From: Wietse Venema Date: Tue, 7 Dec 2004 05:00:00 +0000 (-0500) Subject: postfix-2.2-20041207 X-Git-Tag: v2.2.0-RC1~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d6d3d8e1b97172a05ab029c327a3a2acaafab33;p=thirdparty%2Fpostfix.git postfix-2.2-20041207 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 3217de6ca..5b207bc8e 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -9880,8 +9880,20 @@ Apologies for any names omitted. Victor Duchovni for Solaris 2.5.1, but we play safe and enable it unconditionally. +20041124 + + Feature: configurable list of forbidden SMTP commands + (default: smtpd_forbidden_commands = CONNECT, GET, POST) + after which the Postfix SMTP server disconnects immediately. + The SMTP server always disconnects immediately when the + client sends a message header instead of an SMTP command. + Magnus Baeck. File: smtpd/smtpd.c. + Open problems: + Med: implement ${name[?:]value} in main.cf or update the + postconf(5) manual. + Low: reject HELO with any domain name or IP address that this MTA is the final destination for. diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 9ef138535..474dac5db 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -1,6 +1,6 @@ # # Postfix master process configuration file. For details on the format -# of the file, see master(5). +# of the file, see the Postfix master(5) manual page. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args diff --git a/postfix/html/anvil.8.html b/postfix/html/anvil.8.html index 4446dce87..230934bf2 100644 --- a/postfix/html/anvil.8.html +++ b/postfix/html/anvil.8.html @@ -7,7 +7,7 @@ ANVIL(8) ANVIL(8) NAME - anvil - Postfix per-client count and rate control + anvil - Postfix session count and request rate control SYNOPSIS anvil [generic Postfix daemon options] @@ -15,10 +15,10 @@ ANVIL(8) ANVIL(8) DESCRIPTION The Postfix anvil server maintains short-term statistics to defend against clients that hammer a server with either - too many parallel connections or with too many successive - requests within a configurable time interval. This server - is designed to run under control by the Postfix master - server. + too many simultaneous sessions, or with too many succes- + sive requests within a configurable time interval. This + server is designed to run under control by the Postfix + master server. The anvil server maintains no persistent database. Stan- dard library utilities do not meet Postfix performance and diff --git a/postfix/html/master.5.html b/postfix/html/master.5.html index 77911f3e5..67e2b0e20 100644 --- a/postfix/html/master.5.html +++ b/postfix/html/master.5.html @@ -65,7 +65,7 @@ MASTER(5) MASTER(5) Specify one of the following service types: inet The service listens on a TCP/IP socket and - is therefore accessible via the network. + is accessible via the network. The service name is specified as host:port, denoting the host and port on which new con- @@ -75,10 +75,10 @@ MASTER(5) MASTER(5) service name) or in numeric form (IP address or port number). - Examples: a service name of 127.0.0.1:smtp + Examples: a service named 127.0.0.1:smtp receives mail via the loopback interface - only; and a service name of 10025 accepts - connections on TCP port 10025 via all inter- + only; and a service named 10025 accepts con- + nections on TCP port 10025 via all inter- faces configured with the inet_interfaces parameter. @@ -133,11 +133,11 @@ MASTER(5) MASTER(5) machine, and BASIC_CONFIGURATION_README discusses issues related to running daemons chrooted. - Wakeup time (default: 0) + Wake up time (default: 0) Automatically wake up the named service after the specified number of seconds. The wake up is imple- mented by connecting to the service and sending a - wake up request. A ? at the end of the wake up + wake up request. A ? at the end of the wake-up time field requests that wake up events be sent only to services that are actually being used. Specify 0 for no automatic wake up. diff --git a/postfix/html/oqmgr.8.html b/postfix/html/oqmgr.8.html index 5cb185143..68709fead 100644 --- a/postfix/html/oqmgr.8.html +++ b/postfix/html/oqmgr.8.html @@ -175,8 +175,8 @@ OQMGR(8) OQMGR(8) CONFIGURATION PARAMETERS Changes to main.cf are not picked up automatically, as - oqmgr(8) processes are persistent. Use the command "post- - fix reload" after a configuration change. + oqmgr(8) is a persistent process. Use the command "postfix + reload" after a configuration change. The text below provides only a parameter summary. See postconf(5) for more details including examples. diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index b7a25a69b..90b821025 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -87,15 +87,17 @@ POSTALIAS(1) POSTALIAS(1) that was found. The exit status is zero when at least one of the requested keys was found. - -r When updating a table, do not warn about duplicate - entries; silently replace them. + -r When updating a table, do not complain about + attempts to update existing entries, and make those + updates anyway. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. - -w When updating a table, do not warn about duplicate - entries; silently ignore them. + -w When updating a table, do not complain about + attempts to update existing entries, and ignore + those attempts. Arguments: diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index e058eaf80..d4b4f2afc 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -6776,6 +6776,24 @@ This feature is available in Postfix 2.0 and later.

