From: Wietse Venema Date: Sun, 27 Jan 2008 05:00:00 +0000 (-0500) Subject: postfix-2.6-20080127 X-Git-Tag: v2.6.0-RC1~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e0c5f5102caddc6a2dc9eb270bd9e30fc6fd7f3;p=thirdparty%2Fpostfix.git postfix-2.6-20080127 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 59862c25a..fb457cbae 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14277,3 +14277,16 @@ Apologies for any names omitted. to mumble_destination_rate_delay, because it really is a per-destination feature. With this change we keep the option of implementing a future per-transport rate delay. + +20080125 + + Bugfix: missing {} in the LDAP client. Victor Duchovni. + File: global/dict_ldap.c. + +20080126 + + Cleanup: the post-install script now requires that it is + invoked via the postfix(1) command. This was the intended + use since Postfix 2.1, but it was never enforced. The + documentation for package maintainers has been updated + accordingly. File: conf/post-install. diff --git a/postfix/README_FILES/QSHAPE_README b/postfix/README_FILES/QSHAPE_README index 3e8877caa..4a56b6166 100644 --- a/postfix/README_FILES/QSHAPE_README +++ b/postfix/README_FILES/QSHAPE_README @@ -400,7 +400,7 @@ delivery attempts. slow unix - - n - 1 smtp -o fallback_relay=problem.example.com -o smtp_connect_timeout=1 - -o smtp_cache_connection=no + -o smtp_connection_cache_on_demand=no This solution forces the Postfix smtp(8) client to wait for $smtp_connect_timeout seconds between deliveries. The connection caching diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 190b2fb49..7f4ae50c5 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -16,3 +16,11 @@ Incompatibility with Postfix 2.4 and earlier If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5 before proceeding. + +Incompatible changes with snapshot 20080127 +=========================================== + +The post-install script now requires explicitly that it is invoked +via the postfix(1) command. This was the intended usage since Postfix +version 2.1, but it was never enforced. The internal documentation +for package maintainers has been updated accordingly. diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index 5b1aaad04..0fdc33235 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -358,14 +358,24 @@ # # EXAMPLES # Header pattern to block attachments with bad file name -# extensions. +# extensions. For convenience, the PCRE /x flag is speci- +# fied, so that there is no need to collapse the pattern +# into a single line of text. The purpose of the +# [[:xdigit:]] sub-expressions is to recognize Windows CLSID +# strings. # # /etc/postfix/main.cf: -# header_checks = regexp:/etc/postfix/header_checks -# -# /etc/postfix/header_checks: -# /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/ -# REJECT Bad attachment file name extension: $2 +# header_checks = pcre:/etc/postfix/header_checks.pcre +# +# /etc/postfix/header_checks.pcre: +# /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( +# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| +# hlp|ht[at]| +# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| +# \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| +# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| +# vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x +# REJECT Attachment name "$2" may not end with ".$4" # # Body pattern to stop a specific HTML browser vulnerability # exploit. diff --git a/postfix/conf/post-install b/postfix/conf/post-install index 245edfaef..2bc04a81f 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -9,7 +9,7 @@ # SUMMARY # Postfix post-installation script # SYNOPSIS -# post-install [name=value] command ... +# postfix post-install [name=value] command ... # DESCRIPTION # The post-install script performs the finishing touch of a Postfix # installation, after the executable programs and configuration @@ -90,7 +90,7 @@ # copy the configuration files from the primary Postfix instance to # a secondary configuration directory and execute: # -# post-install config_directory=secondary-config-directory \e +# postfix post-install config_directory=secondary-config-directory \e # .in +4 # queue_directory=secondary-queue-directory \e # .br @@ -106,7 +106,7 @@ # To upgrade a secondary Postfix installation on the same machine, # execute: # -# post-install config_directory=secondary-config-directory \e +# postfix post-install config_directory=secondary-config-directory \e # .in +4 # upgrade-permissions upgrade-configuration # INSTALLATION PARAMETER INPUT METHODS @@ -139,6 +139,8 @@ # .IP command_directory # The directory for Postfix administrative commands. This # directory should be in the command search path of adminstrative users. +# .IP data_directory +# The directory for Postfix writable data files (caches, etc.). # .IP queue_directory # The directory for Postfix queues. # .IP sendmail_path @@ -190,9 +192,15 @@ SHELL=/bin/sh IFS=" " BACKUP_IFS="$IFS" +MOST_PARAMETERS="command_directory daemon_directory data_directory + html_directory mail_owner mailq_path manpage_directory + newaliases_path queue_directory readme_directory sample_directory + sendmail_path setgid_group" USAGE="Usage: $0 [name=value] command create-missing Create missing queue directories. + set-permissions Update file permission and ownership. + upgrade-configuration Update configuration files. upgrade-source When installing or upgrading from source code. upgrade-package When installing or upgrading from pre-built package. first-install-reminder Remind of mandatory first-time configuration steps. @@ -228,18 +236,20 @@ test -n "$create$upgrade_conf$first_install_reminder" || { exit 1 } -# Bootstrapping problem. +for name in config_directory $MOST_PARAMETERS +do + eval test -n \${$name} || { + echo "$0: Error: do not invoke this command directly" 1>&2 + echo Re-run this command as: postfix $0 ... 1>&2 + exit 1 + } +done -if [ -n "$command_directory" ] -then - POSTCONF="$command_directory/postconf" -else - POSTCONF="postconf" -fi +POSTCONF="$command_directory/postconf" $POSTCONF -d mail_version >/dev/null 2>/dev/null || { echo $0: Error: no $POSTCONF command found. 1>&2 - echo Re-run this command as $0 command_directory=/some/where. 1>&2 + echo Re-run this command as: postfix $0 command_directory=/some/where. 1>&2 exit 1 } @@ -277,53 +287,18 @@ SunOS*) FMT=fake_fmt;; *) FMT=fmt;; esac -# If a parameter is not set via the command line or environment, -# try to use settings from installed configuration files. - -# Extract parameter settings from the obsolete install.cf file, as -# a transitional aid. - -grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || { - test -f $config_directory/install.cf && { - for name in sendmail_path newaliases_path mailq_path setgid manpages - do - eval junk=\$$name - case "$junk" in - "") eval unset $name;; - esac - eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \ - || exit 1 - done - : ${setgid_group=$setgid} - : ${manpage_directory=$manpages} - } -} - -# Extract parameter settings from the installed main.cf file. - -test -f $config_directory/main.cf && { - for name in daemon_directory command_directory queue_directory mail_owner \ - setgid_group sendmail_path newaliases_path mailq_path \ - html_directory manpage_directory sample_directory readme_directory - do - eval junk=\$$name - case "$junk" in - "") eval unset $name;; - esac - eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1 - done -} - # Sanity checks case $manpage_directory in no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2 - echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;; + echo Try again with \"postfix $0 manpage_directory=/pathname ...\". 1>&2 + exit 1;; esac case $setgid_group in no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2 - echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;; + echo Try again with \"postfix $0 setgid_group=groupname ...