From: Wietse Venema Date: Sat, 22 Jun 2013 23:57:00 +0000 (-0400) Subject: postfix-2.10.1 X-Git-Tag: v2.10.1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f29f456e3d5aca545c1474687ef30afc6ef0d75;p=thirdparty%2Fpostfix.git postfix-2.10.1 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 1793ebebb..f67206198 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -18247,3 +18247,39 @@ Apologies for any names omitted. Bugfix: an error handler for smtp_tls_policy_maps lookups was never invoked. File: smtp/smtp_session.c. + +20130403 + + Bugfix (introduced: Postfix 2.3): don't reuse TCP connections + when smtp_tls_policy_maps is specified. Victor Duchovni. + Found during Postfix 2.11 code maintenance. File: + smtp/smtp_reuse.c. + +20130423 + + Bugfix (introduced: Postfix 2.0): when myhostname is not + listed in mydestination, the trivial-rewrite resolver may + log "do not list in both mydestination + and ". The fix is + to re-resolve a domain-less address after adding $myhostname + as the surrogate domain, so that it pops out with the right + address-class label. Problem reported by Quanah Gibson-Mount. + File: trivial-rewrite/resolve.c. + +20130425 + + Bugfix (introduced: Postfix 2.2): don't reuse TCP connections + when SASL authentication is enabled. SASL passwords may + depend on the remote SMTP server hostname, but the Postfix + <2.11 SMTP connection cache client does not distinguish + between different hostnames that resolve to the same IP + address. Found during Postfix 2.11 code maintenance. File: + smtp/smtp_connect.c. + +20130613 + + Workaround: unhelpful down-stream maintainers fail to install + the new smtpd_relay_restrictions safety net, causing breakage + that could have been avoided. We now hard-code the safety + net instead. Files: global/mail_params.h, conf/post-install, + RELEASE_NOTES. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 8e269c2cf..1140ce1eb 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -110,21 +110,22 @@ authentication in the proxy agent (Postfix 2.9 and later). Major changes - relay safety ---------------------------- -[Incompat 20121007] As part of a forward compatibility safety net, -the Postfix installation procedure adds the following -smtpd_relay_restrictions entry to main.cf when there is none: +[Incompat 20130613] New smtpd_relay_restrictions parameter built-in +default settings: smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +This safety net prevents open relay problems due to mistakes +with spam filter rules in smtpd_recipient_restrictions. + If your site has a complex mail relay policy configured under -smtpd_recipient_restrictions, this safety net will defer mail that -the built-in smtpd_relay_restrictions setting would bounce. +smtpd_recipient_restrictions, this safety net may defer mail that +Postfix should accept. -To eliminate this safety net, take one of the following three -actions: +To fix this safety net, take one of the following actions: - Set smtpd_relay_restrictions empty, and keep using the existing mail relay authorization policy in smtpd_recipient_restrictions. @@ -132,18 +133,16 @@ actions: - Copy the existing mail relay authorization policy from smtpd_recipient_restrictions to smtpd_relay_restrictions. -- Set smtpd_relay_restrictions by hand to the new built-in - policy: permit_mynetworks reject_unauth_destination. - There is no need to change the value of smtpd_recipient_restrictions. -[Feature 20121007] This version introduces the smtpd_relay_restrictions +[Feature 20130613] This version introduces the smtpd_relay_restrictions feature for mail relay control. The new built-in default settings are: smtpd_relay_restrictions = permit_mynetworks - reject_unauth_destination + permit_sasl_authenticated + defer_unauth_destination smtpd_recipient_restrictions = ( optional spam blocking rules would go here ) @@ -164,40 +163,32 @@ with smtpd_relay_restrictions, so that a permissive spam blocking policy under smtpd_recipient_restrictions will not unexpectedly result in a permissive mail relay policy. -As usual, this new feature is introduced with safety nets to prevent -surprises when a site upgrades from an earlier Postfix release. +As of Postfix 2.10.0 the smtpd_relay_restrictions parameter built-in +default settings are: -1 - FORWARD COMPATIBILITY SAFETY NET: the Postfix installation - procedure adds the following smtpd_relay_restrictions entry to - main.cf when there is none: - - smtpd_relay_restrictions = - permit_mynetworks - permit_sasl_authenticated - defer_unauth_destination + smtpd_relay_restrictions = + permit_mynetworks + permit_sasl_authenticated + defer_unauth_destination - If your site has a complex mail relay policy configured under - smtpd_recipient_restrictions, this safety net will defer mail - that the built-in smtpd_relay_restrictions setting would bounce. +If your site has a complex mail relay policy configured under +smtpd_recipient_restrictions, this safety net may defer mail that +Postfix should accept. - To eliminate this safety net, take one of the following three - actions: +To migrate from an earlier Postfix release with the least amount +of pain: - - Set smtpd_relay_restrictions empty, and keep using the existing - mail relay authorization policy in smtpd_recipient_restrictions. +- Set smtpd_relay_restrictions empty, and keep using the existing + mail relay authorization policy in smtpd_recipient_restrictions. - - Copy the existing mail relay authorization policy from - smtpd_recipient_restrictions to smtpd_relay_restrictions. +- There is no need to change the value of smtpd_recipient_restrictions. - - Set smtpd_relay_restrictions by hand to the new built-in - policy: permit_mynetworks reject_unauth_destination. +To take advantage of the new smtpd_relay_restrictions feature: - There is no need to change the value of smtpd_recipient_restrictions. +- Copy the existing mail relay authorization policy from + smtpd_recipient_restrictions to smtpd_relay_restrictions. -2 - BACKWARDS COMPATIBILITY SAFETY NET: sites that migrate from - Postfix versions before 2.10 can set smtpd_relay_restrictions - to the empty value, and use smtpd_recipient_restrictions exactly - as they used it before. +- There is no need to change the value of smtpd_recipient_restrictions. Major changes - start-up ------------------------ diff --git a/postfix/conf/post-install b/postfix/conf/post-install index 80e9a99e9..91ff4a677 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -809,25 +809,26 @@ EOF $POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1 } - # Postfix 2.10. - # Safety net for incompatible changes due to the introduction - # of the smtpd_relay_restrictions feature to separate the - # mail relay policy from the spam blocking policy. - # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT - # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM - # POSTFIX BEFORE 2.10. - test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || { - cat <
