From: Wietse Venema Date: Thu, 5 Oct 2006 05:00:00 +0000 (-0500) Subject: postfix-2.4-20061005 X-Git-Tag: v2.4.0-RC1~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99b6e641c9ec591a904fb95fc85e82d5d60a13a5;p=thirdparty%2Fpostfix.git postfix-2.4-20061005 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index a9408bd3a..86b25c805 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -12767,6 +12767,20 @@ Apologies for any names omitted. action with the verified hostname instead of the name obtained with PTR lookup. File: smtpd/smtpd.c. +20061004 + + Cleanup: force space between mailq queueid+status and file + size items. File: showq/showq.c. + +20061005 + + Cleanup: make CISCO PIX bug workarounds configurable. This + introduces new parameters: smtp_pix_workarounds (default: + disable_esmtp, delay_dotcrlf) and smtp_pix_workaround_maps + (workarounds indexed by server IP address). The default + settings are backwards compatible. File: smtp/smtp.c, + smtp/smtp_proto.c. + Wish list: Update FILTER_README with mailing list suggestions to tag diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 83636dd82..2c5304b81 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -2963,10 +2963,10 @@ by whitespace or comma.

-
bounce
Inspect the content of delivery +
bounce
Inspect the content of delivery status notifications.
-
notify
Inspect the content of postmaster +
notify
Inspect the content of postmaster notifications by the smtp(8) and smtpd(8) processes.
@@ -3465,6 +3465,17 @@ configuration parameter. See there for details.

This feature is available in Postfix 2.3 and later.

+ + +
lmtp_pix_workaround_maps +(default: empty)
+ +

The LMTP-specific version of the smtp_pix_workaround_maps +configuration parameter. See there for details.

+ +

This feature is available in Postfix 2.4 and later.

+ +
lmtp_pix_workaround_threshold_time @@ -3476,6 +3487,17 @@ configuration parameter. See there for details.

This feature is available in Postfix 2.3 and later.

+ + +
lmtp_pix_workarounds +(default: empty)
+ +

The LMTP-specific version of the smtp_pix_workaround +configuration parameter. See there for details.

+ +

This feature is available in Postfix 2.4 and later.

+ +
lmtp_quit_timeout @@ -4082,13 +4104,13 @@ for details of how domain names are appended to incomplete addresses.
-
permit_inet_interfaces
+
permit_inet_interfaces
Append the domain name in $myorigin or $mydomain when the client IP address matches $inet_interfaces. This is enabled by default.
-
permit_mynetworks
+
permit_mynetworks
Append the domain name in $myorigin or $mydomain when the client IP address matches any network or network address listed in @@ -7454,16 +7476,28 @@ sending large messages over slow network connections.

+
+ +
smtp_pix_workaround_maps +(default: empty)
+ +

Lookup tables, indexed by the remote SMTP server address, with +per-destination workarounds for CISCO PIX firewall bugs. The table +is not indexed by hostname for consistency with +smtp_discard_ehlo_keyword_address_maps.

+ +

This feature is available in Postfix 2.4 and later.

+ +
smtp_pix_workaround_threshold_time (default: 500s)
-

-How long a message must be queued before the PIX firewall -"<CR><LF>.<CR><LF>" bug workaround is turned -on for delivery through firewalls with "smtp fixup" mode turned on. -

+

How long a message must be queued before the Postfix SMTP client +turns on the PIX firewall "<CR><LF>.<CR><LF>" +bug workaround for delivery through firewalls with "smtp fixup" +mode turned on.

By default, the workaround is turned off for mail that is queued @@ -7478,6 +7512,34 @@ first delivery attempt.

+
+ +
smtp_pix_workarounds +(default: disable_esmtp, delay_dotcrlf)
+ +

A list that specifies zero or more workarounds for CISCO PIX +firewall bugs. These workarounds are implemented by the Postfix +SMTP client. Workaround names are separated by comma or space, and +are case insensitive. This parameter setting can be overruled with +per-destination smtp_pix_workaround_maps settings.