\" 1>&2 + exit 1;; esac for path in "$daemon_directory" "$command_directory" "$queue_directory" \ @@ -340,63 +315,21 @@ do case "$path" in /*) ;; no) ;; - *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;; + *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2 + exit 1;; esac done -# Find out what parameters were not specified via command line, -# via environment, or via installed configuration files. - -missing= -for name in daemon_directory command_directory queue_directory mail_owner \ - setgid_group sendmail_path newaliases_path mailq_path manpage_directory \ - readme_directory html_directory -do - eval test -n \"\$$name\" || missing="$missing $name" -done - -# All parameters must be specified at this point. - -test -n "$non_interactive" -a -n "$missing" && { - cat <&2 -$0: Error: some required installation parameters are not defined. - -- Either the parameters need to be given in the $config_directory/main.cf -file from a recent Postfix installation, - -- Or the parameters need to be specified through the process -environment. - -- Or the parameters need to be specified as name=value arguments -on the $0 command line, - -The following parameters were missing: - - $missing - -EOF - exit 1 -} - -POSTCONF="$command_directory/postconf" - # Save settings, allowing command line/environment override. +# Optimization: don't update main.cf if nothing has changed. +# Caution: "`command`" removes the last newline character. -override= -for name in daemon_directory command_directory queue_directory mail_owner \ - setgid_group sendmail_path newaliases_path mailq_path manpage_directory \ - sample_directory readme_directory html_directory -do - eval test \"\$$name\" = \"`$POSTCONF -c $config_directory -h $name`\" || { - override=1 - break - } -done - -test -n "$override" && { +test "`for name in $MOST_PARAMETERS; do eval echo \\\${\$name}; done`" = \ + "`$POSTCONF -h $MOST_PARAMETERS`" || { $POSTCONF -c $config_directory -e \ "daemon_directory = $daemon_directory" \ "command_directory = $command_directory" \ + "data_directory = $data_directory" \ "queue_directory = $queue_directory" \ "mail_owner = $mail_owner" \ "setgid_group = $setgid_group" \ @@ -489,6 +422,7 @@ test -n "$create" && { test -n "$upgrade_conf" && { + # Postfix 2.0. # Add missing relay service to master.cf. grep '^relay' $config_directory/master.cf >/dev/null || { @@ -498,6 +432,7 @@ relay unix - - n - - smtp EOF } + # Postfix 1.1. # Add missing flush service to master.cf. grep '^flush.*flush' $config_directory/master.cf >/dev/null || { @@ -507,6 +442,7 @@ flush unix - - n 1000? 0 flush EOF } + # Postfix 2.1. # Add missing trace service to master.cf. grep 'trace.*bounce' $config_directory/master.cf >/dev/null || { @@ -516,6 +452,7 @@ trace unix - - n - 0 bounce EOF } + # Postfix 2.1. # Add missing verify service to master.cf. grep '^verify.*verify' $config_directory/master.cf >/dev/null || { @@ -525,6 +462,7 @@ verify unix - - n - 1 verify EOF } + # Postfix 2.1. # Fix verify service process limit. grep '^verify.*[ ]0[ ]*verify' \ @@ -539,6 +477,7 @@ q EOF } + # Postfix 1.1. # Change privileged pickup service into unprivileged. grep "^pickup[ ]*fifo[ ]*n[ ]*n" \ @@ -553,6 +492,7 @@ q EOF } + # Postfix 1.1. # Change private cleanup and flush services into public. for name in cleanup flush @@ -570,8 +510,9 @@ EOF } done + # Postfix 2.2. # File systems have improved since Postfix came out, and all we - # require now is that defer and deferred are hashed because those + # require now that defer and deferred are hashed because those # can contain lots of files. found=`$POSTCONF -c $config_directory -h hash_queue_names` @@ -590,6 +531,7 @@ EOF # [The "unknown_local_recipient_reject_code = 450" safety net, # introduced with Postfix 2.0 and deleted after Postfix 2.3.] + # Postfix 2.0. # Add missing proxymap service to master.cf. grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || { @@ -599,6 +541,7 @@ proxymap unix - - n - - proxymap EOF } + # Postfix 2.1. # Add missing anvil service to master.cf. grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || { @@ -608,6 +551,7 @@ anvil unix - - n - 1 anvil EOF } + # Postfix 2.2. # Add missing scache service to master.cf. grep '^scache.*scache' $config_directory/master.cf >/dev/null || { @@ -617,6 +561,7 @@ scache unix - - n - 1 scache EOF } + # Postfix 2.2. # Add missing discard service to master.cf. grep '^discard.*discard' $config_directory/master.cf >/dev/null || { @@ -626,6 +571,7 @@ discard unix - - n - - discard EOF } + # Postfix 2.2. # Update the tlsmgr fifo->unix service. grep "^tlsmgr[ ]*fifo[ ]" \ @@ -641,6 +587,7 @@ q EOF } + # Postfix 2.2. # Add missing tlsmgr service to master.cf. grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || { @@ -650,6 +597,7 @@ tlsmgr unix - - n 1000? 