From: Wietse Venema Date: Sat, 19 May 2018 05:00:00 +0000 (-0500) Subject: postfix-3.4-20180519 X-Git-Tag: v3.4.0-RC1~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51e2059758c5692ec30374c8e6c8d2e8cd27ca0b;p=thirdparty%2Fpostfix.git postfix-3.4-20180519 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 04e7f01fd..85cbf711a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23394,5 +23394,36 @@ Apologies for any names omitted. see, but in the case of PID=1 mode on Linux, no-one would care. Viktor Dukhovni. File: util/killme_after.c. - Bugfix: missing error tls_server_start() error handling in - tlsproxy(8). File: tlsproxy/tlsproxy.c. + Bugfix (introduced: Postfix 2.8): missing tls_server_start() + error propagation in tlsproxy(8) resulting in segfault after + TLS handshake error. Found during code maintenance. File: + tlsproxy/tlsproxy.c. + +20180425 + + Cleanup: dnsblog proccesses now retire voluntarily after + max_use*max_idle seconds. Files: master/mail_server.h, + master/single_server.c, dnsblog/dnsblog.c. + +20180429 + + Documentation: smtpd_relay_restrictions was incorrectly + listed before smtpd_recipient_restrictions. File: + proto/SMTPD_ACCESS_README.html. + +20180509 + + Bugfix (introduced: 20170617): postconf(1) command segfault + if unable to open a Postfix database configuration file due + to a file permission error. Report by Andreas Hasenack, fix + by Viktor Dukhovni. File: postconf/postconf_dbms.c. + +20180519 + + Documentation: updated descriptions of PID 1 mode in manpages + and source-code comments. Files: postfix/postfix.c, + master/master.c, master/master_sig.c, util/killme_after.c. + + Documentation: document non-iterative lookup behavior + in postmap and postalias manpages. Files: postmap/postmap.c, + postalias/postalias.c. diff --git a/postfix/README_FILES/SMTPD_ACCESS_README b/postfix/README_FILES/SMTPD_ACCESS_README index 2e7a92d34..230204a7f 100644 --- a/postfix/README_FILES/SMTPD_ACCESS_README +++ b/postfix/README_FILES/SMTPD_ACCESS_README @@ -131,12 +131,6 @@ Examples of simple restriction lists are: # Don't accept mail from domains that don't exist. smtpd_sender_restrictions = reject_unknown_sender_domain - # Relay control (Postfix 2.10 and later): local clients and - # authenticated clients may specify any destination domain. - smtpd_relay_restrictions = permit_mynetworks, - permit_sasl_authenticated, - reject_unauth_destination - # Spam control: exclude local clients and authenticated clients # from DNSBL lookups. smtpd_recipient_restrictions = permit_mynetworks, @@ -150,6 +144,12 @@ Examples of simple restriction lists are: reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org + # Relay control (Postfix 2.10 and later): local clients and + # authenticated clients may specify any destination domain. + smtpd_relay_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination + # Block clients that speak too early. smtpd_data_restrictions = reject_unauth_pipelining @@ -186,21 +186,21 @@ and in the effect of a REJECT or DEFER result. | | | |information| |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ | | | |Required if | | - | |>= 2.10|smtpd_recipient_restrictions| | + | |>= 2.10|smtpd_relay_restrictions | | | | |does not enforce relay |Reject RCPT| - |smtpd_relay_restrictions | |policy |TO | + |smtpd_recipient_restrictions | |policy |TO | | |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |information| | | | | | - | |< 2.10 |Not available | | + | |< 2.10 |Required | | | | | | | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ | | | |Required if | | - | |>= 2.10|smtpd_relay_restrictions | | + | |>= 2.10|smtpd_recipient_restrictions| | | | |does not enforce relay |Reject RCPT| - |smtpd_recipient_restrictions | |policy |TO | + |smtpd_relay_restrictions | |policy |TO | | |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |information| | | | | | - | |< 2.10 |Required | | + | |< 2.10 |Not available | | | | | | | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ | |smtpd_data_restrictions |>= 2.0 |Optional |Reject DATA| diff --git a/postfix/conf/postfix-script b/postfix/conf/postfix-script index 4a14af7a6..104e7dd1e 100755 --- a/postfix/conf/postfix-script +++ b/postfix/conf/postfix-script @@ -150,7 +150,7 @@ start|start-fg) ;; start-fg) # Foreground start-up is incompatible with multi-instance mode. - # Use "exec $daemon_directory/master -i" only if PID == 1. + # Use "exec $daemon_directory/master" only if PID == 1. # Otherwise, doing so would break process group management, # and "postfix stop" would kill too many processes. case $instances in diff --git a/postfix/html/SMTPD_ACCESS_README.html b/postfix/html/SMTPD_ACCESS_README.html index 83235574a..d77d3bce1 100644 --- a/postfix/html/SMTPD_ACCESS_README.html +++ b/postfix/html/SMTPD_ACCESS_README.html @@ -187,12 +187,6 @@ described in the postconf(5) manual page.