+ + +
smtpd_forbidden_commands +(default: CONNECT, GET, POST)
+ +

+List of commands that causes the Postfix SMTP server to immediately +terminate the session with a 221 code. This can be used to disconnect +clients that obviously attempt to abuse the system. In addition to the +commands listed in this parameter, commands that follow the "Label:" +format of message headers will also cause a disconnect. +

+ +

+This feature is available in Postfix 2.2 and later. +

+ +
smtpd_hard_error_limit diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index 93c11d520..1bbe2b48b 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -105,15 +105,17 @@ POSTMAP(1) POSTMAP(1) that was found. The exit status is zero when at least one of the requested keys was found. - -r When updating a table, do not warn about duplicate - entries; silently replace them. + -r When updating a table, do not complain about + attempts to update existing entries, and make those + updates anyway. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. - -w When updating a table, do not warn about duplicate - entries; silently ignore them. + -w When updating a table, do not complain about + attempts to update existing entries, and ignore + those attempts. Arguments: diff --git a/postfix/html/qmgr.8.html b/postfix/html/qmgr.8.html index 91c289655..a15260820 100644 --- a/postfix/html/qmgr.8.html +++ b/postfix/html/qmgr.8.html @@ -180,7 +180,7 @@ QMGR(8) QMGR(8) CONFIGURATION PARAMETERS Changes to main.cf are not picked up automatically as - qmgr(8) processes are persistent. Use the postfix reload + qmgr(8) is a persistent process. Use the postfix reload command after a configuration change. The text below provides only a parameter summary. See diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 047ff5faf..b02b18f8f 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -780,8 +780,15 @@ SMTPD(8) SMTPD(8) cess name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". + Available in Postfix version 2.2 and later: + + smtpd_forbidden_commands (CONNECT, GET, POST) + List of commands that causes the Postfix SMTP + server to immediately terminate the session with a + 221 code. + SEE ALSO - anvil(8), client count and request rate management + anvil(8), connection/rate limiting cleanup(8), message canonicalization trivial-rewrite(8), address resolver verify(8), address verification service diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1 index bd34689dc..9cc04b809 100644 --- a/postfix/man/man1/postalias.1 +++ b/postfix/man/man1/postalias.1 @@ -75,14 +75,14 @@ values from the standard input stream and writes one line of \fIkey: value\fR output for each key that was found. The exit status is zero when at least one of the requested keys was found. .IP \fB-r\fR -When updating a table, do not warn about duplicate entries; silently -replace them. +When updating a table, do not complain about attempts to update +existing entries, and make those updates anyway. .IP \fB-v\fR Enable verbose logging for debugging purposes. Multiple \fB-v\fR options make the software increasingly verbose. .IP \fB-w\fR -When updating a table, do not warn about duplicate entries; silently -ignore them. +When updating a table, do not complain about attempts to update +existing entries, and ignore those attempts. .PP Arguments: .IP \fIfile_type\fR diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index 9a87136c8..c1a8e7bad 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -100,14 +100,14 @@ values from the standard input stream and writes one line of \fIkey value\fR output for each key that was found. The exit status is zero when at least one of the requested keys was found. .IP \fB-r\fR -When updating a table, do not warn about duplicate entries; silently -replace them. +When updating a table, do not complain about attempts to update +existing entries, and make those updates anyway. .IP \fB-v\fR Enable verbose logging for debugging purposes. Multiple \fB-v\fR options make the software increasingly verbose. .IP \fB-w\fR -When updating a table, do not warn about duplicate entries; silently -ignore them. +When updating a table, do not complain about attempts to update +existing entries, and ignore those attempts. .PP Arguments: .IP \fIfile_type\fR diff --git a/postfix/man/man5/master.5 b/postfix/man/man5/master.5 index 925a09e27..6e251d80d 100644 --- a/postfix/man/man5/master.5 +++ b/postfix/man/man5/master.5 @@ -61,8 +61,8 @@ described next. Specify one of the following service types: .RS .IP \fBinet\fR -The service listens on a TCP/IP socket and is therefore -accessible via the network. +The service listens on a TCP/IP socket and is accessible +via the network. The