From: Wietse Venema Date: Thu, 28 May 2009 05:00:00 +0000 (-0500) Subject: postfix-2.6.2-RC1 X-Git-Tag: v2.6.2-RC1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3eec5f6d36885ba02d4f902c909f15781f6de69d;p=thirdparty%2Fpostfix.git postfix-2.6.2-RC1 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 23597cf56..6fa824c64 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15231,3 +15231,12 @@ Apologies for any names omitted. The queue file would be corrupted when the delay_warning_time record was marked as "done" after sending the "your mail is delayed" notice. File: qmgr/qmgr_message.c. + +20090528 + + Bugfix (introduced: Postfix 2.6 change 20080629): with + plaintext sessions, smtpd_tls_auth_only=yes caused spurious + warnings with reject_authenticated_sender_login_mismatch, + and broke reject_unauthenticated_sender_login_mismatch and + reject_sender_login_mismatch. Based on fix by Victor + Duchovni. File: smtpd/smtpd_check.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index fd5201cad..baa50b117 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20090519" -#define MAIL_VERSION_NUMBER "2.6.1" +#define MAIL_RELEASE_DATE "20090528" +#define MAIL_VERSION_NUMBER "2.6.2-RC1" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 1a18f92e3..ea3dfbf9c 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -3278,10 +3278,16 @@ static int reject_auth_sender_login_mismatch(SMTPD_STATE *state, const char *sen char *name; int found = 0; + /* + * Replace obscure code by self-evident code. + */ +#define SMTPD_SASL_AUTHENTICATED(state) \ + (smtpd_sasl_is_active(state) && state->sasl_username != 0) + /* * Reject if the client is logged in and does not own the sender address. */ - if (smtpd_sasl_is_active(state) && state->sasl_username != 0) { + if (var_smtpd_sasl_enable && SMTPD_SASL_AUTHENTICATED(state)) { reply = smtpd_resolve_addr(sender); if (reply->flags & RESOLVE_FLAG_FAIL) reject_dict_retry(state, sender); @@ -3314,7 +3320,7 @@ static int reject_unauth_sender_login_mismatch(SMTPD_STATE *state, const char *s * Reject if the client is not logged in and the sender address has an * owner. */ - if (smtpd_sasl_is_active(state) && state->sasl_username == 0) { + if (var_smtpd_sasl_enable && !SMTPD_SASL_AUTHENTICATED(state)) { reply = smtpd_resolve_addr(sender); if (reply->flags & RESOLVE_FLAG_FAIL) reject_dict_retry(state, sender); @@ -3766,7 +3772,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, state->sender, SMTPD_NAME_SENDER); } else if (strcasecmp(name, REJECT_AUTH_SENDER_LOGIN_MISMATCH) == 0) { #ifdef USE_SASL_AUTH - if (smtpd_sasl_is_active(state)) { + if (var_smtpd_sasl_enable) { if (state->sender && *state->sender) status = reject_auth_sender_login_mismatch(state, state->sender); } else @@ -3774,7 +3780,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, msg_warn("restriction `%s' ignored: no SASL support", name); } else if (strcasecmp(name, REJECT_UNAUTH_SENDER_LOGIN_MISMATCH) == 0) { #ifdef USE_SASL_AUTH - if (smtpd_sasl_is_active(state)) { + if (var_smtpd_sasl_enable) { if (state->sender && *state->sender) status = reject_unauth_sender_login_mismatch(state, state->sender); } else