# Don't accept mail from domains that don't exist. smtpd_sender_restrictions = reject_unknown_sender_domain - # Relay control (Postfix 2.10 and later): local clients and - # authenticated clients may specify any destination domain. - smtpd_relay_restrictions = permit_mynetworks, - permit_sasl_authenticated, - reject_unauth_destination - # Spam control: exclude local clients and authenticated clients # from DNSBL lookups. smtpd_recipient_restrictions = permit_mynetworks, @@ -206,6 +200,12 @@ described in the postconf(5) manual page.

reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org + # Relay control (Postfix 2.10 and later): local clients and + # authenticated clients may specify any destination domain. + smtpd_relay_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination + # Block clients that speak too early. smtpd_data_restrictions = reject_unauth_pipelining @@ -246,20 +246,20 @@ Reject HELO/EHLO information Optional Reject MAIL FROM information - smtpd_relay_restrictions ≥ 2.10 - Required if smtpd_recipient_restrictions does not enforce + smtpd_recipient_restrictions ≥ +2.10 Required if smtpd_relay_restrictions does not enforce relay policy Reject RCPT TO information - < 2.10 Not available - + < 2.10 Required - smtpd_recipient_restrictions ≥ -2.10 Required if smtpd_relay_restrictions does not enforce + smtpd_relay_restrictions ≥ 2.10 + Required if smtpd_recipient_restrictions does not enforce relay policy Reject RCPT TO information - < 2.10 Required + < 2.10 Not available + smtpd_data_restrictions ≥ 2.0 Optional diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index 4376f7434..64d6735d4 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -48,21 +48,22 @@ MASTER(8) MASTER(8) cesses terminate at their convenience. -i Enable init mode: do not attempt to become a session or process - group leader. This mode is allowed only if the process ID equals - 1. + group leader; and to force termination, set an explicit signal + handler instead of relying on the default signal action. This + mode is allowed only if the process ID equals 1. - -t Test mode. Return a zero exit status when the master.pid lock - file does not exist or when that file is not locked. This is + -t Test mode. Return a zero exit status when the master.pid lock + file does not exist or when that file is not locked. This is evidence that the master(8) daemon is not running. - -v Enable verbose logging for debugging purposes. This option is + -v Enable verbose logging for debugging purposes. This option is passed on to child processes. Multiple -v options make the soft- ware increasingly verbose. -w Wait in a dummy foreground process, while the real master daemon - initializes in a background process. The dummy foreground - process returns a zero exit status only if the master daemon - initialization is successful, and if it completes in a reason- + initializes in a background process. The dummy foreground + process returns a zero exit status only if the master daemon + initialization is successful, and if it completes in a reason- able amount of time. This feature is available in Postfix 2.10 and later. @@ -70,27 +71,27 @@ MASTER(8) MASTER(8) Signals: SIGHUP Upon receipt of a HUP signal (e.g., after "postfix reload"), the - master process re-reads its configuration files. If a service - has been removed from the master.cf file, its running processes - are terminated immediately. Otherwise, running processes are - allowed to terminate as soon as is convenient, so that changes + master process re-reads its configuration files. If a service + has been removed from the master.cf file, its running processes + are terminated immediately. Otherwise, running processes are + allowed to terminate as soon as is convenient, so that changes in configuration settings affect only new service requests. SIGTERM Upon receipt of a TERM signal (e.g., after "postfix abort"), the - master process passes the signal on to its child processes and - terminates. This is useful for an emergency shutdown. Normally - one would terminate only the master ("postfix stop") and allow + master process passes the signal on to its child processes and + terminates. This is useful for an emergency shutdown. Normally + one would terminate only the master ("postfix stop") and allow running processes to finish what they are doing. DIAGNOSTICS - Problems are reported to syslogd(8). The exit status is non-zero in - case of problems, including problems while initializing as a master + Problems are reported to syslogd(8). The exit status is non-zero in + case of problems, including problems while initializing as a master daemon process in the background. ENVIRONMENT MAIL_DEBUG - After initialization, start a debugger as specified with the + After initialization, start a debugger