From: Wietse Venema Date: Tue, 28 Feb 2017 05:00:00 +0000 (-0500) Subject: postfix-3.2.0 X-Git-Tag: v3.2.0^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e60c750c2ca9d04fc188d560f34f2ff7e0ec735;p=thirdparty%2Fpostfix.git postfix-3.2.0 --- diff --git a/postfix/AAAREADME b/postfix/AAAREADME index e20091c87..e6f5940d5 100644 --- a/postfix/AAAREADME +++ b/postfix/AAAREADME @@ -61,13 +61,16 @@ Safford, Douglas Schales, and Leendert van Doorn. I also appreciate the support by Charles Palmer under whose leadership I began this project, and who had the privilege to name the software, twice. +Postcards +========= + If you wish to express your appreciation for the Postfix software, you are welcome to send a postcard to: Wietse Venema - IBM T.J Watson Research Center - P.O. Box 704, - Yorktown Heights, NY 10598 + Google + 111 8th Avenue, 4th floor + New York, NY 10011 USA Roadmap of the Postfix source distribution diff --git a/postfix/HISTORY b/postfix/HISTORY index a05d6f154..3b7a72b5b 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -22931,10 +22931,14 @@ Apologies for any names omitted. 20170207 - Cleanup: rephrased the precondition paranoia. File: - global/mail_conf.c. + Cleanup: rephrased paranoia precondition. File: global/mail_conf.c. 20170211 - Cleanup: rephrased the precondition for paranoia. File: - util/unsafe.c. + Cleanup: rephrased paranoia precondition. File: util/unsafe.c. + +20170218 + + Cleanup: typofixes from klemens. The only change in compiled + code is in one identical mysql error message that also + appears in the pgsql client. Files: about 50. diff --git a/postfix/Makefile b/postfix/Makefile index bf0bad878..0e79e472c 100644 --- a/postfix/Makefile +++ b/postfix/Makefile @@ -1,7 +1,7 @@ # Usage: # make makefiles [name=value]... # -# See makedefs for a descripton of available options. +# See makedefs for a description of available options. # Examples: # # make makefiles diff --git a/postfix/Makefile.init b/postfix/Makefile.init index bf0bad878..0e79e472c 100644 --- a/postfix/Makefile.init +++ b/postfix/Makefile.init @@ -1,7 +1,7 @@ # Usage: # make makefiles [name=value]... # -# See makedefs for a descripton of available options. +# See makedefs for a description of available options. # Examples: # # make makefiles diff --git a/postfix/TLS_LICENSE b/postfix/TLS_LICENSE index c588674c3..3d54be271 100644 --- a/postfix/TLS_LICENSE +++ b/postfix/TLS_LICENSE @@ -30,7 +30,7 @@ Disclaimer: ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR - OTHER PEOPLE YOU ARE STRONGLY ADVICED TO PAY CLOSE ATTENTION TO ANY + OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHOR OF PFIXTLS IS NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFULLY YOURSELF, IT IS YOUR RESPONSIBILITY. diff --git a/postfix/WISHLIST b/postfix/WISHLIST deleted file mode 100644 index 4d457e647..000000000 --- a/postfix/WISHLIST +++ /dev/null @@ -1,978 +0,0 @@ -Wish list: - - Things to do before the stable release: - - Spell-check, double-word check, and HTML validator check. - - Disable -DSNAPSHOT and -DNONPROD in makedefs. - - Convert postalias(1) to store external-form keys, and convert - aliases(5) to perform external-first lookup with fallback to - internal form, to make it consistent with the rest of Postfix. - In several years we may remove the internal-form fallbacks - with a compatibility_level safety net. - - In the bounce daemon, set util_utf8_enable if returning an - SMTPUTF8 message. - - Add a header_body_checks extension callback in smtp_proto.c - that implements the PASS action. - - Propagate SMTPD_PEER_CODE_XXX from smtpd(8) to cleanup(8), - so that {client_resolve} and {_} produce consistent results. - - NO_IP_CYRUS_SASL_AUTH should be a main.cf parameter. - - Modeline support in config files to enable/disable trailing - #comment, and to give hints about how to handle an LHS or - RHS. This will not preserve trailing comments in lines that - are modified with "postconf -e" and the like. - - Maintainability: replace lengthy libmilter-API argument lists - with named parameters, as with the libtls API. - - Fix buflen integer overflow detection in dict*sql.c. - - Fix "make test" bitrot. - - Move DNS-based tests from porcupine.org to postfix.org. - - Document dns_ncache_ttl_fix_enable use case in POSTSCREEN_README - and RELEASE_NOTES. - - Remove this file from the stable release. - - Things to do after the stable release: - - Specify WARN_UNUSED_RESULT for all library functions that - pass, deliver, bounce or defer a delivery request. - - Invent some kind of type-checking wrappers for htable(3), - ctable(3) and other modules that take and return a void* - pointer. We already did that for variadic functions. - - TLS certificate provenance: indicate whether a subject - name/issuer are verified or not (for example, change the - attribute name to unverified_ccert_subject etc.). This is - relevant only for fingerprint-based authentication including - DANE, and affects logging, SMTPD policy, and Milters. - - Generalize the daemon '-S' stand-alone mode, so that it can - be used with custom configuration settings for request/reply - regression testing. This would use the existing "-o name=value" - support to override parameters. For example, queue_directory - would point to a directory with sockets for fake versions of - Postfix-internal services. - - Update the list of Sendmail macros that Postfix can send - to Milters (auth_ssf and TLS-related). - - Update smtpd command count when rejecting or skipping input - before command-table lookup. But then we need to count - commands that are rejected (malformed UTF-8, tokenizer - error, forbidden command), or skipped (noop). - - What is the best place to detect spaces in pathnames during - installation/upgrade/packaging? postfix-install for early - warning, and post-install as a safety net? - - When the service basename differs from the program file - basename, either prepend the service name to the syslogname (as - if syslog_name=postfix/service/program), or prepend the service - name to the process name (perhaps too confusing). The service - indication is desirable for mail delivery transports (smtp - versus relay) as it identifies what scheduler parameters are - in effect, but it is also desirable for mail receiving services - (smtp versus submission verus smtps as configured in the stock - master.cf file). This requires exceptions for some program names - (exclude smtpd to avoid logging postfix/smtp/smtpd which could - result in more confusion, and maybe other program names). - - UTF8 DNS[BW]L domain name. - - Consolidate maps flags in mail_params.h instead of having - multiple copies scattered across programs. - - Try to allow UTF-8 myhostname/mydomain, at least in bounce - template expansion. - - In the SMTP server, do not issue an enhanced status code when - rejecting a connection before the HELO handshake is completed. - - Maybe don't whitelist a client that has maxed out its - per-MTA connection count limit. - - Inline support for pcre:{/pattern/=action, ...} and ditto - support for regexp: and cidr: tables. Factor out and reuse - code that already exists in inline: and other tables. - - Log command=good/bad statistics in postscreen? - - smtpd_checks tests either must use a DNS dummy resolver - (override the res_search API) or all names must be under - test.postfix.org (but that does not work for address->name - lookups, and cannot simulate some errors). - - Reporting the original Message-ID in a bounce message - In-Reply-To: or References: header. In the cleanup daemon, - grab a copy of the Message-ID and export it along with other - header-extracted information at the top of the "extracted" - queue file segment. In the queue manager, extract this - along with other header-extracted information, and forward - the Message-ID in the bounce server notification request. - - Clobber ORCPT when sender is owner-mumble? - - Add milter_mumble_macros to the list of per-macro features. - - The pickup daemon logs warnings only when the cleanup daemon - dit not provide a "reason" attribute. Is this logic right? - - up-convert myhostname to UTF-8 in MIME boundary strings? - - Eliminate code duplication between pcf_print_master_field() - and pcf_print_master_entry(). - - Error reporting: see if pcf_check_master_entry() and children - can return error descriptions instead of terminating with - a fatal error. - - Add a switch to consider postscreen deep protocol tests as - "completed" when receiving "RSET" after "RCPT TO" and the - session has passed all tests up to that point. RSET becomes - like QUIT except perhaps that it does not hang up. - - apipe: map, splits results into address lists and performs - lookups for the invidual addresses, converting back and - forth between external and internal forms. - - Clarify that receive_override_options have no effect with - smtpd_proxy_filter. - - Document the relative order of header_checks, address - rewriting, milters. - - NOT: Table-driven case folding and case-insensitive string - comparison specifically for UTF-8. Use libicu functions - instead. - - When downgrading message/global to 7bit, is quoted-printable - the appropriate encoding? Should it be base64? - - Should we encode headers with RFC 2047, when that is the - only reason that Postfix cannot deliver to a non-UTF8SMTP - server? Probably not in the general case. What about - Postfix as a gateway server that converts UTF8SMTP - for delivery to non-UTF8SMTP environments? - - Document and test restriction_classes example for - smtpd_policy_service_default_action. - - Don't accept AUTH or other features that are not announced - in the EHLO response. - - Suggested at Mailserver conference: Postscreen RDNS-based - reputation (but this makes postscreen performance highly - unpredicable because it introduces a dependency on random - DNS servers). - - Suggested at Mailserver conference: a way to select a - specific field in a table, presumably as the result value. - This may be done with a filtermap{i,j,...