From: Wietse Venema Date: Wed, 19 Feb 2003 05:00:00 +0000 (-0500) Subject: postfix-2.0.4 X-Git-Tag: v2.0.4^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35db3ac617064b98f0e7e1b13a7d6e0f6d457603;p=thirdparty%2Fpostfix.git postfix-2.0.4 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 15b835c9a..e9e085302 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -7620,6 +7620,42 @@ Apologies for any names omitted. manager, since a better test was implemented recently in the trivial-rewrite server. Files: *qmgr/qmgr_message.c. +20030126 + + Update: maildir filename algorithm updated according to + today's version of http://cr.yp.to/proto/maildir.html. + +20030127 + + Cleanup: use separate error messages for separate problems + with computing the list of SASL authentication mechanisms. + File: smtpd/smtpd_sasl_glue.c. + +20030130 + + Bugfix: allow $name in default time values. File: + global/mail_conf_time.c. + +20030219 + + Bugfix: the local pickup daemon skipped unterminated records, + since they happened to have the same record type code as + content filtering instructions. Victor Duchovni. Files: + global/rec_type.h, pickup/pickup.c. + + Portability: Postfix could block, and thus not enforce + command execution time limits, while delivering mail to + command. File: global/pipe_command.c. + + Bugfix: command execution time limits were not enforced + because the child process killing code in pipe_command() + was running with the wrong privileges. Problem reported by + Ben Rosengart, Panix. File: global/pipe_command.c. + + Bugfix: duplicate recipient filtering in the cleanup server + did not eliminate virtual expansion duplicates with the + same original recipient. File: cleanup/cleanup_out_recipient.c. + Open problems: Low: after successful delivery, per-queue window += 1/window, diff --git a/postfix/README_FILES/LOCAL_RECIPIENT_README b/postfix/README_FILES/LOCAL_RECIPIENT_README index 7c693f2cd..0b9c3e77b 100644 --- a/postfix/README_FILES/LOCAL_RECIPIENT_README +++ b/postfix/README_FILES/LOCAL_RECIPIENT_README @@ -24,6 +24,10 @@ The local_recipient_maps parameter specifies lookup tables with all names or addresses of local recipients. A recipient address is local when the address domain matches $mydestination or $inet_interfaces. +The right-hand side of the lookup tables is conveniently ignored. +In the left-hand side, specify a bare username, an @domain.tld +wild-card, or specify a user@domain.tld address. + If the local_recipient_maps parameter value is non-empty, then the SMTP server will reject for an unknown local recipient mail with "User unknown in local recipient table". diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 552f26f96..3348a9141 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -24,6 +24,20 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. +Incompatible changes with Postfix version 2.0.4 (released 20030219) +=================================================================== + +The maildir file naming algorithm has changed in accordance with +an updated version of http://cr.yp.to/proto/maildir.html. The name +is now TIME.VdevIinum.HOST + +Incompatible changes with Postfix version 2.0.3 (released 20030124) +=================================================================== + +The maildir file naming algorithm has changed. Pending a usable +version of http://cr.yp.to/proto/maildir.html, the name is now +TIME.DEV_INUM.HOST. + Incompatible changes with Postfix version 2.0.1 (released 20030112) =================================================================== diff --git a/postfix/conf/access b/postfix/conf/access index 0b4a8ad63..8bba416d3 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -164,38 +164,39 @@ # about content filters is in the Postfix FIL- # TER_README file. # -# Note: this action currently affects all recipients -# of the message. +# Note: this action overrides the main.cf con- +# tent_filter setting, and currently affects all +# recipients of the message. # # restriction... # Apply the named UCE restriction(s) (permit, reject, # reject_unauth_destination, and so on). # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire string being looked up. Depending on the appli- -# cation, that string is an entire client hostname, an +# cation, that string is an entire client hostname, an # entire client IP address, or an entire mail address. Thus, # no parent domain or parent network search is done, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user@ and domain constituent parts, nor is user+foo broken # up into user and foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search # string. # -# Actions are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # SEE ALSO # postmap(1) create mapping table @@ -204,7 +205,7 @@ # regexp_table(5) format of POSIX regular expression tables # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index a8a5f1141..3d3bc6706 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -188,6 +188,10 @@ mail_owner = postfix # to access the passwd file via the proxymap service, in order to # overcome chroot restrictions. The alternative, having a copy of # the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. # #local_recipient_maps = unix:passwd.byname $alias_maps #local_recipient_maps = proxy:unix:passwd.byname $alias_maps @@ -307,6 +311,10 @@ unknown_local_recipient_reject_code = 450 # # If this parameter is defined, then the SMTP server will reject # mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. # #relay_recipient_maps = hash:/etc/postfix/relay_recipients diff --git a/postfix/conf/sample-pcre-body.cf b/postfix/conf/sample-pcre-body.cf index 14e151225..90dd01503 100644 --- a/postfix/conf/sample-pcre-body.cf +++ b/postfix/conf/sample-pcre-body.cf @@ -51,7 +51,8 @@ # and after the filter, with header/body # checks turned off in the second cleanup # server. More information about content filters -# is in the Postfix FILTER_README file. +# is in the Postfix FILTER_README file. This feature +# overrides the main.cf content_filter setting. # # Substitution of sub-strings from the matched expression is # possible using the conventional perl syntax. The macros in the diff --git a/postfix/conf/sample-pcre-header.cf b/postfix/conf/sample-pcre-header.cf index 9dc72813a..8a8d05a1f 100644 --- a/postfix/conf/sample-pcre-header.cf +++ b/postfix/conf/sample-pcre-header.cf @@ -52,7 +52,8 @@ # and after the filter, with header/body # checks turned off in the second cleanup # server. More information about content filters -# is in the Postfix FILTER_README file. +# is in the Postfix FILTER_README file. This feature +# overrides the main.cf content_filter setting. # # Substitution of sub-strings from the matched expression is # possible using the conventional perl syntax. The macros in the diff --git a/postfix/conf/sample-regexp-body.cf b/postfix/conf/sample-regexp-body.cf index e86c306fb..8a4e809d7 100644 --- a/postfix/conf/sample-regexp-body.cf +++ b/postfix/conf/sample-regexp-body.cf @@ -43,7 +43,8 @@ # After the message is queued, send the entire message through # a content filter. This requires different cleanup servers # before and after the filter, with header/body checks turned -# off in the second cleanup server. +# off in the second cleanup server. This overrides the main.cf +# content filter setting. # Skip over base 64 encoded blocks. This saves lots of CPU cycles. # Expressions by Liviu Daia. Amended by Victor Duchovni. diff --git a/postfix/conf/sample-regexp-header.cf b/postfix/conf/sample-regexp-header.cf index bc29fdf6d..c4ba8dc1e 100644 --- a/postfix/conf/sample-regexp-header.cf +++ b/postfix/conf/sample-regexp-header.cf @@ -43,7 +43,8 @@ # After the message is queued, send the entire message through # a content filter. This requires different cleanup servers # before and after the filter, with header/body checks turned -# off in the second cleanup server. +# off in the second cleanup server. This overrides the main.cf +# content filter setting. /^Subject: Make Money Fast/ REJECT /^To: friend@public.com/ REJECT diff --git a/postfix/conf/sample-smtpd.cf b/postfix/conf/sample-smtpd.cf index 0afb9de44..5a7e1f495 100644 --- a/postfix/conf/sample-smtpd.cf +++ b/postfix/conf/sample-smtpd.cf @@ -32,11 +32,17 @@ # - You use the "luser_relay", "mailbox_transport", or "fallback_transport" # feature of the Postfix local delivery agent (see sample-local.cf). # +# Details are described in the LOCAL_RECIPIENT_README file. +# # Beware: if the Postfix SMTP server runs chrooted, you probably have # to access the passwd file via the proxymap service, in order to # overcome chroot restrictions. The alternative, having a copy of # the system passwd file in the chroot jail is just not practical. # +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# #local_recipient_maps = #local_recipient_maps = unix:passwd.byname $alias_maps local_recipient_maps = proxy:unix:passwd.byname $alias_maps @@ -60,6 +66,10 @@ unknown_local_recipient_reject_code = 550 # # If this parameter is defined, then the SMTP server will reject # mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. # #relay_recipient_maps = hash:/etc/postfix/relay_recipients @@ -266,6 +276,7 @@ mynetworks_style = subnet # Discard the message if the result is DISCARD text... # Hold the message in the queue if the result is HOLD text... # Release mail "on hold" with the postsuper(1) command. +# Filter the message if the result is FILTER transport:nexthop. # Permit the SMTP client if the result is OK or all numerical. # reject_rbl_client domain.tld: reject if the reversed client IP address # is listed in an A record under domain.tld. @@ -312,6 +323,7 @@ smtpd_helo_required = no # Discard the message if the result is DISCARD text... # Hold the message in the queue if the result is HOLD text... # Release mail "on hold" with the postsuper(1) command. +# Filter the message if the result is FILTER transport:nexthop. # Permit the HELO command if the result is OK or all numerical. # reject: reject the request. Place this at the end of a restriction. # permit: permit the request. Place this at the end of a restriction. @@ -349,6 +361,7 @@ smtpd_helo_restrictions = # Discard the message if the result is DISCARD text... # Hold the message in the queue if the result is HOLD text... # Release mail "on hold" with the postsuper(1) command. +# Filter the message if the result is FILTER transport:nexthop. # Permit the sender if the result is OK or all numerical. # reject_sender_login_mismatch: reject if $smtpd_sender_login_maps specifies # a MAIL FROM address owner, but the client is not (SASL) logged in as @@ -420,6 +433,7 @@ smtpd_sender_restrictions = # Discard the message if the result is DISCARD text... # Hold the message in the queue if the result is HOLD text... # Release mail "on hold" with the postsuper(1) command. +# Filter the message if the result is FILTER transport:nexthop. # Permit the recipient if the result is OK or all numerical. # reject_non_fqdn_recipient: reject recipient address that is not in FQDN form # reject: reject the request. Place this at the end of a restriction. diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html index 5158b390c..aed7ff3f7 100644 --- a/postfix/html/access.5.html +++ b/postfix/html/access.5.html @@ -165,38 +165,39 @@ ACCESS(5) ACCESS(5) about content filters is in the Postfix FIL- TER_README file. - Note: this action currently affects all recipients - of the message. + Note: this action overrides the main.cf con- + tent_filter setting, and currently affects all + recipients of the message. restriction... Apply the named UCE restriction(s) (permit, reject, reject_unauth_destination, and so on). REGULAR EXPRESSION TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire string being looked up. Depending on the appli- - cation, that string is an entire client hostname, an + cation, that string is an entire client hostname, an entire client IP address, or an entire mail address. Thus, no parent domain or parent network search is done, - user@domain mail addresses are not broken up into their + user@domain mail addresses are not broken up into their user@ and domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search string. - Actions are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Actions