From: Wietse Venema Date: Sun, 25 Nov 2001 05:00:00 +0000 (-0500) Subject: snapshot-20011125 X-Git-Tag: v1.1.0~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68e0b5bdb47b6bebd988043cdf6a66c58ce767f1;p=thirdparty%2Fpostfix.git snapshot-20011125 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 8dee622e0..89100032f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -5665,6 +5665,31 @@ Apologies for any names omitted. Bugfix: missing long integer support in the new IPC protocols. Files: util/attr_scan*.c, util/attr_print*.c. + Portability: AIX5 (Adrian P. van Bloois), MAC OS X 10.1.1 + (Gerben Wierda). + +20011125 + + Bugfix: spurious postmaster notifications because some flag + was not reset. + + Feature: new parameter smtpd_sender_login_maps that specifies + the (SASL) login name that owns a MAIL FROM address. + Specify a regexp table in order to require a simple one-to-one + mapping. This is used in the reject_sender_login_mismatch + sender anti-spoofing feature. + + Feature: restriction reject_sender_login_mismatch refuses + a MAIL FROM address when $smtpd_sender_login_maps specifies + an owner but the client is not (SASL) logged in as the MAIL + FROM address owner, or when a client is (SASL) logged in + but the client login name does not own the MAIL FROM address + according to $smtpd_sender_login_maps. File: smtpd/smpd_check.c. + + Documentation: added some redundancy to the LMTP_README + file so people can keep track of the difference between + the Postfix LMTP client and the non-Postfix LMTP server. + Open problems: Medium: need in-process caching for map lookups. LDAP diff --git a/postfix/LMTP_README b/postfix/LMTP_README index e6320db86..36ea8ea36 100644 --- a/postfix/LMTP_README +++ b/postfix/LMTP_README @@ -48,11 +48,17 @@ There are a variety of ways LMTP delivery can be configured in Postfix. The two basic flavors are delivery over UNIX-domain sockets and delivery over TCP sockets. - o Connections over UNIX-domain sockets limit delivery to LMTP - servers running on the same machine. + o Connections from the Postfix LMTP client over UNIX-domain + sockets allow you to deliver to non-Postfix LMTP servers running + on the same machine. - o Connections over TCP sockets allow you to deliver to LMTP - servers across a local network. + o Connections from the Postfix LMTP client over TCP sockets allow + you to deliver to non-Postfix LMTP servers across a local + network. + +Note: the above is not to be confused with the UNIX-domain sockets +that Postfix uses internally to speak its own protocols with the +Postfix LMTP client. The precise syntax for UNIX-domain and TCP connection endpoints is given in the lmtp(8) manual page. Examples are also given in the @@ -69,6 +75,9 @@ in convenience and in performance with these different approaches. 3 - LMTP over UNIX-domain sockets ================================= +Use this to deliver mail from the Postfix LMTP client to an LMTP +server that is running on the same system. + A UNIX-domain socket is specified as the socket type ("unix") and a name in the local file system: @@ -80,9 +89,9 @@ later in this document. NOTE: - If you run the lmtp client chrooted, the interpretation of the - /path/name is relative to the Postfix queue directory (typically, - /var/spool/postfix). + If you run the Postfix LMTP client chrooted, the interpretation + of the /path/name is relative to the Postfix queue directory + (typically, /var/spool/postfix). By default, the Postfix LMTP client does not run chrooted. With LMTP delivery to the local machine there is no good reason @@ -91,6 +100,9 @@ NOTE: 4 - LMTP over TCP sockets ========================= +Use this to deliver mail from the Postfix LMTP client to an LMTP +server that is running on the same system or on a different system. + A TCP destination is specified as the socket type ("inet"), the destination hostname and the TCP port: @@ -125,9 +137,9 @@ This is the simplest LMTP configuration. 5.1 - Delivery mechanisms ------------------------- -Postfix main.cf supports three mechanisms to deliver mail over -LMTP. Each method can use UNIX-domain or TCP sockets as described -in a later section. +Postfix main.cf supports three mechanisms to deliver mail to an +LMTP server. Each method can use UNIX-domain or TCP sockets as +described in a later section. main.cf mechanism 1 ------------------- @@ -138,7 +150,8 @@ mailbox_transport = lmtp:hostname:port (TCP socket example) Mail that resolves as local (domain is listed in $mydestination) is given to the Postfix local delivery agent. The Postfix local delivery agent expands aliases and .forward files, and delegates -mailbox delivery to the LMTP server. +mailbox delivery to the Postfix LMTP client which then sends it to +the non-Postfix LMTP server. main.cf mechanism 2 ------------------- @@ -147,9 +160,10 @@ local_transport = lmtp:unix:/path/name (UNIX-domain socket example) local_transport = lmtp:hostname:port (TCP socket example) Mail that resolves as local (domain is listed in $mydestination) -is directly given to the LMTP server. The mail is not processed -by the Postfix local delivery agent; therefore aliases and .forward -files are not processed. +is directly given to the Postfix LMTP client which then sends it +to the non-Postfix LMTP server. The mail is not processed by the +Postfix local delivery agent; therefore aliases and .forward files +are not processed. main.cf mechanism 3 ------------------- @@ -161,7 +175,8 @@ Mail that resolves as local (domain is listed in $mydestination) is given to the Postfix local delivery agent. The Postfix local delivery agent processes aliases and .forward files, and delivers to /var[/spool]/mail/$user for users that have a UNIX account. -Mail for other local users is delegated to the LMTP server. +Mail for other local users is delegated to the Postfix LMTP client +which then sends it to the non-Postfix LMTP server. 