}: table that propagates - only the specified field(s). - - Discourage the use of "after 220" tests in POSTSCREEN_README - and the documentation of individual parameter settings. - - To un-break "make tests" under src/smtpd, make tests - independent from the DNS and native routines for host - name/address lookup. - - Make been_here flag BH_FLAG_FOLD configurable for masochists. - - Replace some redundant TLS_README sections with pointers - to FORWARD_SECRECY_README. - - Move html/index.html source to proto/. - - How hard is it to follow canonical or virtual mapping - for the purpose of address validation? We must never - reject a valid address. - - Preserve case in smtpd_resolve_addr() and add a structure - member for the case-folded address. IIRC some Milter macro - needs to show the unfolded address. - - Per SASL account rate limits. This requires new infrastructure - that maintains stats by SASL account instead of client IP - address. - - Watchdog timer in postmap/postalias. - - Begin code revision, after DANE support stabilizes. This - should be one pass that changes only names and no code. - - recipient_delimiters = $recipient_delimiter for BC - - All source code must specify its original author and - license statement. Some code modules specify Lutz Jaenicke - as the original author and fall under his liberal license. - Code that is added to such a module has the same license - (or at least something that is not more restrictive). Code - modules without input from Lutz Jaenicke must state its - original author and license (preferably no more restrictive - than Postfix's own license). Currently, too many files list - Wietse as the original author, and Lutz Jaenicke's license, - which is wrong. - - We have smtp_host_lookup, smtp_dns_resolver_options, and - now smtp_dns_support_level. Of these, smtp_dns_resolver_options - is orthogonal but the rest has overlap. - - There needs to be support for automatic migration from the - deprecated disable_dns_lookups feature to the preferred - smtp_dns_support_level feature. This support needs to exist - for several releases before the deprecated feature can be - removed. - - End code revision, after DANE support stabilizes. - - It would be nice if "bare username" lookup is not hard-coded - for domains in the local address class. - - Don't forget Apple's code donation for fetching mail from - IMAP server. - - Should postconf -o refuse to work without the -x option? - - Make 30s caching (feature 20070414) configurable, such that - 0 means no caching. - - Make errno white/blacklist for getpwnam_r etc. and mailbox - write errors. - - smtpd_muble_restrictions rule names are case-insensitive. - restriction_classes values are case-sensitive but should - be case-insensitive for consistency with smtpd_muble_restrictions. - - Make "rename" the default when postmapping a DB file - (later: use copy+rename for postmap -i, postmap -d). - - Service-name parameters aren't documented in daemon manpages. - - When faking up the DSN ORCPT, don't send bare usernames - from local command-line submission. - - lmtp_assume_final is broken. A 2XX response does not imply - final delivery. The Sieve language implements accept-then-bounce. - - postscreen event-driven plug-in interface to send out a - query in parallel with the Pregreet and DNSBL tests, using - a simplified version of the policy delegation protocol. - - Parallelized queue preprocessing: rip out the queue manager - code to read queue files and resolve recipients, and run - it in parallel processes. The queue manager then processes - their results as they become available. This would eliminate - the qmgr<->trivial-rewrite bottleneck. This can also eliminate - much of the scheduling disadvantage of a single queue manager - compared to hundreds of mail receiving or sending processes - (especially if there is a way to scan the queue in parallel). - - Memory pools for same-type memory objects. This can be - used to either increase memory locality for frequently-allocated - objects (MRU allocation) or to make use-after-free bugs - more detectable (use LRU allocation and wipe the object - immediately after free(). Finally, same-type memory pools - prevent object type errors with use-after-free bugs. - - "no-cache" option for selected postscreen tests? - - Need a new DICT flag to indicate that a map handle supports - locking. If it doesn't (as with memcache or proxymap - handles), then postscreen etc. don't need to close a cache - file after "postfix reload". After a fork() it is OK to - keep using a memcache or proxymap handle, because the parent - exits immediately. For this to work, the memcache client - needs to propagate the flag from a persistent backup map, - but the proxymap protocol should not propagate this to the - client. - - Different TTL values for different DNSBL sources? - - Replace master(8) SIGHUP by very simple socket protocol to - allow reload of a specific service. - - postscreen: in the dummy SMTP engine, log the protocol state - at time of violation (like smtpd, set state->where initially - to CONNECT, then update it with the name of the last "known" - command, or set it to "unimplemented"). - - The discussion of postscreen cache configuration is in the - wrong place (how whitelisting works). Move it to the section - about configuring postscreen. - - Before proxymap can be exposed to the network (primarily - to share postscreen or verify caches), need to enforce - limits on attribute string name and value length in IPC - protocols. 10-20KB seems OK. We need to enforce content - sanity checks (for example, no control characters; Postfix - does not pass around multi-line data in table lookups). The - VSTREAM library already supports read/write deadlines. We - need to use attack-resistant code for numeric conversion. - - move flush_init() etc. from defer service clients to the - bounce daemon? Postfix works best when work can be spread - out over many clients, instead of over a few servers. - - multi_connect() function that takes a list of inet:host:port - and/or unix:pathname specs, with an explicit "inet" prefix - argument to handle applications that use host:port only. - This will simplify multi-host implementation for memcache - client, dovecot client, and other. - - dict_memcache: treat "bad" key as cache miss, i.e. read/write - the backup database as if the cache did not exist. This - does not help because most Postfix maps (virtual, canonical, - access, transport, ...) also don't support spaces in keys. - - postscreen: keep the cache open after "postfix reload" when - it is remote (type memcache: or proxy:). This does not work - because memcache can use a non-proxied file as backup). - - What is the feasibility of adding an mta_name (personality) - attribute that is propagated via queue files and delivery - agent requests? It would default to myhostname. - - Major performance improvement opportunity (that is until - everyone runs Postfix queues on SSDs). Investigate the - viability of a daemon that produces incoming and postdrop - queue files on request (in reality it would maintain a - limited queue of "spare" files). Central queue file allocation - reduces the I/O performance disadvantage that qmgr has when - 100 smtpd processes are receiving mail, or when lots of - mail is submitted with the sendmail command line. When an - smtpd process accepts MAIL FROM, a cleanup daemon requests - a queue file and receives a queue ID + file handle from the - queue file daemon. If the queue file daemon is down, the - cleanup daemon creates the file itself like it does now; - this can be hidden in the mail_stream library module. If - the mail transaction is aborted, then the cleanup daemon - gives the queue file back to the queue file daemon's "spare" - file pool, saving most of the overhead of creating and - deleting a queue file (the file would still need to be - renamed at the start of the next mail transaction). If the - cleanup daemon is unable to give a file back, then it can - delete the file like it does now; this can be hidden in the - mail_stream library module. The whole thing can be - transparently added to Postfix by adding calls to a - queue-file-service client to the mail_queue_enter() and - mail_queue_remove() library routines. Other advantages: - 1) negligible performance hit when queue file allocation - happens earlier, so that logging and milters have a queue - ID for the whole transaction not just the first valid - recipient; 2) by not removing every queue files we get most - of the performance gain of a queue based on append/truncate - instead of the much more expensive create/delete. - - Investigate viability