From: Wietse Venema Date: Fri, 19 Sep 2003 05:00:00 +0000 (-0500) Subject: postfix-2.0.16-20030919 X-Git-Tag: v2.1-RC1-20040331~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92cdf2934c81d8294353c6eff6ce7f60a4722bed;p=thirdparty%2Fpostfix.git postfix-2.0.16-20030919 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 6f05f09c7..0900176af 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -8596,6 +8596,13 @@ Apologies for any names omitted. NS records of parent domains, causing mail to be deferred with a 450 status code. File: smtpd/smtpd_check.c. +20030919 + + Robustness: check_mumble_{mx,ns}_access skip over DNS lookup + failures instead of deferring mail. This is not as bad as + it appears to be because the restrictions can't be used + for whitelisting. File: smtpd/smtpd_check.c. + Open problems: High: when virtual aliasing is turned off after content diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index cbcf52748..fa8a60f18 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20030918" +#define MAIL_RELEASE_DATE "20030919" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION "2.0.16-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 93f54006f..fca8a3178 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -2212,20 +2212,17 @@ static int check_server_access(SMTPD_STATE *state, const char *table, domain = name; /* - * If the domain does not exist then we apply no restriction. In all - * other cases, DNS lookup failure results in a "try again" status. + * If the domain name does not exist then we apply no restriction. * - * If the domain name exists but MX lookup fails, fabricate an MX record + * If the domain name exists but no MX record exists, fabricate an MX record * that points to the domain name itself. * - * If the domain name exists but NS lookup fails, look up parent domain + * If the domain name exists but no NS record exists, look up parent domain * NS records. */ dns_status = dns_lookup(domain, type, 0, &server_list, (VSTRING *) 0, (VSTRING *) 0); - if (dns_status == DNS_NOTFOUND) { - if (h_errno != NO_DATA) - return (SMTPD_CHECK_DUNNO); + if (dns_status == DNS_NOTFOUND && h_errno == NO_DATA) { if (type == T_MX) { server_list = dns_rr_create(domain, &fixed, 0, domain, strlen(domain) + 1); @@ -2241,9 +2238,8 @@ static int check_server_access(SMTPD_STATE *state, const char *table, } } if (dns_status != DNS_OK) { - DEFER_IF_PERMIT3(state, MAIL_ERROR_POLICY, - "450 <%s>: %s rejected: unable to look up %s host", - reply_name, reply_class, dns_strtype(type)); + msg_warn("Unable to look up %s host for %s", dns_strtype(type), + domain && domain[1] ? domain : reply_name); return (SMTPD_CHECK_DUNNO); } @@ -2257,12 +2253,10 @@ static int check_server_access(SMTPD_STATE *state, const char *table, */ for (server = server_list; server != 0; server = server->next) { if ((hp = gethostbyname((char *) server->data)) == 0) { - DEFER_IF_PERMIT4(state, MAIL_ERROR_POLICY, - "450 <%s>: %s rejected: " - "Unable to look up %s host %s", - reply_name, reply_class, - dns_strtype(type), (char *) server->data); - CHECK_SERVER_RETURN(SMTPD_CHECK_DUNNO); + msg_warn("Unable to look up %s host %s for %s %s", + dns_strtype(type), (char *) server->data, + reply_class, reply_name); + continue; } if (hp->h_addrtype != AF_INET || hp->h_length != sizeof(addr)) { if (msg_verbose) diff --git a/postfix/src/smtpd/smtpd_exp.ref b/postfix/src/smtpd/smtpd_exp.ref index 22c257b1a..d426f1df6 100644 --- a/postfix/src/smtpd/smtpd_exp.ref +++ b/postfix/src/smtpd/smtpd_exp.ref @@ -120,6 +120,7 @@ OK >>> helo verisign.com OK >>> helo example.tld +./smtpd_check: warning: Unable to look up MX host for example.tld OK >>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access OK @@ -152,6 +153,7 @@ OK >>> helo verisign-wildcard.com OK >>> helo example.tld +./smtpd_check: warning: Unable to look up NS host for example.tld OK >>> sender_restrictions check_sender_ns_access,hash:smtpd_check_access OK