5.2 - Examples -------------- diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 77bb959f8..88152f1b4 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,3 +1,16 @@ +Major changes with snapshot-20011125 +==================================== + +New parameter smtpd_sender_login_maps that specifies the (SASL) +login name that owns a MAIL FROM sender address. Specify a regexp +table in order to require a simple one-to-one mapping. + +New sender anti-spoofing restriction reject_sender_login_mismatch +that refuses a MAIL FROM address when $smtpd_sender_login_maps +specifies an owner but the client is not (SASL) logged in as the +MAIL FROM address owner, or when a client is (SASL) logged in but +does not own the address according to $smtpd_sender_login_maps. + Incompatible changes with snapshot-20011121 =========================================== diff --git a/postfix/conf/sample-smtpd.cf b/postfix/conf/sample-smtpd.cf index b59488679..524ca22d1 100644 --- a/postfix/conf/sample-smtpd.cf +++ b/postfix/conf/sample-smtpd.cf @@ -4,6 +4,36 @@ # This file contains example settings of Postfix configuration parameters # that control the SMTP server program. +# +# SENDER ANTI-SPOOFING +# + +# The smtpd_sender_login_maps parameter specifies the (SASL) login +# name that owns a sender (MAIL FROM) address. +# +# Specify zero or more maptype:mapname entries. Maps are created with +# postmap(1) or with equivalent means. The maps are searched in the +# specified order. Regexp tables are allowed. +# +# Each map entry specifies a sender address and the login name that +# owns the address. The search order is: +# +# 1) user@domain owner +# +# This form has the highest precedence. +# +# 2) user owner +# +# This matches user@site when site is equal to $myorigin, when site +# is listed in $mydestination, or when it is listed in $inet_interfaces. +# +# 3) @domain owner +# +# This matches every address in the specified domain, and has the +# lowest precedence. +# +#smtpd_sender_login_maps = + # # MISCELLANEOUS # @@ -26,9 +56,9 @@ smtpd_banner = $myhostname ESMTP $mail_name # The smtpd_etrn_restrictions parameter restricts what clients are # allowed to issue the ETRN command. # -# The Postfix ETRN command is available only for destinations that -# that are eligible for the Postfix "fast flush" service. See the -# sample-flush.cf file for details. +# The Postfix ETRN command accepts only destinations that are eligible +# for the Postfix "fast flush" service. See the sample-flush.cf file +# for details. # # The default is to allow ETRN from any host. The following restrictions # are available: @@ -226,6 +256,11 @@ smtpd_helo_restrictions = # Permit if result is OK or all numerical. # check_client_access maptype:mapname: see smtpd_client_restrictions. # check_helo_access maptype:mapname: see smtpd_helo_restrictions. +# reject_sender_login_mismatch: reject if $smtpd_sender_login_maps specifies +# a MAIL FROM address owner, but the client is not (SASL) logged in as +# that MAIL FROM address owner; or if the client is (SASL) logged in, but +# the client login name doesn't own the MAIL FROM address according to +# $smtpd_sender_login_maps (see above). # reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form # reject_non_fqdn_sender: reject sender address that is not in FQDN form # reject: reject the request. Place this at the end of a restriction. @@ -296,6 +331,11 @@ smtpd_sender_restrictions = # check_client_access maptype:mapname: see smtpd_client_restrictions. # check_helo_access maptype:mapname: see smtpd_helo_restrictions. # check_sender_access maptype:mapname: see smtpd_sender_restrictions. +# reject_sender_login_mismatch: reject if $smtpd_sender_login_maps specifies +# a MAIL FROM address owner, but the client is not (SASL) logged in as +# that MAIL FROM address owner; or if the client is (SASL) logged in, but +# the client login name doesn't own the MAIL FROM address according to +# $smtpd_sender_login_maps (see above). # reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form # reject_non_fqdn_sender: reject sender address that is not in FQDN form # reject_non_fqdn_recipient: reject recipient address that is not in FQDN form diff --git a/postfix/html/faq.html b/postfix/html/faq.html index 66affb009..fe7499449 100644 --- a/postfix/html/faq.html +++ b/postfix/html/faq.html @@ -1138,7 +1138,7 @@ run out of file handles; after that, it will run out of sockets. To set the following kernel parameters at boot time, add the following lines to the /boot/loader.conf file (this is -specific to FreeBSD 4.x): +verified with FreeBSD 4.4):