of Sendmail dns maps. - - Make the rules for how to use close-on-exec more explicit. - - Provide separate timeout control for dict_proxy client, - rewrite client, resolve client, cleanup client, and so on. - Perhaps a timeout argument to the mail_connect() routines. - - Trick from amavisd: save listen socket/fifo/etc state, clear - their close-on-exec flags, exec the same program file to - re-initialize (with saved socket state on command line or - in environment), then restore the listen socket/fifo/etc - close-on-exec flags. This could be a way to mitigate the - impact of memory/file leaks, and to implement "postfix - reload" support for master(8) features that currently don't - support this. - - Sub-second time resolution. The first benefit is to make - per-destination rate delays more usable. Other applications - will come up once the support exists. The straightforward - approach is to represent all time intervals in milliseconds, - and to update all code that makes system calls with a time - argument (as well as the compiled-in upper and lower time - parameter bounds, which are currently in seconds). - Unfortunately, that limits he maximum time interval to less - than 25 days on 32-bit systems, and is likely to break - compatibility (for starters, it cannot even deal with the - compiled-in 100d upper bound on the queue file lifetime). - A second option is to have a "compatibility" time base - switch between milliseconds and seconds; this means extra - changes to all code that makes system calls with a time - argument, and the way that the compiled-in upper and lower - bounds are specified. Some of this can be encapsulated in - macros like time_to_sec(t), time_to_msec(t) and sec_to_time(t). - Finally, it is relatively easy to replace the events(3) - interface to use "double" for the time delay arguments, but - it is a major pain to convert all main.cf time parameters - into doubles (converting only some leads to a documentation - nightmare). - - Address verify cache: allow a negative cache "refresh" - result to purge a "positive" cache entry in some safe manner. - Currently, the negative cache "refresh" result is discarded, - address verify cache lookup returns OK, and each lookup - forces a "refresh" probe until the entry expires. - - Some Sendmail configurations trigger sub-optimal behavior - when the postscreen_whitelist_interfaces parameter lists - primary MX addresses only. When postscreen's "deep protocol - tests" are successful on the primary MX address (i.e. they - result in 4XX responses to RCPT TO), some Sendmail - configurations keep the primary MX connection open until - AFTER they finish talking to the backup MX address. The - problem is that the backup connection runs into a WHITELIST - VETO condition because the whitelisting database has not - yet been updated with the PASS NEW result for the primary - MX connection. Unfortunately postscreen can't update the - whitelisting database before the primary MX connection is - closed, because a client may still make a mistake. - - In the SMTP server, check if the connection is closed before - replying to ".", and discard the message if the reply can't - be sent. This reduces the time window for RFC 1047 message - duplication, and may even prevent the delivery of some spam. - http://www.exim.org/lurker/message/20070416.103159.9d5ff0ce.en.html - This requires splitting the SMTP server's commit operation - into two operations: first, a tentative commit operation - that performs most of the I/O and processing in milters and - in the cleanup server; second, a final commit operation - that is executed only if the remote SMTP client hasn't hung - up in the mean time. Unfortunately, SMTP-based before-queue - content filters don't support a tentative commit operation. - - Find out how to reproduce Berkeley DB bogus ENOENT errors. - postscreen does not log this with Berkeley DB 1 (FreeBSD - 4..8), 4.7.25 (Ubuntu 9.04) and 4.8.24 (Ubuntu 10.04). - - postconf command-line option to show the compile-time - settings (CCARGS, AUXLIBS) in case binary packages - don't install the makedefs.out file. - - events.c: cache the side effects of file descriptor event - enable/disable operations in user space, and do bulk kernel - updates at event_loop() time. This can eliminate costly - system calls with successive event disable/enable operations - on the same file descriptor. This can also eliminate the - need for tricky code that tries to avoid the expense of - successive disable/enable operations. Such code is likely - to introduce bugs. - - When does it pay off to send domains in the active queue - to a DNS prefetch daemon? Could this generalize to a dynamic - transport map that piggy-backs domains with the same MX - host into the same mail delivery transaction? - - tlsproxy(8) should receive TLS preferences from postscreen(8) - and smtpd(8), instead of reading them from main.cf. This - means that many tlsproxy_ parameters become postscreen_ - parameters, and that tls_server_init() parameters move to - to tls_server_start(). That is a significant API change. - It also means tlsproxy can't open all files before chroot(). - - anvil rate limit for sasl_username. - - Encapsulate nbbio buffer access and update by tlsproxy. - - Full-duplex support for tlsproxy(8). This requires updating - events(3) and nbbio(3). - - Register automagic destructor for object attached to VSTREAM. - - Use different ipc time limits for email message transactions - (smtpd, pickup)->cleanup and for quick query/reply transactions - such as address rewriting/resolution. Beware of large time - limits for local or virtual alias expansion. - - permit_tempfail_action (default: defer_if_reject) to be - used as the default value for dnswl_tempfail_action and - rhswl_tempfail_action. Steal liberally from the code that - implements unverified_recipient_tempfail_action etc. - - Support filtering of messages that are generated by Postfix: - This would apply to postmaster notices and bounce messages - (DKIM), and address verification (BATV). - - Consistency: in postconf.proto make
..
tags bold. - - Would it help if there were different cleanup_service - parameter names for different message paths? smtpd(8) uses - the same cleanup_service value for receiving remote mail - and for submitting postmaster problem reports. Do we need - separate mumble_cleanup_service_name parameters for "inject", - "notify" and "forward" (with backwards compatible defaults)? - - IF/ENDIF support for CIDR tables. - - Need a regular expression table to translate address - verification responses into hard/soft/accept reply codes. - - Is there a way to make sendmail -V work after local alias - expansion? Majordomo-like mailing lists would benefit from - this; the example in VERP_README does not work in the general - case. - - When an alias is a member of an :include: list with owner- - alias, local(8) needs an option to deliver alias or alias->user - indirectly. What happens when an :include: list with owner- - alias includes another list? - - Don't allow empty result values in pcre and regexp maps. - Postfix doesn't allow them anywhere else (check this). - - Make PCRE_MAX_CAPTURE configurable. - - Add some checks for tokens starting with #. A challenge - is to report sensible context from the guts of some low-level - parser, without introducing a great deal of clumsiness. - - Add sendmail macros for {verify} and maybe other TLS info. - - Find out if we are doing the correct thing by looking at - state->milter_reject_text when expanding {rcpt_addr} or - {rcpt_host}. - - Find out why post_mail() etc. block when the qmgr fifo is - full (answer: trigger_timeout). How can this cause delays - in the queue manager? When a recipient bounces during - (transport, nexthop, address) resolution, it is redirected - to the error or retry mailer; and bounce-after-delivery is - asynchrounous so it can't block the queue manager, either. - - How to ensure that proxy_read_maps is processed after all - its dependencies are initialized, or just bite the bullet - and rewrite the parameter initialization code. - - The cleanup virtual alias expansion limit does not really - deliver on its promises. 