From: Wietse Venema Date: Sat, 11 Sep 1999 05:00:00 +0000 (-0500) Subject: snapshot-19990911 X-Git-Tag: v20010228~94 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80a9dcb84639d8977d2c0ac0fd6a5bdc5cb58984;p=thirdparty%2Fpostfix.git snapshot-19990911 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 3aba22e83..4a63ed474 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -3089,3 +3089,8 @@ Apologies for any names omitted. and added a test for the case that they specify a lookup table on the right-hand side of an SMTPD access map. File: smtpd/smtpd_access.c. + + Cleanup: removed spurious sender address checks for <>. + + Cleanup: the smtp client now consistently logs host[address] + for all connection attempts. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index b4eae12be..48ff15ebb 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,11 +1,11 @@ -Incompatible changes with snapshot 19990910 +Incompatible changes with snapshot 19990911 =========================================== - You can not longer use virtual, canonical or aliases tables as SMTPD access control tables. Use the permit_recipient_map feature instead. The loss is compensated for. -Major changes with snapshot 19990910 +Major changes with snapshot 19990911 ==================================== - Per-client/helo/sender/recipient UCE restrictions: you can now @@ -42,16 +42,26 @@ That should stop a lot of the mail to non-existent recipients. It won't stop mail to broken aliases or to users with broken .forward files, though. -All this is great for non-relaying sites. A good example with -permit_recipient_map for relaying sites still needs to be found. +For a relaying site, the best we can do is something like: + + smtpd_recipient_restrictions = + permit_mynetworks + reject_unauth_destination + reject_unknown_sender_domain + ...other checks to reject non-FQDN, RBL, access maps... + permit_recipient_map unix:passwd.byname + permit_recipient_map hash:/etc/canonical + permit_recipient_map hash:/etc/postfix/virtual + permit_recipient_map hash:/etc/aliases + reject Unfortunately, permit_recipient_map does not combine well with -permit_mynetworks, because permit_mynetworks accepts mail for ALL -destinations, including ALL LOCAL destinations. +permit_mynetworks, because permit_mynetworks accepts mail for +non-existent local recipients. Unfortunately, permit_recipient_map does not combine well with -check_relay_domains, because check_relay_domains permits mail for -ALL LOCAL destinations. +check_relay_domains, because check_relay_domains permits either +rejects mail, or accepts mail for non-existent local recipients. Incompatible changes with postfix-19990906 ========================================== diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h index fb5098d38..fe393f6dc 100644 --- a/postfix/global/mail_version.h +++ b/postfix/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-19990910" +#define DEF_MAIL_VERSION "Snapshot-19990911" extern char *var_mail_version; /* LICENSE diff --git a/postfix/smtp/smtp_connect.c b/postfix/smtp/smtp_connect.c index 104ff958f..ac011a2db 100644 --- a/postfix/smtp/smtp_connect.c +++ b/postfix/smtp/smtp_connect.c @@ -174,7 +174,7 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port, memcpy((char *) &sin.sin_addr, addr->data, sizeof(sin.sin_addr)); if (msg_verbose) - msg_info("%s: trying: %s/%s port %d...", + msg_info("%s: trying: %s[%s] port %d...", myname, addr->name, inet_ntoa(sin.sin_addr), ntohs(port)); if (var_smtp_conn_tmout > 0) { non_blocking(sock, NON_BLOCKING); @@ -187,7 +187,8 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port, conn_stat = connect(sock, (struct sockaddr *) & sin, sizeof(sin)); } if (conn_stat < 0) { - vstring_sprintf(why, "connect to %s: %m", addr->name); + vstring_sprintf(why, "connect to %s[%s]: %m", + addr->name, inet_ntoa(sin.sin_addr)); smtp_errno = SMTP_RETRY; close(sock); return (0); @@ -197,7 +198,8 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port, * Skip this host if it takes no action within some time limit. */ if (read_wait(sock, var_smtp_helo_tmout) < 0) { - vstring_sprintf(why, "connect to %s: read timeout", addr->name); + vstring_sprintf(why, "connect to %s[%s]: read timeout", + addr->name, inet_ntoa(sin.sin_addr)); smtp_errno = SMTP_RETRY; close(sock); return (0); @@ -208,8 +210,8 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port, */ stream = vstream_fdopen(sock, O_RDWR); if ((ch = VSTREAM_GETC(stream)) == VSTREAM_EOF) { - vstring_sprintf(why, "connect to %s: server dropped connection", - addr->name); + vstring_sprintf(why, "connect to %s[%s]: server dropped connection", + addr->name, inet_ntoa(sin.sin_addr)); smtp_errno = SMTP_RETRY; vstream_fclose(stream); return (0); @@ -219,8 +221,8 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port, * Skip this host if it sends a 4xx greeting. */ if (ch == '4' && var_smtp_skip_4xx_greeting) { - vstring_sprintf(why, "connect to %s: server refused mail service", - addr->name); + vstring_sprintf(why, "connect to %s[%s]: server refused mail service", + addr->name, inet_ntoa(sin.sin_addr)); smtp_errno = SMTP_RETRY; vstream_fclose(stream); return (0); diff --git a/postfix/smtpd/smtpd_check.c b/postfix/smtpd/smtpd_check.c index 5eb0d4d98..9ef699771 100644 --- a/postfix/smtpd/smtpd_check.c +++ b/postfix/smtpd/smtpd_check.c @@ -1513,16 +1513,16 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, * Sender mail address restrictions. */ else if (is_map_command(name, CHECK_SENDER_ACL, &cpp)) { - if (state->sender) + if (state->sender && *state->sender) status = check_mail_access(state, *cpp, state->sender, state->sender, SMTPD_NAME_SENDER, def_acl); } else if (strcasecmp(name, REJECT_UNKNOWN_ADDRESS) == 0) { - if (state->sender) + if (state->sender && *state->sender) status = reject_unknown_address(state, state->sender, state->sender, SMTPD_NAME_SENDER); } else if (strcasecmp(name, REJECT_UNKNOWN_SENDDOM) == 0) { - if (state->sender) + if (state->sender && *state->sender) status = reject_unknown_address(state, state->sender, state->sender, SMTPD_NAME_SENDER); } else if (strcasecmp(name, REJECT_NON_FQDN_SENDER) == 0) {