From: Wietse Venema <wietse@porcupine.org>
Date: Mon, 6 Oct 2008 05:00:00 +0000 (-0500)
Subject: postfix-2.6-20081006
X-Git-Tag: v2.6.0-RC1~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a5e8ef81225c1be1d5aabbb3e5261d9b8a33790;p=thirdparty%2Fpostfix.git

postfix-2.6-20081006
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 76772ac85..f78a25e96 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -14683,3 +14683,15 @@ Apologies for any names omitted.
 	The XFORWARD specification of the ADDR attribute did not
 	agree with the actual on-the-wire protocol. The spec has
 	been updated. File: proto/XFORWARD_README.html.
+
+20081006
+
+	Further refinements to the handling of remote client
+	attributes.  Introduced a dummy "we have forwarded client
+	info" record, to eliminate the need for the backwards
+	incompatible queue file change that was introduced 20081003.
+	Files: smtpd/smtpd.c, cleanup/cleanup_envelope.c,
+	*qmgr/qmgr_message.c.
+
+	Hardened the proxymap client, in case it ever ends up in
+	a set-gid program. File: global/dict_proxy.c.
diff --git a/postfix/README_FILES/STRESS_README b/postfix/README_FILES/STRESS_README
index 11f519088..576613726 100644
--- a/postfix/README_FILES/STRESS_README
+++ b/postfix/README_FILES/STRESS_README
@@ -122,7 +122,7 @@ SSppeenndd lleessss ttiimmee ppeerr SSMMTTPP cclliieenn
 When increasing the number of SMTP server processes is not practical, you can
 improve Postfix server responsiveness by eliminating unnecessary work. When
 Postfix spends less time per SMTP session, the same number of SMTP server
-processes can service more clients.
+processes can service more clients in the same amount of time.
 
   * Eliminate non-functional RBL lookups (blocklists that are no longer in
     operation). These lookups can degrade performance. Postfix logs a warning
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 19c4d689c..58fd83e58 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -24,19 +24,6 @@ with a remote submission from a client with an unknown hostname,
 the $client_hostname attribute now correctly expands into "unknown"
 instead of the empty string.
 
-There is a minor change in the way that XFORWARD attributes are
-stored in queue files. These attributes are used to propagate remote
-client information through an SMTP-based content filter. If you
-don't use such filters, then the following incompatibility does not
-affect your system.
-
-If you downgrade from this Postfix version to an older version while
-you still have new local submissions in the mail queue, the older
-Postfix cleanup server may log "spurious null attribute value"
-warnings when it processes queue files from the newer Postfix
-version.  The older cleanup server will ignore the null-valued
-attributes. Thus, no harm will be done.
-
 Incompatibility with snapshot 20080814
 ======================================
 
diff --git a/postfix/html/STRESS_README.html b/postfix/html/STRESS_README.html
index 4803d5388..809f1c4f3 100644
--- a/postfix/html/STRESS_README.html
+++ b/postfix/html/STRESS_README.html
@@ -182,7 +182,8 @@ Issue a "postfix reload" command to make the change effective.  </p>
 <p> When increasing the number of SMTP server processes is not
 practical, you can improve Postfix server responsiveness by eliminating
 unnecessary work. When Postfix spends less time per SMTP session, the
-same number of SMTP server processes can service more clients. </p>
+same number of SMTP server processes can service more clients in the
+same amount of time. </p>
 
 <ul>
 
diff --git a/postfix/proto/STRESS_README.html b/postfix/proto/STRESS_README.html
index bedbf465c..32744ffd2 100644
--- a/postfix/proto/STRESS_README.html
+++ b/postfix/proto/STRESS_README.html
@@ -182,7 +182,8 @@ Issue a "postfix reload" command to make the change effective.  </p>
 <p> When increasing the number of SMTP server processes is not
 practical, you can improve Postfix server responsiveness by eliminating
 unnecessary work. When Postfix spends less time per SMTP session, the
-same number of SMTP server processes can service more clients. </p>
+same number of SMTP server processes can service more clients in the
+same amount of time. </p>
 