1) It promises to truncate the - result without aborting delivery, which would be undesirable - anyway, but that is not what it does, so that is good. 2) - It keeps all the recipients from multi-recipient database - lookup, then terminates further recursion when the result - exceeds the expansion limit. This behavior achieves the - original goal that all things shall have a finite size (even - though but we don'really care how large they are) but may - result in surprises when recipients are listed in virtual - alias domains or need expansion for other reasons. In a - phone call with Victor, a reasonable way out is to set the - limit to some large number (100000) and abort delivery when - the result exceeds the limit. - - Should the postscreen save permanent white/black list lookup - results to the temporary cache, and query the temporary - cache first? Skipping white/black list lookups will speed - up the handling of "good" clients without a permanent - whitelist entry. Of course, this means that updates to the - white/black lists do not immediately take effect. Workarounds: - 1) use a shorter temporary cache TTL for clients on the - permanent black/white lists; 2) ignore cached white/black - list lookup results after "postfix reload"; 2) adjust the - logging, for example "WHITELISTED address (cached)" and - "BLACKLISTED address (cached)" to eliminate surprises. - Comparing the cache entry time with the white/blacklist - file modification time is not foolproof: for example, pcre - or CIDR tables are read only once. - - It would be nice if the generic dict_cache(3) cache manager - could postpone process suicide until cache cleanup is - completed (but that is not possible when postscreen forks - into the background to finish already-accepted connections, - and it is not desirable when a host is being shut down). - - When postscreen drops a connection, a 521 "greeting" should - be of the form "521 servername..." and not have an enhanced - status code. The "521 5.7.1" form can be used after EHLO. - Of course no spammer is going to complain about Postfix - SMTP compliance. - - Find a place to document all the mail routing mechanisms - in one place so people can figure out how Postfix works. - - The access map BCC action is marked "not stable", perhaps - because people would also expect BCC actions in header/body_checks. - How much would it take to make the queue file editing code - generally usable? - - Move smtpd_command_filter into smtpd_chat_query() and update - the session transcript (see smtp_chat_reply() for an example). - - SMTP connection caching without storing connections, to - improve TLS mail delivery performance. - - Should not milter8_mail_event() unset the "hold" default - reply? Better, the default reply should not be used for - this purpose. - - Don't send MASTER_STAT_TAKEN/MASTER_STAT_AVAIL when a server - runs with process limit of 1. But this means the master - never learns that the process is successful and will always - pause $service_throttle_time before restarting a failed service. - - Don't bother maintaining a per-service lockfile when a - server runs with process limit of 1. The purpose of the - lockfile is to avoid thundering herd problems when the kernel - wakes up multiple processes for each new client connection. - - Implement PREPEND action for milter_header_checks. Save the - to-be-prepended text to buffer, then emit it along with the - new header. - - Fix the header_body_checks API, so that the name of the map - class (e.g. milter_header_checks) is available for logging. - - Fix the mime_state and header_body_checks APIs, so that - they use VSTRINGs. This simplifies REPLACE actions. - - Update FILTER_README for multi-instance support, and rename - the old document to FILTER_LEGACY_README. - - Need to sign delivery status notifications, to avoid surprises - when eventually people start enforcing DKIM etc. signatures. - - Either document or remove the internal_mail_filter_classes - feature (it's disabled by default). - - Make the "unknown recipient" test configurable as - first|last|never, with "yes"=="last" for backwards - compatibility. The "first" setting is good for performance - (stress=yes) when all users are defined in local files; but - it may perform worse when users are in networked tables. - - Cleanup: make DNSBL query format configurable beyond the - client's reversed IP address. - - With 'final delivery' in the LMTP client, need an option - to also add delivered-to and other pipe(8) features. This - requires making mail_copy() functionality available in - non-mailbox context. - - Cleanup: modernize the "add missing From: header" code, to - ``phrase '' form. Most likely, quote the entire phrase - if it contains any text that is special, then rfc822_externalize - the whole thing. - - SMTP server: make the server_addr and server_port available - to policy server, Dovecot, and perhaps Milters. - - Med: local and remote source port and IP address for smtpd - policy hook. - - Maybe change maps_rbl_reject_code default to 521, and - update wording in STRESS_README. - - Encapsulate time_t comparisons so that they can be made - system dependent (use difftime() where available). - - Encapsulate time_t conversions (e.g. REC_TYPE_TIME) so that - they can be made system dependent. - - Plan for time_t larger than long, or wait for LP64 to - dominate the world? - - Make "AUTH=<>" appendage to MAIL FROM configurable, enabled - by default. - - To support ternary operator without a huge parsing effort, - consider ${value?{xxx}:{yyy}} where ${name} is existing - syntax, and where ?{text} and :{text} are new syntax that - is unlikely to break existing configurations. Or perhaps - it's just too ugly. - - Write delivery rate delay example (which _README?) and auth - failure cache example (SASL_README). Then include them in - SOHO_README. - - Look for alternatives for the use of non_smtpd_milters. - This involves some way to force local submissions to go - through a local SMTP client and server, without triggering - "mail loops back to myself" false alarms. The advantage is - that it makes smtpd_mumble_restrictions available for local - and remote mail; the disadvantage is that it makes local - submissions more dependent on networking. One possibility - is to use "pickup -o content_filter=smtp:127.0.0.1:10025", - or a dedicated SMTP client/server on UNIX-domain sockets; - we could also decide to always suppress "mail loop" detection - for loopback connections. Another option is to have the - pickup or cleanup server drive an SMTP client directly; - this would require extension of the mail_stream() interface, - plus a way to handle bounced/deferred recipients intelligently, - but it would be at odds with Postfix design where delivery - agents access queue files directly; exposing delivery agents - to raw queue files violates another Postfix design principle. - - Consolidate duplicated code in *_server_accept_{pass,inet}(). - - Consolidate duplicated code in {inet,unix,upass}_trigger.c. - - In the SMTP client, handle 421 replies in smtp_loop() by - having the input function raise a flag after detecting 421 - (kill connection caching and be sure to do the right thing - with RSET probes), leave the smtp_loop() per-command reply - handlers unchanged, and have the smtp_loop() reader loop - bail out with smtp_site_fail("server disconnected after - %s", where), but only in the case that it isn't already in - the final state. But first we need to clean up the handling - of do/don't cache, expired, bad and dead sessions. - - Combine smtpd_peer.c and qmqpd_peer.c into a single function - that produces a client context object, and provide attribute - print/scan routines that pass these client context objects - around. With this, we no longer have to update multiple - pieces of code when a client attribute is added. Ditto for - SASL and TLS context. - - Don't log "warning: XXXXX: undeliverable postmaster - notification discarded" for spam from outside. - - Really need a cleanup driver that allows testing against - Milter applications instead of synthetic events. This would - have to provide stubs for clients that talk to Postfix - daemon processes. See if this approach can also be used for - other daemons. - - smtpd(8) exempts $address_verify_sender from access controls, - but it doesn't know whether cleanup(8) or delivery agents - modify the sender. Would it be possible to "calibrate" this - exemption, perhaps by having delivery agents pass the probe - sender to the verify server, keeping in mind that the probe - sender may differ per delivery agent due to output rewriting. - - Update attr_print/scan() so they can send/receive file - descriptors. This simplifies kludgy code in many daemons. - - Would there be a problem adding $smtpd_mumble_restrictions - and $smtpd_sender_login_maps to the default proxy_read_maps - settings? - - Remove defer(8) and trace(8) references and man pages. These - are services not program names. On the other hand we have - man pages for lmtp(8) and smtp(8), but not for relay(8). - Likewise, retry(8) does not have a man page. - - Bind all deliveries to the same local delivery process, - making Postfix perform as poorly as monolithic mailers, but - giving a possibility to eliminate duplicate deliveries. - - Maybe declare loop when resolve_local(mxhost) is true? - - Update message content length when adding/removing headers. - - Need scache size limit. - - REDIRECT should override original recipient info, and - probably override DSN as well. - - Update FILTER_README with mailing list suggestions to tag - with a badness indicator and then filter down-stream. - - Make null local-part handling configurable: either expand - into mailer-daemon (current bahavior) or disallow (strict - behavior, currently implemented only in the SMTP server). - - Add M flag (enable multi-recipient delivery) to pipe daemon. - - The usage of TLScontext->cache_type is unclear. It specifies - a TLS session cache type (smtpd, smtp, or lmtp), but it is - sometimes used as an indicator that TLS session caching is - unavailable. In reality, that decision is made by not - registering call-back functions for cache maintenance. - - Postfix TLS library code should copy any strings that it - receives from the application, instead of passing them - around as pointers. TLScontext->cache_type is a case in - point. - - Are transport:nexthop null fields the same as in the case - of default_transport