proxy:mysql:/etc/postfix/virtual.cf +proxy:mysql:/etc/postfix/virtual_alias.cf .sp The total number of connections is limited by the number of -proxymap server server processes. +proxymap server processes. .PP The proxymap server implements the following requests: .IP "\fBPROXY_REQ_OPEN\fI maptype:mapname flags\fR" diff --git a/postfix/proto/transport b/postfix/proto/transport index 243a4dcec..e9ca553a0 100644 --- a/postfix/proto/transport +++ b/postfix/proto/transport @@ -90,7 +90,7 @@ # dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a # non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR # in order to disable MX (mail exchanger) DNS lookups. The [] form -# can also be used with IP addresses instead of hostnames. +# is required when you specify an IP address instead of a hostname. # # A null \fItransport\fR and null \fInexthop\fR result means "do # not change": use the delivery transport and nexthop information diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index ba7b6bf32..78baa9b05 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -311,8 +311,10 @@ static void cleanup_sig(int sig) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 9f8e01e41..5fda0d9de 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1345,7 +1345,8 @@ extern int var_local_rcpt_code; " $" VAR_SEND_CANON_MAPS \ " $" VAR_RCPT_CANON_MAPS \ " $" VAR_RELOCATED_MAPS \ - " $" VAR_TRANSPORT_MAPS + " $" VAR_TRANSPORT_MAPS \ + " $" VAR_MYNETWORKS extern char *var_proxy_read_maps; /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 0b630c3bc..2a57f519c 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,10 +20,10 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20030219" +#define MAIL_RELEASE_DATE "20030301" #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "2.0.4-" MAIL_RELEASE_DATE +#define DEF_MAIL_VERSION "2.0.5-" MAIL_RELEASE_DATE extern char *var_mail_version; /* diff --git a/postfix/src/global/maps.c b/postfix/src/global/maps.c index c9f6a05c4..fc7dedc32 100644 --- a/postfix/src/global/maps.c +++ b/postfix/src/global/maps.c @@ -104,7 +104,7 @@ /* maps_create - initialize */ -MAPS *maps_create(const char *title, const char *map_names, int flags) +MAPS *maps_create(const char *title, const char *map_names, int dict_flags) { const char *myname = "maps_create"; char *temp; @@ -130,13 +130,16 @@ MAPS *maps_create(const char *title, const char *map_names, int flags) bufp = temp = mystrdup(map_names); map_type_name_flags = vstring_alloc(10); +#define OPEN_FLAGS O_RDONLY + while ((map_type_name = mystrtok(&bufp, sep)) != 0) { - vstring_sprintf(map_type_name_flags, "%s:%o", map_type_name, flags); + vstring_sprintf(map_type_name_flags, "%s(%o,%o)", + map_type_name, OPEN_FLAGS, dict_flags); if ((dict = dict_handle(vstring_str(map_type_name_flags))) == 0) - dict = dict_open(map_type_name, O_RDONLY, flags); - if ((dict->flags & flags) != flags) + dict = dict_open(map_type_name, OPEN_FLAGS, dict_flags); + if ((dict->flags & dict_flags) != dict_flags) msg_panic("%s: map %s has flags 0%o, want flags 0%o", - myname, map_type_name, dict->flags, flags); + myname, map_type_name, dict->flags, dict_flags); dict_register(vstring_str(map_type_name_flags), dict); argv_add(maps->argv, vstring_str(map_type_name_flags), ARGV_END); } diff --git a/postfix/src/lmtp/lmtp.c b/postfix/src/lmtp/lmtp.c index c17cc2123..e1f36e45a 100644 --- a/postfix/src/lmtp/lmtp.c +++ b/postfix/src/lmtp/lmtp.c @@ -498,8 +498,10 @@ static void cleanup(void) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); cleanup(); exit(0); } diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index