From: Wietse Venema Date: Thu, 9 Jan 2003 05:00:00 +0000 (-0500) Subject: postfix-2.0.0-20030109 X-Git-Tag: v2.1-RC1-20040331~84 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a3c3b048e3675b2ad7b9e19dd52b1773170cd18;p=thirdparty%2Fpostfix.git postfix-2.0.0-20030109 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index b0d8f16b5..c7f35b691 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -7690,7 +7690,7 @@ Apologies for any names omitted. It should not try to open any user/domain/uce related tables at all. File: smtpd/smtpd.c. -20020106 +20030106 Bugfix: bouncing to owner-alias was broken, i.e. the mail kept being deferred, and when that was fixed, another buglet @@ -7702,8 +7702,32 @@ Apologies for any names omitted. specifies a hostname for which the same IP address is listed multiple times. File: master/master_ent.c. +20030107 + + Robustness: check that FILTER actions in SMTPD access maps + or cleanup header/body_checks have plausible syntax. Files: + smtpd/smtpd_check.c, cleanup/cleanup_message.c. + +20030109 + + Cleanup: unnecessary "premature end of file on xxx while + reading yyy" warnings became exposed after some code + simplification. Files" global/*_clnt.c, global/dict_proxy.c + + Robustness: undo the change that causes a multi-server + process to stop accepting new connections while it still + services existing clients for an extended amount of time. + We need a better process retirement strategy. File: + master/multi_server.c. + Open problems: + Med: make qmgr recipient bounce/defer activity asynchronous + or add a multi-recipient operation that reduces overhead. + + Low: postmap/postalias should not try to open a bogus file + when given an unsupported dictionary type. + Med: do not postpone rejected "MAIL FROM" size information, and find a way to log the sender address in the rejected command. diff --git a/postfix/conf/regexp_table b/postfix/conf/regexp_table index 2cefe946c..94bcf2f13 100644 --- a/postfix/conf/regexp_table +++ b/postfix/conf/regexp_table @@ -89,7 +89,9 @@ # /^postmaster@/ OK # # # Protect your outgoing majordomo exploders -# /^(.*)-outgoing@(.*)$/!/^owner-/ 550 Use ${1}@${2} instead +# if !/^owner-/ +# /^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead +# endif # # EXAMPLE HEADER FILTER MAP # # These were once common in junk mail. diff --git a/postfix/conf/sample-pcre-header.cf b/postfix/conf/sample-pcre-header.cf index c0fcd7f0d..9dc72813a 100644 --- a/postfix/conf/sample-pcre-header.cf +++ b/postfix/conf/sample-pcre-header.cf @@ -3,8 +3,8 @@ # message header filtering. See pcre_table(5) for syntax description. # # Message headers are filtered one at a time. This filter understands -# multi-line message headers. However, the message header filter has -# no knowledge of MIME headers that are embedded in the message body. +# multi-line message headers, including MIME headers in the message +# body. # # The first field is a perl-like regular expression. The expression # delimiter can be any character except whitespace, or characters diff --git a/postfix/conf/sample-regexp-header.cf b/postfix/conf/sample-regexp-header.cf index f1b6d4a89..bc29fdf6d 100644 --- a/postfix/conf/sample-regexp-header.cf +++ b/postfix/conf/sample-regexp-header.cf @@ -2,8 +2,7 @@ # for a description of the syntax. # # Message headers are filtered one at a time. This filter understands -# multi-line mail headers. However, the message header filter has no -# knowledge of MIME headers that are embedded in the message body. +# multi-line mail headers, including MIME headers in the message body. # # The general format of a table entry is PATTERN RESULT. # diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index ccc74d664..8c4bd6129 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -11,9 +11,11 @@ POSTQUEUE(1) POSTQUEUE(1) DESCRIPTION The postqueue program implements the Postfix user inter- - face for queue management. It implements all the opera- - tions that are traditionally available via the sendmail(1) - command. + face for queue management. It implements operations that + are traditionally available via the sendmail(1) command. + See the postsuper(1) command for queue operations that + require super-user privileges such as deleting a message + from the queue or changing the status of a message. The following options are recognized: @@ -109,7 +111,8 @@ POSTQUEUE(1) POSTQUEUE(1) request and in the sendmail -qR command. SEE ALSO - sendmail(8) sendmail-compatible user interface + sendmail(1) sendmail-compatible user interface + postsuper(1) privileged queue operations qmgr(8) queue manager showq(8) list mail queue flush(8) fast flush service diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html index ed012cfb1..f80d1da04 100644 --- a/postfix/html/postsuper.1.html +++ b/postfix/html/postsuper.1.html @@ -11,27 +11,29 @@ POSTSUPER(1) POSTSUPER(1) DESCRIPTION The postsuper command does maintenance jobs on the Postfix queue. Use of the command is restricted to the superuser. + See the postqueue command for unprivileged queue opera- + tions such as listing or flushing the mail queue. - By default, postsuper performs the operations requested - with the -s and -p command-line options on all Postfix + By default, postsuper performs the operations requested + with the -s and -p command-line options on all Postfix queue directories - this includes the incoming, active and - deferred directories with mail files and the bounce, + deferred directories with mail files and the bounce, defer, trace and flush directories with log files. Options: -c config_dir - The main.cf configuration file is in the named + The main.cf configuration file is in the named directory instead of the default configuration - directory. See also the MAIL_CONFIG environment + directory. See also the MAIL_CONFIG environment setting below. -d queue_id Delete one message with the named queue ID from the - named mail queue(s) (default: hold, incoming, + named mail queue(s) (default: hold, incoming, active and deferred). If a queue_id of - is speci- - fied, the program reads queue IDs from standard - input. For example, to delete all mail from or to + fied, the program reads queue IDs from standard + input. For example, to delete all mail from or to user@example.com: mailq | tail +2 | awk 'BEGIN { RS = "" } \ @@ -39,117 +41,117 @@ POSTSUPER(1) POSTSUPER(1) ' | tr -d '*!' | postsuper -d - Specify -d ALL to remove all messages; for example, - specify -d ALL deferred to delete mail in the - deferred queue. As a safety measure, the word ALL + specify -d ALL deferred to delete mail in the + deferred queue. As a safety measure, the word ALL must be specified in upper case. - Postfix queue IDs are reused. There is a very - small possibility that postsuper deletes the wrong - message file when it is executed while the Postfix + Postfix queue IDs are reused. There is a very + small possibility that postsuper deletes the wrong + message file when it is executed while the Postfix mail system is running. The scenario is as follows: - 1) The Postfix queue manager deletes the mes- - sage that postsuper is supposed to delete, - because Postfix is finished with the mes- + 1) The Postfix queue manager deletes the mes- + sage that postsuper is supposed to delete, + because Postfix is finished with the mes- sage. - 2) New mail arrives, and the new message is - given the same queue ID as the message that + 2) New mail arrives, and the new message is + given the same queue ID as the message that postsuper is supposed to delete. The proba- - bility for reusing a deleted queue ID is - about 1 in 2**15 (the number of different + bility for reusing a deleted queue ID is + about 1 in 2**15 (the number of different microsecond values that the system clock can distinguish within a second). - 3) postsuper deletes the new message, instead - of the old message that it should have + 3) postsuper deletes the new message, instead + of the old message that it should have deleted. -h queue_id - Put mail "on hold" so that no attempt is made to - deliver it. Move one message with the named queue + Put mail "on hold" so that no attempt is made to + deliver it. Move one message with the named queue ID from the named mail queue(s) (default: incoming, - active and deferred) to the hold queue. If a + active and deferred) to the hold queue. If a queue_id of - is specified, the program reads queue IDs from standard input. - Specify -h ALL to hold all messages; for example, + Specify -h ALL to hold all messages; for example, specify -h ALL deferred to hold mail in the - deferred queue. As a safety measure, the word ALL + deferred queue. As a safety measure, the word ALL must be specified in upper case. - Note: mail that is put "on hold" will not expire - when its time in the queue exceeds the maxi- + Note: mail that is put "on hold" will not expire + when its time in the queue exceeds the maxi- mal_queue_lifetime setting. -H queue_id Release mail that was put "on hold". Move one mes- - sage with the named queue ID from the named mail + sage with the named queue ID from the named mail queue(s) (default: hold) to the deferred queue. If - a queue_id of - is specified, the program reads + a queue_id of - is specified, the program reads queue IDs from standard input. - Specify -H ALL to release all mail that is "on - hold". As a safety measure, the word ALL must be + Specify -H ALL to release all mail that is "on + hold". As a safety measure, the word ALL must be specified in upper case. - -p Purge old temporary files that are left over after + -p Purge old temporary files that are left over after system or software crashes. -r queue_id - Requeue the message with the named queue ID from - the named mail queue(s) (default: hold, incoming, - active and deferred). To requeue multiple mes- - sages, specify multiple -r command-line options. + Requeue the message with the named queue ID from + the named mail queue(s) (default: hold, incoming, + active and deferred). To requeue multiple mes- + sages, specify multiple -r command-line options. Alternatively, if a queue_id of - is specified, the program reads queue IDs from standard input. Specify -r ALL to requeue all messages. As a safety - measure, the word ALL must be specified in upper + measure, the word ALL must be specified in upper case. - A requeued message is moved to the maildrop queue, - from where it is copied by the pickup daemon to a - new file whose name is guaranteed to match the new + A requeued message is moved to the maildrop queue, + from where it is copied by the pickup daemon to a + new file whose name is guaranteed to match the new queue file inode number. The new queue file is sub- - jected again to mail address rewriting and substi- + jected again to mail address rewriting and substi- tution. This is useful when rewriting rules or vir- tual mappings have changed. - Postfix queue IDs are reused. There is a very + Postfix queue IDs are reused. There is a very small possibility that postsuper requeues the wrong - message file when it is executed while the Postfix + message file when it is executed while the Postfix mail system is running, but no harm should be done. -s Structure check and structure repair. It is highly - recommended to perform this operation once before + recommended to perform this operation once before Postfix startup. - o Rename files whose name does not match the + o Rename files whose name does not match the message file inode number. This operation is - necessary after restoring a mail queue from + necessary after restoring a mail queue from a different machine, or from backup media. o Move queue files that are in the wrong place in the file system hierarchy and remove sub- directories that are no longer needed. File - position rearrangements are necessary after + position rearrangements are necessary after a change in the hash_queue_names and/or hash_queue_depth configuration parameters. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. DIAGNOSTICS - Problems are reported to the standard error stream and to + Problems are reported to the standard error stream and to syslogd. - postsuper reports the number of messages deleted with -d, + postsuper reports the number of messages deleted with -d, the number of messages requeued with -r, and the number of - messages whose queue file name was fixed with -s. The + messages whose queue file name was fixed with -s. The report is written to the standard error stream and to sys- logd. @@ -158,22 +160,26 @@ POSTSUPER(1) POSTSUPER(1) Directory with the main.cf file. BUGS - Mail that is not sanitized by Postfix (i.e. mail in the + Mail that is not sanitized by Postfix (i.e. mail in the maildrop queue) cannot be placed "on hold". CONFIGURATION PARAMETERS - See the Postfix main.cf file for syntax details and for + See the Postfix main.cf file for syntax details and for default values. hash_queue_depth Number of subdirectory levels for hashed queues. hash_queue_names - The names of queues that are organized into multi- + The names of queues that are organized into multi- ple levels of subdirectories. +SEE ALSO + sendmail(1) sendmail-compatible user interface + postqueue(1) unprivileged queue operations + LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/proxymap.8.html b/postfix/html/proxymap.8.html index 96dc9abaf..12dad01ac 100644 --- a/postfix/html/proxymap.8.html +++ b/postfix/html/proxymap.8.html @@ -80,9 +80,9 @@ PROXYMAP(8) PROXYMAP(8) connections. When all servers are busy while a client connects, the master creates a new proxymap server pro- cess, provided that the proxymap server process limit is - not exceeded. Each proxymap server stops accepting new - connections after serving $max_use clients or terminates - after $max_idle seconds of idle time. + not exceeded. Each proxymap server terminates after serv- + ing at least $max_use clients or after $max_idle seconds + of idle time. SECURITY The proxymap server opens only tables that are approved diff --git a/postfix/html/regexp_table.5.html b/postfix/html/regexp_table.5.html index a4e957ef8..624820adb 100644 --- a/postfix/html/regexp_table.5.html +++ b/postfix/html/regexp_table.5.html @@ -90,7 +90,9 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) /^postmaster@/ OK # Protect your outgoing majordomo exploders - /^(.*)-outgoing@(.*)$/!/^owner-/ 550 Use ${1}@${2} instead + if !/^owner-/ + /^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead + endif EXAMPLE HEADER FILTER MAP # These were once common in junk mail. diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index 9705a6732..bc7f10c99 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -81,9 +81,9 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) taneous connections. When all servers are busy while a client connects, the master creates a new server process, provided that the trivial-rewrite server process limit is - not exceeded. Each trivial-rewrite server stops accepting - new connections after serving $max_use clients or termi- - nates after $max_idle seconds of idle time. + not exceeded. Each trivial-rewrite server terminates + after serving at least $max_use clients of after $max_idle + seconds of idle time. STANDARDS None. The command does not interact with the outside diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1 index da8f3d5ee..491bfccbf 100644 --- a/postfix/man/man1/postqueue.1 +++ b/postfix/man/man1/postqueue.1 @@ -17,8 +17,11 @@ Postfix queue control .ad .fi The \fBpostqueue\fR program implements the Postfix user interface -for queue management. It implements all the operations that are +for queue management. It implements operations that are traditionally available via the \fBsendmail\fR(1) command. +See the \fBpostsuper\fR(1) command for queue operations +that require super-user privileges such as deleting a message +from the queue or changing the status of a message. The following options are recognized: .IP "\fB-c \fIconfig_dir\fR" @@ -112,7 +115,8 @@ request and in the \fBsendmail -qR\fR command. .SH SEE ALSO .na .nf -sendmail(8) sendmail-compatible user interface +sendmail(1) sendmail-compatible user interface +postsuper(1) privileged queue operations qmgr(8) queue manager showq(8) list mail queue flush(8) fast flush service diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1 index 4884c7202..cbd50485d 100644 --- a/postfix/man/man1/postsuper.1 +++ b/postfix/man/man1/postsuper.1 @@ -18,6 +18,8 @@ Postfix superintendent .fi The \fBpostsuper\fR command does maintenance jobs on the Postfix queue. Use of the command is restricted to the superuser. +See the \fBpostqueue\fR command for unprivileged queue operations +such as listing or flushing the mail queue. By default, \fBpostsuper\fR performs the operations requested with the \fB-s\fR and \fB-p\fR command-line options on all Postfix queue @@ -176,6 +178,11 @@ Number of subdirectory levels for hashed queues. .IP \fBhash_queue_names\fR The names of queues that are organized into multiple levels of subdirectories. +.SH SEE ALSO +.na +.nf +sendmail(1) sendmail-compatible user interface +postqueue(1) unprivileged queue operations .SH LICENSE .na .nf diff --git a/postfix/man/man5/regexp_table.5 b/postfix/man/man5/regexp_table.5 index 0aa3df518..8b418efe2 100644 --- a/postfix/man/man5/regexp_table.5 +++ b/postfix/man/man5/regexp_table.5 @@ -84,7 +84,9 @@ by whitespace. /^postmaster@/ OK # Protect your outgoing majordomo exploders -/^(.*)-outgoing@(.*)$/!/^owner-/ 550 Use ${1}@${2} instead +if !