+ +
+ +
delay_dotcrlf
Insert a delay before sending +".<CR><LF>" after the end of the message content. The +delay is subject to the smtp_pix_workaround_delay_time and +smtp_pix_workaround_threshold_time parameter settings.
+ +
disable_esmtp
Disable all extended SMTP commands: +send HELO instead of EHLO.
+ +
+ +

This feature is available in Postfix 2.4 and later. The default +settings are backwards compatible with earlier Postfix versions. +

+ +
smtp_quit_timeout diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index fb57a3a86..418e3d1ef 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -177,10 +177,19 @@ SMTP(8) SMTP(8) firewall "<CR><LF>.<CR><LF>" bug. smtp_pix_workaround_threshold_time (500s) - How long a message must be queued before the PIX - firewall "<CR><LF>.<CR><LF>" bug workaround is - turned on for delivery through firewalls with "smtp - fixup" mode turned on. + How long a message must be queued before the Post- + fix SMTP client turns on the PIX firewall + "<CR><LF>.<CR><LF>" bug workaround for delivery + through firewalls with "smtp fixup" mode turned on. + + smtp_pix_workarounds (disable_esmtp, delay_dotcrlf) + A list that specifies zero or more workarounds for + CISCO PIX firewall bugs. + + smtp_pix_workaround_maps (empty) + Lookup tables, indexed by the remote SMTP server + address, with per-destination workarounds for CISCO + PIX firewall bugs. smtp_quote_rfc821_envelope (yes) Quote addresses in SMTP MAIL FROM and RCPT TO com- diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 3c387c2bf..15cc3134f 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -1607,10 +1607,10 @@ What categories of Postfix-generated mail are subject to before-queue content inspection by non_smtpd_milters, header_checks and body_checks. Specify zero or more of the following, separated by whitespace or comma. -.IP "\fB bounce \fR" +.IP "\fBbounce\fR" Inspect the content of delivery status notifications. -.IP "\fB notify \fR" +.IP "\fBnotify\fR" Inspect the content of postmaster notifications by the \fBsmtp\fR(8) and \fBsmtpd\fR(8) processes. .PP @@ -1864,11 +1864,21 @@ The LMTP-specific version of the smtp_pix_workaround_delay_time configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. +.SH lmtp_pix_workaround_maps (default: empty) +The LMTP-specific version of the smtp_pix_workaround_maps +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.4 and later. .SH lmtp_pix_workaround_threshold_time (default: 500s) The LMTP-specific version of the smtp_pix_workaround_threshold_time configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. +.SH lmtp_pix_workarounds (default: empty) +The LMTP-specific version of the smtp_pix_workaround +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.4 and later. .SH lmtp_quit_timeout (default: 300s) The LMTP client time limit for sending the QUIT command, and for receiving the server response. @@ -2164,11 +2174,11 @@ See the append_at_myorigin and append_dot_mydomain parameters for details of how domain names are appended to incomplete addresses. .PP Specify a list of zero or more of the following: -.IP "\fB permit_inet_interfaces \fR" +.IP "\fBpermit_inet_interfaces\fR" Append the domain name in $myorigin or $mydomain when the client IP address matches $inet_interfaces. This is enabled by default. -.IP "\fB permit_mynetworks \fR" +.IP "\fBpermit_mynetworks\fR" Append the domain name in $myorigin or $mydomain when the client IP address matches any network or network address listed in $mynetworks. This setting will not prevent remote mail header @@ -4149,10 +4159,18 @@ How long the Postfix SMTP client pauses before sending .PP Choosing a too short time makes this workaround ineffective when sending large messages over slow network connections. +.SH smtp_pix_workaround_maps (default: empty) +Lookup tables, indexed by the remote SMTP server address, with +per-destination workarounds for CISCO PIX firewall bugs. The table +is not indexed by hostname for consistency with +smtp_discard_ehlo_keyword_address_maps. +.PP +This feature is available in Postfix 2.4 and later. .SH smtp_pix_workaround_threshold_time (default: 500s) -How long a message must be queued before the PIX firewall -"." bug workaround is turned -on for delivery through firewalls with "smtp fixup" mode turned on. +How long a message must be queued before the Postfix SMTP client +turns on the PIX firewall "." +bug workaround for delivery through firewalls with "smtp fixup" +mode turned on. .PP By default, the workaround is turned off for mail that is queued for less than 500 seconds. In other words, the workaround is normally @@ -4161,6 +4179,23 @@ turned off for the first delivery attempt. Specify 0 to enable the PIX firewall "." bug workaround upon the first delivery attempt. +.SH smtp_pix_workarounds (default: disable_esmtp, delay_dotcrlf) +A list that specifies zero or more workarounds for CISCO PIX +firewall bugs. These workarounds are implemented by the Postfix +SMTP client. Workaround names are separated by comma or space, and +are case insensitive. This parameter setting can be overruled with +per-destination smtp_pix_workaround_maps settings. +.IP "\fBdelay_dotcrlf\fR +Insert a delay before sending +"." after the end of the message content. The +delay is subject to the smtp_pix_workaround_delay_time and +smtp_pix_workaround_threshold_time parameter settings. +.IP "\fBdisable_esmtp\fR +Disable all extended SMTP commands: +send HELO instead of EHLO. +.PP +This feature is available in Postfix 2.4 and later. The default +settings are backwards compatible with earlier Postfix versions. .SH smtp_quit_timeout (default: 300s) The SMTP client time limit for sending the QUIT command, and for receiving the server response. diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 1dd18024c..9aebf5663 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -171,9 +171,16 @@ How long the Postfix SMTP client pauses before sending "." in order to work around the PIX firewall "." bug. .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" -How long a message must be queued before the PIX firewall -"." bug workaround is turned -on for delivery through firewalls with "smtp fixup" mode turned on. +How long a message must be queued before the Postfix SMTP client +turns on the PIX firewall "." +bug workaround for delivery through firewalls with "smtp fixup" +mode turned on. +.IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" +A list that specifies zero or more workarounds for CISCO PIX +firewall bugs. +.IP "\fBsmtp_pix_workaround_maps (empty)\fR" +Lookup tables, indexed by the remote SMTP server address, with +per-destination workarounds for CISCO PIX firewall bugs. .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" Quote addresses in SMTP MAIL FROM and RCPT TO commands as required by RFC 821. diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index babcb2f1d..4caf4f4c7 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -225,6 +225,8 @@ while (<>) { s;\blmtp_generic_maps\b;$&;g; s;\blmtp_pix_workaround_threshold_time\b;$&;g; s;\blmtp_pix_workaround_delay_time\b;$&;g; + s;\blmtp_pix_workarounds\b;$&;g; + s;\blmtp_pix_workaround_maps\b;$&;g; s;\blmtp_connection_reuse_time_limit\b;$&;g; s;\blmtp_starttls_timeout\b;$&;g; s;\blmtp_line_length_limit\b;$&;g; @@ -412,6 +414,8 @@ while (<>) { s;\bsmtp_sender_depen[-]*\n*[ ]*dent_authentication\b;$&;g; s;\bsmtp_pix_workaround_delay_time\b;$&;g; s;\bsmtp_pix_workaround_threshold_time\b;$&;g; + s;\bsmtp_pix_workarounds\b;$&;g; + s;\bsmtp_pix_workaround_maps\b;$&;g; s;\bsmtp_quit_timeout\b;$&;g; s;\bsmtp_quote_rfc821_envelope\b;$&;g; s;\bsmtp_randomize_addresses\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 30d07f1bd..5dbcfa348 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -3956,11 +3956,10 @@ smtp_always_send_ehlo parameter.