are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. SEE ALSO postmap(1) create mapping table @@ -205,7 +206,7 @@ ACCESS(5) ACCESS(5) regexp_table(5) format of POSIX regular expression tables LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5 index 12528f659..9999f77b0 100644 --- a/postfix/man/man5/access.5 +++ b/postfix/man/man5/access.5 @@ -152,7 +152,8 @@ After the message is queued, send the entire message through a content filter. More information about content filters is in the Postfix FILTER_README file. .sp -Note: this action currently affects all recipients of the message. +Note: this action overrides the \fBmain.cf content_filter\fR setting, +and currently affects all recipients of the message. .IP \fIrestriction...\fR Apply the named UCE restriction(s) (\fBpermit\fR, \fBreject\fR, \fBreject_unauth_destination\fR, and so on). diff --git a/postfix/proto/access b/postfix/proto/access index eef4a4bf1..3468a359f 100644 --- a/postfix/proto/access +++ b/postfix/proto/access @@ -136,7 +136,8 @@ # a content filter. More information about content filters # is in the Postfix FILTER_README file. # .sp -# Note: this action currently affects all recipients of the message. +# Note: this action overrides the \fBmain.cf content_filter\fR setting, +# and currently affects all recipients of the message. # .IP \fIrestriction...\fR # Apply the named UCE restriction(s) (\fBpermit\fR, \fBreject\fR, # \fBreject_unauth_destination\fR, and so on). diff --git a/postfix/src/cleanup/cleanup_out_recipient.c b/postfix/src/cleanup/cleanup_out_recipient.c index 427a1faf9..97129487e 100644 --- a/postfix/src/cleanup/cleanup_out_recipient.c +++ b/postfix/src/cleanup/cleanup_out_recipient.c @@ -69,25 +69,25 @@ void cleanup_out_recipient(CLEANUP_STATE *state, const char *orcpt, char **cpp; /* - * Apply the duplicate recipient filter before virtual expansion, so that - * we can distinguish between different addresses that map onto the same - * mailbox. The recipient will use our original recipient message header - * to figure things out. + * Distinguish between different original recipient addresses that map + * onto the same mailbox. The recipient will use our original recipient + * message header to figure things out. */ - if (been_here_fixed(state->dups, recip) != 0) - return; - if (cleanup_virt_alias_maps == 0) { - cleanup_out_string(state, REC_TYPE_ORCP, orcpt); - cleanup_out_string(state, REC_TYPE_RCPT, recip); - state->rcpt_count++; + if (been_here(state->dups, "%s\n%s", orcpt, recip) == 0) { + cleanup_out_string(state, REC_TYPE_ORCP, orcpt); + cleanup_out_string(state, REC_TYPE_RCPT, recip); + state->rcpt_count++; + } } else { argv = cleanup_map1n_internal(state, recip, cleanup_virt_alias_maps, cleanup_ext_prop_mask & EXT_PROP_VIRTUAL); for (cpp = argv->argv; *cpp; cpp++) { - cleanup_out_string(state, REC_TYPE_ORCP, orcpt); - cleanup_out_string(state, REC_TYPE_RCPT, *cpp); - state->rcpt_count++; + if (been_here(state->dups, "%s\n%s", orcpt, *cpp) == 0) { + cleanup_out_string(state, REC_TYPE_ORCP, orcpt); + cleanup_out_string(state, REC_TYPE_RCPT, *cpp); + state->rcpt_count++; + } } argv_free(argv); } diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index 7e97e30b2..6f3fb21ce 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -1022,6 +1022,7 @@ pipe_command.o: ../../include/stringops.h pipe_command.o: ../../include/iostuff.h pipe_command.o: ../../include/timed_wait.h pipe_command.o: ../../include/set_ugid.h +pipe_command.o: ../../include/set_eugid.h pipe_command.o: ../../include/argv.h pipe_command.o: mail_params.h pipe_command.o: mail_copy.h diff --git a/postfix/src/global/mail_conf_time.c b/postfix/src/global/mail_conf_time.c index 8a160a16d..682a6863d 100644 --- a/postfix/src/global/mail_conf_time.c +++ b/postfix/src/global/mail_conf_time.c @@ -140,7 +140,7 @@ static int get_def_time_unit(const char *name, const char *defval) { const char *cp; - for (cp = defval; /* void */ ; cp++) { + for (cp = mail_conf_eval(defval); /* void */ ; cp++) { if (*cp == 0) msg_panic("parameter %s: missing time unit in default value: %s", name, defval); diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 