etc. parameters? - - Don't lose bits when converting st_dev into maildir file - name. It's 64 bits on Linux. Found with the BEAM source - code analyzer. Is this really a problem, or are they just - using 64 bits for upwards compatibility with LP64 systems? - - Do or don't introduce unknown_reverse_client_reject_code. - - Check that "UINT32 == unsigned int" choice is ok (i.e. LP64 - UNIX). - - Tempfail when a Milter application tries to negotiate content - access, while it is configured in an SMTP server that runs - before the smtpd_proxy filter. - - Log DSN original recipient when rejecting mail. - - Keep whitespace between label and ":"? - - Make the map case folding/locking options configurable, if - not at run-time then at least at compile time so we get - consistent behavior across applications. - - Investigate what it would take to eliminate oqmgr, and to - make the old behavior configurable in a unified queue - manager. This would shave another 2.7 KLOC from the source - footprint. - - Document the case folding strategy for match_list like - features. - - Eliminate the (incoming,deferred)->active rename operation. - This requires an in-memory hash of queue file names to avoid - duplicate open() operations. - - Softbounce fallback-to-ISP for SOHO users. This heuristic - assumes that when direct-to-MX delivery fails with 5XX, - delivery via the ISP may still succeed. This could be - implemented by enabling soft bounces for destinations other - than the smtp_fallback_relay. So the only benefit of this - over the existing soft_bounce feature is that it has no - effect on smtp_fallback_relay deliveries. - - Centralize main.cf parameter input so that defaults work - consistently. What about parameter names that are prefixed - with mail delivery transport names? - - Fix default time unit handling so that we can have a default - bounce lifetime of $maximal_queue_lifetime, without causing - panics when a non-default maximal_queue_lifetime setting - includes no time unit. - - After the 20051222 ISASCII paranoia, lowercase() lowercases - ASCII text only. - - Privacy: remove local command/pathname details from remote - delivery status reports, and log them via local msg_warn(). - - Is it safe to cache a connection after it has been used for - more than some number of address verification probes? - - Try to recognize that Resent- headers appear in blocks, - newest block first. But don't break on incorrect header - block organization. - - Hard limits on cache sizes (anvil, specifically). - - Laptop friendliness: make the qmgr remember when the next - deferred queue scan needs to be done, and have the pickup - server stat() the maildrop directory before searching it. - - Low: replace_sender/replace_recipient actions in access - maps, so they can be used in policy servers? - - Low: configurable order of local(8) delivery methods. - - Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout) - to limit the total time spent trying to connect. - - Med: transform IPv4-in-IPv6 address literals to IPv4 form - when comparing against local IP addresses? - - Med: transform IPv4-in-IPv6 address literals to IPv4 form - when eliminating MX mailer loops? - - Med: Postfix requires [] around IPv6 address information - in match lists such as mynetworks, debug_peer_list etc., - but the [] must not be specified in access(5) maps. Other - places don't care. For now, this gotcha is documented in - IPV6_README and in postconf(5) with each feature that may - use IPv6 address information. The general recommendation - is not to use [] unless absolutely necessary. - - Med: the partial address matching of IPv6 addresses in - access(5) maps is a bit lame: it repeatedly truncates the - last ":octetpair" from the printable address representation - until a match is found or until truncation is no longer - possible. Since one or more ":" are usually omitted from - the printable IPv6 address representation, this does not - really try all the possibilities that one might expect to - be tried. For now, this gotcha is documented in access(5). - - Low: reject HELO with any domain name or IP address that - this MTA is the final destination for. - - Low: should the Delivered-To: test in local(8) be configurable? - - Low: make mail_addr_find() lookup configurable. - - Low: update events.c so that 1-second timer requests do not - suffer from rounding errors. This is needed for 1-second - SMTP session caching time limits. A 1-second interval would - become arbitrarily short when an event is scheduled just - before the current second rolls over. - - Low: configurable internal/system locking method. - - Low: add INSTALL section for pre-existing Postfix systems. - - Low: add INSTALL section for pre-existing RPM Postfixes. - - Low: disallow smtpd_recipient_limit < 100 (the RFC minimum). - - Low: noise filter: allow smtp(8) to retry immediately if - all MXes return a quick ECONNRESET or 4xx reply during the - initial handshake. Retry once? How many times? - - Low: make post-install a "postfix-only script" so it can - take data from the environment instead of main.cf. - - Low: randomize deferred mail backoff. - - Med: separate ulimit for delivery to command? - - Med: postsuper -r should do something with recipients in - bounce logfiles, to make sure the sender will be notified. - To be perfectly safe, no process other than the queue manager - should move a queue file away from the active queue. - - This could involve tagging a queue file, and use up another - permission bit (postsuper tags a "hot" file, qmgr requeues it). - - Low: postsuper re-run after renaming files, but only a - limited number of times. - - Low: smtp-source may block when sending large test messages. - - Med: find a way to log the sender address when MAIL FROM - is rejected due to lack of disk space. - - Low: revise other local delivery agent duplicate filters. - - Low: all table lookups should consistently use internalized - (unquoted) or externalized (quoted) forms as lookup keys. - smtpd, qmgr, local, etc. use unquoted address forms as keys. - cleanup uses quoted forms. - - Low: have a configurable list of errno values for mailbox - or maildir delivery that result in deferral rather than - bouncing mail. What about "killed by signal" exits? - - Low: after reorganizing configuration parameters, add flags - to all parameters whose value can be read from file. - - Medium: need in-process caching for map lookups. LDAP servers - seem to need this in particular. Need a way to expire cached - results that are too old. - - Low: generic showq protocol, to allow for more intelligent - processing than just mailq. Maybe marry this with postsuper. - - Low: default domain for appending to unqualified recipients, - so that unqualified names can be delivered locally. - - Low: The $process_id_directory setting is not used anywhere - in Postfix. Problem reported by Michael Smith, texas.net. - This should be documented, or better, the code should warn - about attempts to set read-only parameters. - - Low: while converting 8bit text to quoted-printable, perhaps - use =46rom to avoid having to produce >From when delivering - to mailbox. - - virtual_mailbox_path expression like forward_path, so that - people can specify prefix and suffix. diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index 0c36e3ac7..7af8bdeea 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -623,7 +623,7 @@ debugger_command = # >$config_directory/$process_name.$process_id.log & sleep 5 # # Another possibility is to run gdb under a detached screen session. -# To attach to the screen sesssion, su root and run "screen -r +# To attach to the screen session, su root and run "screen -r # " where uniquely matches one of the detached # sessions (from "screen -list"). # diff --git a/postfix/conf/postfix-tls-script b/postfix/conf/postfix-tls-script index d66be1b2e..2c3430a1a 100644 --- a/postfix/conf/postfix-tls-script +++ b/postfix/conf/postfix-tls-script @@ -1099,7 +1099,7 @@ output-server-tlsa) done set_fqdn "${hostname}" - # Here positional arguments are keyfiles for which we ouput "3 1 1" + # Here positional arguments are keyfiles for which we output "3 1 1" # TLSA RRs, as many keyfiles as the user wants. By default the live # RSA and/or ECDSA keys. shift `expr $OPTIND - 1` diff --git a/postfix/mantools/ccformat b/postfix/mantools/ccformat index c9ec6aeb6..9ac6c57af 100755 --- a/postfix/mantools/ccformat +++ b/postfix/mantools/ccformat @@ -4,7 +4,7 @@ # @(#) ccformat.sh 1.3 11/5/89 14:39:29 -# how to supress newlines in echo +# how to suppress newlines in echo case `echo -n` in "") n=-n; c=;; @@ -139,7 +139,7 @@ exit # These are often carefully laid out by the programmer. # .sp # Comments that appear in-between statements are lined up with -# the surrounding program text, and are adjusted to accomodate +# the surrounding program text, and are adjusted to accommodate # as many words on a line as possible. # However, a blank line in the middle of a comment is respected. # .sp diff --git a/postfix/postfix-install b/postfix/postfix-install index 1d90379ab..e498cd34a 100644 --- a/postfix/postfix-install +++ b/postfix/postfix-install @@ -376,7 +376,7 @@ check_parent() { done } -# How to supress newlines in echo. +# How to suppress newlines in echo. case `echo -n` in "") n=-n; c=;; diff --git a/postfix/src/bounce/bounce_template.c