%PARAM smtp_pix_workaround_threshold_time 500s -

-How long a message must be queued before the PIX firewall -"<CR><LF>.<CR><LF>" bug workaround is turned -on for delivery through firewalls with "smtp fixup" mode turned on. -

+

How long a message must be queued before the Postfix SMTP client +turns on the PIX firewall "<CR><LF>.<CR><LF>" +bug workaround for delivery through firewalls with "smtp fixup" +mode turned on.

By default, the workaround is turned off for mail that is queued @@ -7990,13 +7989,13 @@ for details of how domain names are appended to incomplete addresses.

-
permit_inet_interfaces
+
permit_inet_interfaces
Append the domain name in $myorigin or $mydomain when the client IP address matches $inet_interfaces. This is enabled by default.
-
permit_mynetworks
+
permit_mynetworks
Append the domain name in $myorigin or $mydomain when the client IP address matches any network or network address listed in @@ -10422,10 +10421,10 @@ by whitespace or comma.

-
bounce
Inspect the content of delivery +
bounce
Inspect the content of delivery status notifications.
-
notify
Inspect the content of postmaster +
notify
Inspect the content of postmaster notifications by the smtp(8) and smtpd(8) processes.
@@ -10460,3 +10459,50 @@ with other MTAs.

This feature is available in Postfix 2.3 and later.

+ +%PARAM smtp_pix_workarounds disable_esmtp, delay_dotcrlf + +

A list that specifies zero or more workarounds for CISCO PIX +firewall bugs. These workarounds are implemented by the Postfix +SMTP client. Workaround names are separated by comma or space, and +are case insensitive. This parameter setting can be overruled with +per-destination smtp_pix_workaround_maps settings.