service name is specified as \fIhost:port\fR, denoting the host and port on which new connections should be @@ -70,9 +70,9 @@ accepted. The host part (and colon) may be omitted. Either host or port may be given in symbolic form (host or service name) or in numeric form (IP address or port number). .sp -Examples: a service name of \fB127.0.0.1:smtp\fR receives -mail via the loopback interface only; and a service name -of \fB10025\fR accepts connections on TCP port 10025 via +Examples: a service named \fB127.0.0.1:smtp\fR receives +mail via the loopback interface only; and a service named +\fB10025\fR accepts connections on TCP port 10025 via all interfaces configured with the \fBinet_interfaces\fR parameter. .IP \fBunix\fR @@ -120,11 +120,11 @@ Postfix source archive describe how to set up a Postfix chroot environment for your type of machine, and BASIC_CONFIGURATION_README discusses issues related to running daemons chrooted. -.IP "\fBWakeup time (default: 0)\fR" +.IP "\fBWake up time (default: 0)\fR" Automatically wake up the named service after the specified number of seconds. The wake up is implemented by connecting to the service and sending a wake up request. A ? at the -end of the wake up time field requests that wake up events +end of the wake-up time field requests that wake up events be sent only to services that are actually being used. Specify 0 for no automatic wake up. .sp diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 90ffcaadb..d741406db 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -455,7 +455,7 @@ and changed the default to none. Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the network part of a host address. You can also specify hostnames or -.domain names (the initial dot causes the domain to match any name +\&.domain names (the initial dot causes the domain to match any name below it), "/file/name" or "type:table" patterns. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup @@ -3285,7 +3285,7 @@ is backwards compatible with Postfix 2.0. Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the network part of a host address. You can also specify hostnames or -.domain names (the initial dot causes the domain to match any name +\&.domain names (the initial dot causes the domain to match any name below it), "/file/name" or "type:table" patterns. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup @@ -3305,7 +3305,7 @@ By default, no clients are allowed to specify XCLIENT. Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the network part of a host address. You can also specify hostnames or -.domain names (the initial dot causes the domain to match any name +\&.domain names (the initial dot causes the domain to match any name below it), "/file/name" or "type:table" patterns. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup @@ -3324,7 +3324,7 @@ By default, no clients are allowed to specify XFORWARD. Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the network part of a host address. You can also specify hostnames or -.domain names (the initial dot causes the domain to match any name +\&.domain names (the initial dot causes the domain to match any name below it), "/file/name" or "type:table" patterns. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup @@ -3684,6 +3684,14 @@ Use C like escapes to specify special characters such as whitespace. This parameter is not subjected to $parameter expansion. .PP This feature is available in Postfix 2.0 and later. +.SH smtpd_forbidden_commands (default: CONNECT, GET, POST) +List of commands that causes the Postfix SMTP server to immediately +terminate the session with a 221 code. This can be used to disconnect +clients that obviously attempt to abuse the system. In addition to the +commands listed in this parameter, commands that follow the "Label:" +format of message headers will also cause a disconnect. +.PP +This feature is available in Postfix 2.2 and later. .SH smtpd_hard_error_limit (default: 20) The maximal number of errors a remote SMTP client is allowed to make without delivering mail. The Postfix SMTP server disconnects diff --git a/postfix/man/man8/anvil.8 b/postfix/man/man8/anvil.8 index 7f0b4fd5c..be2692165 100644 --- a/postfix/man/man8/anvil.8 +++ b/postfix/man/man8/anvil.8 @@ -4,7 +4,7 @@ .SH NAME anvil \- -Postfix per-client count and rate control +Postfix session count and request rate control .SH "SYNOPSIS" .na .nf @@ -14,7 +14,7 @@ Postfix per-client count and rate control .fi The Postfix \fBanvil\fR server maintains short-term statistics to defend against clients that hammer a server with either too -many parallel connections or with too many successive requests +many simultaneous