From: Wietse Venema Date: Sat, 6 Oct 2007 05:00:00 +0000 (-0500) Subject: postfix-2.5-20071006 X-Git-Tag: v2.5.0-RC1~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b6c9760e8f2f44bd2f26831bcf58df52b9bda80;p=thirdparty%2Fpostfix.git postfix-2.5-20071006 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 1fd2f8758..76ef2cb7f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13756,3 +13756,18 @@ Apologies for any names omitted. Feature: per-command delays in smtp-sink. File: smtpstone/smtp-sink.c. Victor Duchovni. + +20071006 + + Cleanup: updated a bunch of hard-coded host[addr] logging + statements. Files: smtpd/smtpd.c, smtpd/smtpd_chat.c, + smtpd/smtpd_sasl_glue.c. + + Cleanup: client port logging is now configurable (off by + default). Parameters: smtpd_client_port_logging and + qmqpd_client_port_logging. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + + Cleanup: send client port information "0" instead of "unknown" + to Milter applications. Files: smtpd/smtpd.c, smtpd/smtpd_milter.c, + cleanup/cleanup_milter.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index ceb73dee8..30c45f92d 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,5 +1,8 @@ Wish list: + Make event_drain() a proper event loop; update the zero mask, + and don't ignore a non-empty timer queue. + Combine smtpd_peer.c and qmqpd_peer.c into a single function that produces a client context object, and provide attribute print/scan routines that pass these client context objects diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 8886ee9e8..77e571316 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -5999,6 +5999,18 @@ Example: + + +
qmqpd_client_port_logging +(default: no)
+ +

Enable logging of the remote QMQP client port in addition to +the hostname and IP address. The logging format is "host[address]:port". +

+ +

This feature is available in Postfix 2.5 and later.

+ +
qmqpd_error_delay @@ -9207,6 +9219,18 @@ Example: + + +
smtpd_client_port_logging +(default: no)
+ +

Enable logging of the remote SMTP client port in addition to +the hostname and IP address. The logging format is "host[address]:port". +

+ +

This feature is available in Postfix 2.5 and later.

+ +
smtpd_client_recipient_rate_limit diff --git a/postfix/html/qmqpd.8.html b/postfix/html/qmqpd.8.html index 9583cc1a0..9b877bd67 100644 --- a/postfix/html/qmqpd.8.html +++ b/postfix/html/qmqpd.8.html @@ -134,21 +134,25 @@ QMQPD(8) QMQPD(8) What clients are allowed to connect to the QMQP server port. + qmqpd_client_port_logging (no) + Enable logging of the remote QMQP client port in + addition to the hostname and IP address. + queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line + The characters Postfix accepts as VERP delimiter + characters on the Postfix sendmail(1) command line and in SMTP commands. SEE ALSO @@ -161,7 +165,7 @@ QMQPD(8) QMQPD(8) QMQP_README, Postfix ezmlm-idx howto. LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. HISTORY diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index ca03ac772..1c80ad954 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -1123,6 +1123,12 @@ SMTPD(8) SMTPD(8) server to immediately terminate the session with a 221 code. + Available in Postfix version 2.5 and later: + + smtpd_client_port_logging (no) + Enable logging of the remote SMTP client port in + addition to the hostname and IP address. + SEE ALSO anvil(8), connection/rate limiting cleanup(8), message canonicalization @@ -1150,7 +1156,7 @@ SMTPD(8) SMTPD(8) XFORWARD_README, Postfix XFORWARD extension LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index d4275b695..2c41ca371 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3287,6 +3287,11 @@ qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24 .fi .ad .ft R +.SH qmqpd_client_port_logging (default: no) +Enable logging of the remote QMQP client port in addition to +the hostname and IP address. The logging format is "host[address]:port". +.PP +This feature is available in Postfix 2.5 and later. .SH qmqpd_error_delay (default: 1s) How long the QMQP server will pause before sending a negative reply to the client. The purpose is to slow down confused or malicious @@ -5433,6 +5438,11 @@ smtpd_client_new_tls_session_rate_limit = 100 .fi .ad .ft R +.SH smtpd_client_port_logging (default: no) +Enable logging of the remote SMTP client port in addition to +the hostname and IP address. The logging format is "host[address]:port". +.PP +This feature is available in Postfix 2.5 and later. .SH smtpd_client_recipient_rate_limit (default: 0) The maximal number of recipient addresses that any client is allowed to send to this service per time unit, regardless of whether or not diff --git a/postfix/man/man8/qmqpd.8 b/postfix/man/man8/qmqpd.8 index 6ca72e751..b9e0a231c 100644 --- a/postfix/man/man8/qmqpd.8 +++ b/postfix/man/man8/qmqpd.8 @@ -130,6 +130,9 @@ The process ID of a Postfix command or daemon process. The process name of a Postfix command or daemon process. .IP "\fBqmqpd_authorized_clients (empty)\fR" What clients are allowed to connect to the QMQP server port. +.IP "\fBqmqpd_client_port_logging (no)\fR" +Enable logging of the remote QMQP client port in addition to +the hostname and IP address. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index fb7e606f1..595354b06 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -883,6 +883,11 @@ Available in Postfix version 2.2 and later: .IP "\fBsmtpd_forbidden_commands (CONNECT, GET, POST)\fR" List of commands that causes the Postfix SMTP server to immediately terminate the session with a 221 code. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtpd_client_port_logging (no)\fR" +Enable logging of the remote SMTP client port in addition to +the hostname and IP address. .SH "SEE ALSO" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index ae6d162e6..34421491a 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -447,6 +447,7 @@ while (<>) { s;\bsmtpd_client_event_limit_exceptions\b;$&;g; s;\bsmtpd_client_connection_rate_limit\b;$&;g; s;\bsmtpd_client_message_rate_limit\b;$&;g; + s;\bsmtpd_client_port_logging\b;$&;g; s;\bsmtpd_client_recipient_rate_limit\b;$&;g; s;\bsmtpd_client_new_tls_session_rate_limit\b;$&;g; s;\bsmtpd_client_restrictions\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 7f4b36f7e..bc5ed79b4 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -10617,3 +10617,19 @@ to the SASL authcid, but this causes inter-operability problems with some SMTP servers.