+ +
+ +
delay_dotcrlf
Insert a delay before sending +".<CR><LF>" after the end of the message content. The +delay is subject to the smtp_pix_workaround_delay_time and +smtp_pix_workaround_threshold_time parameter settings.
+ +
disable_esmtp
Disable all extended SMTP commands: +send HELO instead of EHLO.
+ +
+ +

This feature is available in Postfix 2.4 and later. The default +settings are backwards compatible with earlier Postfix versions. +

+ +%PARAM smtp_pix_workaround_maps + +

Lookup tables, indexed by the remote SMTP server address, with +per-destination workarounds for CISCO PIX firewall bugs. The table +is not indexed by hostname for consistency with +smtp_discard_ehlo_keyword_address_maps.

+ +

This feature is available in Postfix 2.4 and later.

+ +%PARAM lmtp_pix_workarounds + +

The LMTP-specific version of the smtp_pix_workaround +configuration parameter. See there for details.

+ +

This feature is available in Postfix 2.4 and later.

+ +%PARAM lmtp_pix_workaround_maps + +

The LMTP-specific version of the smtp_pix_workaround_maps +configuration parameter. See there for details.

+ +

This feature is available in Postfix 2.4 and later.

diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index a940e1ec7..fb77b7fed 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1018,6 +1018,24 @@ extern int var_smtp_pix_thresh; #define DEF_LMTP_PIX_DELAY "10s" extern int var_smtp_pix_delay; + /* + * Courageous people may want to turn off PIX bug workarounds. + */ +#define PIX_BUG_DISABLE_ESMTP "disable_esmtp" +#define PIX_BUG_DELAY_DOTCRLF "delay_dotcrlf" +#define VAR_SMTP_PIX_BUG_WORDS "smtp_pix_workarounds" +#define DEF_SMTP_PIX_BUG_WORDS PIX_BUG_DISABLE_ESMTP "," \ + PIX_BUG_DELAY_DOTCRLF +#define VAR_LMTP_PIX_BUG_WORDS "lmtp_pix_workarounds" +#define DEF_LMTP_PIX_BUG_WORDS DEF_SMTP_PIX_BUG_WORDS +extern char *var_smtp_pix_bug_words; + +#define VAR_SMTP_PIX_BUG_MAPS "smtp_pix_workaround_maps" +#define DEF_SMTP_PIX_BUG_MAPS "" +#define VAR_LMTP_PIX_BUG_MAPS "lmtp_pix_workaround_maps" +#define DEF_LMTP_PIX_BUG_MAPS "" +extern char *var_smtp_pix_bug_maps; + #define VAR_SMTP_DEFER_MXADDR "smtp_defer_if_no_mx_address_found" #define DEF_SMTP_DEFER_MXADDR 0 #define VAR_LMTP_DEFER_MXADDR "lmtp_defer_if_no_mx_address_found" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 324147442..b845ceda1 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20061001" +#define MAIL_RELEASE_DATE "20061005" #define MAIL_VERSION_NUMBER "2.4" #ifdef SNAPSHOT diff --git a/postfix/src/showq/showq.c b/postfix/src/showq/showq.c index ef7e2a38f..8cbb27897 100644 --- a/postfix/src/showq/showq.c +++ b/postfix/src/showq/showq.c @@ -140,8 +140,8 @@ int var_dup_filter_limit; char *var_empty_addr; #define STRING_FORMAT "%-10s %8s %-20s %s\n" -#define SENDER_FORMAT "%-11s%8ld %20.20s %s\n" -#define DROP_FORMAT "%-10s%c%8ld %20.20s (maildrop queue, sender UID %u)\n" +#define SENDER_FORMAT "%-11s %7ld %20.20s %s\n" +#define DROP_FORMAT "%-10s%c %7ld %20.20s (maildrop queue, sender UID %u)\n" static void showq_reasons(VSTREAM *, BOUNCE_LOG *, RCPT_BUF *, DSN_BUF *, HTABLE *); diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c index e5f0c119c..c25587935 100644 --- a/postfix/src/smtp/lmtp_params.c +++ b/postfix/src/smtp/lmtp_params.c @@ -44,6 +44,8 @@ VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0, VAR_LMTP_GENERIC_MAPS, DEF_LMTP_GENERIC_MAPS, &var_smtp_generic_maps, 