1 tlsmgr EOF } + # Postfix 2.2. # Add missing retry service to master.cf. grep '^retry.*error' $config_directory/master.cf >/dev/null || { @@ -659,6 +607,7 @@ retry unix - - n - - error EOF } + # Postfix 2.5. # Add missing proxywrite service to master.cf. grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || { diff --git a/postfix/html/QSHAPE_README.html b/postfix/html/QSHAPE_README.html index 7f295ec36..f20746688 100644 --- a/postfix/html/QSHAPE_README.html +++ b/postfix/html/QSHAPE_README.html @@ -547,7 +547,7 @@ problem destination as the fallback_rel slow unix - - n - 1 smtp -o fallback_relay=problem.example.com -o smtp_connect_timeout=1 - -o smtp_cache_connection=no + -o smtp_connection_cache_on_demand=no diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html index f11df058e..cb17335e1 100644 --- a/postfix/html/header_checks.5.html +++ b/postfix/html/header_checks.5.html @@ -364,14 +364,24 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) EXAMPLES Header pattern to block attachments with bad file name - extensions. + extensions. For convenience, the PCRE /x flag is speci- + fied, so that there is no need to collapse the pattern + into a single line of text. The purpose of the + [[:xdigit:]] sub-expressions is to recognize Windows CLSID + strings. /etc/postfix/main.cf: - header_checks = regexp:/etc/postfix/header_checks - - /etc/postfix/header_checks: - /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/ - REJECT Bad attachment file name extension: $2 + header_checks = pcre:/etc/postfix/header_checks.pcre + + /etc/postfix/header_checks.pcre: + /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( + ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| + hlp|ht[at]| + inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| + \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}| + ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| + vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x + REJECT Attachment name "$2" may not end with ".$4" Body pattern to stop a specific HTML browser vulnerability exploit. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index be2b7499b..4ac2db125 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -1351,7 +1351,8 @@ Instead of $name you can also specify ${name} or $(name).

Restrict the characters that the local(8) delivery agent allows in -$name expansions of $mailbox_command. Characters outside the +$name expansions of $mailbox_command and $command_execution_directory. +Characters outside the allowed set are replaced by underscores.

diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5 index 1b2b11bec..29d7984f6 100644 --- a/postfix/man/man5/header_checks.5 +++ b/postfix/man/man5/header_checks.5 @@ -336,19 +336,29 @@ a multi-line message header one line at a time. .nf .ad .fi -Header pattern to block attachments with bad file name extensions. +Header pattern to block attachments with bad file name +extensions. For convenience, the PCRE /x flag is specified, +so that there is no need to collapse the pattern into a +single line of text. The purpose of the [[:xdigit:]] +sub-expressions is to recognize Windows CLSID strings. .na .nf /etc/postfix/main.cf: - header_checks = regexp:/etc/postfix/header_checks - -/etc/postfix/header_checks: - /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/ - REJECT Bad attachment file name extension: $2 + header_checks = pcre:/etc/postfix/header_checks.pcre +/etc/postfix/header_checks.pcre: + /^Content-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)( + ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| + hlp|ht[at]| + inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| + \e{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\e}| + ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| + vb[esx]?|vxd|ws[cfh]))(\e?=)?"?\es*(;|$)/x + REJECT Attachment name "$2" may not end with ".