From: Wietse Venema <wietse@porcupine.org>
Date: Wed, 1 Dec 2010 05:00:00 +0000 (-0500)
Subject: postfix-2.8-20101201
X-Git-Tag: v2.8.0-RC1~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=556b04bfeda891a973becf4c2d94ea4b1ec0f9a2;p=thirdparty%2Fpostfix.git

postfix-2.8-20101201
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 793c2aab9..0268d42c1 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -16194,3 +16194,14 @@ Apologies for any names omitted.
 
 	Cleanup: polishing recent documentation and code. Files:
 	postscreen/postscreen_dnsbl.c, util/ip_match.c.
+
+20101201
+
+	Bugfix (introduced 20101129): broken default value for
+	postscreen_client_connection_count_limit if the
+	smtpd_client_connection_count_limit parameter was left at
+	its default.  File: postscreen/postscreen.c.
+
+	Workaround: BSD-ish mkdir() ignores the effective GID
+	and copies group ownership from the parent directory.
+	File: util/make_dirs.c.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 37525409a..eb1501396 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -6925,9 +6925,10 @@ comma or whitespace.  </p>
 <ul>
 
 <li> <p> When no "=filter" is specified, <a href="postscreen.8.html">postscreen(8)</a> will use any
-non-error DNSBL reply.  Otherwise, the filter must be an IPv4
-address, and <a href="postscreen.8.html">postscreen(8)</a> uses only DNSBL replies that match the
-filter.  </p>
+non-error DNSBL reply.  Otherwise, <a href="postscreen.8.html">postscreen(8)</a> uses only DNSBL
+replies that match the filter. The filter has the form d.d.d.d,
+where each d is a number, or a pattern inside [] that contains one
+or more comma-separated numbers or number..number ranges.  </p>
 
 <li> <p> When no "*weight" is specified, <a href="postscreen.8.html">postscreen(8)</a> increments
 the SMTP client's DNSBL score by 1.  Otherwise, the weight must be
@@ -12343,6 +12344,11 @@ restriction lists" for a discussion of evaluation context and time.
 The default is to permit everything.
 </p>
 
+<p> Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> by not sending HELO or EHLO).
+</p>
+
 <p>
 Specify a list of restrictions, separated by commas and/or whitespace.
 Continue long lines by starting the next line with whitespace.
@@ -12362,7 +12368,8 @@ received with the HELO or EHLO command.
 <dd>Search the specified <a href="access.5.html">access(5)</a> database for the HELO or EHLO
 hostname or parent domains, and execute the corresponding action.
 Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
-restriction.  </dd>
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO).  </dd>
 
 <dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
@@ -12371,7 +12378,9 @@ the HELO or EHLO hostname, and execute the corresponding action.
 Note 1: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  Note
 2: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
-restriction.  This feature is available in Postfix 2.1 and later.
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip <a href="postconf.5.html#check_helo_mx_access">check_helo_mx_access</a> by not sending HELO or EHLO).  This
+feature is available in Postfix 2.1 and later.
 </dd>
 
 <dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
@@ -12381,21 +12390,27 @@ for the HELO or EHLO hostname, and execute the corresponding action.
 Note 1: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  Note
 2: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
-restriction. This feature is available in Postfix 2.1 and later.
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip <a href="postconf.5.html#check_helo_ns_access">check_helo_ns_access</a> by not sending HELO or EHLO). This
+feature is available in Postfix 2.1 and later.
 </dd>
 
 <dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_invalid_hostname)</dt>
 
 <dd>Reject the request when the HELO or EHLO hostname syntax is
 invalid. Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce
-this restriction. <br> The <a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> specifies
-the response code for rejected requests (default: 501).</dd>
+this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply
+skip <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> by not sending HELO or EHLO).
+<br> The <a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> specifies the response code
+for rejected requests (default: 501).</dd>
 
 <dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_non_fqdn_hostname)</dt>
 
 <dd>Reject the request when the HELO or EHLO hostname is not in
 fully-qualified domain form, as required by the RFC. Note: specify
-"<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this restriction.  <br>
+"<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this restriction
+(without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply skip
+<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a> by not sending HELO or EHLO).  <br>
 The <a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for
 rejected requests (default: 504).</dd>
 