smtpd_relay_restrictions -(default: permit_mynetworks, reject_unauth_destination)
+(default: permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination)

Access restrictions for mail relay control that the Postfix SMTP server applies in the context of the RCPT TO command, before diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 9e1b3e9bb..fe679e588 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -9169,7 +9169,7 @@ not null. .br .PP This feature is available in Postfix 2.1 and later. -.SH smtpd_relay_restrictions (default: permit_mynetworks, reject_unauth_destination) +.SH smtpd_relay_restrictions (default: permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination) Access restrictions for mail relay control that the Postfix SMTP server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 18d27d10f..f058fb832 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -5901,7 +5901,7 @@ Example: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination -%PARAM smtpd_relay_restrictions permit_mynetworks, reject_unauth_destination +%PARAM smtpd_relay_restrictions permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination

Access restrictions for mail relay control that the Postfix SMTP server applies in the context of the RCPT TO command, before diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 9c5fde004..2f7e28969 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1959,7 +1959,8 @@ extern char *var_mail_checks; #define VAR_RELAY_CHECKS "smtpd_relay_restrictions" #define DEF_RELAY_CHECKS PERMIT_MYNETWORKS ", " \ - REJECT_UNAUTH_DEST + PERMIT_SASL_AUTH ", " \ + DEFER_UNAUTH_DEST extern char *var_relay_checks; #define VAR_RCPT_CHECKS "smtpd_recipient_restrictions" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 6564ffb78..b1ebb9274 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20130211" -#define MAIL_VERSION_NUMBER "2.10.0" +#define MAIL_RELEASE_DATE "20130622" +#define MAIL_VERSION_NUMBER "2.10.1" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/postscreen/postscreen.h b/postfix/src/postscreen/postscreen.h index 3fe0a9b6b..0bd48a72c 100644 --- a/postfix/src/postscreen/postscreen.h +++ b/postfix/src/postscreen/postscreen.h @@ -418,6 +418,7 @@ extern int psc_dnsbl_request(const char *, void (*) (int, char *), char *); (dst)->pregr_stamp = PSC_TIME_STAMP_INVALID; \ (dst)->dnsbl_stamp = PSC_TIME_STAMP_INVALID; \ (dst)->pipel_stamp = PSC_TIME_STAMP_INVALID; \ + (dst)->nsmtp_stamp = PSC_TIME_STAMP_INVALID; \ (dst)->barlf_stamp = PSC_TIME_STAMP_INVALID; \ (dst)->penal_stamp = PSC_TIME_STAMP_INVALID; \ } while (0) diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index 2abb49ccb..d1b2eae40 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -457,12 +457,12 @@ static void smtp_cache_policy(SMTP_STATE *state, const char *dest) state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK; /* - * XXX Disable connection caching when sender-dependent authentication is + * XXX Disable connection caching when SASL authentication is * enabled. We must not send someone elses mail over an authenticated * connection, and we must not send mail that requires authentication * over a connection that wasn't authenticated. */ - if (var_smtp_sender_auth) + if (var_smtp_sasl_passwd && *var_smtp_sasl_passwd) return; if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) { diff --git a/postfix/src/smtp/smtp_reuse.c b/postfix/src/smtp/smtp_reuse.c index 9737025df..398269ffd 100644 --- a/postfix/src/smtp/smtp_reuse.c +++ b/postfix/src/smtp/smtp_reuse.c @@ -274,7 +274,7 @@ SMTP_SESSION *smtp_reuse_addr(SMTP_STATE *state, const char *addr, * credentials or the wrong TLS policy. */ if ((var_smtp_tls_per_site && *var_smtp_tls_per_site) - || (var_smtp_sasl_passwd && *var_smtp_sasl_passwd)) + || (var_smtp_tls_policy && *var_smtp_tls_policy)) return (0); /* diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index fc2684944..2252b00fa 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -994,7 +994,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) if (TLScontext->log_mask & (TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT)) msg_info("%s: subject_CN=%s, issuer_CN=%s, " - "fingerprint %s, pkey_fingerprint=%s", props->namaddr, + "fingerprint=%s, pkey_fingerprint=%s", props->namaddr, TLScontext->peer_CN, TLScontext->issuer_CN, TLScontext->peer_fingerprint, TLScontext->peer_pkey_fprint); diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index c0b6d9964..d9a709e30 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -324,9 +324,18 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, tok822_free(tree->head); tree->head = 0; } - /* XXX must be localpart only, not user@domain form. */ - if (tree->head == 0) + /* XXX Re-resolve the surrogate, in case already in user@domain form. */ + if (tree->head == 0) { tree->head = tok822_scan(var_empty_addr, &tree->tail); + continue; + } + + /* XXX Re-resolve with @$myhostname for backwards compatibility. */ + if (domain == 0 && saved_domain == 0) { + tok822_sub_append(tree, tok822_alloc('@', (char *) 0)); + tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0)); + continue; + } /* * We're done. There are no domains left to strip off the address,