$4" .ad .fi + Body pattern to stop a specific HTML browser vulnerability exploit. .na diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 474f1a8d1..bd8fe9670 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -751,7 +751,8 @@ Instead of $name you can also specify ${name} or $(name). This feature is available in Postfix 2.2 and later. .SH command_expansion_filter (default: see "postconf -d" output) Restrict the characters that the \fBlocal\fR(8) delivery agent allows in -$name expansions of $mailbox_command. Characters outside the +$name expansions of $mailbox_command and $command_execution_directory. +Characters outside the allowed set are replaced by underscores. .SH command_time_limit (default: 1000s) Time limit for delivery to external commands. This limit is used @@ -886,26 +887,6 @@ default_database_type = dbm .fi .ad .ft R -.SH default_destination_rate_delay (default: 0s) -The default amount of delay that is inserted between individual -deliveries to the same destination; with per-destination recipient -limit > 1, a destination is a domain, otherwise it is a recipient. -.PP -To enable the delay, specify a non-zero time value (an integral -value plus an optional one-letter suffix that specifies the time -unit). -.PP -Time units: s (seconds), m (minutes), h (hours), d (days), w -(weeks). The default time unit is s (seconds). -.PP -NOTE: the delay is enforced by the queue manager. The delay -timer state does not survive "postfix reload" or "postfix stop". -.PP -Use \fItransport\fR_destination_rate_delay to specify a -transport-specific override, where \fItransport\fR is the master.cf -name of the message delivery transport. -.PP -This feature is available in Postfix 2.5 and later. .SH default_delivery_slot_cost (default: 5) How often the Postfix queue manager's scheduler is allowed to preempt delivery of one message with another. @@ -1077,6 +1058,26 @@ to specify a transport-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. .PP This feature is available in Postfix 2.5 and later. +.SH default_destination_rate_delay (default: 0s) +The default amount of delay that is inserted between individual +deliveries to the same destination; with per-destination recipient +limit > 1, a destination is a domain, otherwise it is a recipient. +.PP +To enable the delay, specify a non-zero time value (an integral +value plus an optional one-letter suffix that specifies the time +unit). +.PP +Time units: s (seconds), m (minutes), h (hours), d (days), w +(weeks). The default time unit is s (seconds). +.PP +NOTE: the delay is enforced by the queue manager. The delay +timer state does not survive "postfix reload" or "postfix stop". +.PP +Use \fItransport\fR_destination_rate_delay to specify a +transport-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.PP +This feature is available in Postfix 2.5 and later. .SH default_destination_recipient_limit (default: 50) The default maximal number of recipients per message delivery. This is the default limit for delivery via the \fBlmtp\fR(8), \fBpipe\fR(8), @@ -7938,12 +7939,6 @@ of mail deliveries and produces a mail delivery report when verbose delivery is requested with "\fBsendmail -v\fR". .PP This feature is available in Postfix 2.1 and later. -.SH transport_destination_rate_delay (default: $default_destination_rate_delay) -A transport-specific override for the default_destination_rate_delay -parameter value, where \fItransport\fR is the master.cf name of -the message delivery transport. -.PP -This feature is available in Postfix 2.5 and later. .SH transport_delivery_slot_cost (default: $default_delivery_slot_cost) A transport-specific override for the default_delivery_slot_cost parameter value, where \fItransport\fR is the master.cf name of @@ -7982,6 +7977,12 @@ where \fItransport\fR is the master.cf name of the message delivery transport. .PP This feature is available in Postfix 2.5 and later. +.SH transport_destination_rate_delay (default: $default_destination_rate_delay) +A transport-specific override for the default_destination_rate_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +This feature is available in Postfix 2.5 and later. .SH transport_destination_recipient_limit (default: $default_destination_recipient_limit) A transport-specific override for the default_destination_recipient_limit parameter value, where diff --git a/postfix/proto/QSHAPE_README.html b/postfix/proto/QSHAPE_README.html index 2c82b4f63..2ba89f91a 100644 --- a/postfix/proto/QSHAPE_README.html +++ b/postfix/proto/QSHAPE_README.html @@ -547,7 +547,7 @@ smtp_connect_timeout value.