17cacc4b0..186e9a3b5 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,10 +20,10 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20030124" +#define MAIL_RELEASE_DATE "20030219" #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "2.0.3" +#define DEF_MAIL_VERSION "2.0.4" extern char *var_mail_version; /* diff --git a/postfix/src/global/pipe_command.c b/postfix/src/global/pipe_command.c index b8f07823b..40026f2a4 100644 --- a/postfix/src/global/pipe_command.c +++ b/postfix/src/global/pipe_command.c @@ -132,6 +132,7 @@ #include #include #include +#include #include /* Global library. */ @@ -292,9 +293,28 @@ static int pipe_command_read(int fd, void *buf, unsigned len) } } +/* kill_command - terminate command forcibly */ + +static void kill_command(pid_t pid, int sig, uid_t kill_uid, gid_t kill_gid) +{ + pid_t saved_euid = geteuid(); + gid_t saved_egid = getegid(); + + /* + * Switch privileges to that of the child process. Terminate the child + * and its offspring. + */ + set_eugid(kill_uid, kill_gid); + if (kill(-pid, sig) < 0 && kill(pid, sig) < 0) + msg_warn("cannot kill process (group) %lu: %m", + (unsigned long) pid); + set_eugid(saved_euid, saved_egid); +} + /* pipe_command_wait_or_kill - wait for command with time limit, or kill it */ -static int pipe_command_wait_or_kill(pid_t pid, WAIT_STATUS_T *statusp, int sig) +static int pipe_command_wait_or_kill(pid_t pid, WAIT_STATUS_T *statusp, int sig, + uid_t kill_uid, gid_t kill_gid) { int maxtime = (pipe_command_timeout == 0) ? pipe_command_maxtime : 1; char *myname = "pipe_command_wait_or_kill"; @@ -309,7 +329,7 @@ static int pipe_command_wait_or_kill(pid_t pid, WAIT_STATUS_T *statusp, int sig) msg_info("%s: time limit exceeded", myname); pipe_command_timeout = 1; } - kill(-pid, sig); + kill_command(pid, sig, kill_uid, kill_gid); n = waitpid(pid, statusp, 0); } return (n); @@ -358,10 +378,14 @@ int pipe_command(VSTREAM *src, VSTRING *why,...) * truncated without too much loss. I could even argue that truncating * the amount of diagnostic output is a good thing to do, but I won't go * that far. + * + * Turn on non-blocking writes to the child process so that we can enforce + * timeouts after partial writes. */ if (pipe(cmd_in_pipe) < 0 || pipe(cmd_out_pipe) < 0) msg_fatal("%s: pipe: %m", myname); non_blocking(cmd_out_pipe[1], NON_BLOCKING); + non_blocking(cmd_in_pipe[1], NON_BLOCKING); /* * Spawn off a child process and irrevocably change privilege to the @@ -488,8 +512,9 @@ int pipe_command(VSTREAM *src, VSTRING *why,...) * not just the child process but also its offspring. */ if (pipe_command_timeout) - (void) kill(-pid, SIGKILL); - if (pipe_command_wait_or_kill(pid, &wait_status, SIGKILL) < 0) + kill_command(pid, SIGKILL, args.uid, args.gid); + if (pipe_command_wait_or_kill(pid, &wait_status, SIGKILL, + args.uid, args.gid) < 0) msg_fatal("wait: %m"); if (pipe_command_timeout) { vstring_sprintf(why, "Command time limit exceeded: \"%s\"%s%s", diff --git a/postfix/src/global/rec_type.h b/postfix/src/global/rec_type.h index a14656915..452aac40c 100644 --- a/postfix/src/global/rec_type.h +++ b/postfix/src/global/rec_type.h @@ -63,10 +63,13 @@ * this is "postfix internal" information. However, the pickup server has to * allow for the presence of A records in the extracted segment, because it * can be requested to re-process already queued mail with `postsuper -r'. + * + * Note: REC_TYPE_FILT and REC_TYPE_CONT are encoded with the same 'L' + * constant, and it is too late to change that now. */ #define REC_TYPE_ENVELOPE "MCTFILSDROWVA" #define REC_TYPE_CONTENT "XLN" -#define REC_TYPE_EXTRACT "EDROPreAFI" +#define REC_TYPE_EXTRACT "EDROPreAFIL" /* * The record at the beginning of the envelope segment specifies the message diff --git a/postfix/src/local/maildir.c b/postfix/src/local/maildir.c index cb5f63a77..99f625c99 100644 --- a/postfix/src/local/maildir.c +++ b/postfix/src/local/maildir.c @@ -134,11 +134,41 @@ int deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr, char *path) * the file to new/ we use the device number and inode number. I do