@@ -1146,18 +1146,17 @@ specific to FreeBSD 4.x): 

 kern.ipc.maxsockets="5000"
 kern.ipc.nmbclusters="65536"
+kern.maxproc="2048"
+kern.maxfiles="16384"
+kern.maxfilesperproc="16384"

-These parameters cannot be set at run time (verified with FreeBSD -4.2). - -

- -To set the following kernel parameters at run time execute the -following commands as root (this is specific to FreeBSD 4.x): +With FreeBSD 4.2, the last three parameters cannot be set from +/boot/loader.conf. To set the open file limits, execute the +following commands as root:

@@ -1170,14 +1169,9 @@ following commands as root (this is specific to FreeBSD 4.x):

-These parameters cannot be set from /boot/loader.conf -(verified with FreeBSD 4.2). - -

- -Other kernel parameters such as kern.maxproc can be increased -only by recompiling the kernel with a different maxusers -setting in the kernel configuration file (verified with FreeBSD 4.2). +With FreeBSD 4.2, kern.maxproc can be set only by recompiling +the kernel with a different maxusers setting in the kernel +configuration file.

diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index 282a7bd3e..8918f9858 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -181,31 +181,32 @@ SENDMAIL(1) SENDMAIL(1) -qRsite Schedule immediate delivery of all mail that is - queued for the named site. This uses "fast flush" - service, and is implemented by connecting to the - local SMTP server at $myhostname. See smtpd(8) for + queued for the named site. This option accepts only + site names that are eligible for the "fast flush" + service, and is implemented by connecting to the + local SMTP server at $myhostname. See flush(8) for more information about the "fast flush" service. -qSsite - This command is not implemented. Use the slower + This command is not implemented. Use the slower sendmail -q command instead. - -t Extract recipients from message headers. This - requires that no recipients be specified on the + -t Extract recipients from message headers. This + requires that no recipients be specified on the command line. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. SECURITY - By design, this program is not set-user (or group) id. - However, it must handle data from untrusted users or - untrusted machines. Thus, the usual precautions need to + By design, this program is not set-user (or group) id. + However, it must handle data from untrusted users or + untrusted machines. Thus, the usual precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard + Problems are logged to syslogd(8) and to the standard error stream. ENVIRONMENT @@ -217,7 +218,7 @@ SENDMAIL(1) SENDMAIL(1) MAIL_DEBUG Enable debugging with an external command, as spec- - ified with the debugger_command configuration + ified with the debugger_command configuration parameter. FILES @@ -225,13 +226,13 @@ SENDMAIL(1) SENDMAIL(1) /etc/postfix, configuration files CONFIGURATION PARAMETERS - See the Postfix main.cf file for syntax details and for - default values. Use the postfix reload command after a + See the Postfix main.cf file for syntax details and for + default values. Use the postfix reload command after a configuration change. alias_database - Default alias database(s) for newaliases. The - default value for this parameter is system-spe- + Default alias database(s) for newaliases. The + default value for this parameter is system-spe- cific. bounce_size_limit @@ -247,64 +248,64 @@ SENDMAIL(1) SENDMAIL(1) initialized. debug_peer_level - Increment in verbose logging level when a remote + Increment in verbose logging level when a remote host matches a pattern in the debug_peer_list parameter. debug_peer_list - List of domain or network patterns. When a remote - host matches a pattern, increase the verbose log- - ging level by the amount specified in the + List of domain or network patterns. When a remote + host matches a pattern, increase the verbose log- + ging level by the amount specified in the debug_peer_level parameter. default_verp_delimiters - The VERP delimiter characters that are used when - the -V command line option is specified without + The VERP delimiter characters that are used when + the -V command line option is specified without delimiter characters. fast_flush_domains List of domains that will receive "fast flush" ser- - vice (default: all domains that this system is - willing to relay mail to). This greatly improves - the performance of the SMTP ETRN request, and of - the sendmail -qR command. For domains not in the + vice (default: all domains that this system is + willing to relay mail to). This greatly improves + the performance of the SMTP ETRN request, and of + the sendmail -qR command. For domains not