slow unix - - n - 1 smtp -o fallback_relay=problem.example.com -o smtp_connect_timeout=1 - -o smtp_cache_connection=no + -o smtp_connection_cache_on_demand=no diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks index 33f428e5f..01546c7b6 100644 --- a/postfix/proto/header_checks +++ b/postfix/proto/header_checks @@ -341,19 +341,29 @@ # EXAMPLES # .ad # .fi -# Header pattern to block attachments with bad file name extensions. +# Header pattern to block attachments with bad file name +# extensions. For convenience, the PCRE /x flag is specified, +# so that there is no need to collapse the pattern into a +# single line of text. The purpose of the [[:xdigit:]] +# sub-expressions is to recognize Windows CLSID strings. # # .na # .nf # /etc/postfix/main.cf: -# header_checks = regexp:/etc/postfix/header_checks -# -# /etc/postfix/header_checks: -# /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/ -# REJECT Bad attachment file name extension: $2 +# header_checks = pcre:/etc/postfix/header_checks.pcre # +# /etc/postfix/header_checks.pcre: +# /^Content-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)( +# ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| +# hlp|ht[at]| +# inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| +# \e{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\e}| +# ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| +# vb[esx]?|vxd|ws[cfh]))(\e?=)?"?\es*(;|$)/x +# REJECT Attachment name "$2" may not end with ".$4" # .ad # .fi +# # Body pattern to stop a specific HTML browser vulnerability exploit. # # .na diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 5e93d8675..34338611d 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -6638,7 +6638,8 @@ The default time unit is s (seconds).

Restrict the characters that the local(8) delivery agent allows in -$name expansions of $mailbox_command. Characters outside the +$name expansions of $mailbox_command and $command_execution_directory. +Characters outside the allowed set are replaced by underscores.

diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c index 8122a683a..4877e863d 100644 --- a/postfix/src/global/dict_ldap.c +++ b/postfix/src/global/dict_ldap.c @@ -488,58 +488,63 @@ static int dict_ldap_set_tls_options(DICT_LDAP *dict_ldap) if (dict_ldap->start_tls || dict_ldap->ldap_ssl) { if (*dict_ldap->tls_random_file) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE, - dict_ldap->tls_random_file)) != LDAP_SUCCESS) + dict_ldap->tls_random_file)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_random_file to %s: %d: %s", myname, dict_ldap->tls_random_file, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_ca_cert_file) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, - dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS) + dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_ca_cert_file to %s: %d: %s", myname, dict_ldap->tls_ca_cert_file, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_ca_cert_dir) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, - dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS) + dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_ca_cert_dir to %s: %d: %s", myname, dict_ldap->tls_ca_cert_dir, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_cert) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, - dict_ldap->tls_cert)) != LDAP_SUCCESS) + dict_ldap->tls_cert)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_cert to %s: %d: %s", myname, dict_ldap->tls_cert, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_key) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, - dict_ldap->tls_key)) != LDAP_SUCCESS) + dict_ldap->tls_key)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_key to %s: %d: %s", myname, dict_ldap->tls_key, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_cipher_suite) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, - dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS) + dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_cipher_suite to %s: %d: %s", myname, dict_ldap->tls_cipher_suite, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } - if (dict_ldap->tls_require_cert) { - if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, - &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS) - msg_warn("%s: Unable to set tls_require_cert to %d: %d: %s", - myname, dict_ldap->tls_require_cert, - rc, ldap_err2string(rc)); + if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, + &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS) { + msg_warn("%s: Unable to set tls_require_cert to %d: %d: %s", + myname, dict_ldap->tls_require_cert, + rc, ldap_err2string(rc)); return (-1); } } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index d64340b88..b3ce4e77b 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20080123" +#define MAIL_RELEASE_DATE "20080127" #define MAIL_VERSION_NUMBER "2.6" #ifdef SNAPSHOT