not * care if this breaks on a remote AFS file system, because people should * know better. + * + * On January 26, 2003, http://cr.yp.to/proto/maildir.html said: + * + * A unique name has three pieces, separated by dots. On the left is the + * result of time() or the second counter from gettimeofday(). On the + * right is the result of gethostname(). (To deal with invalid host + * names, replace / with \057 and : with \072.) In the middle is a + * delivery identifier, discussed below. + * + * [...] + * + * Modern delivery identifiers are created by concatenating enough of the + * following strings to guarantee uniqueness: + * + * [...] + * + * In, where n is (in hexadecimal) the UNIX inode number of this file. + * Unfortunately, inode numbers aren't always available through NFS. + * + * Vn, where n is (in hexadecimal) the UNIX device number of this file. + * Unfortunately, device numbers aren't always available through NFS. + * (Device numbers are also not helpful with the standard UNIX + * filesystem: a maildir has to be within a single UNIX device for link() + * and rename() to work.) + * + * [...] + * + * Pn, where n is (in decimal) the process ID. + * + * [...] */ #define STR vstring_str set_eugid(usr_attr.uid, usr_attr.gid); - vstring_sprintf(buf, "%lu.%d.%s", + vstring_sprintf(buf, "%lu.P%d.%s", (unsigned long) starttime, var_pid, get_hostname()); tmpfile = concatenate(tmpdir, STR(buf), (char *) 0); newfile = 0; @@ -150,7 +180,7 @@ int deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr, char *path) } else if (fstat(vstream_fileno(dst), &st) < 0) { vstring_sprintf(why, "create %s: %m", tmpfile); } else { - vstring_sprintf(buf, "%lu.%lu_%lu.%s", + vstring_sprintf(buf, "%lu.V%lxI%lx.%s", (unsigned long) starttime, (unsigned long) st.st_dev, (unsigned long) st.st_ino, get_hostname()); newfile = concatenate(newdir, STR(buf), (char *) 0); diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c index b8f697b28..c87206bf4 100644 --- a/postfix/src/pickup/pickup.c +++ b/postfix/src/pickup/pickup.c @@ -224,7 +224,12 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info, if (type == REC_TYPE_INSP) /* Use current content inspection settings instead. */ continue; - if (type == REC_TYPE_FILT) + + /* + * XXX Workaround: REC_TYPE_FILT (used in envelopes) == REC_TYPE_CONT + * (used in message content). + */ + if (type == REC_TYPE_FILT && *expected != REC_TYPE_CONTENT[0]) /* Use current content filter settings instead. */ continue; else { diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c index e81e5e852..0caed2983 100644 --- a/postfix/src/proxymap/proxymap.c +++ b/postfix/src/proxymap/proxymap.c @@ -149,14 +149,14 @@ char *var_local_rcpt_maps; char *var_virt_alias_maps; char *var_virt_alias_doms; -char *var_virt_mbox_maps; -char *var_virt_mbox_doms; +char *var_virt_mailbox_maps; +char *var_virt_mailbox_doms; char *var_relay_rcpt_maps; char *var_relay_domains; char *var_canonical_maps; char *var_send_canon_maps; char *var_rcpt_canon_maps; -char *var_relocatedmaps; +char *var_relocated_maps; char *var_transport_maps; char *var_proxy_read_maps; @@ -385,14 +385,14 @@ int main(int argc, char **argv) VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0, VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0, VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0, - VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mbox_maps, 0, 0, - VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mbox_doms, 0, 0, + VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0, + VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0, VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0, VAR_RELAY_DOMAINS, DEF_RELAY_DOMAINS, &var_relay_domains, 0, 0, VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0, VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0, VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0, - VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocatedmaps, 0, 0, + VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0, VAR_TRANSPORT_MAPS, DEF_TRANSPORT_MAPS, &var_transport_maps, 0, 