b/postfix/src/bounce/bounce_template.c index 39fef8fda..e54082dff 100644 --- a/postfix/src/bounce/bounce_template.c +++ b/postfix/src/bounce/bounce_template.c @@ -306,7 +306,7 @@ static void bounce_template_parse_buffer(BOUNCE_TEMPLATE *tp) * Parse pseudo-header labels and values. * * XXX EAI: allow UTF8 in template headers when responding to SMTPUTF8 - * message. Sending SMTPUTF8 in reponse to non-SMTPUTF8 mail would make + * message. Sending SMTPUTF8 in response to non-SMTPUTF8 mail would make * no sense. */ #define GETLINE(line, buf) \ diff --git a/postfix/src/cleanup/cleanup_body_edit.c b/postfix/src/cleanup/cleanup_body_edit.c index 5219dcc98..7a1bb4f17 100644 --- a/postfix/src/cleanup/cleanup_body_edit.c +++ b/postfix/src/cleanup/cleanup_body_edit.c @@ -110,7 +110,7 @@ int cleanup_body_edit_start(CLEANUP_STATE *state) cleanup_region_return(state, state->body_regions); /* - * Select the first region. XXX This will usally be the original body + * Select the first region. XXX This will usually be the original body * segment, but we must not count on that. Region assignments may change * when header editing also uses queue file regions. XXX We don't really * know if the first region will be large enough to hold the first body diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index 55cfb539a..4383a943e 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -1896,7 +1896,7 @@ void cleanup_milter_receive(CLEANUP_STATE *state, int count) cleanup_repl_body, (void *) state); } -/* cleanup_milter_apply - apply Milter reponse, non-zero if rejecting */ +/* cleanup_milter_apply - apply Milter response, non-zero if rejecting */ static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *event, const char *resp) diff --git a/postfix/src/cleanup/cleanup_region.c b/postfix/src/cleanup/cleanup_region.c index bfa08a23b..b2acbee02 100644 --- a/postfix/src/cleanup/cleanup_region.c +++ b/postfix/src/cleanup/cleanup_region.c @@ -38,7 +38,7 @@ /* queue file is complete. /* /* cleanup_region_open() opens an existing region or creates -/* a new region that can accomodate at least the specified +/* a new region that can accommodate at least the specified /* amount of space. A new region is an open-ended region at /* the end of the file; it must be closed (see next) before /* unrelated data can be appended to the same file. diff --git a/postfix/src/global/clnt_stream.c b/postfix/src/global/clnt_stream.c index dacdba218..2eec1fc8b 100644 --- a/postfix/src/global/clnt_stream.c +++ b/postfix/src/global/clnt_stream.c @@ -127,7 +127,7 @@ static void clnt_stream_ttl_event(int event, void *context) * with the call-back routine, but there is too much code that would have * to be changed. * - * XXX Should we be concerned that an overly agressive optimizer will + * XXX Should we be concerned that an overly aggressive optimizer will * eliminate this function and replace calls to clnt_stream_ttl_event() * by direct calls to clnt_stream_event()? It should not, because there * exists code that takes the address of both functions. diff --git a/postfix/src/global/dict_mysql.c b/postfix/src/global/dict_mysql.c index 8af8fef6f..3a31a7e9a 100644 --- a/postfix/src/global/dict_mysql.c +++ b/postfix/src/global/dict_mysql.c @@ -57,7 +57,7 @@ /* List of domains the queries should be restricted to. If /* specified, only FQDN addresses whose domain parts matching this /* list will be queried against the SQL database. Lookups for -/* partial addresses are also supressed. This can significantly +/* partial addresses are also suppressed. This can significantly /* reduce the query load on the server. /* .IP query /* Query template, before the query is actually issued, variable @@ -814,13 +814,13 @@ DICT *dict_mysql_open(const char *name, int open_flags, int dict_flags) #endif dict_mysql->pldb = plmysql_init(dict_mysql->hosts); if (dict_mysql->pldb == NULL) - msg_fatal("couldn't intialize pldb!\n"); + msg_fatal("couldn't initialize pldb!\n"); dict_mysql->dict.owner = cfg_get_owner(dict_mysql->parser); return (DICT_DEBUG (&dict_mysql->dict)); } /* - * plmysql_init - initalize a MYSQL database. + * plmysql_init - initialize a MYSQL database. * Return NULL on failure, or a PLMYSQL * on success. */ static PLMYSQL *plmysql_init(ARGV *hosts) diff --git a/postfix/src/global/dict_pgsql.c b/postfix/src/global/dict_pgsql.c index 68de3f291..e3e6d3027 100644 --- a/postfix/src/global/dict_pgsql.c +++ b/postfix/src/global/dict_pgsql.c @@ -64,7 +64,7 @@ /* List of domains the queries should be restricted to. If /* specified, only FQDN addresses whose domain parts matching this /* list will be queried against the SQL database. Lookups for -/* partial addresses are also supressed. This can significantly +/* partial addresses are also suppressed. This can significantly /* reduce the query load on the server. /* .IP result_format /* The format used to expand results from queries. Substitutions @@ -778,12 +778,12 @@ DICT *dict_pgsql_open(const char *name, int open_flags, int dict_flags) dict_pgsql->active_host = 0; dict_pgsql->pldb = plpgsql_init(dict_pgsql->hosts); if (dict_pgsql->pldb == NULL) - msg_fatal("couldn't intialize pldb!\n"); + msg_fatal("couldn't initialize pldb!\n"); dict_pgsql->dict.owner = cfg_get_owner(dict_pgsql->parser); return (DICT_DEBUG (&dict_pgsql->dict)); } -/* plpgsql_init - initalize a PGSQL database */ +/* plpgsql_init - initialize a PGSQL database */ static PLPGSQL *plpgsql_init(ARGV *hosts) { diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 0c9e7be5b..3cc94a02b 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -399,7 +399,7 @@ extern char *var_drop_hdrs; extern bool var_strict_rfc821_env; /* - * Standards violation: send "250 AUTH=list" in order to accomodate clients + * Standards violation: send "250 AUTH=list" in order to accommodate clients * that implement an old version of the protocol. */ #define VAR_BROKEN_AUTH_CLNTS "broken_sasl_auth_clients" @@ -3496,7 +3496,7 @@ extern bool var_strict_mbox_owner; extern int var_inet_windowsize; /* - * Plug-in multi-instance support. Only the first two paramaters are used by + * Plug-in multi-instance support. Only the first two parameters are used by * Postfix itself; the other ones are reserved for the instance manager. */ #define VAR_MULTI_CONF_DIRS "multi_instance_directories" diff --git a/postfix/src/global/mail_queue.h b/postfix/src/global/mail_queue.h index 7b98f9012..3d41177da 100644 --- a/postfix/src/global/mail_queue.h +++ b/postfix/src/global/mail_queue.h @@ -92,7 +92,7 @@ extern int mail_queue_id_ok(const char *); * - the inode number (base 51 encoded so that it contains no 'z'). */ #define MQID_LG_SEC_BASE 52 /* seconds safe alphabet base */ -#define MQID_LG_SEC_PAD 6 /* seconds minumum field width */ +#define MQID_LG_SEC_PAD 6 /* seconds minimum field width */ #define MQID_LG_USEC_BASE 52 /* microseconds safe alphabet base */ #define MQID_LG_USEC_PAD 4 /* microseconds exact field width */ #define MQID_LG_TIME_PAD (MQID_LG_SEC_PAD + MQID_LG_USEC_PAD) diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 49d7e90f6..040fa635f 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20170212" -#define MAIL_VERSION_NUMBER "3.2.0-RC1" +#define MAIL_RELEASE_DATE "20170228" +#define MAIL_VERSION_NUMBER "3.2.0" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/mime_state.c b/postfix/src/global/mime_state.c index 48eef5cf5..4e81043e3 100644 --- a/postfix/src/global/mime_state.c +++ b/postfix/src/global/mime_state.c @@ -940,7 +940,7 @@ int mime_state_update(MIME_STATE *state, int rec_type, /* * Find out if the next body starts with its own message headers. In - * agressive mode, examine headers of partial and external-body + * aggressive mode, examine headers of partial and external-body * messages. Otherwise, treat such headers as part of the "body". Set * the proper encoding information for the multipart prolog. * @@ -1043,7 +1043,7 @@ int mime_state_update(MIME_STATE *state, int rec_type, /* * Body text. Look for message boundaries, and recover from missing - * boundary strings. Missing boundaries can happen in agressive mode + * boundary strings. Missing boundaries can happen in aggressive mode * with text/rfc822-headers or with message/partial. Ignore non-space * cruft after --boundary or --boundary--, because some MUAs do, and * because only perverse software would take advantage of this to diff --git a/postfix/src/global/mkmap_db.c b/postfix/src/global/mkmap_db.c index 3f69eca52..d2c87efd5 100644 --- a/postfix/src/global/mkmap_db.c +++ b/postfix/src/global/mkmap_db.c @@ -113,7 +113,7 @@ static MKMAP *mkmap_db_before_open(const char *path, * files performance degrades rapidly unless the memory pool is O(file * size). * - * For "btree" files peformance is good with sorted input even for small + * For "btree" files performance is good with sorted input even for small * memory pools, but with random input degrades rapidly unless the memory * pool is O(file size). * diff --git a/postfix/src/global/post_mail.c b/postfix/src/global/post_mail.c index fbb631d9b..fcc95ac34 100644 --- a/postfix/src/global/post_mail.c +++ b/postfix/src/global/post_mail.c @@ -80,7 +80,7 @@ /* open stream and the caller-specified context when the /* service responds, or with a null stream and the caller-specified /* context when the request could not be completed. It is