From: Wietse Venema Date: Wed, 26 Dec 2001 05:00:00 +0000 (-0500) Subject: snapshot-20011226 X-Git-Tag: v1.1.0~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c5d1e75cb4c8afe6313648a9965da0ffb713bf4;p=thirdparty%2Fpostfix.git snapshot-20011226 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 16d196a75..c598f3926 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -5799,8 +5799,9 @@ Apologies for any names omitted. Postfix queue file permissions and access methods, in case someone compromises the postfix account. Michael Tokarev, who received the insights from Solar Designer, who tested - Postfix with his "openwatch" kernel module. Files: - master/master_wakeup.c, util/fifo_trigger.c, postfix-script. + Postfix with a kernel module that is paranoid about open() + calls. Files: master/master_wakeup.c, util/fifo_trigger.c, + postfix-script. Convenience: issue a warning instead of aborting when the local machine name is not in fully-qualified domain form. @@ -5824,11 +5825,13 @@ Apologies for any names omitted. Safety: configuration file comments no longer span multiple lines when the next line begins with whitespace; multi-line input is no longer terminated by a comment line, by an all - white space line, or by an empty line. Files: util/readlline.c, - postconf/postconf.c. + white space line, or by an empty line. Michael Tokarev made + the crucial suggestion to simplify the readline routine. + Files: util/readlline.c, postconf/postconf.c. Cleanup: proper detection of big number overflow in EHLO - and MAIL FROM size announcements. Files: global/off_cvt.c, + and MAIL FROM size announcements, with input from Victor + Duchovny, Morgan Stanley. Files: global/off_cvt.c, smtpd/smtpd.c, smtp/smtp_proto.c, util/alldig.c. Forward compatibility: added queue file record types for @@ -5837,6 +5840,16 @@ Apologies for any names omitted. Cleanup: safe_open() now returns sensible errno values so that the fifo_trigger() external interface is restored. +20011225 + + Upgrade: PCRE_README now describes PCRE version 3.x. + + Cleanup: flush SMTPD command history upon receipt of EHLO, + RSET, and upon DATA completion, only if it exceeds + $smtpd_history_flush_threshold lines (default: 100). + Distant derivative of code by Michael Tokarev. File: + smtpd/smtpd.c. + Open problems: Low: after reorganizing configuration parameters, add flags diff --git a/postfix/NFS_README b/postfix/NFS_README index 31c74f968..ac489de7d 100644 --- a/postfix/NFS_README +++ b/postfix/NFS_README @@ -11,14 +11,17 @@ is why Wietse makes no promises about Postfix reliability on NFS. For queue locking, NFS is not an issue because you cannot share Postfix queues between Postfix instances anyawy. -For mailbox locking, some systems such as FreeBSD use flock() by -default (use: ``postconf mailbox_delivery_lock'' to find out about -your system). flock() does not work over NFS. This causes loss of -mail when multiple hosts access the same mailboxes. +For mailbox locking, some systems use flock() by default (use: +``postconf mailbox_delivery_lock'' and ``postconf virtual_mailbox_lock'' +to find out about your system). flock() does not work over NFS. +This causes loss of mail when multiple hosts access the same +mailboxes. In order to have mailbox locking over NFS you have to configure everything to use fcntl() locks for mailbox access (or switch to -maildir style). With Postfix you'd specify: +maildir style, which needs no application-level lock controls). + +To turn on fcntl locks with Postfix you specify: virtual_mailbox_lock = fcntl mailbox_delivery_lock = fcntl @@ -26,9 +29,9 @@ maildir style). With Postfix you'd specify: This is useful only if all mailbox access software uses fcntl() locks. I have no information on how well fcntl() locks work on NFS. -You can also "play safe" and try to throw in username.lock files: +You can also "play safe" and throw in username.lock files: virtual_mailbox_lock = fcntl, dotlock mailbox_delivery_lock = fcntl, dotlock -this is the mix that many packages end up using. +this is the mix that many applications end up using. diff --git a/postfix/PCRE_README b/postfix/PCRE_README index f4f96be65..6437686ae 100644 --- a/postfix/PCRE_README +++ b/postfix/PCRE_README @@ -1,47 +1,48 @@ -To: wietse@porcupine.org (Wietse Venema) -Cc: postfix-users@postfix.org (Postfix users) -Subject: regexp map patch -In-reply-to: Your message of "Thu, 25 Feb 1999 19:51:25 CDT." - <19990226005125.69B3C4596E@spike.porcupine.org> -Date: Tue, 02 Mar 1999 11:04:02 +1100 -From: Andrew McNamara -Message-Id: <19990302000403.074C7ED7D@melang.off.connect.com.au> -Sender: owner-postfix-users@postfix.org -Precedence: bulk -Return-Path: +PCRE (Perl Compatible Regular Expressions) map support +====================================================== -I've written [code] to add a regexp map type. It utilises the PCRE -library (Perl Compatible Regular Expressions), which can be obtained -from: +The optional "pcre" map type allows you to specify regular expressions +with the PERL style notation such as \s for space and \S for +non-space. - ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre +One possible use is to add a restriction to main.cf: -You will need to add -DHAS_PCRE and a -I for the PCRE header to CCARGS, -and add the path to the PCRE library to AUXLIBS, for example: + smtpd_recipient_restrictions = ... pcre:/opt/postfix/etc/smtprecipient ... - make -f Makefile.init makefiles 'CCARGS=-DHAS_PCRE -I../../../pcre-2.08' \ - 'AUXLIBS=../../../pcre-2.08/libpcre.a' +The regular expressions are read from the file specified - sample +regexp patterns are shown in the Postfix pcre_table(5) manual page. -[note: pcre versions before 2.06 are no longer compatible -- Wietse] +Building Postfix with PCRE support +================================== -One possible use is to add a line to main.cf: +In the future, Postfix will have a plug-in interface for adding +map types. Until then you need to compile PCRE support into Postfix. - smtpd_recipient_restrictions = pcre:/opt/postfix/etc/smtprecipient +You need the PCRE library (Perl Compatible Regular Expressions), +which can be obtained from: -The regular expressions are read from the file specified and compiled - -a sample regexp file for this usage is included in the patch. + ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ -Any feedback is appreciated (from Wietse in particular :-). Have -fun. +Postfix was tested with PCRE versions 2.8 and 3.7. -[I've changed the code so that it can be used for other Postfix -table lookups, not just for junk mail control. In particular, -regular expressions in canonical tables could be very useful. +In order to build Postfix with PCRE support you need to add -DHAS_PCRE +and a -I for the PCRE include file to CCARGS, and add the path to the +PCRE library to AUXLIBS, for example: -For the sake of robustness, I have disabled the matching of partial -addresses (user@, domain, user, @domain) that is normally done with -Postfix access control tables, canonical maps and virtual maps. + make -f Makefile.init makefiles \ + "CCARGS=-DHAS_PCRE -I/usr/local/include" \ + "AUXLIBS=-L/usr/local/lib -lpcre" + +NOTE: pcre versions prior to 2.06 cannot be used. + +Things to know +============== + +For the sake of robustness, Postfix disables the matching of partial +addresses (breaking down user@domain into user@, domain, user, +@domain) that is normally done with Postfix access control tables, +canonical maps and virtual maps. As a side effect, pcre maps can only match user@domain strings, so that regexps cannot be used for local alias database lookups. That -would be a security exposure anyway -- Wietse.] +would be a security exposure anyway. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index c0f76d024..b8b2a48b9 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,4 +1,4 @@ -Incompatible changes with snapshot-200112XX +Incompatible changes with snapshot-20011226 =========================================== Postfix configuration file comments no longer continue on the next @@ -6,7 +6,7 @@ line when that next line starts with whitespace. This change avoids surprises, but it may cause unexpected behavior with existing, improperly formatted, configuration files. Caveat user. -Major changes with snapshot-200112XX +Major changes with snapshot-20011226 ==================================== In Postfix configuration files, comment lines are allowed to begin diff --git a/postfix/conf/sample-smtpd.cf b/postfix/conf/sample-smtpd.cf index 39f48e9e9..2882009b6 100644 --- a/postfix/conf/sample-smtpd.cf +++ b/postfix/conf/sample-smtpd.cf @@ -77,6 +77,12 @@ smtpd_banner = $myhostname ESMTP $mail_name # warn_if_reject: next restriction logs a warning instead of rejecting. smtpd_etrn_restrictions = +# The smtpd_history_flush_threshold specifies how many lines the SMTP +# server command history is allowed to contain before it is flushed +# to postmaster upon receipt of