@@ -12411,7 +12426,9 @@ specified, reject the request when the HELO or EHLO hostname is
 listed with any A record under <i>rbl_domain</i>. See the
 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description for additional RBL related configuration
 parameters.  Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully
-enforce this restriction. This feature is available in Postfix 2.0
+enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a
+client can simply skip <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> by not sending HELO or
+EHLO). This feature is available in Postfix 2.0
 and later.  </dd>
 
 <dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_unknown_hostname)</dt>
@@ -12422,7 +12439,9 @@ specifies the numerical response code for rejected requests (default:
 450). <br> The <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> parameter
 specifies the action after a temporary DNS error (default:
 <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully
-enforce this restriction. </dd>
+enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a
+client can simply skip <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> by not sending
+HELO or EHLO). </dd>
 
 </dl>
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 3df9798a7..f46bab9d2 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -3916,9 +3916,10 @@ Specify a list of domain=filter*weight entries, separated by
 comma or whitespace.
 .IP \(bu
 When no "=filter" is specified, \fBpostscreen\fR(8) will use any
-non-error DNSBL reply.  Otherwise, the filter must be an IPv4
-address, and \fBpostscreen\fR(8) uses only DNSBL replies that match the
-filter.
+non-error DNSBL reply.  Otherwise, \fBpostscreen\fR(8) uses only DNSBL
+replies that match the filter. The filter has the form d.d.d.d,
+where each d is a number, or a pattern inside [] that contains one
+or more comma-separated numbers or number..number ranges.
 .IP \(bu
 When no "*weight" is specified, \fBpostscreen\fR(8) increments
 the SMTP client's DNSBL score by 1.  Otherwise, the weight must be
@@ -7665,6 +7666,10 @@ restriction lists" for a discussion of evaluation context and time.
 .PP
 The default is to permit everything.
 .PP
+Note: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip smtpd_helo_restrictions by not sending HELO or EHLO).
+.PP
 Specify a list of restrictions, separated by commas and/or whitespace.
 Continue long lines by starting the next line with whitespace.
 Restrictions are applied in the order as specified; the first
@@ -7676,32 +7681,40 @@ received with the HELO or EHLO command.
 Search the specified \fBaccess\fR(5) database for the HELO or EHLO
 hostname or parent domains, and execute the corresponding action.
 Note: specify "smtpd_helo_required = yes" to fully enforce this
-restriction.
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_access by not sending HELO or EHLO).
 .IP "\fBcheck_helo_mx_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the MX hosts for
 the HELO or EHLO hostname, and execute the corresponding action.
 Note 1: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  Note
 2: specify "smtpd_helo_required = yes" to fully enforce this
-restriction.  This feature is available in Postfix 2.1 and later.
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_mx_access by not sending HELO or EHLO).  This
+feature is available in Postfix 2.1 and later.
 .IP "\fBcheck_helo_ns_access \fItype:table\fR\fR"
 Search the specified \fBaccess\fR(5) database for the DNS servers
 for the HELO or EHLO hostname, and execute the corresponding action.
 Note 1: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  Note
 2: specify "smtpd_helo_required = yes" to fully enforce this
-restriction. This feature is available in Postfix 2.1 and later.
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_ns_access by not sending HELO or EHLO). This
+feature is available in Postfix 2.1 and later.
 .IP "\fBreject_invalid_helo_hostname\fR (with Postfix < 2.3: reject_invalid_hostname)"
 Reject the request when the HELO or EHLO hostname syntax is
 invalid. Note: specify "smtpd_helo_required = yes" to fully enforce
-this restriction.
+this restriction (without "smtpd_helo_required = yes", a client can simply
+skip reject_invalid_helo_hostname by not sending HELO or EHLO).
 .br
-The invalid_hostname_reject_code specifies
-the response code for rejected requests (default: 501).
+The invalid_hostname_reject_code specifies the response code
+for rejected requests (default: 501).
 .IP "\fBreject_non_fqdn_helo_hostname\fR (with Postfix < 2.3: reject_non_fqdn_hostname)"
 Reject the request when the HELO or EHLO hostname is not in
 fully-qualified domain form, as required by the RFC. Note: specify
-"smtpd_helo_required = yes" to fully enforce this restriction.
+"smtpd_helo_required = yes" to fully enforce this restriction
+(without "smtpd_helo_required = yes", a client can simply skip
+reject_non_fqdn_helo_hostname by not sending HELO or EHLO).
 .br
 The non_fqdn_reject_code parameter specifies the response code for
 rejected requests (default: 504).
@@ -7716,7 +7729,9 @@ specified, reject the request when the HELO or EHLO hostname is
 listed with any A record under \fIrbl_domain\fR. See the
 reject_rbl_client description for additional RBL related configuration
 parameters.  Note: specify "smtpd_helo_required = yes" to fully
-enforce this restriction. This feature is available in Postfix 2.0
+enforce this restriction (without "smtpd_helo_required = yes", a
+client can simply skip reject_rhsbl_helo by not sending HELO or
+EHLO). This feature is available in Postfix 2.0
 and later.
 .IP "\fBreject_unknown_helo_hostname\fR (with Postfix < 2.3: reject_unknown_hostname)"
 Reject the request when the HELO or EHLO hostname has no DNS A
@@ -7729,7 +7744,9 @@ specifies the numerical response code for rejected requests (default:
 The unknown_helo_hostname_tempfail_action parameter
 specifies the action after a temporary DNS error (default:
 defer_if_permit). Note: specify "smtpd_helo_required = yes" to fully
-enforce this restriction.
+enforce this restriction (without "smtpd_helo_required = yes", a
+client can simply skip reject_unknown_helo_hostname by not sending
+HELO or EHLO).
 .PP
 Other restrictions that are valid in this context:
 .IP \(bu
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 7334ea079..5e2b9f216 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -5328,6 +5328,11 @@ restriction lists" for a discussion of evaluation context and time.
 The default is to permit everything.
 </p>
 