sessions, or with too many successive requests within a configurable time interval. This server is designed to run under control by the Postfix master server. diff --git a/postfix/man/man8/oqmgr.8 b/postfix/man/man8/oqmgr.8 index 2e01bbc50..fad4bbb24 100644 --- a/postfix/man/man8/oqmgr.8 +++ b/postfix/man/man8/oqmgr.8 @@ -166,7 +166,7 @@ inbound mail can negatively impact outbound delivery rates. .ad .fi Changes to \fBmain.cf\fR are not picked up automatically, as oqmgr(8) -processes are persistent. Use the command "\fBpostfix reload\fR" after +is a persistent process. Use the command "\fBpostfix reload\fR" after a configuration change. The text below provides only a parameter summary. See diff --git a/postfix/man/man8/qmgr.8 b/postfix/man/man8/qmgr.8 index 561674af9..432b1ce6f 100644 --- a/postfix/man/man8/qmgr.8 +++ b/postfix/man/man8/qmgr.8 @@ -170,7 +170,7 @@ inbound mail can negatively impact outbound delivery rates. .ad .fi Changes to \fBmain.cf\fR are not picked up automatically as qmgr(8) -processes are persistent. Use the \fBpostfix reload\fR command after +is a persistent process. Use the \fBpostfix reload\fR command after a configuration change. The text below provides only a parameter summary. See diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 954ac2d95..a5d7d7c78 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -630,10 +630,15 @@ The syslog facility of Postfix logging. .IP "\fBsyslog_name (postfix)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtpd_forbidden_commands (CONNECT, GET, POST)\fR" +List of commands that causes the Postfix SMTP server to immediately +terminate the session with a 221 code. .SH "SEE ALSO" .na .nf -anvil(8), client count and request rate management +anvil(8), connection/rate limiting cleanup(8), message canonicalization trivial-rewrite(8), address resolver verify(8), address verification service diff --git a/postfix/mantools/postconf2man b/postfix/mantools/postconf2man index 9d94c07d1..f9d32521e 100755 --- a/postfix/mantools/postconf2man +++ b/postfix/mantools/postconf2man @@ -31,6 +31,7 @@ while(<>) { $block .= $_; } while(($_ = <>) && /\S/); + $block =~ s/\n\./\n\\\&./g; if ($block =~ /

/) { $block =~ s/

]+>([^<]+)<\/a><\/H2>/\n.SH \1\n/g; $block =~ tr/a-z/A-Z/; diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 662883cd6..2d277c307 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -370,6 +370,7 @@ while (<>) { s;\bsmtpd_error_sleep_time\b;$&;g; s;\bsmtpd_etrn_restrictions\b;$&;g; s;\bsmtpd_expansion_filter\b;$&;g; + s;\bsmtpd_forbidden_commands\b;$&;g; s;\bsmtpd_hard_error_limit\b;$&;g; s;\bsmtpd_helo_required\b;$&;g; s;\bsmtpd_helo_restrictions\b;$&;g; diff --git a/postfix/proto/master b/postfix/proto/master index b43c65185..b317c718f 100644 --- a/postfix/proto/master +++ b/postfix/proto/master @@ -55,8 +55,8 @@ # Specify one of the following service types: # .RS # .IP \fBinet\fR -# The service listens on a TCP/IP socket and is therefore -# accessible via the network. +# The service listens on a TCP/IP socket and is accessible +# via the network. # # The service name is specified as \fIhost:port\fR, denoting # the host and port on which new connections should be @@ -64,9 +64,9 @@ # host or port may be given in symbolic form (host or service # name) or in numeric form (IP address or port number). # .sp -# Examples: a service name of \fB127.0.0.1:smtp\fR receives -# mail via the loopback interface only; and a service name -# of \fB10025\fR accepts connections on TCP port 10025 via +# Examples: a service named \fB127.0.0.1:smtp\fR receives +# mail via the loopback interface only; and a service named +# \fB10025\fR accepts connections on TCP port 10025 via # all interfaces configured with the \fBinet_interfaces\fR # parameter. # .IP \fBunix\fR @@ -114,11 +114,11 @@ # chroot environment for your type of machine, and # BASIC_CONFIGURATION_README discusses issues related to # running daemons chrooted. -# .IP "\fBWakeup time (default: 0)\fR" +# .IP "\fBWake up time (default: 0)\fR" # Automatically wake up the named service after the specified # number of seconds. The wake up is implemented by connecting # to the service and sending a wake up request. A ? at the -# end of the wake up time field requests that wake up events +# end of the wake-up time field requests that wake up events # be sent only to services that are actually being used. # Specify 0 for no automatic wake up. # .sp diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index f462ac8b1..f8ea92d19 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -4424,6 +4424,20 @@ This parameter is not subjected to $parameter expansion. This feature is available in Postfix 2.0 and later.