This feature is available in Postfix 2.4.4 and later.

+ +%PARAM smtpd_client_port_logging no + +

Enable logging of the remote SMTP client port in addition to +the hostname and IP address. The logging format is "host[address]:port". +

+ +

This feature is available in Postfix 2.5 and later.

+ +%PARAM qmqpd_client_port_logging no + +

Enable logging of the remote QMQP client port in addition to +the hostname and IP address. The logging format is "host[address]:port". +

+ +

This feature is available in Postfix 2.5 and later.

diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index cb30af472..e4e575c72 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -1270,6 +1270,10 @@ static const char *cleanup_milter_eval(const char *name, void *ptr) /* * Connect macros. */ +#ifndef CLIENT_ATTR_UNKNOWN +#define CLIENT_ATTR_UNKNOWN "unknown" +#endif + if (strcmp(name, S8_MAC__) == 0) { vstring_sprintf(state->temp1, "%s [%s]", state->reverse_name, state->client_addr); @@ -1284,7 +1288,9 @@ static const char *cleanup_milter_eval(const char *name, void *ptr) if (strcmp(name, S8_MAC_CLIENT_NAME) == 0) return (state->client_name); if (strcmp(name, S8_MAC_CLIENT_PORT) == 0) - return (state->client_port); + return (state->client_port + && strcmp(state->client_port, CLIENT_ATTR_UNKNOWN) ? + state->client_port : "0"); if (strcmp(name, S8_MAC_CLIENT_PTR) == 0) return (state->reverse_name); diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index ad7741841..bbae895c7 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2791,6 +2791,17 @@ extern char *var_milt_v; #define DEF_INT_FILT_CLASSES "" extern char *var_int_filt_classes; + /* + * This could break logfile processors, so it's off by default. + */ +#define VAR_SMTPD_CLIENT_PORT_LOG "smtpd_client_port_logging" +#define DEF_SMTPD_CLIENT_PORT_LOG 0 +extern bool var_smtpd_client_port_log; + +#define VAR_QMQPD_CLIENT_PORT_LOG "qmqpd_client_port_logging" +#define DEF_QMQPD_CLIENT_PORT_LOG 0 +extern bool var_qmqpd_client_port_log; + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index eeb6dca29..ec6dc4381 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20071004" +#define MAIL_RELEASE_DATE "20071006" #define MAIL_VERSION_NUMBER "2.5" #ifdef SNAPSHOT diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c index b88d5a459..c73a7d59e 100644 --- a/postfix/src/qmqpd/qmqpd.c +++ b/postfix/src/qmqpd/qmqpd.c @@ -106,6 +106,9 @@ /* The process name of a Postfix command or daemon process. /* .IP "\fBqmqpd_authorized_clients (empty)\fR" /* What clients are allowed to connect to the QMQP server port. +/* .IP "\fBqmqpd_client_port_logging (no)\fR" +/* Enable logging of the remote QMQP client port in addition to +/* the hostname and IP address. /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" @@ -200,6 +203,7 @@ int var_qmqpd_err_sleep; char *var_filter_xport; char *var_qmqpd_clients; char *var_input_transp; +bool var_qmqpd_client_port_log; /* * Silly little macros. @@ -782,6 +786,10 @@ int main(int argc, char **argv) VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0, 0, }; + static CONFIG_BOOL_TABLE bool_table[] = { + VAR_QMQPD_CLIENT_PORT_LOG, DEF_QMQPD_CLIENT_PORT_LOG, &var_qmqpd_client_port_log, + 0, + }; /* * Fingerprint executables and core dumps. diff --git a/postfix/src/qmqpd/qmqpd_peer.c b/postfix/src/qmqpd/qmqpd_peer.c index f0c6cc66e..f026c9e86 100644 --- a/postfix/src/qmqpd/qmqpd_peer.c +++ b/postfix/src/qmqpd/qmqpd_peer.c @@ -276,8 +276,9 @@ void qmqpd_peer_init(QMQPD_STATE *state) * Do the name[addr]:port formatting for pretty reports. */ state->namaddr = - concatenate(state->name, "[", state->addr, - "]:", state->port, (char *) 0); + concatenate(state->name, "[", state->addr, "]", + var_qmqpd_client_port_log ? ":" : (char *) 0, + state->port, (char *) 0); } /* qmqpd_peer_reset - destroy peer information */ diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 91230cc06..58a1f3b17 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -829,6 +829,11 @@ /* .IP "\fBsmtpd_forbidden_commands (CONNECT, GET, POST)\fR" /* List of commands that causes the Postfix SMTP server to immediately /* terminate the session with a 221 code. +/* .PP +/* Available in Postfix version 2.5 and later: +/* .IP "\fBsmtpd_client_port_logging (no)\fR" +/* Enable logging of the remote SMTP client port in addition to +/* the hostname and IP address. /* SEE ALSO /* anvil(8), connection/rate limiting /* cleanup(8), message canonicalization @@ -1124,6 +1129,7 @@ char *var_milt_rcpt_macros; char *var_milt_data_macros; char *var_milt_eod_macros; char *var_milt_unk_macros; +bool var_smtpd_client_port_log; /* * Silly little macros. @@ -1228,8 +1234,8 @@ static int sasl_client_exception(SMTPD_STATE *state) state->name, state->addr); if (msg_verbose) - msg_info("sasl_exceptions: %s[%s], match=%d", - state->name, state->addr, match); + msg_info("sasl_exceptions: %s, match=%d", + state->namaddr, match); return (match); } @@ -3933,8 +3939,8 @@ static void smtpd_proto(SMTPD_STATE *state) switch (status) { default: - msg_panic("smtpd_proto: unknown error reading from %s[%s]", - state->name, state->addr); + msg_panic("smtpd_proto: unknown error reading from %s", + state->namaddr); break; case SMTP_ERR_TIME: @@ -4055,7 +4061,9 @@ static void smtpd_proto(SMTPD_STATE *state) milter_macro_callback(smtpd_milters, smtpd_milter_eval, (void *) state); if ((err = milter_conn_event(smtpd_milters, state->name, - state->addr, state->port, + state->addr, + strcmp(state->port, CLIENT_PORT_UNKNOWN) ? + state->port : "0", state->addr_family)) != 0) err = check_milter_reply(state, err); } @@ -4191,13 +4199,13 @@ static void smtpd_proto(SMTPD_STATE *state) */ if (state->reason && state->where) { if (strcmp(state->where, SMTPD_CMD_DATA) == 0) { - msg_info("%s after %s (%lu bytes) from %s[%s]", + msg_info("%s after %s (%lu bytes) from %s", state->reason, state->where, (long) state->act_size, - state->name, state->addr); + state->namaddr); } else if (strcmp(state->where, SMTPD_AFTER_DOT) || strcmp(state->reason, REASON_LOST_CONNECTION)) { - msg_info("%s after %s from %s[%s]", - state->reason, state->where, state->name, state->addr); + msg_info("%s after %s from %s", + state->reason, state->where, state->namaddr); } } @@ -4640,6 +4648,7 @@ int main(int argc, char **argv) #endif VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup, VAR_SMTPD_DELAY_OPEN, DEF_SMTPD_DELAY_OPEN, &var_smtpd_delay_open, + VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log, 0, }; static CONFIG_STR_TABLE str_table[] = { diff --git a/postfix/src/smtpd/smtpd_chat.c b/postfix/src/smtpd/smtpd_chat.c index d37efd99c..861192863 100644 --- a/postfix/src/smtpd/smtpd_chat.c +++ b/postfix/src/smtpd/smtpd_chat.c @@ -127,12 +127,12 @@ void smtpd_chat_query(SMTPD_STATE *state) last_char = smtp_get(state->buffer, state->client, var_line_limit); smtp_chat_append(state, "In: "); if (last_char != '\n') - msg_warn("%s[%s]: request longer than %d: %.30s...", - state->name, state->addr, var_line_limit, + msg_warn("%s: request longer than %d: %.30s...", + state->namaddr, var_line_limit, printable(STR(state->buffer), '?')); if (msg_verbose) - msg_info("< %s[%s]: %s", state->name, state->addr, STR(state->buffer)); + msg_info("< %s: %s", state->namaddr, STR(state->buffer)); } /* smtpd_chat_reply - format, send and record an SMTP response */ @@ -154,7 +154,7 @@ void smtpd_chat_reply(SMTPD_STATE *state, const char *format,...) smtp_chat_append(state, "Out: "); if (msg_verbose) - msg_info("> %s[%s]: %s", state->name, state->addr, STR(state->buffer)); + msg_info("> %s: %s", state->namaddr, STR(state->buffer)); /* * Slow down clients that make errors. Sleep-on-anything slows down @@ -236,8 +236,8 @@ void smtpd_chat_notify(SMTPD_STATE *state) post_mail_fprintf(notice, "From: %s (Mail Delivery System)", mail_addr_mail_daemon()); post_mail_fprintf(notice, "To: %s (Postmaster)", var_error_rcpt); - post_mail_fprintf(notice, "Subject: %s SMTP server: errors from %s[%s]", - var_mail_name, state->name, state->addr); + post_mail_fprintf(notice, "Subject: %s SMTP server: errors from %s", + var_mail_name, state->namaddr); post_mail_fputs(notice, ""); post_mail_fputs(notice, "Transcript of session follows."); post_mail_fputs(notice, ""); diff --git a/postfix/src/smtpd/smtpd_milter.c b/postfix/src/smtpd/smtpd_milter.c index 7e3546e4d..356debed5 100644 --- a/postfix/src/smtpd/smtpd_milter.c +++ b/postfix/src/smtpd/smtpd_milter.c @@ -93,7 +93,7 @@ const char *smtpd_milter_eval(const char *name, void *ptr) if (strcmp(name, S8_MAC_CLIENT_ADDR) == 0) return (state->rfc_addr); if (strcmp(name, S8_MAC_CLIENT_PORT) == 0) - return (state->port); + return (strcmp(state->port, CLIENT_PORT_UNKNOWN) ? state->port : "0"); if (strcmp(name, S8_MAC_CLIENT_CONN) == 0) { if (state->expand_buf == 0) state->expand_buf = vstring_alloc(10); diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c index dc5ea0d9f..8abfcb0c9 100644 --- a/postfix/src/smtpd/smtpd_peer.c +++ b/postfix/src/smtpd/smtpd_peer.c @@ -374,8 +374,9 @@ void smtpd_peer_init(SMTPD_STATE *state) * Do the name[addr]:port formatting for pretty reports. */ state->namaddr = - concatenate(state->name, "[", state->addr, - "]:", state->port, (char *) 0); + concatenate(state->name, "[", state->addr, "]", + var_smtpd_client_port_log ? ":" : (char *) 0, + state->port, (char *) 0); } /* smtpd_peer_reset - destroy peer information */ diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c index fb87a83bf..87f58053b 100644 --- a/postfix/src/smtpd/smtpd_sasl_glue.c +++ b/postfix/src/smtpd/smtpd_sasl_glue.c @@ -248,15 +248,15 @@ int smtpd_sasl_authenticate(SMTPD_STATE *state, */ smtpd_chat_query(state); if (strcmp(STR(state->buffer), "*") == 0) { - msg_warn("%s[%s]: SASL %s authentication aborted", - state->name, state->addr, sasl_method); + msg_warn("%s: SASL %s authentication aborted", + state->namaddr, sasl_method); smtpd_chat_reply(state, "501 5.7.0 Authentication aborted"); return (-1); } } if (status != XSASL_AUTH_DONE) { - msg_warn("%s[%s]: SASL %s authentication failed: %s", - state->name, state->addr, sasl_method, + msg_warn("%s: SASL %s authentication failed: %s", + state->namaddr, sasl_method, STR(state->sasl_reply)); /* RFC 4954 Section 6. */ smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",