From: Wietse Venema Date: Thu, 30 Jun 2005 05:00:00 +0000 (-0500) Subject: postfix-2.3-20050630 X-Git-Tag: v2.3-RC1~68 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ec5fd0f11653965fa1f98114844b72f722bda0b;p=thirdparty%2Fpostfix.git postfix-2.3-20050630 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 3ee2150d7..aba7fed55 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -10935,13 +10935,13 @@ Apologies for any names omitted. the base64 and plain attribute I/O encodings. Files: util/attr_scan_plain.c util/attr_print_plain.c. -20040624 +20050624 Added "." to the list commands that smtp-sink can "break" (by disconnecting, or by responding with a 4XX or 5XX reply code). File: smtpstone/smtp-sink.c. -20040625 +20050625 Safety: allow only 4.x.x and 5.x.x enhanced status codes in header/body_checks REJECT actions. File: @@ -10959,6 +10959,14 @@ Apologies for any names omitted. to complete the TCP, SMTP, EHLO or TLS handshake (was: TCP and SMTP). File: smtp/smtp_proto.c. +20050630 + + Updated the example spf.pl script to version 1.06. + + Portability: the file descriptor passing code broke on LP64 + systems (inherited from Stevens Network Programming). Files: + util/unix_send_fd.c, util/unix_recv_fd.c. + Open problems: Look for systems with XPG basename() declared in , diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index ffca91291..9e87262ee 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -33,7 +33,7 @@ disabled by default. The new limit prevents Postfix from spending lots of time trying to connect to lots of bogus MX servers. The Postfix SMTP error handling of [45]XX server greetings was -cleaned up. The server reply is now properly reported. +cleaned up. The server reply is now properly reported. Incompatibility with snapshot 20050615 ====================================== diff --git a/postfix/examples/smtpd-policy/spf.pl b/postfix/examples/smtpd-policy/spf.pl old mode 100755 new mode 100644 index f48b8ac28..eb5d36858 --- a/postfix/examples/smtpd-policy/spf.pl +++ b/postfix/examples/smtpd-policy/spf.pl @@ -3,7 +3,7 @@ # mengwong@pobox.com # Wed Dec 10 03:52:04 EST 2003 # postfix-policyd-spf -# version 1.03 +# version 1.06 # see http://spf.pobox.com/ use Fcntl; @@ -15,11 +15,10 @@ use strict; # ---------------------------------------------------------- # to use SPF, install Mail::SPF::Query from CPAN or from the SPF website at http://spf.pobox.com/downloads.html -# then uncomment the SPF line. my @HANDLERS; push @HANDLERS, "testing"; -# push @HANDLERS, "sender_permitted_from"; use Mail::SPF::Query; + push @HANDLERS, "sender_permitted_from"; use Mail::SPF::Query; my $VERBOSE = 1; @@ -72,6 +71,7 @@ my $syslog_ident = "postfix/policy-spf"; # # smtpd_recipient_restrictions = # ... +# reject_unknown_sender_domain # reject_unauth_destination # check_policy_service unix:private/policy # ... @@ -123,7 +123,7 @@ my $syslog_ident = "postfix/policy-spf"; # sub fatal_exit { syslog(err => "fatal_exit: @_"); - syslog(warn => "fatal_exit: @_"); + syslog(warning => "fatal_exit: @_"); syslog(info => "fatal_exit: @_"); die "fatal: @_"; } @@ -151,7 +151,7 @@ my %attr; while () { chomp; if (/=/) { my ($k, $v) = split (/=/, $_, 2); $attr{$k} = $v; next } - elsif (length) { syslog(warn=>sprintf("warning: ignoring garbage: %.100s", $_)); next; } + elsif (length) { syslog(warning=>sprintf("warning: ignoring garbage: %.100s", $_)); next; } if ($VERBOSE) { for (sort keys %attr) { @@ -186,9 +186,14 @@ sub sender_permitted_from { local %_ = @_; my %attr = %{ $_{attr} }; - my $query = new Mail::SPF::Query (ip =>$attr{client_address}, - sender=>$attr{sender}, - helo =>$attr{helo_name}); + my $query = eval { new