as specified with the debugger_command configuration parameter in the main.cf configu- ration file. @@ -98,18 +99,18 @@ MASTER(8) MASTER(8) Directory with Postfix configuration files. CONFIGURATION PARAMETERS - Unlike most Postfix daemon processes, the master(8) server does not - automatically pick up changes to main.cf. Changes to master.cf are - never picked up automatically. Use the "postfix reload" command after + Unlike most Postfix daemon processes, the master(8) server does not + automatically pick up changes to main.cf. Changes to master.cf are + never picked up automatically. Use the "postfix reload" command after a configuration change. RESOURCE AND RATE CONTROLS default_process_limit (100) - The default maximal number of Postfix child processes that pro- + The default maximal number of Postfix child processes that pro- vide a given service. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -117,18 +118,18 @@ MASTER(8) MASTER(8) process will service before terminating voluntarily. service_throttle_time (60s) - How long the Postfix master(8) waits before forking a server + How long the Postfix master(8) waits before forking a server that appears to be malfunctioning. Available in Postfix version 2.6 and later: master_service_disable (empty) - Selectively disable master(8) listener ports by service type or + Selectively disable master(8) listener ports by service type or by service name and type. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_directory (see 'postconf -d' output) @@ -139,20 +140,20 @@ MASTER(8) MASTER(8) invoked with the -D option. inet_interfaces (all) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on. inet_protocols (all) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. process_id (read-only) @@ -168,7 +169,7 @@ MASTER(8) MASTER(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix 3.3 and later: @@ -177,7 +178,7 @@ MASTER(8) MASTER(8) The master.cf service name of a Postfix daemon process. FILES - To expand the directory names below into their actual values, use the + To expand the directory names below into their actual values, use the command "postconf config_directory" etc. $config_directory/main.cf, global configuration file. diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index b424a6700..c8bcf419e 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -81,6 +81,10 @@ POSTALIAS(1) POSTALIAS(1) found to the standard output stream. The exit status is zero when the requested information was found. + Note: this performs a single query with the key as specified, + and does not make iterative queries with substrings of the key + as described in the aliases(5) manual page. + If a key value of - is specified, the program reads key values from the standard input stream and writes one line of key: value output for each key that was found. The exit status is zero when diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index f994fc339..c7514f377 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -37,15 +37,15 @@ POSTFIX(1) POSTFIX(1) check described above. start-fg - Like start, but keep the master daemon running in the fore- - ground, if possible as PID 1. This command requires that - multi-instance support is disabled (i.e. the - multi_instance_directories parameter value must be empty). When - running Postfix inside a container, mount the container host's - /dev/log socket inside the container (example: "docker run -v - /dev/log:/dev/log ...") and specify a distinct Postfix "sys- - log_name" prefix that identifies logging from the Postfix - instance. + Like start, but keep the master(8) daemon running in the fore- + ground, and enable master(8) "init" mode when running as PID 1. + This command requires that multi-instance support is disabled + (i.e. the multi_instance_directories parameter value must be + empty). When running Postfix inside a container, mount the con- + tainer host's /dev/log socket inside the container (example: + "docker run -v /dev/log:/dev/log ...") and specify a distinct + Postfix "syslog_name" prefix that identifies logging from the + Postfix instance. stop Stop the Postfix mail system in an orderly fashion. If possible, running processes are allowed to terminate at their earliest diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index 6b16a3427..f2ef8027c 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -141,33 +141,38 @@ POSTMAP(1) POSTMAP(1) found to the standard output stream. The exit status is zero when the requested information was found. - If a key value of - is specified, the program reads key values - from the standard input stream and writes one line of key value + Note: this performs a single query with the key as specified, + and does not make iterative queries with substrings of the key + as described for