EHLO, RSET, or end of DATA. +# +smtpd_history_flush_threshold = 100 + # The smtpd_noop_commands parameter specifies a list of commands that # the Postfix SMTP server replies to with "250 Ok", without doing any # syntax checks and without changing state. This list overrides any diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 099a41de1..0bb0e5629 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -201,6 +201,11 @@ SMTPD(8) SMTPD(8) file system for the SMTP server to accept any mail at all. + smtpd_history_flush_threshold + Flush the command history to postmaster after + receipt of RSET etc. only if the number of history + lines exceeds the given threshold. + Tarpitting smtpd_error_sleep_time Time to wait in seconds before sending a 4xx or 5xx diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index f4b5b9d55..b73163616 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -173,6 +173,9 @@ storage for envelope information. .IP \fBqueue_minfree\fR Minimal amount of free space in bytes in the queue file system for the SMTP server to accept any mail at all. +.IP \fBsmtpd_history_flush_threshold\fR +Flush the command history to postmaster after receipt of RSET etc. +only if the number of history lines exceeds the given threshold. .SH Tarpitting .ad .fi diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index b1d5b884c..3d9f5e89e 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -771,9 +771,13 @@ extern int var_smtpd_hard_erlim; extern int var_smtpd_err_sleep; #define VAR_SMTPD_JUNK_CMD "smtpd_junk_command_limit" -#define DEF_SMTPD_JUNK_CMD 1000 +#define DEF_SMTPD_JUNK_CMD 100 extern int var_smtpd_junk_cmd_limit; +#define VAR_SMTPD_HIST_THRSH "smtpd_history_flush_threshold" +#define DEF_SMTPD_HIST_THRSH 100 +extern int var_smtpd_hist_thrsh; + #define VAR_SMTPD_NOOP_CMDS "smtpd_noop_commands" #define DEF_SMTPD_NOOP_CMDS "" extern char *var_smtpd_noop_cmds; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 01b6c03bb..f71296c4e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20011223" +#define DEF_MAIL_VERSION "Snapshot-20011226" extern char *var_mail_version; /* LICENSE diff --git a/postfix/src/global/off_cvt.c b/postfix/src/global/off_cvt.c index 30680187c..5aabb97ca 100644 --- a/postfix/src/global/off_cvt.c +++ b/postfix/src/global/off_cvt.c @@ -66,20 +66,29 @@ off_t off_cvt_string(const char *str) { int ch; off_t result; - off_t last; + off_t res2; + off_t res4; + off_t res8; + off_t res10; /* - * We're not doing this often, so simplicity has precedence over - * performance. + * Multiplication by numbers > 2 can overflow without producing a smaller + * result mod 2^N (where N is the number of bits in the result type). + * (Victor Duchovny, Morgan Stanley). */ - for (last = result = 0; (ch = *(unsigned char *) str) != 0; str++) { + for (result = 0; (ch = *(unsigned char *) str) != 0; str++) { if (!ISDIGIT(ch)) return (-1); - result *= 10; - if (result < last) + if ((res2 = result + result) < result) + return (-1); + if ((res4 = res2 + res2) < res2) + return (-1); + if ((res8 = res4 + res4) < res4) + return (-1); + if ((res10 = res8 + res2) < res8) + return (-1); + if ((result = res10 + ch - '0') < res10) return (-1); - result += ch - '0'; - last = result; } return (result); } diff --git a/postfix/src/master/master_wakeup.c b/postfix/src/master/master_wakeup.c index 506bd11df..d3052e688 100644 --- a/postfix/src/master/master_wakeup.c +++ b/postfix/src/master/master_wakeup.c @@ -121,8 +121,8 @@ static void master_wakeup_timer_event(int unused_event, char *context) * applications (says the INSTALL documentation). * * Result of a discussion with Michael Tokarev, who received his - * insights from Solar Designer, who tested Postfix with his - * "openwatch" kernel module. + * insights from Solar Designer, who tested Postfix with a kernel + * module that is paranoid about open() calls. */ case MASTER_SERV_TYPE_FIFO: set_eugid(var_owner_uid, var_owner_gid); diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 35c2046d6..04e0db3fc 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -239,7 +239,7 @@ int smtp_helo(SMTP_STATE *state) state->features |= SMTP_FEATURE_PIPELINING; else if (strcasecmp(word, "SIZE") == 0) { state->features |= SMTP_FEATURE_SIZE; - if ((word = mystrtok(&words, " \t=")) != 0) { + if ((word = mystrtok(&words, " \t")) != 0) { if (!alldig(word)) msg_warn("bad size limit \"%s\" in EHLO reply from %s", word, session->namaddr); @@ -261,7 +261,8 @@ int