Mail::SPF::Query (ip =>$attr{client_address}, + sender=>$attr{sender}, + helo =>$attr{helo_name}) }; + if ($@) { + syslog(info=>"%s: Mail::SPF::Query->new(%s, %s, %s) failed: %s", + $attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@); + return "DUNNO"; + } my ($result, $smtp_comment, $header_comment) = $query->result(); syslog(info=>"%s: SPF %s: smtp_comment=%s, header_comment=%s", @@ -198,7 +203,7 @@ sub sender_permitted_from { elsif ($result eq "fail") { return "REJECT " . ($smtp_comment || $header_comment); } elsif ($result eq "error") { return "450 temporary failure: $smtp_comment"; } else { return "DUNNO"; } - # unknown, softfail, and none all return DUNNO + # unknown, softfail, neutral and none all return DUNNO # TODO XXX: prepend Received-SPF header. Wietse says he will add that functionality soon. } diff --git a/postfix/html/smtp-sink.1.html b/postfix/html/smtp-sink.1.html index 6110c8065..3dfe0f56f 100644 --- a/postfix/html/smtp-sink.1.html +++ b/postfix/html/smtp-sink.1.html @@ -37,8 +37,9 @@ SMTP-SINK(1) SMTP-SINK(1) -a Do not announce SASL authentication support. - -c Display a running counter that is updated whenever - an SMTP QUIT command is executed. + -c Display running counters that are updated whenever + an SMTP session ends, a QUIT command is executed, + or when "." is received. -C Disable XCLIENT support. @@ -47,20 +48,20 @@ SMTP-SINK(1) SMTP-SINK(1) -E Do not announce ENHANCEDSTATUSCODES support. -f command,command,... - Reject the specified commands with a hard (5xx) + Reject the specified commands with a hard (5xx) error code. This option implies -p. - Examples of commands are HELO, EHLO, LHLO, MAIL, + Examples of commands are HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate - command names by white space or commas, and use - quotes to protect white space from the shell. Com- + command names by white space or commas, and use + quotes to protect white space from the shell. Com- mand names are case-insensitive. -F Disable XFORWARD support. -h hostname - Use hostname in the SMTP greeting, in the HELO - response, and in the EHLO response. The default + Use hostname in the SMTP greeting, in the HELO + response, and in the EHLO response. The default hostname is "smtp-sink". -L Enable LMTP instead of SMTP. @@ -69,44 +70,44 @@ SMTP-SINK(1) SMTP-SINK(1) Terminate after count sessions. This is for testing purposes. - -p Do not announce support for ESMTP command pipelin- + -p Do not announce support for ESMTP command pipelin- ing. - -P Change the server greeting so that it appears to + -P Change the server greeting so that it appears to come through a CISCO PIX system. Implies -e. -q command,command,... - Disconnect (without replying) after receiving one + Disconnect (without replying) after receiving one of the specified commands. - Examples of commands are HELO, EHLO, LHLO, MAIL, + Examples of commands are HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate - command names by white space or commas, and use - quotes to protect white space from the shell. Com- + command names by white space or commas, and use + quotes to protect white space from the shell. Com- mand names are case-insensitive. -r command,command,... - Reject the specified commands with a soft (4xx) + Reject the specified commands with a soft (4xx) error code. This option implies -p. - Examples of commands are HELO, EHLO, LHLO, MAIL, + Examples of commands are HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate - command names by white space or commas, and use - quotes to protect white space from the shell. Com- + command names by white space or commas, and use + quotes to protect white space from the