From: Wietse Venema Date: Sat, 27 Jan 2001 05:00:00 +0000 (-0500) Subject: snapshot-20010127 X-Git-Tag: v1.1.0~82 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=809dc6b951e76d6164faf998d0cc643881fec918;p=thirdparty%2Fpostfix.git snapshot-20010127 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index a6157c470..25b5d9c64 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -4759,3 +4759,10 @@ Apologies for any names omitted. is not connected to a tty. To automate a customized install, the script imports environment variables for install_root etc. + +20010127 + + Workaround: randomize the delay between lock attempts, so + that multiple defer servers are less likely to retry at + the same time. likely. File: util/rand_sleep.c, + global/deliver_flock.c, global/dot_lockfile.c. diff --git a/postfix/SASL_README b/postfix/SASL_README index 354d8eb74..6567ab4e0 100644 --- a/postfix/SASL_README +++ b/postfix/SASL_README @@ -81,14 +81,14 @@ and that the Cyrus SASL libraries are in /usr/local/lib. On some systems this generates the necessary Makefile definitions: % make tidy # if you have left-over files from a previous build - % make makefiles CCARGS=-DUSE_SASL_AUTH" -I/usr/local/include" \ + % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \ AUXLIBS="-L/usr/local/lib -lsasl" On Solaris 2.x you need to specify run-time link information, otherwise ld.so will not find the SASL shared library: % make tidy # if you have left-over files from a previous build - % make makefiles CCARGS=-DUSE_SASL_AUTH" -I/usr/local/include" \ + % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \ AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl" Enabling SASL authentication in the Postfix SMTP server diff --git a/postfix/UUCP_README b/postfix/UUCP_README index ba5b04540..e6fbd56e4 100644 --- a/postfix/UUCP_README +++ b/postfix/UUCP_README @@ -2,3 +2,5 @@ In order to receive mail via UUCP, your system needs to have an rmail command installed. A minimal rmail command can be found in the "auxiliary/rmail" directory. Install the command, mode 755, in a place that can be found by the UUCP "uuxqt" command. + +In order to send mail via UUCP, see html/faq.html. diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 7b6fb6bff..97ae6d837 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -97,6 +97,9 @@ SMTPD(8) SMTPD(8) explicitly selected at program build time and explicitly enabled at runtime. + smtpd_sasl_local_domain + The name of the local authentication realm. + smtpd_sasl_security_options Zero or more of the following. @@ -122,9 +125,6 @@ SMTPD(8) SMTPD(8) command_directory Location of Postfix support commands (default: - $program_directory). - - @@ -137,6 +137,8 @@ SMTPD(8) SMTPD(8) SMTPD(8) SMTPD(8) + $program_directory). + debug_peer_level Increment in verbose logging level when a remote host matches a pattern in the debug_peer_list @@ -189,8 +191,6 @@ SMTPD(8) SMTPD(8) soft_bounce Change hard (5xx) reject responses into soft (4xx) reject responses. This can be useful for testing - purposes. - @@ -203,6 +203,8 @@ SMTPD(8) SMTPD(8) SMTPD(8) SMTPD(8) + purposes. + Resource controls line_length_limit Limit the amount of memory in bytes used for the @@ -254,9 +256,7 @@ SMTPD(8) SMTPD(8) Restrict what sender addresses are allowed in MAIL FROM commands. - smtpd_recipient_restrictions - Restrict what recipient addresses are allowed in - RCPT TO commands. + @@ -269,6 +269,10 @@ SMTPD(8) SMTPD(8) SMTPD(8) SMTPD(8) + smtpd_recipient_restrictions + Restrict what recipient addresses are allowed in + RCPT TO commands. + smtpd_etrn_restrictions