From: Wietse Venema Date: Sun, 2 Aug 2009 05:00:00 +0000 (-0500) Subject: postfix-2.6.3 X-Git-Tag: v2.6.3^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=347153765109eede9c947b32d0d5e5f713ede3ec;p=thirdparty%2Fpostfix.git postfix-2.6.3 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 6fa824c64..5ccc72003 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15240,3 +15240,32 @@ Apologies for any names omitted. and broke reject_unauthenticated_sender_login_mismatch and reject_sender_login_mismatch. Based on fix by Victor Duchovni. File: smtpd/smtpd_check.c. + +20090605 + + Bugfix: "postmulti -e destroy" used hard-coded /bin/env + command. Simplified the "destroy" procedure to destroy only + known safe names without "/". File: conf/postmulti-script. + +20090710 + + Bugfix (introduced Postfix 2.3): Postfix got out of sync + with a Milter application after the application sent a + "quarantine" request at end-of-message time. The milter + application would still be in the end-of-message state, + while Postfix would already be working on the next SMTP + event (typically, QUIT or MAIL FROM). Problem diagnosed + with help from Alban Deniz. File: milter/milter8.c. + +20090712 + + Bugfix (garbage introduced Postfix 2.6): the ugly + ${multi_instance_name:postfix}${multi_instance_name + ?$multi_instance_name} garbage in Postfix logging is now + hopefully gone. File: global/mail_task.c. + +20090715 + + Documentation: as of Postfix 2.6, the reject_unauth_pipelining + feature can be used meaningfully at any protocol stage. + File: proto/postconf.proto. diff --git a/postfix/conf/postmulti-script b/postfix/conf/postmulti-script index 3f1333be3..417a8718a 100644 --- a/postfix/conf/postmulti-script +++ b/postfix/conf/postmulti-script @@ -228,6 +228,17 @@ deport) ;; destroy) + + # "postmulti -e destroy" will remove an entire instance only when + # invoked immediately after "postmulti -e create" (i.e. before + # other files are added to the instance). We delete only known + # safe names without "/". + # + QUEUE_SUBDIRS="active bounce corrupt defer deferred flush hold \ + incoming maildrop pid private public saved trace" + #DEBUG=echo + WARN="postlog -p warn -t $TAG" + # Locate the target instance # [ -f "$config_directory/main.cf" ] || @@ -236,57 +247,36 @@ destroy) postfix -c "$config_directory" status >/dev/null 2>&1 && fatal "Instance '$config_directory' is not stopped" - # XXX: Internal "postfix /some/cmd" interface via /bin/env for execvp(). - # - for q in maildrop incoming active deferred hold - do - postfix -c "$config_directory" /bin/env \ - find "$q" ! -name "$q" ! -name "?" -perm 0700 -print | - grep "^" >/dev/null && - fatal "Instance '$config_directory' $q queue is not empty" - done - # Update multi_instance directories # and also (just in case) drop from alternate_config_directories # - update_cfdirs del $config_directory || exit 1 + $DEBUG update_cfdirs del "$config_directory" || exit 1 - # Change default personalities: - MAIL_CONFIG="$config_directory"; export MAIL_CONFIG - - # Full steam ahead, instance will be at least partly destroyed! - - # Try to remove data_directory, but not sub-directories. - # Note: care with "$TAG" insertion into sh -c 'script'. + # XXX: Internal "postfix /some/cmd" interface. # - postfix /bin/sh -c \ - 'cd $data_directory; rm -f -- *; cd ..; rmdir $data_directory; \ - PATH=$command_directory:$PATH; export PATH; \ - test -d $data_directory && \ - postlog -p warn -t "'"$TAG"'" \ - "$data_directory partly removed" 2>&1' 2>/dev/null - - # Remove Postfix-owned files in the queue directory. - # Remove all files in the "pid" sub-directory. - # Remove empty directories. - # Note: care with "$TAG" insertion into sh -c 'script'. - postfix /bin/sh -c \ - 'find . -user $mail_owner ! -type d -exec rm -f -- "{}" ";"; \ - find . -depth -user $mail_owner -type d -exec rmdir -- "{}" ";"; \ - rm -f -- pid/*; rmdir *; cd ..; rmdir $queue_directory; \ - PATH=$command_directory:$PATH; export PATH; \ - test -d $queue_directory && \ - postlog -p warn -t "'"$TAG"'" \ - "$queue_directory partly removed" 2>&1' 2>/dev/null + postfix -c "$config_directory" /bin/sh -c " + for q in $QUEUE_SUBDIRS + do + $DEBUG rmdir -- \$q || + $WARN \`pwd\`/\$q: please verify contents and remove by hand + done + " + + postfix -c "$config_directory" /bin/sh -c " + for dir in \$data_directory \$queue_directory + do + $DEBUG rmdir -- \$dir || + $WARN \$dir: please verify contents and remove by hand + done + " # In the configuration directory remove just the main.cf and master.cf # files. - rm -f -- "$MAIL_CONFIG/master.cf" "$MAIL_CONFIG/main.cf" 2>/dev/null - rmdir -- "$MAIL_CONFIG" 2>/dev/null - test -d "$MAIL_CONFIG" && \ - postlog -p warn -t "$TAG" \ - "$MAIL_CONFIG partly removed" 2>&1 + $DEBUG rm -f -- "$config_directory/master.cf" "$config_directory/main.cf" 2>/dev/null + $DEBUG rmdir -- "$config_directory" || + $WARN $config_directory: please verify contents and remove by hand ;; + enable) postconf -c "$config_directory" -e \ "multi_instance_enable = yes" || exit 1;; diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 49287c76f..c18d7c75c 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -10657,11 +10657,15 @@ of time where it is not allowed, or when the client sends SMTP commands ahead of time without knowing that Postfix actually supports ESMTP command pipelining. This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up -deliveries.