shell. Com- mand names are case-insensitive. -s command,command,... Log the named commands to syslogd. - Examples of commands are HELO, EHLO, LHLO, MAIL, + Examples of commands are HELO, EHLO, LHLO, MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT. Separate - command names by white space or commas, and use - quotes to protect white space from the shell. Com- + command names by white space or commas, and use + quotes to protect white space from the shell. Com- mand names are case-insensitive. -t timeout (default: 100) Limit the time for receiving a command or sending a - response. The time limit is specified in seconds. + response. The time limit is specified in seconds. -v Show the SMTP conversations. @@ -115,7 +116,7 @@ SMTP-SINK(1) SMTP-SINK(1) mand. [inet:][host]:port - Listen on network interface host (default: any + Listen on network interface host (default: any interface) TCP port port. Both host and port may be specified in numeric or symbolic form. @@ -123,14 +124,14 @@ SMTP-SINK(1) SMTP-SINK(1) Listen on the UNIX-domain socket at pathname. backlog - The maximum length the queue of pending connec- + The maximum length the queue of pending connec- tions, as defined by the listen(2) system call. SEE ALSO smtp-source(1), SMTP/LMTP message generator LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man1/smtp-sink.1 b/postfix/man/man1/smtp-sink.1 index 77cd22c5e..9d84729f0 100644 --- a/postfix/man/man1/smtp-sink.1 +++ b/postfix/man/man1/smtp-sink.1 @@ -38,8 +38,9 @@ Do not announce 8BITMIME support. .IP \fB-a\fR Do not announce SASL authentication support. .IP \fB-c\fR -Display a running counter that is updated whenever an SMTP -QUIT command is executed. +Display running counters that are updated whenever an SMTP +session ends, a QUIT command is executed, or when "." is +received. .IP \fB-C\fR Disable XCLIENT support. .IP \fB-e\fR diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index bd8e503cd..9db66ece7 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20050629" +#define MAIL_RELEASE_DATE "20050630" #define MAIL_VERSION_NUMBER "2.3" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/scache/scache.c b/postfix/src/scache/scache.c index f3d27fa62..8687a8ab2 100644 --- a/postfix/src/scache/scache.c +++ b/postfix/src/scache/scache.c @@ -240,7 +240,7 @@ static void scache_save_endp_service(VSTREAM *client_stream) || #endif (fd = LOCAL_RECV_FD(vstream_fileno(client_stream))) < 0) { - msg_warn("%s: unable to receive file descriptor", myname); + msg_warn("%s: unable to receive file descriptor: %m", myname); attr_print(client_stream, ATTR_FLAG_NONE, ATTR_TYPE_NUM, MAIL_ATTR_STATUS, SCACHE_STAT_FAIL, ATTR_TYPE_END); diff --git a/postfix/src/smtpstone/smtp-sink.c b/postfix/src/smtpstone/smtp-sink.c index a497885c1..024eb0c7d 100644 --- a/postfix/src/smtpstone/smtp-sink.c +++ b/postfix/src/smtpstone/smtp-sink.c @@ -32,8 +32,9 @@ /* .IP \fB-a\fR /* Do not announce SASL authentication support. /* .IP \fB-c\fR -/* Display a running counter that is updated whenever an SMTP -/* QUIT command is executed. +/* Display running counters that are updated whenever an SMTP +/* session ends, a QUIT command is executed, or when "." is +/* received. /* .IP \fB-C\fR /* Disable XCLIENT support. /* .IP \fB-e\fR @@ -178,8 +179,10 @@ static int command_read(SINK_STATE *); static int data_read(SINK_STATE *); static void disconnect(SINK_STATE *); static int count; -static int counter; -static int max_count; +static int sess_count; +static int quit_count; +static int mesg_count; +static int max_quit_count; static int disable_pipelining; static int disable_8bitmime; static int fixed_delay; @@ -194,6 +197,15 @@ static int disable_enh_status; #define SOFT_ERROR_RESP "450 4.3.0 Error: command failed" #define HARD_ERROR_RESP "500 5.3.0 Error: command failed" +/* do_stats - show counters */ + +static void do_stats(void) +{ + vstream_printf("sess=%d quit=%d mesg=%d\r", + sess_count, quit_count, mesg_count); + vstream_fflush(VSTREAM_OUT); +} + /* hard_err_resp - generic hard error response */ static void hard_err_resp(SINK_STATE *state) @@ -329,11 +341,8 @@ static void quit_response(SINK_STATE *state) { smtp_printf(state->stream, "221 Bye"); smtp_flush(state->stream); - if (count) { - counter++; - vstream_printf("%d\r", counter); - vstream_fflush(VSTREAM_OUT); - } + if (count) + quit_count++; } /* data_read - read data from socket */ @@ -381,6 +390,10 @@ static int data_read(SINK_STATE *state) PUSH_BACK_SET(state, ".\r\n"); state->read_fn = command_read; state->data_state = ST_ANY; + if (count) { + mesg_count++; + do_stats(); + } break; } @@ -665,10 +678,14 @@ static void disconnect(SINK_STATE *state) { event_disable_readwrite(vstream_fileno(state->stream)); event_cancel_timer(read_timeout, (char *) state); + if (count) { + sess_count++; + do_stats(); + } vstream_fclose(state->stream); vstring_free(state->buffer); myfree((char *) state); - if (max_count > 0 && counter >= max_count) + if (max_quit_count > 0 && quit_count >= max_quit_count) exit(0); } @@ -805,7 +822,7 @@ int main(int argc, char **argv) enable_lmtp = 1; break; case 'n': - if ((max_count = atoi(optarg)) <= 0) + if ((max_quit_count = atoi(optarg)) <= 0) msg_fatal("bad count: %s", optarg); break; case 'p': diff --git a/postfix/src/util/unix_recv_fd.c b/postfix/src/util/unix_recv_fd.c index 3fdc5bfcc..d7fbb7eba 100644 --- a/postfix/src/util/unix_recv_fd.c +++ b/postfix/src/util/unix_recv_fd.c @@ -61,17 +61,18 @@ int unix_recv_fd(int fd) /* * Adapted from: W. Richard Stevens, UNIX Network Programming, Volume 1, - * Second edition. + * Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE, for + * portability to LP64 environments. */ #if defined(CMSG_SPACE) && !defined(NO_MSGHDR_MSG_CONTROL) union { - struct msghdr just_for_alignment; + struct cmsghdr just_for_alignment; char control[CMSG_SPACE(sizeof(newfd))]; } control_un; struct cmsghdr *cmptr; msg.msg_control = control_un.control; - msg.msg_controllen = sizeof(control_un.control); + msg.msg_controllen = CMSG_LEN(sizeof(newfd)); /* Fix 200506 */ #else msg.msg_accrights = (char *) &newfd; msg.msg_accrightslen = sizeof(newfd); @@ -123,6 +124,8 @@ int unix_recv_fd(int fd) * unix_send_fd test program) and copy its content until EOF. */ #include +#include +#include #include #include diff --git a/postfix/src/util/unix_send_fd.c b/postfix/src/util/unix_send_fd.c index 7c555b77a..f913de53e 100644 --- a/postfix/src/util/unix_send_fd.c +++ b/postfix/src/util/unix_send_fd.c @@ -63,17 +63,18 @@ int unix_send_fd(int fd, int sendfd) /* * Adapted from: W. Richard Stevens, UNIX Network Programming, Volume 1, - * Second edition. + * Second edition. Except that we use CMSG_LEN instead of CMSG_SPACE; the + * latter breaks on LP64 systems. */ #if defined(CMSG_SPACE) && !defined(NO_MSGHDR_MSG_CONTROL) union { - struct msghdr just_for_alignment; + struct cmsghdr just_for_alignment; char control[CMSG_SPACE(sizeof(sendfd))]; } control_un; struct cmsghdr *cmptr; msg.msg_control = control_un.control; - msg.msg_controllen = sizeof(control_un.control); + msg.msg_controllen = CMSG_LEN(sizeof(sendfd)); /* Fix 200506 */ cmptr = CMSG_FIRSTHDR(&msg); cmptr->cmsg_len = CMSG_LEN(sizeof(sendfd)); @@ -109,6 +110,8 @@ int unix_send_fd(int fd, int sendfd) * to the unix_recv_fd test program. */ #include +#include +#include #include #include #include