in the list, Postfix simply attempts to deliver all queued mail. fork_attempts - Number of attempts to fork() a process before giv- + Number of attempts to fork() a process before giv- ing up. fork_delay - Delay in seconds between successive fork() + Delay in seconds between successive fork() attempts. hopcount_limit Limit the number of Received: message headers. mail_owner - The owner of the mail queue and of most Postfix + The owner of the mail queue and of most Postfix processes. command_directory - Directory with Postfix support commands (default: + Directory with Postfix support commands (default: $program_directory). daemon_directory - Directory with Postfix daemon programs (default: + Directory with Postfix daemon programs (default: $program_directory). queue_directory - Top-level directory of the Postfix queue. This is + Top-level directory of the Postfix queue. This is also the root directory of Postfix daemons that run chrooted. queue_run_delay - The time between successive scans of the deferred + The time between successive scans of the deferred queue. verp_delimiter_filter - The characters that Postfix accepts as VERP delim- + The characters that Postfix accepts as VERP delim- iter characters. SEE ALSO @@ -320,7 +321,7 @@ SENDMAIL(1) SENDMAIL(1) syslogd(8) system logging LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 5864c13cb..eb8779b9a 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -103,9 +103,15 @@ SMTPD(8) SMTPD(8) noanonymous Disallow anonymous logins. + smtpd_sender_login_maps + Maps that specify the SASL login name that owns a + MAIL FROM sender address. Used by the + reject_sender_login_mismatch sender anti-spoofing + restriction. + Miscellaneous always_bcc - Address to send a copy of each message that enters + Address to send a copy of each message that enters the system. command_directory @@ -113,71 +119,71 @@ SMTPD(8) SMTPD(8) $program_directory). debug_peer_level - Increment in verbose logging level when a remote + Increment in verbose logging level when a remote host matches a pattern in the debug_peer_list parameter. debug_peer_list - List of domain or network patterns. When a remote - host matches a pattern, increase the verbose log- - ging level by the amount specified in the + List of domain or network patterns. When a remote + host matches a pattern, increase the verbose log- + ging level by the amount specified in the debug_peer_level parameter. default_verp_delimiters The default VERP delimiter characters that are used - when the XVERP command is specified without + when the XVERP command is specified without explicit delimiters. error_notice_recipient - Recipient of protocol/policy/resource/software + Recipient of protocol/policy/resource/software error notices. hopcount_limit Limit the number of Received: message headers. local_recipient_maps - List of maps with user names that are local to + List of maps with user names that are local to $myorigin or $inet_interfaces. If this parameter is - defined, then the SMTP server rejects mail for + defined, then the SMTP server rejects mail for unknown local users. notify_classes List of error classes. Of special interest are: - policy When a client violates any policy, mail a + policy When a client violates any policy, mail a transcript of the entire SMTP session to the postmaster. protocol - When a client violates the SMTP protocol or + When a client violates the SMTP protocol or issues an unimplemented command, mail a transcript of the entire SMTP session to the postmaster. smtpd_banner - Text that follows the 220 status code in the SMTP + Text that follows the 220 status code in the SMTP greeting banner. smtpd_recipient_limit - Restrict the number of recipients that the SMTP + Restrict the number of recipients that the SMTP server accepts per message delivery. smtpd_timeout - Limit the time to send a server response and to + Limit the time to send a server response and to receive a client request. soft_bounce - Change hard (5xx) reject responses into soft (4xx) - reject responses. This can be useful for testing + Change hard (5xx) reject responses into soft (4xx) + reject responses. This can be useful for testing purposes. verp_delimiter_filter - The characters that Postfix accepts as VERP delim- + The characters that Postfix accepts as VERP delim- iter characters. Resource controls line_length_limit - Limit the amount of memory in bytes used for the + Limit the amount of memory in bytes used for the handling of partial input lines. message_size_limit @@ -185,8 +191,8 @@ SMTPD(8) SMTPD(8) ing on-disk storage for envelope information. queue_minfree - Minimal amount of free space in bytes in the queue - file system