d6019f441..0aff9f290 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -654,8 +654,10 @@ static void local_mask_init(void) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/nqmgr/qmgr.c b/postfix/src/nqmgr/qmgr.c index cd1e72b1e..1c37cdef4 100644 --- a/postfix/src/nqmgr/qmgr.c +++ b/postfix/src/nqmgr/qmgr.c @@ -473,8 +473,10 @@ static int qmgr_loop(char *unused_name, char **unused_argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index 8dc0fe7f0..5a0de2882 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -941,8 +941,10 @@ static void pipe_service(VSTREAM *client_stream, char *service, char **argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index 4a88d6e25..82364b8ad 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -5,7 +5,7 @@ /* Postfix alias database maintenance /* SYNOPSIS /* .fi -/* \fBpostalias\fR [\fB-Nfinorvw\fR] [\fB-c \fIconfig_dir\fR] +/* \fBpostalias\fR [\fB-Nfinoprvw\fR] [\fB-c \fIconfig_dir\fR] /* [\fB-d \fIkey\fR] [\fB-q \fIkey\fR] /* [\fIfile_type\fR:]\fIfile_name\fR ... /* DESCRIPTION @@ -22,6 +22,9 @@ /* entire database, in order to avoid surprises in spectator /* programs. /* +/* The format of Postfix alias input files is described in +/* \fBaliases\fR(5). +/* /* Options: /* .IP \fB-N\fR /* Include the terminating null character that terminates lookup keys @@ -52,6 +55,10 @@ /* Do not release root privileges when processing a non-root /* input file. By default, \fBpostalias\fR drops root privileges /* and runs as the source file owner instead. +/* .IP \fB-p\fR +/* Do not inherit the file access permissions from the input file +/* when creating a new file. Instead, create a new file with default +/* access permissions (mode 0644). /* .IP "\fB-q \fIkey\fR" /* Search the specified maps for \fIkey\fR and print the first value /* found on the standard output stream. The exit status is zero @@ -130,6 +137,7 @@ /* RFC 822 (ARPA Internet Text Messages) /* SEE ALSO /* aliases(5) format of alias database input file. +/* local(5) Postfix local delivery agent. /* sendmail(1) mail posting and compatibility interface. /* LICENSE /* .ad @@ -178,6 +186,8 @@ #define STR vstring_str #define POSTALIAS_FLAG_AS_OWNER (1<<0) /* open dest as owner of source */ +#define POSTALIAS_FLAG_SAVE_PERM (1<<1) /* copy access permission + * from source */ /* postalias - create or update alias database */ @@ -215,7 +225,7 @@ static void postalias(char *map_type, char *path_name, int postalias_flags, /* * Turn off group/other read permissions as indicated in the source file. */ - if (S_ISREG(st.st_mode)) + if ((postalias_flags & POSTALIAS_FLAG_SAVE_PERM) && S_ISREG(st.st_mode)) saved_mask = umask(022 | (~st.st_mode & 077)); /* @@ -237,7 +247,7 @@ static void postalias(char *map_type, char *path_name, int postalias_flags, /* * And restore the umask, in case it matters. */ - if (S_ISREG(st.st_mode)) + if ((postalias_flags & POSTALIAS_FLAG_SAVE_PERM) && S_ISREG(st.st_mode)) umask(saved_mask); /* @@ -498,7 +508,7 @@ int main(int argc, char **argv) int fd; char *slash; struct stat st; - int postalias_flags = POSTALIAS_FLAG_AS_OWNER; + int postalias_flags = POSTALIAS_FLAG_AS_OWNER | POSTALIAS_FLAG_SAVE_PERM; int open_flags = O_RDWR | O_CREAT | O_TRUNC; int dict_flags = DICT_FLAG_DUP_WARN | DICT_FLAG_FOLD_KEY; char *query = 0; @@ -538,7 +548,7 @@ int main(int argc, char **argv) /* * Parse JCL. */ - while ((ch = GETOPT(argc, argv, "Nc:d:finoq:rvw")) > 0) { + while ((ch = GETOPT(argc, argv, "Nc:d:finopq:rvw")) > 0) { switch (ch) { default: usage(argv[0]); @@ -569,6 +579,9 @@ int main(int argc, char **argv) case 