access(5), canonical(5), transport(5), vir- + tual(5) and other Postfix table-driven features. + + If a key value of - is specified, the program reads key values + from the standard input stream and writes one line of key value output for each key that was found. The exit status is zero when at least one of the requested keys was found. - -r When updating a table, do not complain about attempts to update + -r When updating a table, do not complain about attempts to update existing entries, and make those updates anyway. - -s Retrieve all database elements, and write one line of key value - output for each element. The elements are printed in database - order, which is not necessarily the same as the original input + -s Retrieve all database elements, and write one line of key value + output for each element. The elements are printed in database + order, which is not necessarily the same as the original input order. - This feature is available in Postfix version 2.2 and later, and + This feature is available in Postfix version 2.2 and later, and is not available for all database types. - -u Disable UTF-8 support. UTF-8 support is enabled by default when - "smtputf8_enable = yes". It requires that keys and values are + -u Disable UTF-8 support. UTF-8 support is enabled by default when + "smtputf8_enable = yes". It requires that keys and values are valid UTF-8 strings. -U With "smtputf8_enable = yes", force UTF-8 syntax checks with the -b and -h options. - -v Enable verbose logging for debugging purposes. Multiple -v + -v Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose. - -w When updating a table, do not complain about attempts to update + -w When updating a table, do not complain about attempts to update existing entries, and ignore those attempts. Arguments: @@ -179,32 +184,32 @@ POSTMAP(1) POSTMAP(1) The postmap(1) command can query any supported file type, but it can create only the following file types: - btree The output file is a btree file, named file_name.db. - This is available on systems with support for db data- + btree The output file is a btree file, named file_name.db. + This is available on systems with support for db data- bases. - cdb The output consists of one file, named file_name.cdb. - This is available on systems with support for cdb data- + cdb The output consists of one file, named file_name.cdb. + This is available on systems with support for cdb data- bases. dbm The output consists of two files, named file_name.pag and file_name.dir. This is available on systems with support for dbm databases. - hash The output file is a hashed file, named file_name.db. - This is available on systems with support for db data- + hash The output file is a hashed file, named file_name.db. + This is available on systems with support for db data- bases. - fail A table that reliably fails all requests. The lookup ta- - ble name is used for logging only. This table exists to + fail A table that reliably fails all requests. The lookup ta- + ble name is used for logging only. This table exists to simplify Postfix error tests. sdbm The output consists of two files, named file_name.pag and file_name.dir. This is available on systems with support for sdbm databases. - When no file_type is specified, the software uses the database - type specified via the default_database_type configuration + When no file_type is specified, the software uses the database + type specified via the default_database_type configuration parameter. file_name @@ -213,11 +218,11 @@ POSTMAP(1) POSTMAP(1) DIAGNOSTICS Problems are logged to the standard error stream and to syslogd(8). No - output means that no problems were detected. Duplicate entries are + output means that no problems were detected. Duplicate entries are skipped and are flagged with a warning. postmap(1) terminates with zero exit status in case of success (includ- - ing successful "postmap -q" lookup) and terminates with non-zero exit + ing successful "postmap -q" lookup) and terminates with non-zero exit status in case of failure. ENVIRONMENT @@ -228,12 +233,12 @@ POSTMAP(1) POSTMAP(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant to this pro- - gram. The text below provides only a parameter summary. See post- + The following main.cf parameters are especially relevant to this pro- + gram. The text below provides only a parameter summary. See post- conf(5) for more details including examples. berkeley_db_create_buffer_size (16777216) - The per-table I/O buffer size for programs that create Berkeley + The per-table I/O buffer size for programs that create Berkeley DB hash or btree tables. berkeley_db_read_buffer_size (131072) @@ -241,7 +246,7 @@ POSTMAP(1) POSTMAP(1) hash or btree tables. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. default_database_type (see 'postconf -d' output) @@ -249,19 +254,19 @@ POSTMAP(1) POSTMAP(1) and postmap(1) commands. import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. smtputf8_enable (yes) - Enable preliminary SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". SEE ALSO diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1 index 5ae9ef442..ba4c605db 100644 --- a/postfix/man/man1/postalias.1 +++ b/postfix/man/man1/postalias.1 @@ -85,6 +85,10 @@ Search the specified maps for \fIkey\fR and write the first value found to the standard output stream. The exit status is zero when the requested information was found. +Note: this performs a single query with the key as specified, +and does not make iterative queries with substrings of the +key as described in the aliases(5) manual page. + If a key value of \fB\-\fR is specified, the program reads key values from the standard input stream and writes one line of \fIkey: value\fR output for each key that was found. The exit diff --git a/postfix/man/man1/postfix.1 b/postfix/man/man1/postfix.1 index d2a78285d..01c972e88 100644 --- a/postfix/man/man1/postfix.1 +++ b/postfix/man/man1/postfix.1 @@ -38,15 +38,16 @@ and create missing directories. Start the Postfix mail system. This also runs the configuration check described above. .IP \fBstart\-fg\fR -Like \fBstart\fR, but keep the master daemon running in the -foreground, if possible as PID 1. This command requires -that multi\-instance support is disabled (i.e. the -multi_instance_directories parameter value must be empty). -When running Postfix inside a container, mount the container -host's /dev/log socket inside the container (example: "docker -run \-v /dev/log:/dev/log ...") and specify a distinct -Postfix "syslog_name" prefix that identifies logging from -the Postfix instance. +Like \fBstart\fR, but keep the \fBmaster\fR(8) daemon running +in the foreground, and enable \fBmaster\fR(8) "init" mode +when running as PID 1. +This command requires that multi\-instance support is +disabled (i.e. the multi_instance_directories parameter +value must be empty). When running Postfix inside a container, +mount the container host's /dev/log socket inside the +container (example: "docker run \-v /dev/log:/dev/log ...") +and specify a distinct Postfix "syslog_name" prefix that +identifies logging from the Postfix instance. .IP \fBstop\fR Stop the Postfix mail system in an orderly fashion. If possible, running processes are allowed to terminate at diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index f5d3b1d55..e8d0cb69a 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -160,6 +160,11 @@ Search the specified maps for \fIkey\fR and write the first value found to the standard output stream. The exit status is zero when the requested information was found. +Note: this performs a single query with the key as specified, +and does not make iterative queries with substrings of the +key as described for access(5), canonical(5), transport(5), +virtual(5) and other Postfix table\-driven features. + If a key value of \fB\-\fR is specified, the program reads key values from the standard input stream and writes one line of \fIkey value\fR output for each key that was found. The exit diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8 index 9316dea17..6594edc08 100644 --- a/postfix/man/man8/master.8 +++ b/postfix/man/man8/master.8 @@ -45,8 +45,10 @@ Terminate the master process after \fIexit_time\fR seconds. Child processes terminate at their convenience. .IP \fB\-i\fR Enable \fBinit\fR mode: do not attempt to become a session -or process group leader. This mode is allowed only if the -process ID equals 1. +or process group leader; and to force termination, set an +explicit signal handler instead of relying on the default +signal action. This mode is allowed only if the process ID +equals 1. .IP \fB\-t\fR Test mode. Return a zero exit status when the \fBmaster.pid\fR lock file does not exist or when that file is not locked. This is evidence diff --git a/postfix/proto/SMTPD_ACCESS_README.html b/postfix/proto/SMTPD_ACCESS_README.html index 5952bb278..af73f78b5 100644 --- a/postfix/proto/SMTPD_ACCESS_README.html +++ b/postfix/proto/SMTPD_ACCESS_README.html @@ -187,12 +187,6 @@ described in the postconf(5) manual page.

# Don't accept mail from domains that don't exist. smtpd_sender_restrictions = reject_unknown_sender_domain - # Relay control (Postfix 2.10 and later): local clients and - # authenticated clients may specify any destination domain. - smtpd_relay_restrictions = permit_mynetworks, - permit_sasl_authenticated, - reject_unauth_destination - # Spam control: exclude local clients and authenticated clients # from DNSBL lookups. smtpd_recipient_restrictions = permit_mynetworks, @@ -206,6 +200,12 @@ described in the postconf(5) manual page.

reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org + # Relay control (Postfix 2.10 and later): local clients and + # authenticated clients may specify any destination domain. + smtpd_relay_restrictions = permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination + # Block clients that speak too early. smtpd_data_restrictions = reject_unauth_pipelining @@ -246,20 +246,20 @@ Reject HELO/EHLO information Optional Reject MAIL FROM information - smtpd_relay_restrictions ≥ 2.10 - Required if smtpd_recipient_restrictions does not enforce + smtpd_recipient_restrictions ≥ +2.10 Required if smtpd_relay_restrictions does not enforce relay policy Reject RCPT TO information - < 2.10 Not available - + < 2.10 Required - smtpd_recipient_restrictions ≥ -2.10 Required if smtpd_relay_restrictions does not enforce + smtpd_relay_restrictions ≥ 2.10 + Required if smtpd_recipient_restrictions does not enforce relay policy Reject RCPT TO information - < 2.10 Required + < 2.10 Not available + smtpd_data_restrictions ≥ 2.0 Optional diff --git a/postfix/src/dnsblog/dnsblog.c b/postfix/src/dnsblog/dnsblog.c index 8b2784740..8e7caaba5 100644 --- a/postfix/src/dnsblog/dnsblog.c +++ b/postfix/src/dnsblog/dnsblog.c @@ -312,5 +312,6 @@ int main(int argc, char **argv) CA_MAIL_SERVER_TIME_TABLE(time_table), CA_MAIL_SERVER_POST_INIT(post_jail_init), CA_MAIL_SERVER_UNLIMITED, + CA_MAIL_SERVER_RETIRE_ME, 0); } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b4f0bad19..4759f203d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20180422" +#define MAIL_RELEASE_DATE "20180519" #define MAIL_VERSION_NUMBER "3.4" #ifdef SNAPSHOT diff --git a/postfix/src/master/mail_server.h b/postfix/src/master/mail_server.h index f2d600b30..64a394d1d 100644 --- a/postfix/src/master/mail_server.h +++ b/postfix/src/master/mail_server.h @@ -44,6 +44,7 @@ #define MAIL_SERVER_IN_FLOW_DELAY 20 #define MAIL_SERVER_SLOW_EXIT 21 #define MAIL_SERVER_BOUNCE_INIT 22 +#define MAIL_SERVER_RETIRE_ME 23 typedef void (*MAIL_SERVER_INIT_FN) (char *, char **); typedef int (*MAIL_SERVER_LOOP_FN) (char *, char **); @@ -74,6 +75,7 @@ typedef void (*MAIL_SERVER_SLOW_EXIT_FN) (char *, char **); #define CA_MAIL_SERVER_IN_FLOW_DELAY MAIL_SERVER_IN_FLOW_DELAY #define CA_MAIL_SERVER_SLOW_EXIT(v) MAIL_SERVER_SLOW_EXIT, CHECK_VAL(MAIL_SERVER, MAIL_SERVER_SLOW_EXIT_FN, (v)) #define CA_MAIL_SERVER_BOUNCE_INIT(v, w) MAIL_SERVER_BOUNCE_INIT, CHECK_PTR(MAIL_SERVER, char, (v)), CHECK_PPTR(MAIL_SERVER, char, (w)) +#define CA_MAIL_SERVER_RETIRE_ME MAIL_SERVER_RETIRE_ME CHECK_VAL_HELPER_DCL(MAIL_SERVER, MAIL_SERVER_SLOW_EXIT_FN); CHECK_VAL_HELPER_DCL(MAIL_SERVER, MAIL_SERVER_LOOP_FN); diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index a71435306..37835f0aa 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -39,8 +39,10 @@ /* processes terminate at their convenience. /* .IP \fB-i\fR /* Enable \fBinit\fR mode: do not attempt to become a session -/* or process group leader. This mode is allowed only if the -/* process ID equals 1. +/* or process group leader; and to force termination, set an +/* explicit signal handler instead of relying on the default +/* signal action. This mode is allowed only if the process ID +/* equals 1. /* .IP \fB-t\fR /* Test mode. Return a zero exit status when the \fBmaster.pid\fR lock /* file does not exist or when that file is not locked. This is evidence @@ -353,7 +355,7 @@ int main(int argc, char **argv) break; case 'i': if (getpid() != 1) - msg_fatal("-i is allowed with for PID 1 process"); + msg_fatal("-i is allowed only for PID 1 process"); init_mode = 1; break; case 'D': diff --git a/postfix/src/master/master_sig.c b/postfix/src/master/master_sig.c index cbae1b745..0560b1ab3 100644 --- a/postfix/src/master/master_sig.c +++ b/postfix/src/master/master_sig.c @@ -200,7 +200,9 @@ static void master_sigdeath(int sig) msg_info("terminating on signal %d", sig); /* - * Linux kill(1, sig) does not terminate, but returns no