0, VAR_PROXY_READ_MAPS, DEF_PROXY_READ_MAPS, &var_proxy_read_maps, 0, 0, 0, diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 49d473843..678a86f0b 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -1674,11 +1674,11 @@ static int check_table_result(SMTPD_STATE *state, const char *table, */ if (STREQUAL(value, "FILTER", cmd_len)) { if (*cmd_text == 0) { - msg_warn("access map %s entry %s has FILTER entry without value", + msg_warn("access map %s entry \"%s\" has FILTER entry without value", table, datum); return (SMTPD_CHECK_DUNNO); } else if (strchr(cmd_text, ':') == 0) { - msg_warn("access map %s entry %s requires transport:destination", + msg_warn("access map %s entry \"%s\" requires transport:destination", table, datum); return (SMTPD_CHECK_DUNNO); } else { diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c index c05b7d672..936f16736 100644 --- a/postfix/src/smtpd/smtpd_sasl_glue.c +++ b/postfix/src/smtpd/smtpd_sasl_glue.c @@ -310,8 +310,9 @@ void smtpd_sasl_connect(SMTPD_STATE *state) "", " ", "", &state->sasl_mechanism_list, IGNORE_MECHANISM_LEN, - &sasl_mechanism_count) != SASL_OK - || sasl_mechanism_count <= 0) + &sasl_mechanism_count) != SASL_OK) + msg_fatal("cannot lookup SASL authentication mechanisms"); + if (sasl_mechanism_count <= 0) msg_fatal("no SASL authentication mechanisms"); } diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index bce2c74e6..4167dfff0 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -624,6 +624,18 @@ dict_open.o: split_at.h dict_open.o: htable.h dict_pcre.o: dict_pcre.c dict_pcre.o: sys_defs.h +dict_pcre.o: mymalloc.h +dict_pcre.o: msg.h +dict_pcre.o: safe.h +dict_pcre.o: vstream.h +dict_pcre.o: vbuf.h +dict_pcre.o: vstring.h +dict_pcre.o: stringops.h +dict_pcre.o: readlline.h +dict_pcre.o: dict.h +dict_pcre.o: argv.h +dict_pcre.o: dict_pcre.h +dict_pcre.o: mac_parse.h dict_regexp.o: dict_regexp.c dict_regexp.o: sys_defs.h dict_regexp.o: mymalloc.h diff --git a/postfix/src/virtual/maildir.c b/postfix/src/virtual/maildir.c index d44c309a9..2f977d916 100644 --- a/postfix/src/virtual/maildir.c +++ b/postfix/src/virtual/maildir.c @@ -131,11 +131,41 @@ int deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr) * the file to new/ we use the device number and inode number. I do not * care if this breaks on a remote AFS file system, because people should * know better. + * + * On January 26, 2003, http://cr.yp.to/proto/maildir.html said: + * + * A unique name has three pieces, separated by dots. On the left is the + * result of time() or the second counter from gettimeofday(). On the + * right is the result of gethostname(). (To deal with invalid host + * names, replace / with \057 and : with \072.) In the middle is a + * delivery identifier, discussed below. + * + * [...] + * + * Modern delivery identifiers are created by concatenating enough of the + * following strings to guarantee uniqueness: + * + * [...] + * + * In, where n is (in hexadecimal) the UNIX inode number of this file. + * Unfortunately, inode numbers aren't always available through NFS. + * + * Vn, where n is (in hexadecimal) the UNIX device number of this file. + * Unfortunately, device numbers aren't always available through NFS. + * (Device numbers are also not helpful with the standard UNIX + * filesystem: a maildir has to be within a single UNIX device for link() + * and rename() to work.) + * + * [...] + * + * Pn, where n is (in decimal) the process ID. + * + * [...] */ #define STR vstring_str set_eugid(usr_attr.uid, usr_attr.gid); - vstring_sprintf(buf, "%lu.%d.%s", + vstring_sprintf(buf, "%lu.P%d.%s", (unsigned long) starttime, var_pid, get_hostname()); tmpfile = concatenate(tmpdir, STR(buf), (char *) 0); newfile = 0; @@ -147,7 +177,7 @@ int deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr) } else if (fstat(vstream_fileno(dst), &st) < 0) { vstring_sprintf(why, "create %s: %m", tmpfile); } else { - vstring_sprintf(buf, "%lu.%lu_%lu.%s", + vstring_sprintf(buf, "%lu.V%lxI%lx.%s", (unsigned long) starttime, (unsigned long) st.st_dev, (unsigned long) st.st_ino, get_hostname()); newfile = concatenate(newdir, STR(buf), (char *) 0);