'o': postalias_flags &= ~POSTALIAS_FLAG_AS_OWNER; break; + case 'p': + postalias_flags &= ~POSTALIAS_FLAG_SAVE_PERM; + break; case 'q': if (query || delkey) msg_fatal("specify only one of -q or -d"); diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index cd3d6887e..2c425e5c4 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -5,7 +5,7 @@ /* Postfix lookup table management /* SYNOPSIS /* .fi -/* \fBpostmap\fR [\fB-Nfinorvw\fR] [\fB-c \fIconfig_dir\fR] +/* \fBpostmap\fR [\fB-Nfinoprvw\fR] [\fB-c \fIconfig_dir\fR] /* [\fB-d \fIkey\fR] [\fB-q \fIkey\fR] /* [\fIfile_type\fR:]\fIfile_name\fR ... /* DESCRIPTION @@ -23,7 +23,9 @@ /* postponed, and an exclusive, advisory, lock is placed on the /* entire table, in order to avoid surprises in spectator /* programs. -/* +/* INPUT FILE FORMAT +/* .ad +/* .fi /* The format of a lookup table input file is as follows: /* .IP \(bu /* A table entry has the form @@ -42,8 +44,9 @@ /* databases, quotes cannot be used to protect lookup keys that contain /* special characters such as `#' or whitespace. The \fIkey\fR is mapped /* to lowercase to make mapping lookups case insensitive. -/* -/* Options: +/* COMMAND-LINE ARGUMENTS +/* .ad +/* .fi /* .IP \fB-N\fR /* Include the terminating null character that terminates lookup keys /* and values. By default, Postfix does whatever is the default for @@ -73,6 +76,10 @@ /* Do not release root privileges when processing a non-root /* input file. By default, \fBpostmap\fR drops root privileges /* and runs as the source file owner instead. +/* .IP \fB-p\fR +/* Do not inherit the file access permissions from the input file +/* when creating a new file. Instead, create a new file with default +/* access permissions (mode 0644). /* .IP "\fB-q \fIkey\fR" /* Search the specified maps for \fIkey\fR and print the first value /* found on the standard output stream. The exit status is zero @@ -190,6 +197,7 @@ #define STR vstring_str #define POSTMAP_FLAG_AS_OWNER (1<<0) /* open dest as owner of source */ +#define POSTMAP_FLAG_SAVE_PERM (1<<1) /* copy access permission from source */ /* postmap - create or update mapping database */ @@ -221,7 +229,7 @@ static void postmap(char *map_type, char *path_name, int postmap_flags, /* * Turn off group/other read permissions as indicated in the source file. */ - if (S_ISREG(st.st_mode)) + if ((postmap_flags & POSTMAP_FLAG_SAVE_PERM) && S_ISREG(st.st_mode)) saved_mask = umask(022 | (~st.st_mode & 077)); /* @@ -243,7 +251,7 @@ static void postmap(char *map_type, char *path_name, int postmap_flags, /* * And restore the umask, in case it matters. */ - if (S_ISREG(st.st_mode)) + if ((postmap_flags & POSTMAP_FLAG_SAVE_PERM) && S_ISREG(st.st_mode)) umask(saved_mask); /* @@ -448,7 +456,7 @@ int main(int argc, char **argv) int fd; char *slash; struct stat st; - int postmap_flags = POSTMAP_FLAG_AS_OWNER; + int postmap_flags = POSTMAP_FLAG_AS_OWNER | POSTMAP_FLAG_SAVE_PERM; int open_flags = O_RDWR | O_CREAT | O_TRUNC; int dict_flags = DICT_FLAG_DUP_WARN | DICT_FLAG_FOLD_KEY; char *query = 0; @@ -488,7 +496,7 @@ int main(int argc, char **argv) /* * Parse JCL. */ - while ((ch = GETOPT(argc, argv, "Nc:d:finoq:rvw")) > 0) { + while ((ch = GETOPT(argc, argv, "Nc:d:finopq:rvw")) > 0) { switch (ch) { default: usage(argv[0]); @@ -519,6 +527,9 @@ int main(int argc, char **argv) case 'o': postmap_flags &= ~POSTMAP_FLAG_AS_OWNER; break; + case 'p': + postmap_flags &= ~POSTMAP_FLAG_SAVE_PERM; + break; case 'q': if (query || delkey) msg_fatal("specify only one of -q or -d"); diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c index 