Restrict what domain names can be used in ETRN com- mands, and what clients may issue ETRN commands. @@ -318,10 +322,6 @@ SMTPD(8) SMTPD(8) Server response when a client violates the reject_unknown_address restriction. - unknown_client_reject_code - Server response when a client without address to - name mapping violates the reject_unknown_clients - restriction. @@ -335,6 +335,11 @@ SMTPD(8) SMTPD(8) SMTPD(8) SMTPD(8) + unknown_client_reject_code + Server response when a client without address to + name mapping violates the reject_unknown_clients + restriction. + unknown_hostname_reject_code Server response when a client violates the reject_unknown_hostname restriction. @@ -381,11 +386,6 @@ SMTPD(8) SMTPD(8) - - - - - diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 4beea5182..c544a890d 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -86,6 +86,8 @@ a Postfix transport table. Enable per-session authentication as per RFC 2554 (SASL). This functionality is available only when explicitly selected at program build time and explicitly enabled at runtime. +.IP \fBsmtpd_sasl_local_domain\fR +The name of the local authentication realm. .IP \fBsmtpd_sasl_security_options\fR Zero or more of the following. .RS diff --git a/postfix/src/global/deliver_flock.c b/postfix/src/global/deliver_flock.c index aa3f8b0f8..35a6bcb33 100644 --- a/postfix/src/global/deliver_flock.c +++ b/postfix/src/global/deliver_flock.c @@ -51,12 +51,17 @@ #include #include +#include /* Global library. */ #include "mail_params.h" #include "deliver_flock.h" +/* Application-specific. */ + +#define MILLION 1000000 + /* deliver_flock - lock open file for mail delivery */ int deliver_flock(int fd, int lock_style, VSTRING *why) @@ -69,7 +74,7 @@ int deliver_flock(int fd, int lock_style, VSTRING *why) return (0); if (i >= var_flock_tries) break; - sleep(var_flock_delay); + rand_sleep(var_flock_delay * MILLION, var_flock_delay * MILLION / 2); } if (why) vstring_sprintf(why, "unable to lock for exclusive access: %m"); diff --git a/postfix/src/global/dot_lockfile.c b/postfix/src/global/dot_lockfile.c index bb898948f..9d0a2bef3 100644 --- a/postfix/src/global/dot_lockfile.c +++ b/postfix/src/global/dot_lockfile.c @@ -31,7 +31,7 @@ /* DIAGNOSTICS /* dot_lockfile() returns 0 upon success. In case of failure, the /* result is -1, and the errno variable is set appropriately: -/* EEXIST when a "fresh" lock file already exists; other values as +/* EEXIST when a "fresh" lock file already exists; other values as /* appropriate. /* CONFIGURATION PARAMETERS /* deliver_lock_attempts, how many times to try to create a lock @@ -63,12 +63,17 @@ #include #include #include +#include /* Global library. */ #include "mail_params.h" #include "dot_lockfile.h" +/* Application-specific. */ + +#define MILLION 1000000 + /* dot_lockfile - create user.lock file */ int dot_lockfile(const char *path, VSTRING *why) @@ -113,7 +118,7 @@ int dot_lockfile(const char *path, VSTRING *why) if (errno != ENOENT) break; - sleep(var_flock_delay); + rand_sleep(var_flock_delay * MILLION, var_flock_delay * MILLION / 2); } if (status && why) vstring_sprintf(why, "unable to create lock file %s: %m", lock_file); diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index aa93a0f22..998005949 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -749,6 +749,54 @@ extern char *var_smtp_sasl_passwd; #define DEF_SMTP_SASL_OPTS "noplaintext, noanonymous" extern char *var_smtp_sasl_opts; + /* + * LMTP server. The soft error limit determines how many errors an LMTP + * client may make before we start to slow