for the SMTP server to accept any mail + Minimal amount of free space in bytes in the queue + file system for the SMTP server to accept any mail at all. Tarpitting @@ -196,22 +202,22 @@ SMTPD(8) SMTPD(8) smtpd_soft_error_limit When an SMTP client has made this number of errors, - wait error_count seconds before responding to any + wait error_count seconds before responding to any client request. smtpd_hard_error_limit - Disconnect after a client has made this number of + Disconnect after a client has made this number of errors. smtpd_junk_command_limit Limit the number of times a client can issue a junk - command such as NOOP, VRFY, ETRN or RSET in one - SMTP session before it is penalized with tarpit + command such as NOOP, VRFY, ETRN or RSET in one + SMTP session before it is penalized with tarpit delays. UCE control restrictions parent_domain_matches_subdomains (versions >= 20011119) - List of Postfix features that use domain.name pat- + List of Postfix features that use domain.name pat- terns to match sub.domain.name (as opposed to requiring .domain.name patterns). @@ -220,19 +226,19 @@ SMTPD(8) SMTPD(8) tem. smtpd_helo_required - Require that clients introduce themselves at the + Require that clients introduce themselves at the beginning of an SMTP session. smtpd_helo_restrictions - Restrict what client hostnames are allowed in HELO + Restrict what client hostnames are allowed in HELO and EHLO commands. smtpd_sender_restrictions - Restrict what sender addresses are allowed in MAIL + Restrict what sender addresses are allowed in MAIL FROM commands. smtpd_recipient_restrictions - Restrict what recipient addresses are allowed in + Restrict what recipient addresses are allowed in RCPT TO commands. smtpd_etrn_restrictions @@ -240,62 +246,62 @@ SMTPD(8) SMTPD(8) mands, and what clients may issue ETRN commands. allow_untrusted_routing - Allow untrusted clients to specify addresses with - sender-specified routing. Enabling this opens up - nasty relay loopholes involving trusted backup MX + Allow untrusted clients to specify addresses with + sender-specified routing. Enabling this opens up + nasty relay loopholes involving trusted backup MX hosts. smtpd_restriction_classes - Declares the name of zero or more parameters that - contain a list of UCE restrictions. The names of - these parameters can then be used instead of the + Declares the name of zero or more parameters that + contain a list of UCE restrictions. The names of + these parameters can then be used instead of the restriction lists that they represent. maps_rbl_domains - List of DNS domains that publish the addresses of + List of DNS domains that publish the addresses of blacklisted hosts. permit_mx_backup_networks - Only domains whose primary MX hosts match the - listed networks are eligible for the per- + Only domains whose primary MX hosts match the + listed networks are eligible for the per- mit_mx_backup feature. relay_domains - Restrict what domains or networks this mail system + Restrict what domains or networks this mail system will relay mail from or to. UCE control responses access_map_reject_code - Server response when a client violates an access + Server response when a client violates an access database restriction. invalid_hostname_reject_code - Server response when a client violates the + Server response when a client violates the reject_invalid_hostname restriction. maps_rbl_reject_code - Server response when a client violates the + Server response when a client violates the maps_rbl_domains restriction. reject_code - Response code when the client matches a reject + Response code when the client matches a reject restriction. relay_domains_reject_code - Server response when a client attempts to violate + Server response when a client attempts to violate the mail relay policy. unknown_address_reject_code - Server response when a client violates the + Server response when a client violates the reject_unknown_address restriction. unknown_client_reject_code - Server response when a client without address to - name mapping violates the reject_unknown_clients + Server response when a client without address to + name mapping violates the reject_unknown_clients restriction. unknown_hostname_reject_code - Server response when a client violates the + Server response when a client violates the reject_unknown_hostname restriction. SEE ALSO @@ -304,7 +310,7 @@ SMTPD(8) SMTPD(8) syslogd(8) system logging LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/uce.html b/postfix/html/uce.html index 4b4eb37b4..72fea6be0 100644 --- a/postfix/html/uce.html +++ b/postfix/html/uce.html @@ -544,6 +544,18 @@ response code to rejected requests (default: 504).