0caed2983..618d58595 100644 --- a/postfix/src/proxymap/proxymap.c +++ b/postfix/src/proxymap/proxymap.c @@ -27,10 +27,10 @@ /* .sp /* virtual_alias_maps = /* .ti +4 -/* proxy:mysql:/etc/postfix/virtual.cf +/* proxy:mysql:/etc/postfix/virtual_alias.cf /* .sp /* The total number of connections is limited by the number of -/* proxymap server server processes. +/* proxymap server processes. /* .PP /* The proxymap server implements the following requests: /* .IP "\fBPROXY_REQ_OPEN\fI maptype:mapname flags\fR" @@ -332,6 +332,18 @@ static void proxymap_service(VSTREAM *client_stream, char *unused_service, vstream_fflush(client_stream); } +/* dict_proxy_open - intercept remote map request from inside library */ + +DICT *dict_proxy_open(const char *map, int open_flags, int dict_flags) +{ + if (msg_verbose) + msg_info("dict_proxy_open(%s, 0%o, 0%o) called from internal routine", + map, open_flags, dict_flags); + while (strncmp(map, PROXY_COLON, PROXY_COLON_LEN) == 0) + map += PROXY_COLON_LEN; + return (dict_open(map, open_flags, dict_flags)); +} + /* post_jail_init - initialization after privilege drop */ static void post_jail_init(char *unused_name, char **unused_argv) @@ -371,8 +383,10 @@ static void post_jail_init(char *unused_name, char **unused_argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("some lookup table has changed -- restarting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c index 9ecfa116b..63a8e2dba 100644 --- a/postfix/src/qmgr/qmgr.c +++ b/postfix/src/qmgr/qmgr.c @@ -425,8 +425,10 @@ static int qmgr_loop(char *unused_name, char **unused_argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c index a125c52ac..4fe2cc8bd 100644 --- a/postfix/src/qmqpd/qmqpd.c +++ b/postfix/src/qmqpd/qmqpd.c @@ -662,8 +662,10 @@ static void qmqpd_service(VSTREAM *stream, char *unused_service, char **argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("lookup table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 420006b02..8e8e9519b 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -416,8 +416,10 @@ static void pre_init(char *unused_name, char **unused_argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 03a4d2c7a..e5514116b 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -1000,6 +1000,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) int prev_rec_type; int first = 1; VSTRING *why = 0; + int saved_err; /* * Sanity checks. With ESMTP command pipelining the client can send DATA @@ -1160,12 +1161,13 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) /* * Cleanup. The client may send another MAIL command. */ + saved_err = state->err; chat_reset(state, var_smtpd_hist_thrsh); mail_reset(state); rcpt_reset(state); if (why) vstring_free(why); - return (state->err); + return (saved_err); } /* rset_cmd - process RSET */ @@ -1479,7 +1481,7 @@ static void smtpd_proto(SMTPD_STATE *state) } for (;;) { - if (state->error_count > var_smtpd_hard_erlim) { + if (state->error_count >= var_smtpd_hard_erlim) { state->reason = "too many errors"; state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "421 Error: too many errors"); @@ -1604,8 +1606,10 @@ static void smtpd_service(VSTREAM *stream, char *unused_service, char **argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("lookup table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/smtpd/smtpd_chat.c b/postfix/src/smtpd/smtpd_chat.c index 176933669..2bb42adae 100644 --- a/postfix/src/smtpd/smtpd_chat.c +++ b/postfix/src/smtpd/smtpd_chat.c @@ -157,7 +157,7 @@ void smtpd_chat_reply(SMTPD_STATE *state, char *format,...) * sleep-on-anything slows down clients that make