From: Wietse Venema Date: Sat, 11 Jul 2009 05:00:00 +0000 (-0500) Subject: postfix-2.7-20090711 X-Git-Tag: v2.7.0-RC1~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85acc7c76417633667c7b43d4419e8806068e876;p=thirdparty%2Fpostfix.git postfix-2.7-20090711 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 8021755cf..b1238575c 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15308,3 +15308,13 @@ Apologies for any names omitted. and avoid redundant logging and work when milter_header_checks and Milters make redundant or conflicting decisions. File: cleanup_milter.c. + +20090710 + + Bugfix (introduced Postfix 2.3): Postfix got out of sync + with a Milter application after the application sent a + "quarantine" request at end-of-message time. The milter + application would still be in the end-of-message state, + while Postfix would already be working on the next SMTP + event (typically, QUIT or MAIL FROM). Problem diagnosed + with help from Alban Deniz. File: milter/milter8.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index f5a351f3d..f50e60428 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -2,6 +2,10 @@ Wish list: Remove this file from the stable release. + Implement PREPEND action for milter_header_checks. Save the + to-be-prepended text to buffer, then emit it along with the + new header. + Fix the header_body_checks API, so that the name of the map class (e.g. milter_header_checks) is available for logging. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 95db4fa31..bcdf362d9 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -5703,20 +5703,19 @@ manual page available actions. Currently, PREPEND is not implemented. a spam handling machine. Note that matches are case-insensitive by default.

-
 /etc/postfix/main.cf:
     milter_header_checks = pcre:/etc/postfix/milter_header_checks
+ 
 /etc/postfix/milter_header_checks:
-    /^X-SPAM-FLAG:\s+YES]/ FILTER mysmtp:sanitizer.example.com:25
+    /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25
-

The milter_header_checks mechanism could also be used for whitelisting. For example it could be used to skip heavy content -scanning for DKIM-signed mail from known friendly domains.

+inspection for DKIM-signed mail from known friendly domains.

This feature is available in Postfix 2.7, and as an optional patch for Postfix 2.6.

diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 964641b03..76c201bf9 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3166,8 +3166,7 @@ manual page available actions. Currently, PREPEND is not implemented. The following example sends all mail that is marked as SPAM to a spam handling machine. Note that matches are case-insensitive by default. -.sp -.in +4 +.PP .nf .na .ft C @@ -3176,19 +3175,19 @@ by default. .fi .ad .ft R +.PP .nf .na .ft C /etc/postfix/milter_header_checks: - /^X-SPAM-FLAG:\es+YES]/ FILTER mysmtp:sanitizer.example.com:25 + /^X-SPAM-FLAG:\es+YES/ FILTER mysmtp:sanitizer.example.com:25 .fi .ad .ft R -.in -4 .PP The milter_header_checks mechanism could also be used for whitelisting. For example it could be used to skip heavy content -scanning for DKIM-signed mail from known friendly domains. +inspection for DKIM-signed mail from known friendly domains. .PP This feature is available in Postfix 2.7, and as an optional patch for Postfix 2.6. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index d15ab4c74..348a7927b 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -12311,20 +12311,19 @@ manual page available actions. Currently, PREPEND is not implemented. a spam handling machine. Note that matches are case-insensitive by default.

-
 /etc/postfix/main.cf:
     milter_header_checks = pcre:/etc/postfix/milter_header_checks
+ 
 /etc/postfix/milter_header_checks:
-    /^X-SPAM-FLAG:\s+YES]/ FILTER mysmtp:sanitizer.example.com:25
+    /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25
-

The milter_header_checks mechanism could also be used for whitelisting. For example it could be used to skip heavy content -scanning for DKIM-signed mail from known friendly domains.

+inspection for DKIM-signed mail from known friendly domains.

This feature is available in Postfix 2.7, and as an optional patch for Postfix 2.6.

diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index 74816dfb5..6ecfa4c3b 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -247,6 +247,7 @@ static void cleanup_milter_hbc_log(void *context, const char *action, static void cleanup_milter_header_prepend(void *context, int rec_type, const char *buf, ssize_t len, off_t offset) { + /* XXX save prepended header to buffer. */ msg_warn("the milter_header/body_checks prepend action is not implemented"); } @@ -630,6 +631,7 @@ static const char *cleanup_add_header(void *context, const char *name, vstring_free(buf); return (cleanup_milter_error(state, errno)); } + /* XXX emit prepended header, then clear it. */ cleanup_out_header(state, buf); /* Includes padding */ vstring_free(buf); if ((reverse_ptr_offset = vstream_ftell(state->dst)) < 0) { @@ -1007,6 +1009,7 @@ static const char *cleanup_patch_header(CLEANUP_STATE *state, msg_warn("%s: seek file %s: %m", myname, cleanup_path); CLEANUP_PATCH_HEADER_RETURN(cleanup_milter_error(state, errno)); } + /* XXX emit prepended header, then clear it. */ cleanup_out_header(state, buf); /* Includes padding */ if (msg_verbose > 1) msg_info("%s: %ld: write %.*s", myname, (long) new_hdr_offset, diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index fcc5cebf8..dfde2ad4b 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20090607" +#define MAIL_RELEASE_DATE "20090711" #define MAIL_VERSION_NUMBER "2.7" #ifdef SNAPSHOT diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index d49f656dd..e839532f6 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -1296,7 +1296,8 @@ static const char *milter8_event(MILTER8 *milter, int event, /* * Decision: quarantine. In Sendmail 8.13 this does not imply a * transition in the receiver state (reply, reject, tempfail, - * accept, discard). + * accept, discard). We should not transition, either, otherwise + * we get out of sync. */ case SMFIR_QUARANTINE: /* XXX What to do with the "reason" text? */ @@ -1304,7 +1305,8 @@ static const char *milter8_event(MILTER8 *milter, int event, MILTER8_DATA_BUFFER, milter->buf, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); - MILTER8_EVENT_BREAK("H"); + milter8_def_reply(milter, "H"); + continue; /* * Decision: skip further events of this type. diff --git a/postfix/src/verify/verify.c b/postfix/src/verify/verify.c index 6b04c8f00..322f63661 100644 --- a/postfix/src/verify/verify.c +++ b/postfix/src/verify/verify.c @@ -572,7 +572,7 @@ static void pre_jail_init(char *unused_name, char **unused_argv) * * The solution is to query a map type and obtain its properties before * opening it. A clean solution is to add a dict_info() API that is - * simlar to dict_open() except it returns properties (dict flags) only. + * similar to dict_open() except it returns properties (dict flags) only. * A pragmatic solution is to overload the existing API and have * dict_open() return a dummy map when given a null map name. *