error. + * Undocumented: when a process runs with PID 1, Linux won't deliver a + * signal unless the process specifies a handler (i.e. SIG_DFL is treated + * as SIG_IGN). */ if (init_mode) /* Don't call exit() from a signal handler. */ diff --git a/postfix/src/master/single_server.c b/postfix/src/master/single_server.c index ed93dfe6b..1d174b192 100644 --- a/postfix/src/master/single_server.c +++ b/postfix/src/master/single_server.c @@ -121,16 +121,24 @@ /* .IP "CA_MAIL_SERVER_BOUNCE_INIT(const char *, const char **)" /* Initialize the DSN filter for the bounce/defer service /* clients with the specified map source and map names. +/* .IP "CA_MAIL_SERVER_RETIRE_ME" +/* Terminate voluntarily when idle after (max_use * max_idle) +/* seconds. This setting prevents a process from being reused +/* indefinitely when var_use_limit is set to zero. /* .PP /* The var_use_limit variable limits the number of clients that /* a server can service before it commits suicide. +/* Do not change this setting before calling single_server_main(). /* This value is taken from the global \fBmain.cf\fR configuration -/* file. Setting \fBvar_idle_limit\fR to zero disables the client limit. +/* file. Setting \fBvar_use_limit\fR to zero disables the client limit. +/* Specify CA_MAIL_SERVER_RETIRE_ME (see above) to limit the total +/* process lifetime. /* /* The var_idle_limit variable limits the time that a service /* receives no client connection requests before it commits suicide. +/* Do not change this setting before calling single_server_main(). /* This value is taken from the global \fBmain.cf\fR configuration -/* file. Setting \fBvar_use_limit\fR to zero disables the idle limit. +/* file. Setting \fBvar_idle_limit\fR to zero disables the idle limit. /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8). /* BUGS @@ -236,6 +244,15 @@ static NORETURN single_server_exit(void) exit(0); } +/* single_server_retire - retire when idle */ + +static NORETURN single_server_retire(int unused_event, void *unused_context) +{ + if (msg_verbose) + msg_info("time to retire -- exiting"); + single_server_exit(); +} + /* single_server_abort - terminate after abnormal master exit */ static void single_server_abort(int unused_event, void *unused_context) @@ -441,6 +458,7 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...) int redo_syslog_init = 0; const char *dsn_filter_title; const char **dsn_filter_maps; + int retire_me = 0; /* * Process environment options as early as we can. @@ -649,6 +667,9 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...) dsn_filter_maps = va_arg(ap, const char **); bounce_client_init(dsn_filter_title, *dsn_filter_maps); break; + case MAIL_SERVER_RETIRE_ME: + retire_me = 1; + break; default: msg_panic("%s: unknown argument type: %d", myname, key); } @@ -765,6 +786,10 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...) */ if (var_idle_limit > 0) event_request_timer(single_server_timeout, (void *) 0, var_idle_limit); + if (retire_me) + event_request_timer(single_server_retire, (void *) 0, + var_idle_limit > INT_MAX / var_use_limit ? + INT_MAX : var_idle_limit * var_use_limit); for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) { event_enable_read(fd, single_server_accept, CAST_INT_TO_VOID_PTR(fd)); close_on_exec(fd, CLOSE_ON_EXEC); diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index 80c2eb6e3..48d10a7ac 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -79,6 +79,10 @@ /* found to the standard output stream. The exit status is zero /* when the requested information was found. /* +/* Note: this performs a single query with the key as specified, +/* and does not make iterative queries with substrings of the +/* key as described in the aliases(5) manual page. +/* /* If a key value of \fB-\fR is specified, the program reads key /* values from the standard input stream and writes one line of /* \fIkey: value\fR output for each key that was found. The exit diff --git a/postfix/src/postconf/postconf_dbms.c