 <ul>
 
diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c
index 2e91df4d0..4a7b8cd1a 100644
--- a/postfix/src/cleanup/cleanup_envelope.c
+++ b/postfix/src/cleanup/cleanup_envelope.c
@@ -176,14 +176,11 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
 	    state->errs |= CLEANUP_STAT_BAD;
 	    return;
 	}
-#if 0
-	/* Zero-length values are place holders for unavailable values. */
 	if (*attr_value == 0) {
 	    msg_warn("%s: spurious null attribute value for \"%s\" -- ignored",
 		     state->queue_id, attr_name);
 	    return;
 	}
-#endif
 	if ((junk = rec_attr_map(attr_name)) != 0) {
 	    mapped_buf = attr_value;
 	    mapped_type = junk;
@@ -468,9 +465,7 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
 		return;
 	    }
 	}
-	/* Zero-length values are place holders for non-existent values. */
-	if (*attr_value)
-	    nvtable_update(state->attr, attr_name, attr_value);
+	nvtable_update(state->attr, attr_name, attr_value);
 	cleanup_out(state, type, buf, len);
 	return;
     } else {
diff --git a/postfix/src/global/dict_proxy.c b/postfix/src/global/dict_proxy.c
index 78a5dd73e..5d0a11a61 100644
--- a/postfix/src/global/dict_proxy.c
+++ b/postfix/src/global/dict_proxy.c
@@ -308,7 +308,7 @@ DICT   *dict_proxy_open(const char *map, int open_flags, int dict_flags)
     int     server_flags;
     int     status;
     const char *service;
-    char   *relative_path;
+    char   *chroot_path;
     char   *kludge = 0;
     char   *prefix;
     CLNT_STREAM **pstream;
@@ -342,10 +342,10 @@ DICT   *dict_proxy_open(const char *map, int open_flags, int dict_flags)
 		  map, DICT_TYPE_PROXY);
 
     if (*pstream == 0) {
-	relative_path = concatenate(MAIL_CLASS_PRIVATE "/",
+	chroot_path = concatenate("/" MAIL_CLASS_PRIVATE "/",
 				    service, (char *) 0);
-	if (access(relative_path, F_OK) == 0)
-	    prefix = MAIL_CLASS_PRIVATE;
+	if (access(chroot_path, F_OK) == 0)
+	    prefix = "/" MAIL_CLASS_PRIVATE;
 	else
 	    prefix = kludge = concatenate(var_queue_dir, "/",
 					  MAIL_CLASS_PRIVATE, (char *) 0);
@@ -353,7 +353,7 @@ DICT   *dict_proxy_open(const char *map, int open_flags, int dict_flags)
 				      var_ipc_ttl_limit);
 	if (kludge)
 	    myfree(kludge);
-	myfree(relative_path);
+	myfree(chroot_path);
     }
 
     /*
diff --git a/postfix/src/global/mail_proto.h b/postfix/src/global/mail_proto.h
index 251595214..a3a9fde6a 100644
--- a/postfix/src/global/mail_proto.h
+++ b/postfix/src/global/mail_proto.h
@@ -174,7 +174,7 @@ extern char *mail_pathname(const char *, const char *);
 #define MAIL_ATTR_LOG_CLIENT_PORT "log_client_port"	/* client port */
 #define MAIL_ATTR_LOG_HELO_NAME	"log_helo_name"	/* SMTP helo name */
 #define MAIL_ATTR_LOG_PROTO_NAME "log_protocol_name"	/* SMTP/ESMTP/QMQP */
-#define MAIL_ATTR_LOG_ORIGIN	"log_message_origin"	/* name[addr]:port */
+#define MAIL_ATTR_LOG_CLIENT_DUMMY "log_client_dummy"	/* none of the above */
 
 #define MAIL_ATTR_ACT_CLIENT	"client"/* client name addr */
 #define MAIL_ATTR_ACT_CLIENT_NAME "client_name"	/* client name */
@@ -187,6 +187,11 @@ extern char *mail_pathname(const char *, const char *);
 #define MAIL_ATTR_ACT_FORWARD_CLIENT_NAME "forward_client_name"
 