an excessive number of * errors within a session. */ - if (state->error_count > var_smtpd_soft_erlim) + if (state->error_count >= var_smtpd_soft_erlim) sleep(delay = (state->error_count > var_smtpd_err_sleep ? state->error_count : var_smtpd_err_sleep)); else if (STR(state->buffer)[0] == '4' || STR(state->buffer)[0] == '5') diff --git a/postfix/src/spawn/spawn.c b/postfix/src/spawn/spawn.c index b63a63b78..d33824a8d 100644 --- a/postfix/src/spawn/spawn.c +++ b/postfix/src/spawn/spawn.c @@ -281,8 +281,10 @@ static void spawn_service(VSTREAM *client_stream, char *service, char **argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index 759e8e317..3b80db5dc 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -284,8 +284,10 @@ static void rewrite_service(VSTREAM *stream, char *unused_service, char **argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } } diff --git a/postfix/src/util/dict.c b/postfix/src/util/dict.c index e19587781..538dbc95b 100644 --- a/postfix/src/util/dict.c +++ b/postfix/src/util/dict.c @@ -47,7 +47,7 @@ /* void (*action)(dict_name, dict_handle, context) /* char *context; /* -/* int dict_changed() +/* const char *dict_changed_name() /* AUXILIARY FUNCTIONS /* void dict_load_file(dict_name, path) /* const char *dict_name; @@ -130,8 +130,9 @@ /* .IP "char *context" /* Application context from the caller. /* .PP -/* dict_changed() returns non-zero when any dictionary needs to +/* dict_changed_name() returns non-zero when any dictionary needs to /* be re-opened because it has changed or because it was unlinked. +/* A non-zero result is the name of a changed dictionary. /* /* dict_load_file() reads name-value entries from the named file. /* Lines that begin with whitespace are concatenated to the preceding @@ -493,16 +494,16 @@ void dict_walk(DICT_WALK_ACTION action, char *ptr) myfree((char *) ht_info_list); } -/* dict_changed - see if any dictionary has changed */ +/* dict_changed_name - see if any dictionary has changed */ -int dict_changed(void) +const char *dict_changed_name(void) { - char *myname = "dict_changed"; + char *myname = "dict_changed_name"; struct stat st; HTABLE_INFO **ht_info_list; HTABLE_INFO **ht; HTABLE_INFO *h; - int status; + const char *status; DICT *dict; ht_info_list = htable_list(dict_table); @@ -514,8 +515,16 @@ int dict_changed(void) msg_warn("%s: table %s: null time stamp", myname, h->key); if (fstat(dict->stat_fd, &st) < 0) msg_fatal("%s: fstat: %m", myname); - status = (st.st_mtime != dict->mtime || st.st_nlink == 0); + if (st.st_mtime != dict->mtime || st.st_nlink == 0) + status = h->key; } myfree((char *) ht_info_list); return (status); } + +/* dict_changed - backwards compatibility */ + +int dict_changed(void) +{ + return (dict_changed_name() != 0); +} diff --git a/postfix/src/util/dict.h b/postfix/src/util/dict.h index 6f30e2fd7..5dfea824e 100644 --- a/postfix/src/util/dict.h +++ b/postfix/src/util/dict.h @@ -109,6 +109,7 @@ extern void dict_open_register(const char *, DICT *(*) (const char *, int, int)) typedef void (*DICT_WALK_ACTION) (const char *, DICT *, char *); extern void dict_walk(DICT_WALK_ACTION, char *); extern int dict_changed(void); +extern const char *dict_changed_name(void); /* LICENSE /* .ad diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c index f94950283..1ce24cb9b 100644 --- a/postfix/src/util/dict_open.c +++ b/postfix/src/util/dict_open.c @@ -395,7 +395,7 @@ int main(int argc, char **argv) vstream_fflush(VSTREAM_OUT); continue; } - if (dict_changed()) + if (dict_changed_name()) msg_warn("dictionary has changed"); key = vstring_str(unescape(keybuf, mystrtok(&bufp, " ="))); value = mystrtok(&bufp, " ="); diff --git a/postfix/src/util/match_list.c b/postfix/src/util/match_list.c index 3d9e71c3f..074c8f33c 100644 --- a/postfix/src/util/match_list.c +++ b/postfix/src/util/match_list.c @@ -106,7 +106,15 @@ static ARGV *match_list_parse(ARGV *list, char *string) char *bp = string; char *pattern; char *cp; + char *map_type_name; + char *map_type_name_flags; + /* + * XXX We do not support ! before /filename, because the file contents + * are expanded in-line. Fixing this requires separating the operator (!) + * from its operands (file content) so that the operator can apply to a + * group of operands. + */ while ((pattern = mystrtok(&bp, delim)) != 0) { if (*pattern == '/') { /* /file/name */ if (buf == 0) @@ -119,12 +127,19 @@ static ARGV *match_list_parse(ARGV *list, char *string) if (vstream_fclose(fp)) msg_fatal("%s: read file %s: %m", myname, pattern); } else if (strchr(pattern, ':') != 0) { /* type:table */ - for (cp = pattern; *cp == '!'; cp++) + if (buf == 0) + buf = vstring_alloc(10); +#define OPEN_FLAGS O_RDONLY +#define DICT_FLAGS DICT_FLAG_LOCK +#define STR(x) vstring_str(x) + for (map_type_name = pattern; *map_type_name == '!'; map_type_name++) /* void */ ; - if (dict_handle(pattern) == 0) - dict_register(pattern, - dict_open(pattern, O_RDONLY, DICT_FLAG_LOCK)); - argv_add(list, pattern, (char *) 0); + vstring_sprintf(buf, "%s(%o,%o)", pattern, OPEN_FLAGS, DICT_FLAGS); + map_type_name_flags = STR(buf) + (map_type_name - pattern); + if (dict_handle(map_type_name_flags) == 0) + dict_register(map_type_name_flags, + dict_open(map_type_name, OPEN_FLAGS, DICT_FLAGS)); + argv_add(list, STR(buf), (char *) 0); } else { /* other pattern */ argv_add(list, pattern, (char *) 0); } diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index d1735d9f8..e084d5cfb 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -334,10 +334,19 @@ extern int opterr; #define SUPPORTED #include #define MISSING_SETENV +#define USE_PATHS_H +#ifndef _PATH_BSHELL #define _PATH_BSHELL "/bin/sh" +#endif +#ifndef _PATH_MAILDIR #define _PATH_MAILDIR "/var/spool/mail" /* paths.h lies */ +#endif +#ifndef _PATH_DEFPATH #define _PATH_DEFPATH "/usr/bin:/usr/ucb" +#endif +#ifndef _PATH_STDPATH #define _PATH_STDPATH "/usr/bin:/usr/sbin:/usr/ucb" +#endif #define HAS_FCNTL_LOCK #define INTERNAL_LOCK MYFLOCK_STYLE_FCNTL #define DEF_MAILBOX_LOCK "fcntl, dotlock" @@ -349,14 +358,12 @@ extern int opterr; #define HAS_NIS #define HAS_SA_LEN #define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0) -#define RESOLVE_H_NEEDS_STDIO_H #define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb" -#define SOCKADDR_SIZE size_t -#define SOCKOPT_SIZE size_t +#define SOCKADDR_SIZE socklen_t +#define SOCKOPT_SIZE socklen_t #define USE_STATVFS #define STATVFS_IN_SYS_STATVFS_H -#define STRCASECMP_IN_STRINGS_H -#define NATIVE_SENDMAIL_PATH "/usr/lib/sendmail" +#define NATIVE_SENDMAIL_PATH "/usr/sbin/sendmail" #define NATIVE_MAILQ_PATH "/usr/sbin/mailq" #define NATIVE_NEWALIAS_PATH "/usr/sbin/newaliases" #define NATIVE_COMMAND_DIR "/usr/sbin" diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index e0896f0b0..86690fae8 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -395,8 +395,10 @@ static void local_service(VSTREAM *stream, char *service, char **argv) static void pre_accept(char *unused_name, char **unused_argv) { - if (dict_changed()) { - msg_info("table has changed -- exiting"); + const char *table; + + if ((table = dict_changed_name()) != 0) { + msg_info("table %s has changed -- restarting", table); exit(0); } }