b/postfix/src/postconf/postconf_dbms.c index 707bafa54..eddeab0a1 100644 --- a/postfix/src/postconf/postconf_dbms.c +++ b/postfix/src/postconf/postconf_dbms.c @@ -174,10 +174,10 @@ static void pcf_check_dbms_client(const PCF_DBMS_INFO *dp, const char *cf_file) */ dict = dict_ht_open(dict_spec, O_CREAT | O_RDWR, 0); dict_register(dict_spec, dict); - if ((fp = vstream_fopen(cf_file, O_RDONLY, 0)) == 0 - && errno != EACCES) { - msg_warn("open \"%s\" configuration \"%s\": %m", - dp->db_type, cf_file); + if ((fp = vstream_fopen(cf_file, O_RDONLY, 0)) == 0) { + if (errno != EACCES) + msg_warn("open \"%s\" configuration \"%s\": %m", + dp->db_type, cf_file); myfree(dict_spec); return; } diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index 4ca42f193..1b7e64fea 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -32,15 +32,16 @@ /* Start the Postfix mail system. This also runs the configuration /* check described above. /* .IP \fBstart-fg\fR -/* Like \fBstart\fR, but keep the master daemon running in the -/* foreground, if possible as PID 1. This command requires -/* that multi-instance support is disabled (i.e. the -/* multi_instance_directories parameter value must be empty). -/* When running Postfix inside a container, mount the container -/* host's /dev/log socket inside the container (example: "docker -/* run -v /dev/log:/dev/log ...") and specify a distinct -/* Postfix "syslog_name" prefix that identifies logging from -/* the Postfix instance. +/* Like \fBstart\fR, but keep the \fBmaster\fR(8) daemon running +/* in the foreground, and enable \fBmaster\fR(8) "init" mode +/* when running as PID 1. +/* This command requires that multi-instance support is +/* disabled (i.e. the multi_instance_directories parameter +/* value must be empty). When running Postfix inside a container, +/* mount the container host's /dev/log socket inside the +/* container (example: "docker run -v /dev/log:/dev/log ...") +/* and specify a distinct Postfix "syslog_name" prefix that +/* identifies logging from the Postfix instance. /* .IP \fBstop\fR /* Stop the Postfix mail system in an orderly fashion. If /* possible, running processes are allowed to terminate at diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index 87e0143ee..6c4e9b41c 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -150,6 +150,11 @@ /* found to the standard output stream. The exit status is zero /* when the requested information was found. /* +/* Note: this performs a single query with the key as specified, +/* and does not make iterative queries with substrings of the +/* key as described for access(5), canonical(5), transport(5), +/* virtual(5) and other Postfix table-driven features. +/* /* If a key value of \fB-\fR is specified, the program reads key /* values from the standard input stream and writes one line of /* \fIkey value\fR output for each key that was found. The exit diff --git a/postfix/src/util/killme_after.c b/postfix/src/util/killme_after.c index 886b043f1..b37a973d4 100644 --- a/postfix/src/util/killme_after.c +++ b/postfix/src/util/killme_after.c @@ -47,11 +47,11 @@ void killme_after(unsigned int seconds) * even if we are being called from a signal handler and SIGALRM delivery * is blocked. * - * Undocumented: when running in "init" mode on Linux, the signal won't be - * delivered unless the process specifies a handler. Conveniently, - * _exit() can be used directly as a signal handler. This changes the - * wait status that a parent would see, but in the case of "init" mode on - * Linux, no-one would care. + * Undocumented: when running in "init" mode on Linux, a signal won't be + * delivered unless the process specifies a handler (i.e. SIG_DFL is + * treated as SIG_IGN). Conveniently, _exit() can be used directly as a + * signal handler. This changes the wait status that a parent would see, + * but in the case of "init" mode on Linux, no-one would care. */ alarm(0); sigemptyset(&sig_action.sa_mask);