+<p> Note: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip smtpd_helo_restrictions by not sending HELO or EHLO).
+</p>
+
 <p>
 Specify a list of restrictions, separated by commas and/or whitespace.
 Continue long lines by starting the next line with whitespace.
@@ -5347,7 +5352,8 @@ received with the HELO or EHLO command.
 <dd>Search the specified access(5) database for the HELO or EHLO
 hostname or parent domains, and execute the corresponding action.
 Note: specify "smtpd_helo_required = yes" to fully enforce this
-restriction.  </dd>
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_access by not sending HELO or EHLO).  </dd>
 
 <dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
 
@@ -5356,7 +5362,9 @@ the HELO or EHLO hostname, and execute the corresponding action.
 Note 1: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  Note
 2: specify "smtpd_helo_required = yes" to fully enforce this
-restriction.  This feature is available in Postfix 2.1 and later.
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_mx_access by not sending HELO or EHLO).  This
+feature is available in Postfix 2.1 and later.
 </dd>
 
 <dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
@@ -5366,21 +5374,27 @@ for the HELO or EHLO hostname, and execute the corresponding action.
 Note 1: a result of "OK" is not allowed for safety reasons. Instead,
 use DUNNO in order to exclude specific hosts from blacklists.  Note
 2: specify "smtpd_helo_required = yes" to fully enforce this
-restriction. This feature is available in Postfix 2.1 and later.
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_ns_access by not sending HELO or EHLO). This
+feature is available in Postfix 2.1 and later.
 </dd>
 
 <dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_invalid_hostname)</dt>
 
 <dd>Reject the request when the HELO or EHLO hostname syntax is
 invalid. Note: specify "smtpd_helo_required = yes" to fully enforce
-this restriction. <br> The invalid_hostname_reject_code specifies
-the response code for rejected requests (default: 501).</dd>
+this restriction (without "smtpd_helo_required = yes", a client can simply
+skip reject_invalid_helo_hostname by not sending HELO or EHLO).
+<br> The invalid_hostname_reject_code specifies the response code
+for rejected requests (default: 501).</dd>
 
 <dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_non_fqdn_hostname)</dt>
 
 <dd>Reject the request when the HELO or EHLO hostname is not in
 fully-qualified domain form, as required by the RFC. Note: specify
-"smtpd_helo_required = yes" to fully enforce this restriction.  <br>
+"smtpd_helo_required = yes" to fully enforce this restriction
+(without "smtpd_helo_required = yes", a client can simply skip
+reject_non_fqdn_helo_hostname by not sending HELO or EHLO).  <br>
 The non_fqdn_reject_code parameter specifies the response code for
 rejected requests (default: 504).</dd>
 