+%PARAM smtpd_forbidden_commands CONNECT, GET, POST + +

+List of commands that causes the Postfix SMTP server to immediately +terminate the session with a 221 code. This can be used to disconnect +clients that obviously attempt to abuse the system. In addition to the +commands listed in this parameter, commands that follow the "Label:" +format of message headers will also cause a disconnect. +

+ +

+This feature is available in Postfix 2.2 and later. +

+ %PARAM smtpd_helo_required no

diff --git a/postfix/src/anvil/anvil.c b/postfix/src/anvil/anvil.c index 07099543a..5aa6f35a7 100644 --- a/postfix/src/anvil/anvil.c +++ b/postfix/src/anvil/anvil.c @@ -2,13 +2,13 @@ /* NAME /* anvil 8 /* SUMMARY -/* Postfix per-client count and rate control +/* Postfix session count and request rate control /* SYNOPSIS /* \fBanvil\fR [generic Postfix daemon options] /* DESCRIPTION /* The Postfix \fBanvil\fR server maintains short-term statistics /* to defend against clients that hammer a server with either too -/* many parallel connections or with too many successive requests +/* many simultaneous sessions, or with too many successive requests /* within a configurable time interval. /* This server is designed to run under control by the Postfix /* master server. diff --git a/postfix/src/global/anvil_clnt.c b/postfix/src/global/anvil_clnt.c index 5ff7538de..fcc0c7cdc 100644 --- a/postfix/src/global/anvil_clnt.c +++ b/postfix/src/global/anvil_clnt.c @@ -91,7 +91,7 @@ /* (either the communication with the server is broken or the /* server experienced a problem). /* SEE ALSO -/* anvil(8) Postfix client rate control service +/* anvil(8), connection/rate limiting /* LICENSE /* .ad /* .fi diff --git a/postfix/src/global/mail_copy.c b/postfix/src/global/mail_copy.c index 463b5a363..07932828c 100644 --- a/postfix/src/global/mail_copy.c +++ b/postfix/src/global/mail_copy.c @@ -213,8 +213,11 @@ int mail_copy(const char *sender, if (vstream_ferror(dst) == 0) { if (var_fault_inj_code == 1) type = 0; - if (type != REC_TYPE_XTRA) + if (type != REC_TYPE_XTRA) { + /* XXX Where is the queue ID? */ + msg_warn("bad record type: %d in message content", type); corrupt_error = mark_corrupt(src); + } if (prev_type != REC_TYPE_NORM) vstream_fputs(eol, dst); if (flags & MAIL_COPY_BLANK) diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 197893f2f..13ac64290 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -967,6 +967,10 @@ extern int var_smtpd_hist_thrsh; #define DEF_SMTPD_NOOP_CMDS "" extern char *var_smtpd_noop_cmds; +#define VAR_SMTPD_FORBID_CMDS "smtpd_forbidden_commands" +#define DEF_SMTPD_FORBID_CMDS "CONNECT GET POST" +extern char *var_smtpd_forbid_cmds; + /* * SASL authentication support, SMTP server side. */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b79e8a2ac..4386c6852 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only. */ -#define MAIL_RELEASE_DATE "20041119" +#define MAIL_RELEASE_DATE "20041207" #define MAIL_VERSION_NUMBER "2.2" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/global/verify_clnt.c b/postfix/src/global/verify_clnt.c index 6ee65183f..96fe72415 100644 --- a/postfix/src/global/verify_clnt.c +++ b/postfix/src/global/verify_clnt.c @@ -23,7 +23,7 @@ /* va_list ap; /* DESCRIPTION /* verify_clnt_query() requests information about the given address. -/* The result value is one of the valud status values (see +/* The result value is one of the valid status values (see /* status description below). /* In all cases the \fBwhy\fR argument provides additional /* information. diff --git a/postfix/src/lmtp/lmtp_proto.c b/postfix/src/lmtp/lmtp_proto.c index 