the -/* responsability of the application to close an open stream. +/* responsibility of the application to close an open stream. /* /* post_mail_fprintf() formats message content (header or body) /* and sends it to the cleanup service. diff --git a/postfix/src/global/rcpt_buf.c b/postfix/src/global/rcpt_buf.c index 73175fd03..d67905027 100644 --- a/postfix/src/global/rcpt_buf.c +++ b/postfix/src/global/rcpt_buf.c @@ -58,7 +58,7 @@ /* Yorktown Heights, NY 10598, USA /*--*/ -/* Syste, library. */ +/* System library. */ #include diff --git a/postfix/src/global/rec_type.h b/postfix/src/global/rec_type.h index a51e828d4..43865290d 100644 --- a/postfix/src/global/rec_type.h +++ b/postfix/src/global/rec_type.h @@ -135,7 +135,7 @@ /* * The warn record specifies when the next warning that the message was * deferred should be sent. It is updated in place by qmgr, so changing - * this value when there are deferred mesages in the queue is dangerous! + * this value when there are deferred messages in the queue is dangerous! */ #define REC_TYPE_WARN_FORMAT "%15ld" /* warning time format */ #define REC_TYPE_WARN_ARG(tv) ((long) (tv)) diff --git a/postfix/src/global/scache.h b/postfix/src/global/scache.h index 46720994d..5d6e7165c 100644 --- a/postfix/src/global/scache.h +++ b/postfix/src/global/scache.h @@ -92,7 +92,7 @@ typedef int (*SCACHE_FIND_DEST_FN) (SCACHE *, const char *, VSTRING *, VSTRING * */ struct SCACHE_SIZE { int dest_count; /* Nr of destination names */ - int endp_count; /* Nr of endpoint adresses */ + int endp_count; /* Nr of endpoint addresses */ int sess_count; /* Nr of cached sessions */ }; diff --git a/postfix/src/global/smtputf8.h b/postfix/src/global/smtputf8.h index 3b779986b..95d658356 100644 --- a/postfix/src/global/smtputf8.h +++ b/postfix/src/global/smtputf8.h @@ -16,7 +16,7 @@ * environments with pre-existing mail flows that contain UTF8. * * Prior to SMTPUTF8, mail flows that contain UTF8 worked because the vast - * majority of MTAs is perfectly capable of handling UTF8 in addres + * majority of MTAs is perfectly capable of handling UTF8 in address * localparts (and in headers), even if pre-SMTPUTF8 standards do not * support this practice. * @@ -25,7 +25,7 @@ * client does not request SMTPUTF8 support, and because 2) a down-stream * MTA does not announce SMTPUTF8 support. * - * While 1) is easy enough to avoid (keep accepting UTF8 in addres localparts + * While 1) is easy enough to avoid (keep accepting UTF8 in address localparts * just like Postfix has always done), 2) presents a thornier problem. The * root cause of that problem is the need for SMTPUTF8 autodetection. * diff --git a/postfix/src/global/verify_sender_addr.c b/postfix/src/global/verify_sender_addr.c index d23522d09..e818f90f7 100644 --- a/postfix/src/global/verify_sender_addr.c +++ b/postfix/src/global/verify_sender_addr.c @@ -295,7 +295,7 @@ int main(int argc, char **argv) verify_time = time((time_t *) 0); /* - * Compute the current probe sender addres. + * Compute the current probe sender address. */ verify_sender = make_verify_sender_addr(); diff --git a/postfix/src/local/alias.c b/postfix/src/local/alias.c index d84f1d106..99e3dd660 100644 --- a/postfix/src/local/alias.c +++ b/postfix/src/local/alias.c @@ -129,7 +129,7 @@ int deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr, * * We cannot do duplicate elimination here. Sendmail compatibility requires * that we allow multiple deliveries to the same alias, even recursively! - * For example, we must deliver to mailbox any messags that are addressed + * For example, we must deliver to mailbox any messages that are addressed * to the alias of a user that lists that same alias in her own .forward * file. Yuck! This is just an example of some really perverse semantics * that people will expect Postfix to implement just like sendmail. diff --git a/postfix/src/oqmgr/qmgr_error.c b/postfix/src/oqmgr/qmgr_error.c index 6d07b3bd8..6541c3531 100644 --- a/postfix/src/oqmgr/qmgr_error.c +++ b/postfix/src/oqmgr/qmgr_error.c @@ -22,7 +22,7 @@ /* /* qmgr_error_queue() looks up an error queue for the specified /* service and problem. The result is null if the queue is not -/* availabe. +/* available. /* /* qmgr_error_nexthop() computes the next-hop information for /* the specified problem. The result must be passed to myfree(). diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index e5dea9b9e..80c2eb6e3 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -505,7 +505,7 @@ static int postalias_queries(VSTREAM *in, char **maps, const int map_count, dicts[n] = 0; /* - * Perform all queries. Open maps on the fly, to avoid opening unecessary + * Perform all queries. Open maps on the fly, to avoid opening unnecessary * maps. */ while (vstring_get_nonl(keybuf, in) != VSTREAM_EOF) { diff --git a/postfix/src/postmulti/postmulti.c b/postfix/src/postmulti/postmulti.c index b5da89846..f8fef2df8 100644 --- a/postfix/src/postmulti/postmulti.c +++ b/postfix/src/postmulti/postmulti.c @@ -763,7 +763,7 @@ static INSTANCE *create_primary_instance(void) INSTANCE *ip = alloc_instance(var_config_dir); /* - * There is no need to load primary instance paramater settings from + * There is no need to load primary instance parameter settings from * file. We already have the main.cf parameters of interest in memory. */ #define SAVE_INSTANCE_NAME(val) (*(val) ? mystrdup(val) : 0) @@ -1814,7 +1814,7 @@ int main(int argc, char **argv) } /* - * Proces main.cf parameters. + * Process main.cf parameters. */ mail_conf_read(); get_mail_conf_str_table(str_table); diff --git a/postfix/src/postscreen/postscreen_dnsbl.c b/postfix/src/postscreen/postscreen_dnsbl.c index 788b8d8b1..32eec4bea 100644 --- a/postfix/src/postscreen/postscreen_dnsbl.c +++ b/postfix/src/postscreen/postscreen_dnsbl.c @@ -214,7 +214,7 @@ typedef struct { */ static VSTRING *reply_client; /* client address in DNSBLOG reply */ static VSTRING *reply_dnsbl; /* domain in DNSBLOG reply */ -static VSTRING *reply_addr; /* adress list in DNSBLOG reply */ +static VSTRING *reply_addr; /* address list in DNSBLOG reply */ /* psc_dnsbl_add_site - add DNSBL site information */ diff --git a/postfix/src/qmgr/qmgr_error.c b/postfix/src/qmgr/qmgr_error.c index 6d07b3bd8..6541c3531 100644 --- a/postfix/src/qmgr/qmgr_error.c +++ b/postfix/src/qmgr/qmgr_error.c @@ -22,7 +22,7 @@ /* /* qmgr_error_queue() looks up an error queue for the specified /* service and problem. The result is null if the queue is not -/* availabe. +/* available. /* /* qmgr_error_nexthop() computes the next-hop information for /* the specified problem. The result must be passed to myfree(). diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index 1a0a6a6a7..da459aff8 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -395,7 +395,7 @@ extern HBC_CALL_BACKS smtp_hbc_callbacks[]; * at completely different times. * * We "freeze" the choice in the sender loop, just before we generate "." or - * "RSET". The reader loop leaves the connection cachable even if the timer + * "RSET". The reader loop leaves the connection cacheable even if the timer * expires by the time the response arrives. The connection cleanup code * will call smtp_quit() for connections with an expired cache expiration * timer. diff --git a/postfix/src/smtp/smtp_sasl_auth_cache.c b/postfix/src/smtp/smtp_sasl_auth_cache.c index b0ae35730..f3104ca81 100644 --- a/postfix/src/smtp/smtp_sasl_auth_cache.c +++ b/postfix/src/smtp/smtp_sasl_auth_cache.c @@ -128,7 +128,7 @@ SMTP_SASL_AUTH_CACHE *smtp_sasl_auth_cache_init(const char *map, int ttl) * XXX To avoid multiple writers the map needs to be maintained by the * proxywrite service. We would like to have a DICT_FLAG_REQ_PROXY flag * so that the library can enforce this, but that requires moving the - * dict_proxy module one level down in the build dependency hierachy. + * dict_proxy module one level down in the build dependency hierarchy. */ #define CACHE_DICT_OPEN_FLAGS \ (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE | DICT_FLAG_UTF8_REQUEST) diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index f1dca8684..986264b22 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -2589,7 +2589,7 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) /* * Historically, Postfix does not forbid 8-bit envelope localparts. * Changing this would be a compatibility break. That can't happen in the - * forseeable future. + * foreseeable future. */ if ((var_strict_smtputf8 || warn_compat_break_smtputf8_enable) && (state->flags & SMTPD_FLAG_SMTPUTF8) == 0 @@ -2851,7 +2851,7 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) /* * Historically, Postfix does not forbid 8-bit envelope localparts. * Changing this would be a compatibility break. That can't happen in the - * forseeable future. + * foreseeable future. */ if ((var_strict_smtputf8 || warn_compat_break_smtputf8_enable) && (state->flags & SMTPD_FLAG_SMTPUTF8) == 0 @@ -3621,7 +3621,7 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) /* * The SMTP standard (RFC 821) disallows unquoted special characters in * the VRFY argument. Common practice violates the standard, however. - * Postfix accomodates common practice where it violates the standard. + * Postfix accommodates common practice where it violates the standard. * * XXX Impedance mismatch! The SMTP command tokenizer preserves quoting, * whereas