@@ -5396,7 +5410,9 @@ specified, reject the request when the HELO or EHLO hostname is
 listed with any A record under <i>rbl_domain</i>. See the
 reject_rbl_client description for additional RBL related configuration
 parameters.  Note: specify "smtpd_helo_required = yes" to fully
-enforce this restriction. This feature is available in Postfix 2.0
+enforce this restriction (without "smtpd_helo_required = yes", a
+client can simply skip reject_rhsbl_helo by not sending HELO or
+EHLO). This feature is available in Postfix 2.0
 and later.  </dd>
 
 <dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_unknown_hostname)</dt>
@@ -5407,7 +5423,9 @@ specifies the numerical response code for rejected requests (default:
 450). <br> The unknown_helo_hostname_tempfail_action parameter
 specifies the action after a temporary DNS error (default:
 defer_if_permit). Note: specify "smtpd_helo_required = yes" to fully
-enforce this restriction. </dd>
+enforce this restriction (without "smtpd_helo_required = yes", a
+client can simply skip reject_unknown_helo_hostname by not sending
+HELO or EHLO). </dd>
 
 </dl>
 
@@ -12681,9 +12699,10 @@ comma or whitespace.  </p>
 <ul>
 
 <li> <p> When no "=filter" is specified, postscreen(8) will use any
-non-error DNSBL reply.  Otherwise, the filter must be an IPv4
-address, and postscreen(8) uses only DNSBL replies that match the
-filter.  </p>
+non-error DNSBL reply.  Otherwise, postscreen(8) uses only DNSBL
+replies that match the filter. The filter has the form d.d.d.d,
+where each d is a number, or a pattern inside [] that contains one
+or more comma-separated numbers or number..number ranges.  </p>
 
 <li> <p> When no "*weight" is specified, postscreen(8) increments
 the SMTP client's DNSBL score by 1.  Otherwise, the weight must be
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 6758078fd..652a4e712 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20101130"
+#define MAIL_RELEASE_DATE	"20101201"
 #define MAIL_VERSION_NUMBER	"2.8"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c
index 37fca2746..2667acf1e 100644
--- a/postfix/src/postscreen/postscreen.c
+++ b/postfix/src/postscreen/postscreen.c
@@ -351,6 +351,7 @@ int     var_ps_barlf_ttl;
 int     var_ps_cmd_count;
 char   *var_ps_cmd_time;
 
+int     var_smtpd_cconn_limit;
 int     var_ps_cconn_limit;
 
  /*
@@ -866,6 +867,7 @@ int     main(int argc, char **argv)
 	VAR_PROC_LIMIT, DEF_PROC_LIMIT, &var_proc_limit, 1, 0,
 	VAR_PS_DNSBL_THRESH, DEF_PS_DNSBL_THRESH, &var_ps_dnsbl_thresh, 0, 0,
 	VAR_PS_CMD_COUNT, DEF_PS_CMD_COUNT, &var_ps_cmd_count, 1, 0,
+	VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0,
 	0,
     };
     static const CONFIG_NINT_TABLE nint_table[] = {
diff --git a/postfix/src/util/make_dirs.c b/postfix/src/util/make_dirs.c
index cf50aae25..cf96d2481 100644
--- a/postfix/src/util/make_dirs.c
+++ b/postfix/src/util/make_dirs.c
@@ -49,12 +49,14 @@
 
 int     make_dirs(const char *path, int perms)
 {
+    const char *myname = "make_dirs";
     char   *saved_path;
     unsigned char *cp;
     int     saved_ch;
     struct stat st;
     int     ret;
     mode_t  saved_mode = 0;
+    gid_t   egid = -1;
 
     /*
      * Initialize. Make a copy of the path that we can safely clobber.
@@ -117,6 +119,21 @@ int     make_dirs(const char *path, int perms)
 		    break;
 		}
 	    }
+
+	    /*
+	     * Fix directory ownership when mkdir() ignores the effective
+	     * GID. Don't change the effective UID for doing this.
+	     */
+	    if ((ret = stat(saved_path, &st)) < 0) {
+		msg_warn("%s: stat saved_path: %m", myname);
+		break;
+	    }
+	    if (egid == -1)
+		egid = getegid();
+	    if (st.st_gid != egid && (ret = chown(saved_path, -1, egid)) < 0) {
+		msg_warn("%s: chgrp saved_path: %m", myname);
+		break;
+	    }
 	}
 	if (saved_ch != 0)
 	    *cp = saved_ch;