94551b3b1..ebfa6323d 100644 --- a/postfix/src/lmtp/lmtp_proto.c +++ b/postfix/src/lmtp/lmtp_proto.c @@ -813,8 +813,11 @@ static int lmtp_loop(LMTP_STATE *state, NOCLOBBER int send_state, smtp_fputs("", 0, session->stream); if (vstream_ferror(state->src)) msg_fatal("queue file read error"); - if (rec_type != REC_TYPE_XTRA) + if (rec_type != REC_TYPE_XTRA) { + msg_warn("%s: bad record type: %d in message content", + request->queue_id, rec_type); RETURN(mark_corrupt(state->src)); + } } /* diff --git a/postfix/src/local/forward.c b/postfix/src/local/forward.c index 8c89aede7..2e987d9ba 100644 --- a/postfix/src/local/forward.c +++ b/postfix/src/local/forward.c @@ -251,8 +251,11 @@ static int forward_send(FORWARD_INFO *info, DELIVER_REQUEST *request, break; status = (REC_PUT_BUF(info->cleanup, rec_type, buffer) != rec_type); } - if (status == 0 && rec_type != REC_TYPE_XTRA) + if (status == 0 && rec_type != REC_TYPE_XTRA) { + msg_warn("%s: bad record type: %d in message content", + info->queue_id, rec_type); status |= mark_corrupt(attr.fp); + } /* * Send the end-of-data marker only when there were no errors. diff --git a/postfix/src/oqmgr/qmgr.c b/postfix/src/oqmgr/qmgr.c index b3148b034..6335c8910 100644 --- a/postfix/src/oqmgr/qmgr.c +++ b/postfix/src/oqmgr/qmgr.c @@ -142,7 +142,7 @@ /* .ad /* .fi /* Changes to \fBmain.cf\fR are not picked up automatically, as qmgr(8) -/* processes are persistent. Use the command "\fBpostfix reload\fR" after +/* is a persistent process. Use the command "\fBpostfix reload\fR" after /* a configuration change. /* /* The text below provides only a parameter summary. See diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index 6715d9044..53c26ee76 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -69,14 +69,14 @@ /* \fIkey: value\fR output for each key that was found. The exit /* status is zero when at least one of the requested keys was found. /* .IP \fB-r\fR -/* When updating a table, do not warn about duplicate entries; silently -/* replace them. +/* When updating a table, do not complain about attempts to update +/* existing entries, and make those updates anyway. /* .IP \fB-v\fR /* Enable verbose logging for debugging purposes. Multiple \fB-v\fR /* options make the software increasingly verbose. /* .IP \fB-w\fR -/* When updating a table, do not warn about duplicate entries; silently -/* ignore them. +/* When updating a table, do not complain about attempts to update +/* existing entries, and ignore those attempts. /* .PP /* Arguments: /* .IP \fIfile_type\fR diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index e6e6f2565..b307721c4 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -90,14 +90,14 @@ /* \fIkey value\fR output for each key that was found. The exit /* status is zero when at least one of the requested keys was found. /* .IP \fB-r\fR -/* When updating a table, do not warn about duplicate entries; silently -/* replace them. +/* When updating a table, do not complain about attempts to update +/* existing entries, and make those updates anyway. /* .IP \fB-v\fR /* Enable verbose logging for debugging purposes. Multiple \fB-v\fR /* options make the software increasingly verbose. /* .IP \fB-w\fR -/* When updating a table, do not warn about duplicate entries; silently -/* ignore them. +/* When updating a table, do not complain about attempts to update +/* existing entries, and ignore those attempts. /* .PP /* Arguments: /* .IP \fIfile_type\fR diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c index 4444cc58e..f9ef04b35 100644 --- a/postfix/src/qmgr/qmgr.c +++ b/postfix/src/qmgr/qmgr.c @@ -146,7 +146,7 @@ /* .ad /* .fi /* Changes to \fBmain.cf\fR are not picked up automatically as qmgr(8) -/* processes are persistent. Use the \fBpostfix reload\fR command after +/* is a persistent process. Use the \fBpostfix reload\fR command after /* a configuration change. /* /* The text below provides only a parameter summary. See diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 8b05780b1..e90ac7095 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -1064,13 +1064,16 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, - var_smtp_pix_thresh) { msg_info("%s: enabling PIX . workaround for %s", request->queue_id, session->namaddr); - vstream_fflush(session->stream);/* hurts performance */ + smtp_flush(session->stream); /* hurts performance */ sleep(var_smtp_pix_delay); /* not to mention this */ } if (vstream_ferror(state->src)) msg_fatal("queue file read error"); - if (rec_type != REC_TYPE_XTRA) + if (rec_type != REC_TYPE_XTRA) { + msg_warn("%s: bad record type: %d in message content", + request->queue_id, rec_type); RETURN(mark_corrupt(state->src)); + } } /* diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 444d7f8bf..beff18fed 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -89,7 +89,7 @@ /* ADDRESS REWRITING CONTROLS /* .ad /* .fi -/* See the ADDRESS_REWRITING_README document for a detailed +/* See the ADDRESS_REWRITING_README document for a detailed /* discussion of Postfix address rewriting. /* .IP "\fBreceive_override_options (empty)\fR" /* Enable or disable recipient validation, built-in content @@ -582,8 +582,13 @@ /* .IP "\fBsyslog_name (postfix)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". +/* .PP +/* Available in Postfix version 2.2 and later: +/* .IP "\fBsmtpd_forbidden_commands (CONNECT, GET, POST)\fR" +/* List of commands that causes the Postfix SMTP server to immediately +/* terminate the session with a 221 code. /* SEE ALSO -/* anvil(8), client count and request rate management +/* anvil(8), connection/rate limiting /* cleanup(8), message canonicalization /* trivial-rewrite(8), address resolver /* verify(8), address verification service @@ -681,6 +686,7 @@ #include #include #include +#include #ifdef SNAPSHOT #include #endif @@ -788,6 +794,7 @@ char *var_xclient_hosts; char *var_xforward_hosts; bool var_smtpd_rej_unl_from; bool var_smtpd_rej_unl_rcpt; +char *var_smtpd_forbid_cmds; #ifdef SNAPSHOT int var_smtpd_crate_limit; @@ -2461,7 +2468,6 @@ typedef struct SMTPD_CMD { } SMTPD_CMD; #define SMTPD_CMD_FLAG_LIMIT (1<<0) /* limit usage */ -#define SMTPD_CMD_FLAG_FORBID (1<<1) /* RFC 2822 mail header */ static SMTPD_CMD smtpd_cmd_table[] = { "HELO", helo_cmd, SMTPD_CMD_FLAG_LIMIT, @@ -2481,17 +2487,11 @@ static SMTPD_CMD smtpd_cmd_table[] = { "QUIT", quit_cmd, 0, "XCLIENT", xclient_cmd, SMTPD_CMD_FLAG_LIMIT, "XFORWARD", xforward_cmd, SMTPD_CMD_FLAG_LIMIT, - "Received:", 0, SMTPD_CMD_FLAG_FORBID, - "Reply-To:", 0, SMTPD_CMD_FLAG_FORBID, - "Message-ID:", 0, SMTPD_CMD_FLAG_FORBID, - "Subject:", 0, SMTPD_CMD_FLAG_FORBID, - "From:", 0, SMTPD_CMD_FLAG_FORBID, - "CONNECT", 0, SMTPD_CMD_FLAG_FORBID, - "User-Agent:", 0, SMTPD_CMD_FLAG_FORBID, 0, }; static STRING_LIST *smtpd_noop_cmds; +static STRING_LIST *smtpd_forbid_cmds; /* smtpd_proto - talk the SMTP protocol */ @@ -2614,17 +2614,19 @@ static void smtpd_proto(SMTPD_STATE *state, const char *service) if (strcasecmp(argv[0].strval, cmdp->name) == 0) break; if (cmdp->name == 0) { + if (is_header(argv[0].strval) + || (*var_smtpd_forbid_cmds + && string_list_match(smtpd_forbid_cmds, argv[0].strval))) { + msg_warn("%s sent non-SMTP command: %.100s", + state->namaddr, vstring_str(state->buffer)); + smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye."); + break; + } smtpd_chat_reply(state, "502 Error: command not implemented"); state->error_mask |= MAIL_ERROR_PROTOCOL; state->error_count++; continue; } - if (cmdp->flags & SMTPD_CMD_FLAG_FORBID) { - msg_warn("%s sent non-SMTP command: %.100s", - state->namaddr, vstring_str(state->buffer)); - smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye."); - break; - } /* XXX We use the real client for connect access control. */ if (state->access_denied && cmdp->action != quit_cmd) { smtpd_chat_reply(state, "503 Error: access denied for %s", @@ -2766,6 +2768,7 @@ static void pre_jail_init(char *unused_name, char **unused_argv) * case they specify a filename pattern. */ smtpd_noop_cmds = string_list_init(MATCH_FLAG_NONE, var_smtpd_noop_cmds); + smtpd_forbid_cmds = string_list_init(MATCH_FLAG_NONE, var_smtpd_forbid_cmds); verp_clients = namadr_list_init(MATCH_FLAG_NONE, var_verp_clients); xclient_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xclient_hosts); xforward_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xforward_hosts); @@ -2918,6 +2921,7 @@ int main(int argc, char **argv) VAR_PERM_MX_NETWORKS, DEF_PERM_MX_NETWORKS, &var_perm_mx_networks, 0, 0, VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0, VAR_SMTPD_NOOP_CMDS, DEF_SMTPD_NOOP_CMDS, &var_smtpd_noop_cmds, 0, 0, + VAR_SMTPD_FORBID_CMDS, DEF_SMTPD_FORBID_CMDS, &var_smtpd_forbid_cmds, 0, 0, VAR_SMTPD_NULL_KEY, DEF_SMTPD_NULL_KEY, &var_smtpd_null_key, 0, 0, VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0, VAR_VERIFY_SENDER, DEF_VERIFY_SENDER, &var_verify_sender, 0, 0, diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c index ec21b8e03..14ccec572 100644 --- a/postfix/src/util/dict_open.c +++ b/postfix/src/util/dict_open.c @@ -26,7 +26,7 @@ /* DICT *dict; /* const char *key; /* -/* char *dict_del(dict, key) +/* int dict_del(dict, key) /* DICT *dict; /* const char *key; /* @@ -124,7 +124,7 @@ /* dictionary. /* /* dict_del() removes a dictionary entry, and returns non-zero -/* in case of problems. +/* in case of success. /* /* dict_seq() iterates over all members in the named dictionary. /* func is define DICT_SEQ_FUN_FIRST (select first member) or diff --git a/postfix/src/verify/verify.c b/postfix/src/verify/verify.c index 0f4f58287..7573422aa 100644 --- a/postfix/src/verify/verify.c +++ b/postfix/src/verify/verify.c @@ -223,11 +223,11 @@ static DICT *verify_map; * In the case of TODO, we have no information about the address, and the * address is being probed. * - * probed: if non-zero, the time of the last outstanding address probe. If - * zero, there is no outstanding address probe. + * probed: if non-zero, the time the currently outstanding address probe was + * sent. If zero, there is no outstanding address probe. * - * updated: if non-zero, the time of the last processed address probe. If zero, - * we have no information about the address, and the address is being + * updated: if non-zero, the time the address probe result was received. If + * zero, we have no information about the address, and the address is being * probed. * * text: descriptive text from delivery agents etc. @@ -256,7 +256,10 @@ static int verify_parse_entry(char *buf, int *status, long *probed, if ((probed_text = split_at(buf, ':')) != 0 && (updated_text = split_at(probed_text, ':')) != 0 - && (*text = split_at(updated_text, ':')) != 0) { + && (*text = split_at(updated_text, ':')) != 0 + && alldig(buf) + && alldig(probed_text) + && alldig(updated_text)) { *probed = atol(probed_text); *updated = atol(updated_text); *status = atoi(buf);