From: Wietse Venema Date: Thu, 1 May 2008 05:00:00 +0000 (-0500) Subject: postfix-2.5.2-RC3 X-Git-Tag: v2.5.2-RC3^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=767598a0458aa472670513f1dd6a5d03250c567f;p=thirdparty%2Fpostfix.git postfix-2.5.2-RC3 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 4867bfdc4..26ef4be67 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14297,10 +14297,6 @@ Apologies for any names omitted. main.cf when "postfix start" is invoked with an obsolete postfix command. File: conf/post-install. - Workaround (introduced 20071204): update the wrong proxywrite - process limit when upgrading an already installed default - master.cf file. File: conf/post-install. - 20080207 Cleanup: soft_bounce support for multi-line Milter replies. @@ -14312,6 +14308,20 @@ Apologies for any names omitted. Cleanup: multi-line support in SMTP server replies. File: smtpd/smtpd_chat.c. +20080215 + + Safety: break SASL loop in case both the SASL library and + the remote SMTP server are confused. File: smtp/smtp_sasl_glue.c. + +20080220 + + Safety: the master daemon now sets an exclusive lock on a + file $data_directory/master.lock, so that the data directory + can't be shared between multiple Postfix instances. This + would corrupt files that rely on single-writer updates + (examples: verify(8) cache, tlsmgr(8) caches, etc.). File: + master/master.c. + 20080228 Bugfix: bounce(8) segfault on one-line template text. @@ -14330,7 +14340,14 @@ Apologies for any names omitted. {rcpt_addr} information. Problem reported by Anton Yuzhaninov. File: smtpd/smtpd.c. -20040811 +20080318 + + Human factors: the PCRE and regexp maps now give more + comprehensible error messages when people make the common + mistake of indenting if/endif blocks. Files: util/dict_pcre.c, + util/dict_regexp.c. + +20080411 Bugfix (introduced Postfix 2.0): after "warn_if_reject reject_unlisted_recipient/sender", the SMTP server mistakenly @@ -14343,3 +14360,20 @@ Apologies for any names omitted. compatibility feature only with queue files that don't contain logging attributes. Problem reported by Liviu Daia. Files *qmgr/qmgr_message.c. + +20080424 + + Cleanup: some warning messages said "regexp" or "regexp + map" instead of "pcre map". File: util/dict_pcre.c. + +20080428 + + Cleanup: the proxy_read_maps (Postfix 2.0) default setting + was not updated when adding sender/recipient_bcc_maps + (Postfix 2.1) and smtp/lmtp_generic_maps (Postfix 2.3). + File: global/mail_params.h. + + Cleanup: the SMTP server's XFORWARD and XCLIENT support was + not updated when the smtpd_client_port_logging configuration + parameter was added. Code by Victor Duchovni. Files: + smtpd/smtpd.c, smtpd/smtpd_peer.c. diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html index f0b01d594..e707c8e82 100644 --- a/postfix/proto/ADDRESS_VERIFICATION_README.html +++ b/postfix/proto/ADDRESS_VERIFICATION_README.html @@ -207,9 +207,10 @@ delivery failure in response to end of DATA after a message is transferred. Postfix address verification does not work with such sites.

-

  • By default, Postfix probe messages have "postmaster@$myorigin" -as the sender address. This is SAFE because the Postfix SMTP server -does not reject mail for this address.

    +

  • By default, Postfix probe messages have "double-bounce@$myorigin" +as the sender address (with Postfix versions before 2.5, the default +is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP +server does not reject mail for this address.

    You can change this into the null address ("address_verify_sender ="). This is UNSAFE because address probes will fail with diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index c2d7c22dd..4e68c5f0c 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -6165,7 +6165,7 @@ This feature is available in Postfix 2.1 and later. %PARAM unverified_sender_reject_code 450

    -The numerical Postfix SMTP server response code when a recipient +The numerical Postfix SMTP server response code when a sender address is rejected by the reject_unverified_sender restriction.

    diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index b8b0caf80..fe7dd5db8 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2057,7 +2057,11 @@ extern int var_local_rcpt_code; " $" VAR_RCPT_CANON_MAPS \ " $" VAR_RELOCATED_MAPS \ " $" VAR_TRANSPORT_MAPS \ - " $" VAR_MYNETWORKS + " $" VAR_MYNETWORKS \ + " $" VAR_SEND_BCC_MAPS \ + " $" VAR_RCPT_BCC_MAPS \ + " $" VAR_SMTP_GENERIC_MAPS \ + " $" VAR_LMTP_GENERIC_MAPS extern char *var_proxy_read_maps; #define VAR_PROXY_WRITE_MAPS "proxy_write_maps" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 0174a46dd..06fe174c1 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20080411" -#define MAIL_VERSION_NUMBER "2.5.2-RC2" +#define MAIL_RELEASE_DATE "20080501" +#define MAIL_VERSION_NUMBER "2.5.2-RC3" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index ed9f94277..3133a4d1e 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -133,6 +133,7 @@ /* /etc/postfix/main.cf, global configuration file. /* /etc/postfix/master.cf, master server configuration file. /* /var/spool/postfix/pid/master.pid, master lock file. +/* /var/lib/postfix/master.lock, master lock file. /* SEE ALSO /* qmgr(8), queue manager /* verify(8), address verification @@ -177,6 +178,8 @@ #include #include #include +#include +#include /* Global library. */ @@ -216,7 +219,9 @@ MAIL_VERSION_STAMP_DECLARE; int main(int argc, char **argv) { static VSTREAM *lock_fp; + static VSTREAM *data_lock_fp; VSTRING *lock_path; + VSTRING *data_lock_path; off_t inherited_limit; int debug_me = 0; int ch; @@ -390,6 +395,7 @@ int main(int argc, char **argv) * isn't locked. */ lock_path = vstring_alloc(10); + data_lock_path = vstring_alloc(10); why = vstring_alloc(10); vstring_sprintf(lock_path, "%s/%s.pid", DEF_PID_DIR, var_procname); @@ -407,8 +413,29 @@ int main(int argc, char **argv) msg_fatal("cannot update lock file %s: %m", vstring_str(lock_path)); close_on_exec(vstream_fileno(lock_fp), CLOSE_ON_EXEC); + /* + * Lock down the Postfix-writable data directory. + */ + vstring_sprintf(data_lock_path, "%s/%s.lock", var_data_dir, var_procname); + set_eugid(var_owner_uid, var_owner_gid); + data_lock_fp = + open_lock(vstring_str(data_lock_path), O_RDWR | O_CREAT, 0644, why); + set_ugid(getuid(), getgid()); + if (data_lock_fp == 0) + msg_fatal("open lock file %s: %s", + vstring_str(data_lock_path), vstring_str(why)); + vstream_fprintf(data_lock_fp, "%*lu\n", (int) sizeof(unsigned long) * 4, + (unsigned long) var_pid); + if (vstream_fflush(data_lock_fp)) + msg_fatal("cannot update lock file %s: %m", vstring_str(data_lock_path)); + close_on_exec(vstream_fileno(data_lock_fp), CLOSE_ON_EXEC); + + /* + * Clean up. + */ vstring_free(why); vstring_free(lock_path); + vstring_free(data_lock_path); /* * Optionally start the debugger on ourself. @@ -440,6 +467,9 @@ int main(int argc, char **argv) if (myflock(vstream_fileno(lock_fp), INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) msg_fatal("refresh exclusive lock: %m"); + if (myflock(vstream_fileno(data_lock_fp), INTERNAL_LOCK, + MYFLOCK_OP_EXCLUSIVE) < 0) + msg_fatal("refresh exclusive lock: %m"); #endif watchdog_start(watchdog); /* same as trigger servers */ event_loop(-1); diff --git a/postfix/src/smtp/smtp_sasl_glue.c b/postfix/src/smtp/smtp_sasl_glue.c index 41d150e3c..1b657e64b 100644 --- a/postfix/src/smtp/smtp_sasl_glue.c +++ b/postfix/src/smtp/smtp_sasl_glue.c @@ -291,6 +291,7 @@ int smtp_sasl_authenticate(SMTP_SESSION *session, DSN_BUF *why) const char *mechanism; int result; char *line; + int steps = 0; /* * Sanity check. @@ -356,6 +357,16 @@ int smtp_sasl_authenticate(SMTP_SESSION *session, DSN_BUF *why) */ while ((resp = smtp_chat_resp(session))->code / 100 == 3) { + /* + * Sanity check. + */ + if (++steps > 100) { + dsb_simple(why, "4.3.0", "SASL authentication failed; " + "authentication protocol loop with server %s", + session->namaddr); + return (-1); + } + /* * Process a server challenge. */ diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 266064a84..ed5999f09 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -3405,8 +3405,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) if (state->namaddr) myfree(state->namaddr); state->namaddr = - concatenate(state->name, "[", state->addr, "]:", - state->port, (char *) 0); + SMTPD_BUILD_NAMADDRPORT(state->name, state->addr, state->port); } /* @@ -3671,10 +3670,10 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) myfree(state->xforward.namaddr); state->xforward.namaddr = IS_AVAIL_CLIENT_ADDR(state->xforward.addr) ? - concatenate(state->xforward.name, "[", - state->xforward.addr, "]:", - state->xforward.port, - (char *) 0) : mystrdup(state->xforward.name); + SMTPD_BUILD_NAMADDRPORT(state->xforward.name, + state->xforward.addr, + state->xforward.port) : + mystrdup(state->xforward.name); } smtpd_chat_reply(state, "250 2.0.0 Ok"); return (0); diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h index 899bb70f4..bc3aa25c6 100644 --- a/postfix/src/smtpd/smtpd.h +++ b/postfix/src/smtpd/smtpd.h @@ -279,6 +279,14 @@ extern void smtpd_peer_reset(SMTPD_STATE *state); #define SMTPD_PEER_CODE_PERM 5 #define SMTPD_PEER_CODE_FORGED 6 + /* + * Construct name[addr] or name[addr]:port as appropriate + */ +#define SMTPD_BUILD_NAMADDRPORT(name, addr, port) \ + concatenate((name), "[", (addr), "]", \ + var_smtpd_client_port_log ? ":" : (char *) 0, \ + (port), (char *) 0) + /* * Choose between normal or forwarded attributes. * diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c index 8abfcb0c9..25ca3d306 100644 --- a/postfix/src/smtpd/smtpd_peer.c +++ b/postfix/src/smtpd/smtpd_peer.c @@ -25,7 +25,7 @@ /* The verified client hostname. This name is represented by /* the string "unknown" when 1) the address->name lookup failed, /* 2) the name->address mapping fails, or 3) the name->address -/* does not produce the client IP address. +/* mapping does not produce the client IP address. /* .IP reverse_name /* The unverified client hostname as found with address->name /* lookup; it is not verified for consistency with the client @@ -373,10 +373,8 @@ void smtpd_peer_init(SMTPD_STATE *state) /* * Do the name[addr]:port formatting for pretty reports. */ - state->namaddr = - concatenate(state->name, "[", state->addr, "]", - var_smtpd_client_port_log ? ":" : (char *) 0, - state->port, (char *) 0); + state->namaddr = SMTPD_BUILD_NAMADDRPORT(state->name, state->addr, + state->port); } /* smtpd_peer_reset - destroy peer information */ diff --git a/postfix/src/util/dict_pcre.c b/postfix/src/util/dict_pcre.c index 1ccb67706..2f1f3906d 100644 --- a/postfix/src/util/dict_pcre.c +++ b/postfix/src/util/dict_pcre.c @@ -180,7 +180,7 @@ static int dict_pcre_expand(int type, VSTRING *buf, char *ptr) if (ret == PCRE_ERROR_NOSUBSTRING) return (MAC_PARSE_UNDEF); else - msg_fatal("regexp %s, line %d: pcre_get_substring error: %d", + msg_fatal("pcre map %s, line %d: pcre_get_substring error: %d", dict_pcre->dict.name, match_rule->rule.lineno, ret); } if (*pp == 0) { @@ -671,7 +671,7 @@ static DICT_PCRE_RULE *dict_pcre_parse_rule(const char *mapname, int lineno, msg_panic("pcre map %s, line %d: pcre_fullinfo failed", mapname, lineno); if (prescan_context.max_sub > actual_sub) { - msg_warn("regexp map %s, line %d: out of range replacement index \"%d\": " + msg_warn("pcre map %s, line %d: out of range replacement index \"%d\": " "skipping this rule", mapname, lineno, (int) prescan_context.max_sub); if (engine.pattern) @@ -722,9 +722,12 @@ static DICT_PCRE_RULE *dict_pcre_parse_rule(const char *mapname, int lineno, */ while (*p && ISSPACE(*p)) ++p; - if (*p) - msg_warn("pcre map %s, line %d: ignoring extra text after IF", - mapname, lineno); + if (*p) { + msg_warn("pcre map %s, line %d: ignoring extra text after " + "IF statement: \"%s\"", mapname, lineno, p); + msg_warn("pcre map %s, line %d: do not prepend whitespace" + " to statements between IF and ENDIF", mapname, lineno); + } /* * Compile the pattern. @@ -782,7 +785,7 @@ static DICT_PCRE_RULE *dict_pcre_parse_rule(const char *mapname, int lineno, * Unrecognized input. */ else { - msg_warn("regexp map %s, line %d: ignoring unrecognized request", + msg_warn("pcre map %s, line %d: ignoring unrecognized request", mapname, lineno); return (0); } diff --git a/postfix/src/util/dict_regexp.c b/postfix/src/util/dict_regexp.c index c1a27479a..f3cb1f9ba 100644 --- a/postfix/src/util/dict_regexp.c +++ b/postfix/src/util/dict_regexp.c @@ -683,9 +683,12 @@ static DICT_REGEXP_RULE *dict_regexp_parseline(const char *mapname, int lineno, return (0); while (*p && ISSPACE(*p)) ++p; - if (*p) - msg_warn("regexp map %s, line %d: ignoring extra text after IF", - mapname, lineno); + if (*p) { + msg_warn("regexp map %s, line %d: ignoring extra text after" + " IF statement: \"%s\"", mapname, lineno, p); + msg_warn("regexp map %s, line %d: do not prepend whitespace" + " to statements between IF and ENDIF", mapname, lineno); + } if ((expr = dict_regexp_compile_pat(mapname, lineno, &pattern)) == 0) return (0); if_rule = (DICT_REGEXP_IF_RULE *)