From: Wietse Venema Date: Sat, 22 Jun 2013 22:42:00 +0000 (-0400) Subject: postfix-2.8.15 X-Git-Tag: v2.8.15^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ae4a196ef6ae113468d95c51149ed492dffc247;p=thirdparty%2Fpostfix.git postfix-2.8.15 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 3b56408c0..551924974 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -16887,3 +16887,31 @@ Apologies for any names omitted. Bugfix: the 20121010 fix for tls_misc.c was documented but not included. + +20130403 + + Bugfix (introduced: Postfix 2.3): don't reuse TCP connections + when smtp_tls_policy_maps is specified. Victor Duchovni. + Found during Postfix 2.11 code maintenance. File: + smtp/smtp_reuse.c. + +20130423 + + Bugfix (introduced: Postfix 2.0): when myhostname is not + listed in mydestination, the trivial-rewrite resolver may + log "do not list in both mydestination + and ". The fix is + to re-resolve a domain-less address after adding $myhostname + as the surrogate domain, so that it pops out with the right + address-class label. Problem reported by Quanah Gibson-Mount. + File: trivial-rewrite/resolve.c. + +20130425 + + Bugfix (introduced: Postfix 2.2): don't reuse TCP connections + when SASL authentication is enabled. SASL passwords may + depend on the remote SMTP server hostname, but the Postfix + <2.11 SMTP connection cache client does not distinguish + between different hostnames that resolve to the same IP + address. Found during Postfix 2.11 code maintenance. File: + smtp/smtp_connect.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 46132ff99..f3b4b51b0 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20130203" -#define MAIL_VERSION_NUMBER "2.8.14" +#define MAIL_RELEASE_DATE "20130622" +#define MAIL_VERSION_NUMBER "2.8.15" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index 05d59c9f5..dbd03565d 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -456,12 +456,12 @@ static void smtp_cache_policy(SMTP_STATE *state, const char *dest) state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK; /* - * XXX Disable connection caching when sender-dependent authentication is + * XXX Disable connection caching when SASL authentication is * enabled. We must not send someone elses mail over an authenticated * connection, and we must not send mail that requires authentication * over a connection that wasn't authenticated. */ - if (var_smtp_sender_auth) + if (var_smtp_sasl_passwd && *var_smtp_sasl_passwd) return; if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) { diff --git a/postfix/src/smtp/smtp_reuse.c b/postfix/src/smtp/smtp_reuse.c index 0eb989f18..cbf3bbee3 100644 --- a/postfix/src/smtp/smtp_reuse.c +++ b/postfix/src/smtp/smtp_reuse.c @@ -270,7 +270,7 @@ SMTP_SESSION *smtp_reuse_addr(SMTP_STATE *state, const char *addr, * credentials or the wrong TLS policy. */ if ((var_smtp_tls_per_site && *var_smtp_tls_per_site) - || (var_smtp_sasl_passwd && *var_smtp_sasl_passwd)) + || (var_smtp_tls_policy && *var_smtp_tls_policy)) return (0); /* diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index f9d29a86e..573e65c25 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -324,9 +324,18 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, tok822_free(tree->head); tree->head = 0; } - /* XXX must be localpart only, not user@domain form. */ - if (tree->head == 0) + /* XXX Re-resolve the surrogate, in case already in user@domain form. */ + if (tree->head == 0) { tree->head = tok822_scan(var_empty_addr, &tree->tail); + continue; + } + + /* XXX Re-resolve with @$myhostname for backwards compatibility. */ + if (domain == 0 && saved_domain == 0) { + tok822_sub_append(tree, tok822_alloc('@', (char *) 0)); + tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0)); + continue; + } /* * We're done. There are no domains left to strip off the address,