0, 0, VAR_LMTP_TCP_PORT, DEF_LMTP_TCP_PORT, &var_lmtp_tcp_port, 0, 0, + VAR_LMTP_PIX_BUG_WORDS, DEF_LMTP_PIX_BUG_WORDS, &var_smtp_pix_bug_words, 0, 0, + VAR_LMTP_PIX_BUG_MAPS, DEF_LMTP_PIX_BUG_MAPS, &var_smtp_pix_bug_maps, 0, 0, 0, }; static CONFIG_TIME_TABLE lmtp_time_table[] = { diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 21a7aab6b..bba3b3ba0 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -149,9 +149,16 @@ /* "." in order to work around the PIX firewall /* "." bug. /* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" -/* How long a message must be queued before the PIX firewall -/* "." bug workaround is turned -/* on for delivery through firewalls with "smtp fixup" mode turned on. +/* How long a message must be queued before the Postfix SMTP client +/* turns on the PIX firewall "." +/* bug workaround for delivery through firewalls with "smtp fixup" +/* mode turned on. +/* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" +/* A list that specifies zero or more workarounds for CISCO PIX +/* firewall bugs. +/* .IP "\fBsmtp_pix_workaround_maps (empty)\fR" +/* Lookup tables, indexed by the remote SMTP server address, with +/* per-destination workarounds for CISCO PIX firewall bugs. /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" /* Quote addresses in SMTP MAIL FROM and RCPT TO commands as required /* by RFC 821. @@ -699,6 +706,8 @@ bool var_smtp_sender_auth; char *var_lmtp_tcp_port; int var_scache_proto_tmout; bool var_smtp_cname_overr; +char *var_smtp_pix_bug_words; +char *var_smtp_pix_bug_maps; /* * Global variables. @@ -709,6 +718,7 @@ SCACHE *smtp_scache; MAPS *smtp_ehlo_dis_maps; MAPS *smtp_generic_maps; int smtp_ext_prop_mask; +MAPS *smtp_pix_bug_maps; #ifdef USE_TLS @@ -901,10 +911,18 @@ static void pre_init(char *unused_name, char **unused_argv) * EHLO keyword filter. */ if (*var_smtp_ehlo_dis_maps) - smtp_ehlo_dis_maps = maps_create(VAR_SMTPD_EHLO_DIS_MAPS, + smtp_ehlo_dis_maps = maps_create(VAR_SMTP_EHLO_DIS_MAPS, var_smtp_ehlo_dis_maps, DICT_FLAG_LOCK); + /* + * PIX bug workarounds. + */ + if (*var_smtp_pix_bug_maps) + smtp_pix_bug_maps = maps_create(VAR_SMTP_PIX_BUG_MAPS, + var_smtp_pix_bug_maps, + DICT_FLAG_LOCK); + /* * Generic maps. */ diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index af397d711..f55eafe46 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -106,7 +106,6 @@ typedef struct SMTP_STATE { #define SMTP_FEATURE_SIZE (1<<3) #define SMTP_FEATURE_STARTTLS (1<<4) #define SMTP_FEATURE_AUTH (1<<5) -#define SMTP_FEATURE_MAYBEPIX (1<<6) /* PIX smtp fixup mode */ #define SMTP_FEATURE_XFORWARD_NAME (1<<7) #define SMTP_FEATURE_XFORWARD_ADDR (1<<8) #define SMTP_FEATURE_XFORWARD_PROTO (1<<9) @@ -116,6 +115,8 @@ typedef struct SMTP_STATE { #define SMTP_FEATURE_RSET_REJECTED (1<<13) /* RSET probe rejected */ #define SMTP_FEATURE_FROM_CACHE (1<<14) /* cached connection */ #define SMTP_FEATURE_DSN (1<<15) /* DSN supported */ +#define SMTP_FEATURE_PIX_NO_ESMTP (1<<16) /* PIX smtp fixup mode */ +#define SMTP_FEATURE_PIX_DELAY_DOTCRLF (1<<17) /* PIX smtp fixup mode */ /* * Features that passivate under the endpoint. @@ -162,6 +163,8 @@ extern STRING_LIST *smtp_cache_dest; /* cached destinations */ extern MAPS *smtp_ehlo_dis_maps; /* ehlo keyword filter */ +extern MAPS *smtp_pix_bug_maps; /* PIX workarounds */ + extern MAPS *smtp_generic_maps; /* make internal address valid */ extern int smtp_ext_prop_mask; /* address externsion propagation */ diff --git a/postfix/src/smtp/smtp_params.c b/postfix/src/smtp/smtp_params.c index 9c73b2d58..e604298b1 100644 --- a/postfix/src/smtp/smtp_params.c +++ b/postfix/src/smtp/smtp_params.c @@ -45,6 +45,8 @@ VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0, VAR_SMTP_GENERIC_MAPS, DEF_SMTP_GENERIC_MAPS, &var_smtp_generic_maps, 0, 0, VAR_LMTP_TCP_PORT, DEF_LMTP_TCP_PORT, &var_lmtp_tcp_port, 0, 0, + VAR_SMTP_PIX_BUG_WORDS, DEF_SMTP_PIX_BUG_WORDS, &var_smtp_pix_bug_words, 0, 0, + VAR_SMTP_PIX_BUG_MAPS, DEF_SMTP_PIX_BUG_MAPS, &var_smtp_pix_bug_maps, 0, 0, 0, }; static CONFIG_TIME_TABLE smtp_time_table[] = { diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 276db41ce..79fe31e1c 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -120,6 +120,7 @@ #include #include #include +#include /* Global library. */ @@ -262,6 +263,14 @@ int smtp_helo(SMTP_STATE *state) SOCKOPT_SIZE optlen; const char *ehlo_words; int discard_mask; + static NAME_MASK pix_bug_table[] = { + PIX_BUG_DISABLE_ESMTP, SMTP_FEATURE_PIX_NO_ESMTP, + PIX_BUG_DELAY_DOTCRLF, SMTP_FEATURE_PIX_DELAY_DOTCRLF, + 0, + }; + const char *pix_bug_words; + const char *pix_bug_source; + int pix_bug_mask; #ifdef USE_TLS int saved_features = session->features; @@ -306,8 +315,27 @@ int smtp_helo(SMTP_STATE *state) * it does not span a packet boundary. This hurts performance so it * is not on by default. */ - if (resp->str[strspn(resp->str, "20 *\t\n")] == 0) - session->features |= SMTP_FEATURE_MAYBEPIX; + if (resp->str[strspn(resp->str, "20 *\t\n")] == 0) { + if (smtp_pix_bug_maps != 0 + && (pix_bug_words = + maps_find(smtp_pix_bug_maps, + state->session->addr, 0)) != 0) { + pix_bug_source = VAR_SMTP_PIX_BUG_MAPS; + } else { + pix_bug_words = var_smtp_pix_bug_words; + pix_bug_source = VAR_SMTP_PIX_BUG_WORDS; + } + if (*pix_bug_words) { + pix_bug_mask = name_mask_opt(pix_bug_source, pix_bug_table, + pix_bug_words, NAME_MASK_ANY_CASE); + msg_info("%s: enabling PIX workarounds: %s for %s", + request->queue_id, + str_name_mask("pix workaround bitmask", + pix_bug_table, pix_bug_mask), + session->namaddrport); + session->features |= pix_bug_mask; + } + } /* * See if we are talking to ourself. This should not be possible with @@ -327,10 +355,10 @@ int smtp_helo(SMTP_STATE *state) } if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) { if (var_smtp_always_ehlo - && (session->features & SMTP_FEATURE_MAYBEPIX) == 0) + && (session->features & SMTP_FEATURE_PIX_NO_ESMTP) == 0) session->features |= SMTP_FEATURE_ESMTP; if (var_smtp_never_ehlo - || (session->features & SMTP_FEATURE_MAYBEPIX) != 0) + || (session->features & SMTP_FEATURE_PIX_NO_ESMTP) != 0) session->features &= ~SMTP_FEATURE_ESMTP; } else { session->features |= SMTP_FEATURE_ESMTP; @@ -1692,11 +1720,9 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, } } else if (prev_type == REC_TYPE_CONT) /* missing newline */ smtp_fputs("", 0, session->stream); - if ((session->features & SMTP_FEATURE_MAYBEPIX) != 0 + if ((session->features & SMTP_FEATURE_PIX_DELAY_DOTCRLF) != 0 && request->msg_stats.incoming_arrival.tv_sec <= vstream_ftime(session->stream) - var_smtp_pix_thresh) { - msg_info("%s: enabling PIX . workaround for %s", - request->queue_id, session->namaddrport); smtp_flush(session->stream); /* hurts performance */ sleep(var_smtp_pix_delay); /* not to mention this */ }