down; the hard error limit + * determines after how many client errors we disconnect. + */ +#define VAR_LMTPD_BANNER "lmtpd_banner" +#define DEF_LMTPD_BANNER "$myhostname $mail_name" +extern char *var_lmtpd_banner; + +#define VAR_LMTPD_TMOUT "lmtpd_timeout" +#define DEF_LMTPD_TMOUT "300s" +extern int var_lmtpd_tmout; + +#define VAR_LMTPD_RCPT_LIMIT "lmtpd_recipient_limit" +#define DEF_LMTPD_RCPT_LIMIT 1000 +extern int var_lmtpd_rcpt_limit; + +#define VAR_LMTPD_SOFT_ERLIM "lmtpd_soft_error_limit" +#define DEF_LMTPD_SOFT_ERLIM 10 +extern int var_lmtpd_soft_erlim; + +#define VAR_LMTPD_HARD_ERLIM "lmtpd_hard_error_limit" +#define DEF_LMTPD_HARD_ERLIM 100 +extern int var_lmtpd_hard_erlim; + +#define VAR_LMTPD_ERR_SLEEP "lmtpd_error_sleep_time" +#define DEF_LMTPD_ERR_SLEEP "5s" +extern int var_lmtpd_err_sleep; + +#define VAR_LMTPD_JUNK_CMD "lmtpd_junk_command_limit" +#define DEF_LMTPD_JUNK_CMD 1000 +extern int var_lmtpd_junk_cmd_limit; + + /* + * SASL authentication support, LMTP server side. + */ +#define VAR_LMTPD_SASL_ENABLE "lmtpd_sasl_auth_enable" +#define DEF_LMTPD_SASL_ENABLE 0 +extern bool var_lmtpd_sasl_enable; + +#define VAR_LMTPD_SASL_OPTS "lmtpd_sasl_security_options" +#define DEF_LMTPD_SASL_OPTS "noanonymous" +extern char *var_lmtpd_sasl_opts; + +#define VAR_LMTPD_SASL_REALM "lmtpd_sasl_local_domain" +#define DEF_LMTPD_SASL_REALM "$myhostname" +extern char *var_lmtpd_sasl_realm; + /* * SASL authentication support, LMTP client side. */ @@ -888,7 +936,7 @@ extern int var_fork_delay; * When locking a mailbox, how often to try and how long to wait. */ #define VAR_FLOCK_TRIES "deliver_lock_attempts" -#define DEF_FLOCK_TRIES 10 +#define DEF_FLOCK_TRIES 20 extern int var_flock_tries; #define VAR_FLOCK_DELAY "deliver_lock_delay" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index da23e7e5d..d6e594e59 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20010124" +#define DEF_MAIL_VERSION "Snapshot-20010127" extern char *var_mail_version; /* LICENSE diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 3c885537e..6526b86bc 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -72,6 +72,8 @@ /* Enable per-session authentication as per RFC 2554 (SASL). /* This functionality is available only when explicitly selected /* at program build time and explicitly enabled at runtime. +/* .IP \fBsmtpd_sasl_local_domain\fR +/* The name of the local authentication realm. /* .IP \fBsmtpd_sasl_security_options\fR /* Zero or more of the following. /* .RS diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 62fd42a6b..6fb5ea0ab 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -22,7 +22,7 @@ SRCS = argv.c argv_split.c attr.c basename.c binhash.c chroot_uid.c \ stream_connect.c stream_trigger.c dict_regexp.c mac_expand.c \ clean_env.c watchdog.c spawn_command.c duplex_pipe.c sane_rename.c \ sane_link.c unescape.c timed_read.c timed_write.c dict_tcp.c \ - hex_quote.c dict_alloc.c + hex_quote.c dict_alloc.c rand_sleep.c OBJS = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \ close_on_exec.o concatenate.o dict.o dict_db.o dict_dbm.o \ dict_env.o dict_ht.o dict_ldap.o dict_mysql.o dict_ni.o dict_nis.o \ @@ -46,7 +46,7 @@ OBJS = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \ stream_connect.o stream_trigger.o dict_regexp.o mac_expand.o \ clean_env.o watchdog.o spawn_command.o duplex_pipe.o sane_rename.o \ sane_link.o unescape.o timed_read.o timed_write.o dict_tcp.o \ - hex_quote.o dict_alloc.o + hex_quote.o dict_alloc.o rand_sleep.o HDRS = argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \ dict_dbm.h dict_env.h dict_ht.h