Note: reject_unauth_pipelining is not useful -outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO -instead of HELO) and 2) with "smtpd_delay_reject = yes" (the -default). The use of reject_unauth_pipelining in the other -restriction contexts is therefore not recommended. +deliveries. +
With Postfix 2.6 and later, the SMTP server sets a per-session +flag whenever it detects illegal pipelining, including pipelined +EHLO or HELO commands. The reject_unauth_pipelining feature simply +tests whether the flag was set at any point in time during the +session. +
With older Postfix versions, reject_unauth_pipelining checks +the current status of the input read queue, and its usage is not +recommended in contexts other than smtpd_data_restrictions.
reject
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 298ae5921..fbe4fd308 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -6519,11 +6519,15 @@ ESMTP command pipelining. This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up deliveries. .br -Note: reject_unauth_pipelining is not useful -outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO -instead of HELO) and 2) with "smtpd_delay_reject = yes" (the -default). The use of reject_unauth_pipelining in the other -restriction contexts is therefore not recommended. +With Postfix 2.6 and later, the SMTP server sets a per-session +flag whenever it detects illegal pipelining, including pipelined +EHLO or HELO commands. The reject_unauth_pipelining feature simply +tests whether the flag was set at any point in time during the +session. +.br +With older Postfix versions, reject_unauth_pipelining checks +the current status of the input read queue, and its usage is not +recommended in contexts other than smtpd_data_restrictions. .IP "\fBreject\fR" Reject the request. This restriction is useful at the end of a restriction list, to make the default policy explicit. The diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index e1139ec33..e5c12aaeb 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -4939,11 +4939,15 @@ of time where it is not allowed, or when the client sends SMTP commands ahead of time without knowing that Postfix actually supports ESMTP command pipelining. This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up -deliveries.
Note: reject_unauth_pipelining is not useful -outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO -instead of HELO) and 2) with "smtpd_delay_reject = yes" (the -default). The use of reject_unauth_pipelining in the other -restriction contexts is therefore not recommended. +deliveries. +
With Postfix 2.6 and later, the SMTP server sets a per-session +flag whenever it detects illegal pipelining, including pipelined +EHLO or HELO commands. The reject_unauth_pipelining feature simply +tests whether the flag was set at any point in time during the +session. +
With older Postfix versions, reject_unauth_pipelining checks +the current status of the input read queue, and its usage is not +recommended in contexts other than smtpd_data_restrictions.
reject
diff --git a/postfix/src/global/mail_task.c b/postfix/src/global/mail_task.c index 9f2fbc059..b1df611d4 100644 --- a/postfix/src/global/mail_task.c +++ b/postfix/src/global/mail_task.c @@ -59,7 +59,8 @@ const char *mail_task(const char *argv0) /* Setenv()-ed from main.cf, or inherited from master. */ if ((tag = safe_getenv(CONF_ENV_LOGTAG)) == 0) /* Check main.cf settings directly, in case set-gid. */ - tag = var_syslog_name ? var_syslog_name : DEF_SYSLOG_NAME; + tag = var_syslog_name ? var_syslog_name : + mail_conf_eval(DEF_SYSLOG_NAME); vstring_sprintf(canon_name, "%s/%s", tag, argv0); return (vstring_str(canon_name)); } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index c33c7b28f..f80a7c53a 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20090603" -#define MAIL_VERSION_NUMBER "2.6.2" +#define MAIL_RELEASE_DATE "20090802" +#define MAIL_VERSION_NUMBER "2.6.3" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index d49f656dd..e839532f6 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -1296,7 +1296,8 @@ static const char *milter8_event(MILTER8 *milter, int event, /* * Decision: quarantine. In Sendmail 8.13 this does not imply a * transition in the receiver state (reply, reject, tempfail, - * accept, discard). + * accept, discard). We should not transition, either, otherwise + * we get out of sync. */ case SMFIR_QUARANTINE: /* XXX What to do with the "reason" text? */ @@ -1304,7 +1305,8 @@ static const char *milter8_event(MILTER8 *milter, int event, MILTER8_DATA_BUFFER, milter->buf, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); - MILTER8_EVENT_BREAK("H"); + milter8_def_reply(milter, "H"); + continue; /* * Decision: skip further events of this type.