/^owner-/ +/^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead +endif .SH EXAMPLE HEADER FILTER MAP .na .nf diff --git a/postfix/man/man8/proxymap.8 b/postfix/man/man8/proxymap.8 index 149b2d6e6..b36119748 100644 --- a/postfix/man/man8/proxymap.8 +++ b/postfix/man/man8/proxymap.8 @@ -77,8 +77,8 @@ server. Each server can handle multiple simultaneous connections. When all servers are busy while a client connects, the master creates a new proxymap server process, provided that the proxymap server process limit is not exceeded. -Each proxymap server stops accepting new connections after serving -\fB$max_use\fR clients or terminates after \fB$max_idle\fR seconds +Each proxymap server terminates after serving +at least \fB$max_use\fR clients or after \fB$max_idle\fR seconds of idle time. .SH SECURITY .na diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index 807bcb85e..a768b873e 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -75,8 +75,8 @@ server. Each server can handle multiple simultaneous connections. When all servers are busy while a client connects, the master creates a new server process, provided that the trivial-rewrite server process limit is not exceeded. -Each trivial-rewrite server stops accepting new connections after -serving \fB$max_use\fR clients or terminates after \fB$max_idle\fR +Each trivial-rewrite server terminates after +serving at least \fB$max_use\fR clients of after \fB$max_idle\fR seconds of idle time. .SH STANDARDS .na diff --git a/postfix/proto/regexp_table b/postfix/proto/regexp_table index d275f7b8d..6c7ab4553 100644 --- a/postfix/proto/regexp_table +++ b/postfix/proto/regexp_table @@ -76,7 +76,9 @@ # /^postmaster@/ OK # # # Protect your outgoing majordomo exploders -# /^(.*)-outgoing@(.*)$/!/^owner-/ 550 Use ${1}@${2} instead +# if !/^owner-/ +# /^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead +# endif # EXAMPLE HEADER FILTER MAP # # These were once common in junk mail. # /^Subject: make money fast/ REJECT diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index 5fff20888..b7283fde0 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -316,6 +316,9 @@ static int cleanup_act(CLEANUP_STATE *state, char *context, const char *buf, if (STREQUAL(value, "FILTER", command_len)) { if (*optional_text == 0) { msg_warn("missing FILTER command argument in %s map", map_class); + } else if (strchr(optional_text, ':') == 0) { + msg_warn("bad FILTER command %s in %s, need transport:destination", + optional_text, map_class); } else { if (state->filter) myfree(state->filter); diff --git a/postfix/src/global/dict_proxy.c b/postfix/src/global/dict_proxy.c index 70bc5b87f..67fff08f2 100644 --- a/postfix/src/global/dict_proxy.c +++ b/postfix/src/global/dict_proxy.c @@ -110,6 +110,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key) ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, dict_proxy->in_flags, ATTR_TYPE_STR, MAIL_ATTR_KEY, key, ATTR_TYPE_END) != 0 + || vstream_fflush(stream) || attr_scan(stream, ATTR_FLAG_STRICT, ATTR_TYPE_NUM, MAIL_ATTR_STATUS, &status, ATTR_TYPE_STR, MAIL_ATTR_VALUE, dict_proxy->result, diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 6ff928d0c..31e08b42b 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20030107" +#define MAIL_RELEASE_DATE "20030109" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION "2.0.0-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/resolve_clnt.c b/postfix/src/global/resolve_clnt.c index 698617952..c6f1e2dd5 100644 --- a/postfix/src/global/resolve_clnt.c +++ b/postfix/src/global/resolve_clnt.c @@ -189,6 +189,7 @@ void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply) ATTR_TYPE_STR, MAIL_ATTR_REQ, RESOLVE_ADDR, ATTR_TYPE_STR, MAIL_ATTR_ADDR, addr, ATTR_TYPE_END) != 0 + || vstream_fflush(stream) || attr_scan(stream, ATTR_FLAG_STRICT, ATTR_TYPE_STR, MAIL_ATTR_TRANSPORT, reply->transport, ATTR_TYPE_STR, MAIL_ATTR_NEXTHOP, reply->nexthop, diff --git a/postfix/src/global/rewrite_clnt.c b/postfix/src/global/rewrite_clnt.c index 24bb4d432..2d7606535 100644 --- a/postfix/src/global/rewrite_clnt.c +++ b/postfix/src/global/rewrite_clnt.c @@ -131,6 +131,7 @@ VSTRING *rewrite_clnt(const char *rule, const char *addr, VSTRING *result) ATTR_TYPE_STR, MAIL_ATTR_RULE, rule, ATTR_TYPE_STR, MAIL_ATTR_ADDR, addr, ATTR_TYPE_END) != 0 + || vstream_fflush(stream) || attr_scan(stream, ATTR_FLAG_STRICT, ATTR_TYPE_STR, MAIL_ATTR_ADDR, result, ATTR_TYPE_END) != 