 #define MAIL_ATTR_PROTO_STATE	"protocol_state"	/* MAIL/RCPT/... */
+
+ /*
+  * Local submissions do not provide an origin record.
+  */
+#define MAIL_ATTR_LOG_ORIGIN	"log_message_origin"	/* name[addr]:port */
 #define MAIL_ATTR_ORG_NONE	"unknown"	/* origin unknown */
 #define MAIL_ATTR_ORG_LOCAL	"local"	/* local submission */
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 06af0b44d..2c22d40fd 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20081005"
+#define MAIL_RELEASE_DATE	"20081006"
 #define MAIL_VERSION_NUMBER	"2.6"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c
index b3a7b15a1..8d738d4b7 100644
--- a/postfix/src/oqmgr/qmgr_message.c
+++ b/postfix/src/oqmgr/qmgr_message.c
@@ -662,6 +662,8 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
 		    myfree(message->client_helo);
 		message->client_helo = mystrdup(value);
 		have_log_client_attr = 1;
+	    } else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_DUMMY) == 0) {
+		have_log_client_attr = 1;
 	    } else if (strcmp(name, MAIL_ATTR_SASL_METHOD) == 0) {
 		if (message->sasl_method == 0)
 		    message->sasl_method = mystrdup(value);
diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c
index 24a981ed7..4b1a26d9c 100644
--- a/postfix/src/qmgr/qmgr_message.c
+++ b/postfix/src/qmgr/qmgr_message.c
@@ -703,6 +703,8 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
 		    myfree(message->client_helo);
 		message->client_helo = mystrdup(value);
 		have_log_client_attr = 1;
+	    } else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_DUMMY) == 0) {
+		have_log_client_attr = 1;
 	    } else if (strcmp(name, MAIL_ATTR_SASL_METHOD) == 0) {
 		if (message->sasl_method == 0)
 		    message->sasl_method = mystrdup(value);
diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c
index a4d1a00a1..30bc49d7b 100644
--- a/postfix/src/qmqpd/qmqpd.c
+++ b/postfix/src/qmqpd/qmqpd.c
@@ -334,12 +334,15 @@ static void qmqpd_write_attributes(QMQPD_STATE *state)
      */
     rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 		MAIL_ATTR_ACT_CLIENT_NAME, state->name);
+    /* XXX Backwards compatibility: include IPv6: prefix. */
     rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 		MAIL_ATTR_ACT_CLIENT_ADDR, state->rfc_addr);
     rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 		MAIL_ATTR_ACT_CLIENT_PORT, state->port);
     rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%u",
 		MAIL_ATTR_ACT_CLIENT_AF, state->addr_family);
+    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+                MAIL_ATTR_ACT_PROTO_NAME, state->protocol);
 }
 
 /* qmqpd_copy_recipients - copy message recipients */
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 340d504ae..e55814706 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -1776,6 +1776,8 @@ static int mail_open_stream(SMTPD_STATE *state)
 		    /* XXX Backwards compatibility: include IPv6: prefix. */
 		    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 		       MAIL_ATTR_LOG_CLIENT_ADDR, state->xforward.rfc_addr);
+		    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			     MAIL_ATTR_LOG_ORIGIN, state->xforward.namaddr);
 		    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
 			   MAIL_ATTR_LOG_CLIENT_PORT, state->xforward.port);
 		    if (state->xforward.helo_name)
@@ -1786,16 +1788,13 @@ static int mail_open_stream(SMTPD_STATE *state)
 		} else {
 		    /* Local submission. See also qmgr_message_read(). */
 		    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			 MAIL_ATTR_LOG_CLIENT_ADDR, MAIL_ATTR_VAL_NONEXIST);
+				MAIL_ATTR_LOG_CLIENT_DUMMY, "dummy");
 		}
+	    } else {
+		rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+			    MAIL_ATTR_LOG_ORIGIN, state->namaddr);
 	    }
 
-	    /*
-	     * Logging attribute for the Postfix 2.3+ cleanup server.
-	     */
-	    rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
-			MAIL_ATTR_LOG_ORIGIN, FORWARD_NAMADDR(state));
-
 	    /*
 	     * Attributes with actual client information. These are used by
 	     * the smtpd Milter client for policy decisions. Mail that is