+ + +

reject_sender_login_mismatch
Reject the request +when $smtpd_sender_owner_maps +specifies an owner for the MAIL FROM address, but the client is +not (SASL) logged in as that MAIL FROM address owner; or when the +client is (SASL) logged in, but the client login name doesn't own +the MAIL FROM address according to +$smtpd_sender_login_maps. + +

+

permit_naked_ip_address
reject_invalid_hostname @@ -811,6 +823,9 @@ response code to rejected requests (default: 504).
check_sender_access maptype:mapname +
reject_sender_login_mismatch + +
See sender address restrictions.

@@ -1158,6 +1173,68 @@ tables listed in $relay_domains. +

+ + + +
smtpd_sender_login_maps + +
This parameter specifies ownership of MAIL FROM addresses, as +used by the +reject_sender_login_mismatch sender address restriction. + +

+ +

+ +
Default: + +
smtpd_sender_login_maps = + +

+ +

Syntax: + +
Specify zero or more type:name lookup tables, separated by +whitespace and/or commas. The maps are searched in the +specified order. Regexp tables are allowed. + +

+ +Each map entry specifies a sender address and the login name that +owns the address. The search order is: + +

+ +

+ +
user@domain owner + +
This form has the highest precedence. + +

+ +

user owner + +
This matches user@site when site is equal to $myorigin, when site is +listed in $mydestination, +or when it is listed in +$inet_interfaces. + +