the recipient restrictions checks expect unquoted (internal) diff --git a/postfix/src/smtpd/smtpd_chat.c b/postfix/src/smtpd/smtpd_chat.c index 3e161f131..8ba46b01c 100644 --- a/postfix/src/smtpd/smtpd_chat.c +++ b/postfix/src/smtpd/smtpd_chat.c @@ -28,7 +28,7 @@ /* /* smtpd_chat_reply() formats a server reply, sends it to the /* client, and appends a copy to the SMTP transaction log. -/* When soft_bounce is enabled, all 5xx (reject) reponses are +/* When soft_bounce is enabled, all 5xx (reject) responses are /* replaced by 4xx (try again). In case of a 421 reply the /* SMTPD_FLAG_HANGUP flag is set for orderly disconnect. /* diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c index 569f771d7..3a0782dc7 100644 --- a/postfix/src/smtpd/smtpd_sasl_glue.c +++ b/postfix/src/smtpd/smtpd_sasl_glue.c @@ -309,7 +309,7 @@ int smtpd_sasl_authenticate(SMTPD_STATE *state, /* * Receive the client response. "*" means that the client gives up. * XXX For now we ignore the fact that an excessively long response - * will be chopped into multiple reponses. To handle such responses, + * will be chopped into multiple responses. To handle such responses, * we need to change smtpd_chat_query() so that it returns an error * indication. */ diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c index 53fac90be..df4e68542 100644 --- a/postfix/src/tls/tls_dane.c +++ b/postfix/src/tls/tls_dane.c @@ -1455,7 +1455,7 @@ static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid) X509_NAME *name = akid_issuer_name(akid); /* - * If subject's akid specifies an authority key identifer issuer name, we + * If subject's akid specifies an authority key identifier issuer name, we * must use that. */ if (name) diff --git a/postfix/src/tls/tls_scache.c b/postfix/src/tls/tls_scache.c index ca86cc258..dcfd3d0a2 100644 --- a/postfix/src/tls/tls_scache.c +++ b/postfix/src/tls/tls_scache.c @@ -90,7 +90,7 @@ /* .IP verbose /* Do verbose logging of cache operations? (zero == no) /* .IP timeout -/* The time after wich a session cache entry is considered too old. +/* The time after which a session cache entry is considered too old. /* .IP first_next /* One of DICT_SEQ_FUN_FIRST (first cache element) or DICT_SEQ_FUN_NEXT /* (next cache element). diff --git a/postfix/src/tls/tls_verify.c b/postfix/src/tls/tls_verify.c index 87af0c6f7..85d5f649d 100644 --- a/postfix/src/tls/tls_verify.c +++ b/postfix/src/tls/tls_verify.c @@ -428,7 +428,7 @@ const char *tls_dns_name(const GENERAL_NAME * gn, msg_panic("%s: Non DNS input argument", myname); /* - * We expect the OpenSSL library to construct GEN_DNS extesion objects as + * We expect the OpenSSL library to construct GEN_DNS extension objects as * ASN1_IA5STRING values. Check we got the right union member. */ if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING) { diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index ed3e6b4e9..383ba0d60 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -672,7 +672,7 @@ static void tlsp_start_tls(TLSP_STATE *state) */ /* - * Perform the before-handshake portion of the per-session initalization. + * Perform the before-handshake portion of the per-session initialization. * Pass a null VSTREAM to indicate that this program, will do the * ciphertext I/O, not libtls. * diff --git a/postfix/src/util/auto_clnt.c b/postfix/src/util/auto_clnt.c index 0ca70c84f..2703054e8 100644 --- a/postfix/src/util/auto_clnt.c +++ b/postfix/src/util/auto_clnt.c @@ -153,7 +153,7 @@ static void auto_clnt_ttl_event(int event, void *context) * with the call-back routine, but there is too much code that would have * to be changed. * - * XXX Should we be concerned that an overly agressive optimizer will + * XXX Should we be concerned that an overly aggressive optimizer will * eliminate this function and replace calls to auto_clnt_ttl_event() by * direct calls to auto_clnt_event()? It should not, because there exists * code that takes the address of both functions. diff --git a/postfix/src/util/casefold.c b/postfix/src/util/casefold.c index 1ece42305..bf47b6a5e 100644 --- a/postfix/src/util/casefold.c +++ b/postfix/src/util/casefold.c @@ -187,7 +187,7 @@ char *casefoldx(int flags, VSTRING *dest, const char *src, ssize_t len) * with space_needed below) does not include storage for the null * terminator. The terminator is written only when the output buffer is * large enough. This is why we overallocate space when the output does - * not fit. But if the output fits exactly, then the ouput will be + * not fit. But if the output fits exactly, then the output will be * unterminated, and we have to terminate the output ourselves. */ for (n = 0; n < 3; n++) { diff --git a/postfix/src/util/edit_file.c b/postfix/src/util/edit_file.c index 39564b054..a7c1059cc 100644 --- a/postfix/src/util/edit_file.c +++ b/postfix/src/util/edit_file.c @@ -55,7 +55,7 @@ /* pathname into the place of the original file. When any of /* these operations fails, edit_file_close() behaves as if /* edit_file_cleanup() was called. Regardless of whether these -/* operations suceed, edit_file_close() releases the exclusive +/* operations succeed, edit_file_close() releases the exclusive /* lock, closes the output file, and frees up memory that was /* allocated by edit_file_open(). /* diff --git a/postfix/src/util/extpar.c b/postfix/src/util/extpar.c index 24708f74b..773649f3e 100644 --- a/postfix/src/util/extpar.c +++ b/postfix/src/util/extpar.c @@ -39,7 +39,7 @@ /* In case of error the result value is a dynamically-allocated /* string with a description of the problem that includes a /* copy of the offending input. A non-null result value should -/* be destroyed with myfree(). The following decribes the errors +/* be destroyed with myfree(). The following describes the errors /* and the state of the buffer and buffer pointer. /* .IP "missing closing parenthesis" /* The buffer pointer points to text as if a closing parenthesis diff --git a/postfix/src/util/inet_proto.c b/postfix/src/util/inet_proto.c index d0ad6d0d4..d3bf15d70 100644 --- a/postfix/src/util/inet_proto.c +++ b/postfix/src/util/inet_proto.c @@ -214,7 +214,7 @@ INET_PROTO_INFO *inet_proto_init(const char *context, const char *protocols) } /* - * Store addess family etc. info as null-terminated vectors. If that + * Store address family etc. info as null-terminated vectors. If that * breaks because we must be able to store nulls, we'll deal with the * additional complexity. * diff --git a/postfix/src/util/myflock.c b/postfix/src/util/myflock.c index 6f8c0418c..bd903ee70 100644 --- a/postfix/src/util/myflock.c +++ b/postfix/src/util/myflock.c @@ -14,7 +14,7 @@ /* myflock() locks or unlocks an entire open file. /* /* In the case of a blocking request, a call that fails due to -/* forseeable transient problems is retried once per second. +/* foreseeable transient problems is retried once per second. /* /* Arguments: /* .IP fd diff --git a/postfix/src/util/slmdb.c b/postfix/src/util/slmdb.c index bcf757788..cee054619 100644 --- a/postfix/src/util/slmdb.c +++ b/postfix/src/util/slmdb.c @@ -156,7 +156,7 @@ /* result value. /* .IP "CA_SLMDB_CTL_NOTIFY_FN(void (*)(void *, int, ...))" /* Call-back function pointer. The function is called to report -/* succesful error recovery. The arguments are the application +/* successful error recovery. The arguments are the application /* context, the MDB error code, and additional arguments that /* depend on the error code. Details are given in the section /* "ERROR RECOVERY". diff --git a/postfix/src/util/vstream.c b/postfix/src/util/vstream.c index aaf499b35..00c066c43 100644 --- a/postfix/src/util/vstream.c +++ b/postfix/src/util/vstream.c @@ -365,7 +365,7 @@ /* vstream_feof() returns non-zero when a previous operation on the /* specified stream caused an end-of-file condition. /* Although further read requests after EOF may complete -/* succesfully, vstream_feof() will keep returning non-zero +/* successfully, vstream_feof() will keep returning non-zero /* until vstream_clearerr() is called for that stream. /* /* vstream_ferror() returns non-zero when a previous operation on the diff --git a/postfix/src/util/vstream.h b/postfix/src/util/vstream.h index cb2f517bc..b04e8beca 100644 --- a/postfix/src/util/vstream.h +++ b/postfix/src/util/vstream.h @@ -55,7 +55,7 @@ typedef struct VSTREAM { VBUF write_buf; /* write buffer (double-buffered) */ pid_t pid; /* vstream_popen/close() */ VSTREAM_WAITPID_FN waitpid_fn; /* vstream_popen/close() */ - int timeout; /* read/write timout */ + int timeout; /* read/write timeout */ VSTREAM_JMP_BUF *jbuf; /* exception handling */ struct timeval iotime; /* time of last fill/flush */ struct timeval time_limit; /* read/write time limit */ diff --git a/postfix/src/xsasl/xsasl_server.c b/postfix/src/xsasl/xsasl_server.c index 669a867a6..03819b74a 100644 --- a/postfix/src/xsasl/xsasl_server.c +++ b/postfix/src/xsasl/xsasl_server.c @@ -92,7 +92,7 @@ /* It destroys a SASL server instance, and disables further /* read/write operations if encryption was turned on. /* -/* xsasl_server_first() produces the server reponse for the +/* xsasl_server_first() produces the server response for the /* client AUTH command. The client input are an authentication /* method, and an optional initial response or null pointer. /* The initial response and server non-error replies are BASE64