dict_ldap.h dict_mysql.h \ dict_ni.h dict_nis.h dict_nisplus.h dir_forest.h events.h \ @@ -77,7 +77,7 @@ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \ inet_addr_host inet_addr_local mac_parse make_dirs msg_syslog \ mystrtok sigdelay translit valid_hostname vstream_popen \ vstring vstring_vstream doze select_bug stream_test mac_expand \ - watchdog unescape hex_quote name_mask + watchdog unescape hex_quote name_mask rand_sleep LIB_DIR = ../../lib INC_DIR = ../../include @@ -261,6 +261,11 @@ name_mask: $(LIB) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) mv junk $@.o +rand_sleep: $(LIB) + mv $@.o junk + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) + mv junk $@.o + depend: $(MAKES) (sed '1,/^# do not edit/!d' Makefile.in; \ set -e; for i in [a-z][a-z0-9]*.c; do \ @@ -780,6 +785,10 @@ printable.o: sys_defs.h printable.o: stringops.h printable.o: vstring.h printable.o: vbuf.h +rand_sleep.o: rand_sleep.c +rand_sleep.o: sys_defs.h +rand_sleep.o: msg.h +rand_sleep.o: iostuff.h read_wait.o: read_wait.c read_wait.o: sys_defs.h read_wait.o: msg.h diff --git a/postfix/src/util/iostuff.h b/postfix/src/util/iostuff.h index 851c091c8..7da0f297d 100644 --- a/postfix/src/util/iostuff.h +++ b/postfix/src/util/iostuff.h @@ -27,6 +27,7 @@ extern int write_buf(int, const char *, int, int); extern int timed_read(int, void *, unsigned, int, void *); extern int timed_write(int, void *, unsigned, int, void *); extern void doze(unsigned); +extern void rand_sleep(unsigned, unsigned); extern int duplex_pipe(int *); #define BLOCKING 0 diff --git a/postfix/src/util/rand_sleep.c b/postfix/src/util/rand_sleep.c new file mode 100644 index 000000000..e3d4570f4 --- /dev/null +++ b/postfix/src/util/rand_sleep.c @@ -0,0 +1,101 @@ +/*++ +/* NAME +/* rand_sleep 3 +/* SUMMARY +/* sleep for randomized interval +/* SYNOPSIS +/* #include +/* +/* void rand_sleep(delay, variation) +/* unsigned delay; +/* unsigned variation; +/* DESCRIPTION +/* rand_sleep() blocks the current process for a pseudo-random +/* amount of time. +/* +/* Arguments: +/* .IP delay +/* Time to sleep in microseconds. +/* .IP variation +/* Sleep time variation in microseconds; must be smaller than +/* the time to sleep. +/* DIAGNOSTICS +/* Panic: interface violation. All system call errors are fatal. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include +#include +#include +#include + +#ifndef RAND_MAX +#define RAND_MAX 0x7fffffff +#endif + +/* Utility library. */ + +#include +#include + +/* rand_sleep - block for random time */ + +void rand_sleep(unsigned delay, unsigned variation) +{ + char *myname = "rand_sleep"; + static pid_t my_pid; + unsigned usec; + + /* + * Sanity checks. + */ + if (delay == 0) + msg_panic("%s: bad delay %d", myname, delay); + if (variation >= delay) + msg_panic("%s: bad variation %d", myname, variation); + + /* + * Use the semi-crappy random number generator. + */ + if (my_pid == 0) + srandom(my_pid = getpid() ^ time((time_t *) 0)); + usec = (delay - variation / 2) + variation * (double) random() / RAND_MAX; +#ifdef MISSING_USLEEP + if (usleep(usec) < 0) + msg_fatal("usleep: %m"); +#else + doze(usec); +#endif +} + +#ifdef TEST + +#include + +int main(int argc, char **argv) +{ + int delay; + int variation; + + msg_vstream_init(argv[0], VSTREAM_ERR); + if (argc != 3) + msg_fatal("usage: %s delay variation", argv[0]); + if ((delay = atoi(argv[1])) <= 0) + msg_fatal("bad delay: %s", argv[1]); + if ((variation = atoi(argv[2])) < 0) + msg_fatal("bad variation: %s", argv[2]); + rand_sleep(delay * 1000000, variation * 1000000); + exit(0); +} + +#endif