+ +

@domain owner + +
This matches every address in the specified domain, and has +the lowest precedence. + +
+ +
+ +
+
Up one level | Basic diff --git a/postfix/makedefs b/postfix/makedefs index 2c9a7f27e..c0c258ca7 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -144,6 +144,12 @@ case "$SYSTEM.$RELEASE" in done ;; AIX.*) case "`uname -v`" in + 5) SYSTYPE=AIX4 + case "$CC" in + cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; + esac + CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP" + ;; 4) SYSTYPE=AIX4 # How embarrassing... case "$CC" in diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index 7db99fb6d..16b6d43c7 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -154,9 +154,10 @@ The interval between queue runs. Use the \fBqueue_run_delay\fR configuration parameter instead. .IP \fB-qR\fIsite\fR Schedule immediate delivery of all mail that is queued for the named -\fIsite\fR. This uses "fast flush" service, and is implemented -by connecting to the local SMTP server at \fB$myhostname\fR. -See \fBsmtpd\fR(8) for more information about the "fast flush" +\fIsite\fR. This option accepts only \fIsite\fR names that are +eligible for the "fast flush" service, and is implemented by +connecting to the local SMTP server at \fB$myhostname\fR. +See \fBflush\fR(8) for more information about the "fast flush" service. .IP \fB-qS\fIsite\fR This command is not implemented. Use the slower \fBsendmail -q\fR diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index edad7fd82..74c72b186 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -103,6 +103,10 @@ dictionary attack. .IP \fBnoanonymous\fR Disallow anonymous logins. .RE +.IP \fBsmtpd_sender_login_maps\fR +Maps that specify the SASL login name that owns a MAIL FROM sender +address. Used by the \fBreject_sender_login_mismatch\fR sender +anti-spoofing restriction. .SH Miscellaneous .ad .fi diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index c65cee5ee..2091f0ab3 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -781,6 +781,12 @@ extern char *var_smtpd_sasl_opts; #define DEF_SMTPD_SASL_REALM "$myhostname" extern char *var_smtpd_sasl_realm; +#define VAR_SMTPD_SND_AUTH_MAPS "smtpd_sender_login_maps" +#define DEF_SMTPD_SND_AUTH_MAPS "" +extern char *var_smtpd_snd_auth_maps; + +#define REJECT_SENDER_LOGIN_MISMATCH "reject_sender_login_mismatch" + /* * SASL authentication support, SMTP client side. */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 8d16673aa..924dd1e86 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20011121" +#define DEF_MAIL_VERSION "Snapshot-20011125" extern char *var_mail_version; /* LICENSE diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index b23589070..86de7ec27 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -148,9 +148,10 @@ /* configuration parameter instead. /* .IP \fB-qR\fIsite\fR /* Schedule immediate delivery of all mail that is queued for the named -/* \fIsite\fR. This uses "fast flush" service, and is implemented -/* by connecting to the local SMTP server at \fB$myhostname\fR. -/* See \fBsmtpd\fR(8) for more information about the "fast flush" +/* \fIsite\fR. This option accepts only \fIsite\fR names that are +/* eligible for the "fast flush" service, and is implemented by +/* connecting to the local SMTP server at \fB$myhostname\fR. +/* See \fBflush\fR(8) for more information about the "fast flush" /* service. /* .IP \fB-qS\fIsite\fR /* This command is not implemented. Use the slower \fBsendmail -q\fR diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 745c9e908..9a775ae2b 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -89,6 +89,10 @@ /* .IP \fBnoanonymous\fR /* Disallow anonymous logins. /* .RE +/* .IP \fBsmtpd_sender_login_maps\fR +/* Maps that specify the SASL login name that owns a MAIL FROM sender +/* address. Used by the \fBreject_sender_login_mismatch\fR sender +/* anti-spoofing restriction. /* .SH Miscellaneous /* .ad /* .fi @@ -364,6 +368,7 @@ char *var_smtpd_sasl_realm; char *var_filter_xport; bool var_broken_auth_clients; char *var_perm_mx_networks; +char *var_smtpd_snd_auth_maps; /* * Global state, for stand-alone mode