1) { diff --git a/postfix/src/global/verify_clnt.c b/postfix/src/global/verify_clnt.c index dd7a09156..6ee65183f 100644 --- a/postfix/src/global/verify_clnt.c +++ b/postfix/src/global/verify_clnt.c @@ -122,6 +122,7 @@ int verify_clnt_query(const char *addr, int *addr_status, VSTRING *why) ATTR_TYPE_STR, MAIL_ATTR_REQ, VRFY_REQ_QUERY, ATTR_TYPE_STR, MAIL_ATTR_ADDR, addr, ATTR_TYPE_END) != 0 + || vstream_fflush(stream) || attr_scan(stream, ATTR_FLAG_MISSING, ATTR_TYPE_NUM, MAIL_ATTR_STATUS, &request_status, ATTR_TYPE_NUM, MAIL_ATTR_ADDR_STATUS, addr_status, diff --git a/postfix/src/master/multi_server.c b/postfix/src/master/multi_server.c index f4d12996d..5e2b48725 100644 --- a/postfix/src/master/multi_server.c +++ b/postfix/src/master/multi_server.c @@ -111,10 +111,6 @@ /* This value is taken from the global \fBmain.cf\fR configuration /* file. Setting \fBvar_use_limit\fR to zero disables the client limit. /* -/* When the use count reaches the use limit, the process no longer -/* accepts new connections. Once all existing clients disconnect the -/* process terminates. -/* /* The var_idle_limit variable limits the time that a service /* receives no client connection requests before it commits suicide. /* This value is taken from the global \fBmain.cf\fR configuration @@ -241,6 +237,7 @@ void multi_server_disconnect(VSTREAM *stream) event_disable_readwrite(vstream_fileno(stream)); (void) vstream_fclose(stream); client_count--; + use_count++; } /* multi_server_execute - in case (char *) != (struct *) */ @@ -258,10 +255,10 @@ static void multi_server_execute(int unused_event, char *context) * Do not bother the application when the client disconnected. */ if (peekfd(vstream_fileno(stream)) > 0) { - if (var_use_limit >= 0 && master_notify(var_pid, MASTER_STAT_TAKEN) < 0) + if (master_notify(var_pid, MASTER_STAT_TAKEN) < 0) multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT); multi_server_service(stream, multi_server_name, multi_server_argv); - if (var_use_limit >= 0 && master_notify(var_pid, MASTER_STAT_AVAIL) < 0) + if (master_notify(var_pid, MASTER_STAT_AVAIL) < 0) multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT); } else { multi_server_disconnect(stream); @@ -291,7 +288,6 @@ static void multi_server_wakeup(int fd) non_blocking(fd, BLOCKING); close_on_exec(fd, CLOSE_ON_EXEC); client_count++; - use_count++; stream = vstream_fdopen(fd, O_RDWR); tmp = concatenate(multi_server_name, " socket", (char *) 0); vstream_control(stream, VSTREAM_CTL_PATH, tmp, VSTREAM_CTL_END); @@ -682,43 +678,7 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...) /* * The event loop, at last. */ - for (;;) { - - /* - * When the use count reaches the use limit, notify the master daemon - * that we are no longer listening, close the listen sockets, and - * dispose of the accept lock if any. A use_limit < 0 indicates that - * the client limit was reached. - */ - if (var_use_limit > 0 && use_count >= var_use_limit) { - if (msg_verbose) - msg_info("use limit reached -- closing listen socket"); - if (master_notify(var_pid, MASTER_STAT_TAKEN) < 0) - multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT); - for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) { - event_disable_readwrite(fd); - (void) close(fd); - } - if (multi_server_lock != 0) { - (void) vstream_fclose(multi_server_lock); - multi_server_lock = 0; - } - var_use_limit = -1; - } - - /* - * Terminate if the client limit was reached and no connections remain. - */ - if (var_use_limit < 0 && client_count == 0) { - if (msg_verbose) - msg_info("all clients disconnected -- exiting"); - break; - } - - /* - * Grab the optional accept lock, do some optional idle processing, - * and wait for the next event. - */ + while (var_use_limit == 0 || use_count < var_use_limit || client_count > 0) { if (multi_server_lock != 0) { watchdog_stop(watchdog); if (myflock(vstream_fileno(multi_server_lock), INTERNAL_LOCK, diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c index 41b15b44c..5189518b4 100644 --- a/postfix/src/postqueue/postqueue.c +++ b/postfix/src/postqueue/postqueue.c @@ -11,8 +11,11 @@ /* \fBpostqueue\fR [\fB-c \fIconfig_dir\fR] \fB-s \fIsite\fR /* DESCRIPTION /* The \fBpostqueue\fR program implements the Postfix user interface -/* for queue management. It implements all the operations that are +/* for queue management. It implements operations that are /* traditionally available via the \fBsendmail\fR(1) command. +/* See the \fBpostsuper\fR(1) command for queue operations +/* that require super-user privileges such as deleting a message +/* from the queue or changing the status of a message. /* /* The following options are recognized: /* .IP "\fB-c \fIconfig_dir\fR" @@ -94,7 +97,8 @@ /* specifies the domains that Postfix accepts in the SMTP \fBETRN\fR /* request and in the \fBsendmail -qR\fR command. /* SEE ALSO -/* sendmail(8) sendmail-compatible user interface +/* sendmail(1) sendmail-compatible user interface +/* postsuper(1) privileged queue operations /* qmgr(8) queue manager /* showq(8) list mail queue /* flush(8) fast flush service diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c index 1565d2a17..3247a2c00 100644 --- a/postfix/src/postsuper/postsuper.c +++ b/postfix/src/postsuper/postsuper.c @@ -12,6 +12,8 @@ /* DESCRIPTION /* The \fBpostsuper\fR command does maintenance jobs on the Postfix /* queue. Use of the command is restricted to the superuser. +/* See the \fBpostqueue\fR command for unprivileged queue operations +/* such as listing or flushing the mail queue. /* /* By default, \fBpostsuper\fR performs the operations requested with the /* \fB-s\fR and \fB-p\fR command-line options on all Postfix queue @@ -162,6 +164,9 @@ /* .IP \fBhash_queue_names\fR /* The names of queues that are organized into multiple levels of /* subdirectories. +/* SEE ALSO +/* sendmail(1) sendmail-compatible user interface +/* postqueue(1) unprivileged queue operations /* LICENSE /* .ad /* .fi diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c index 345862e0b..a318a6291 100644 --- a/postfix/src/proxymap/proxymap.c +++ b/postfix/src/proxymap/proxymap.c @@ -69,8 +69,8 @@ /* When all servers are busy while a client connects, the master /* creates a new proxymap server process, provided that the proxymap /* server process limit is not exceeded. -/* Each proxymap server stops accepting new connections after serving -/* \fB$max_use\fR clients or terminates after \fB$max_idle\fR seconds +/* Each proxymap server terminates after serving +/* at least \fB$max_use\fR clients or after \fB$max_idle\fR seconds /* of idle time. /* SECURITY /* .ad @@ -359,7 +359,8 @@ static void post_jail_init(char *unused_name, char **unused_argv) do { type_name += PROXY_COLON_LEN; } while (!strncmp(type_name, PROXY_COLON, PROXY_COLON_LEN)); - if (htable_locate(proxy_read_maps, type_name) == 0) + if (strchr(type_name, ':') != 0 + && htable_locate(proxy_read_maps, type_name) == 0) (void) htable_enter(proxy_read_maps, type_name, (char *) 0); } myfree(saved_filter); diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 7e3e5ca8e..4761d1256 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -1758,6 +1758,10 @@ static int check_table_result(SMTPD_STATE *state, const char *table, msg_warn("access map %s entry %s has FILTER entry without value", table, datum); return (SMTPD_CHECK_DUNNO); + } else if (strchr(cmd_text, ':') == 0) { + msg_warn("access map %s entry %s requires transport:destination", + table, datum); + return (SMTPD_CHECK_DUNNO); } else { vstring_sprintf(error_text, "<%s>: %s triggers FILTER %s", reply_name, reply_class, cmd_text); diff --git a/postfix/src/trivial-rewrite/transport.c b/postfix/src/trivial-rewrite/transport.c index 504a777d0..28abcb63a 100644 --- a/postfix/src/trivial-rewrite/transport.c +++ b/postfix/src/trivial-rewrite/transport.c @@ -294,6 +294,8 @@ int transport_lookup(const char *addr, const char *rcpt_domain, /* * Fall back to the wild-card entry. */ + if (transport_errno) + transport_wildcard_init(); if (transport_errno) { dict_errno = transport_errno; RETURN_FREE(NOTFOUND); diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index 60948ec95..759e8e317 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -65,8 +65,8 @@ /* When all servers are busy while a client connects, the master /* creates a new server process, provided that the trivial-rewrite /* server process limit is not exceeded. -/* Each trivial-rewrite server stops accepting new connections after -/* serving \fB$max_use\fR clients or terminates after \fB$max_idle\fR +/* Each trivial-rewrite server terminates after +/* serving at least \fB$max_use\fR clients of after \fB$max_idle\fR /* seconds of idle time. /* STANDARDS /* .ad