queue file cleanup. When this is @@ -1288,6 +1293,7 @@ static void chat_reset(SMTPD_STATE *state) if (state->history != 0 && SMTPD_STAND_ALONE(state) == 0 && (state->error_mask & state->notify_mask)) smtpd_chat_notify(state); + state->error_mask = 0; smtpd_chat_reset(state); } @@ -1621,6 +1627,7 @@ int main(int argc, char **argv) VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0, VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0, VAR_PERM_MX_NETWORKS, DEF_PERM_MX_NETWORKS, &var_perm_mx_networks, 0, 0, + VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0, 0, }; diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 6bd641706..0a1385c15 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -333,6 +333,11 @@ static MAPS *virtual_maps; static MAPS *virt_mailbox_maps; static MAPS *relocated_maps; + /* + * Pre-opened sender to login name mapping. + */ +static MAPS *smtpd_sender_login_maps; + /* * Pre-opened access control lists. */ @@ -543,6 +548,13 @@ void smtpd_check_init(void) access_parent_style = match_parent_style(SMTPD_ACCESS_MAPS); + /* + * Sender to login name mapping. + */ + smtpd_sender_login_maps = maps_create(VAR_SMTPD_SND_AUTH_MAPS, + var_smtpd_snd_auth_maps, + DICT_FLAG_LOCK); + /* * error_text is used for returning error responses. */ @@ -1822,6 +1834,40 @@ static int reject_maps_rbl(SMTPD_STATE *state) return (result); } +/* reject_sender_login_mismatch - reject login/sender ownership mismatch */ + +static int reject_sender_login_mismatch(SMTPD_STATE *state, const char *sender) +{ + const RESOLVE_REPLY *reply; + const char *login = 0; + const char *owner = 0; + + /* + * If the sender address is owned by a login name, or if the client has + * logged in, then require that the client is logged in as the owner of + * the sender address. + */ + reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender); + owner = check_maps_find(state, sender, smtpd_sender_login_maps, + STR(reply->recipient), 0); +#ifdef USE_SASL_AUTH + if (var_smtpd_sasl_enable && state->sasl_username != 0) + login = state->sasl_username; +#endif + if (login) { + if (owner == 0 || strcasecmp(login, owner) != 0) + return (smtpd_check_reject(state, MAIL_ERROR_POLICY, + "553 <%s>: Sender address rejected: not owned by username %s", + sender, login)); + } else { + if (owner) + return (smtpd_check_reject(state, MAIL_ERROR_POLICY, + "553 <%s>: Sender address rejected: not logged in as owner", + sender)); + } + return (SMTPD_CHECK_DUNNO); +} + /* is_map_command - restriction has form: check_xxx_access type:name */ static int is_map_command(SMTPD_STATE *state, const char *name, @@ -1985,6 +2031,9 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, if (state->sender && *state->sender) status = reject_non_fqdn_address(state, state->sender, state->sender, SMTPD_NAME_SENDER); + } else if (strcasecmp(name, REJECT_SENDER_LOGIN_MISMATCH) == 0) { + if (state->sender && *state->sender) + status = reject_sender_login_mismatch(state, state->sender); } /* diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index 13b07c6f1..35dad70ab 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -304,6 +304,34 @@ extern int opterr; * AIX: a SYSV-flavored hybrid. NB: fcntl() and flock() access the same * underlying locking primitives. */ +#ifdef AIX5 +#define SUPPORTED +#include +#define MISSING_SETENV +#define _PATH_BSHELL "/bin/sh" +#define _PATH_MAILDIR "/var/spool/mail" /* paths.h lies */ +#define _PATH_DEFPATH "/usr/bin:/usr/ucb" +#define _PATH_STDPATH "/usr/bin:/usr/sbin:/usr/ucb" +#define HAS_FCNTL_LOCK +#define INTERNAL_LOCK MYFLOCK_STYLE_FCNTL +#define DEF_MAILBOX_LOCK "fcntl, dotlock" +#define USE_SYS_SELECT_H +#define HAS_FSYNC +#define HAS_DBM +#define DEF_DB_TYPE "dbm" +#define ALIAS_DB_MAP "dbm:/etc/aliases" +#define HAS_NIS +#define HAS_SA_LEN +#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0) +#define RESOLVE_H_NEEDS_STDIO_H +#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb" +#define SOCKADDR_SIZE size_t +#define SOCKOPT_SIZE size_t +#define USE_STATVFS +#define STATVFS_IN_SYS_STATVFS_H +#define STRCASECMP_IN_STRINGS_H +#endif + #ifdef AIX4 #define SUPPORTED #include