smtp_helo(SMTP_STATE *state) } } if (msg_verbose) - msg_info("server features: 0x%x", state->features); + msg_info("server features: 0x%x size %.0f", + state->features, (double) state->size_limit); #ifdef USE_SASL_AUTH if (var_smtp_sasl_enable && (state->features & SMTP_FEATURE_AUTH)) @@ -325,11 +326,11 @@ int smtp_xfer(SMTP_STATE *state) * connection caching. */ if (state->size_limit > 0 && state->size_limit < request->data_size) { - smtp_mesg_fail(state, resp->code, + smtp_mesg_fail(state, 552, "message size %lu exceeds size limit %.0f of server %s", request->data_size, (double) state->size_limit, session->namaddr); - return (0); + RETURN(0); } /* diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in index f1f0e4255..0587eb59e 100644 --- a/postfix/src/smtpd/Makefile.in +++ b/postfix/src/smtpd/Makefile.in @@ -70,19 +70,19 @@ depend: $(MAKES) tests: smtpd_check_test smtpd_check_test2 smtpd_acl_test smtpd_token_test smtpd_check_test: smtpd_check smtpd_check.in smtpd_check.ref - ../postmap/postmap smtpd_check_access + ../postmap/postmap hash:smtpd_check_access ./smtpd_check smtpd_check.tmp 2>&1 diff smtpd_check.ref smtpd_check.tmp rm -f smtpd_check.tmp smtpd_check_access.* smtpd_check_test2: smtpd_check smtpd_check.in2 smtpd_check.ref2 - ../postmap/postmap smtpd_check_access + ../postmap/postmap hash:smtpd_check_access ./smtpd_check smtpd_check.tmp 2>&1 diff smtpd_check.ref2 smtpd_check.tmp rm -f smtpd_check.tmp smtpd_check_access.* smtpd_acl_test: smtpd_check smtpd_acl.in smtpd_acl.ref - ../postmap/postmap smtpd_check_access + ../postmap/postmap hash:smtpd_check_access ./smtpd_check smtpd_check.tmp 2>&1 diff smtpd_acl.ref smtpd_check.tmp rm -f smtpd_check.tmp smtpd_check_access.* diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index eaa1c3887..b88237c3b 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -159,6 +159,9 @@ /* .IP \fBqueue_minfree\fR /* Minimal amount of free space in bytes in the queue file system /* for the SMTP server to accept any mail at all. +/* .IP \fBsmtpd_history_flush_threshold\fR +/* Flush the command history to postmaster after receipt of RSET etc. +/* only if the number of history lines exceeds the given threshold. /* .SH Tarpitting /* .ad /* .fi @@ -379,6 +382,7 @@ char *var_perm_mx_networks; char *var_smtpd_snd_auth_maps; char *var_smtpd_noop_cmds; char *var_smtpd_null_key; +int var_smtpd_hist_thrsh; /* * Global state, for stand-alone mode queue file cleanup. When this is @@ -404,7 +408,7 @@ char *smtpd_path; static void helo_reset(SMTPD_STATE *); static void mail_reset(SMTPD_STATE *); static void rcpt_reset(SMTPD_STATE *); -static void chat_reset(SMTPD_STATE *); +static void chat_reset(SMTPD_STATE *, int); /* collapse_args - put arguments together again */ @@ -465,7 +469,7 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) if (state->helo_name != 0) helo_reset(state); #ifndef RFC821_SYNTAX - chat_reset(state); + chat_reset(state, var_smtpd_hist_thrsh); mail_reset(state); rcpt_reset(state); #endif @@ -1092,7 +1096,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) /* * Cleanup. The client may send another MAIL command. */ - chat_reset(state); + chat_reset(state, var_smtpd_hist_thrsh); mail_reset(state); rcpt_reset(state); if (why) @@ -1117,7 +1121,7 @@ static int rset_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) /* * Restore state to right after HELO/EHLO command. */ - chat_reset(state); + chat_reset(state, var_smtpd_hist_thrsh); mail_reset(state); rcpt_reset(state); smtpd_chat_reply(state, "250 Ok"); @@ -1299,7 +1303,7 @@ static int quit_cmd(SMTPD_STATE *state, int unused_argc, SMTPD_TOKEN *unused_arg /* chat_reset - notify postmaster and reset conversation log */ -static void chat_reset(SMTPD_STATE *state) +static void chat_reset(SMTPD_STATE *state, int threshold) { /* @@ -1309,11 +1313,13 @@ static void chat_reset(SMTPD_STATE *state) * report problems when running in stand-alone mode: postmaster notices * require availability of the cleanup service. */ - if (state->history != 0 && SMTPD_STAND_ALONE(state) == 0 - && (state->error_mask & state->notify_mask)) - smtpd_chat_notify(state); - state->error_mask = 0; - smtpd_chat_reset(state); + if (state->history != 0 && state->history->argc > threshold) { + if (SMTPD_STAND_ALONE(state) == 0 + && (state->error_mask & state->notify_mask)) + smtpd_chat_notify(state); + state->error_mask = 0; + smtpd_chat_reset(state); + } } /* @@ -1464,7 +1470,7 @@ static void smtpd_proto(SMTPD_STATE *state) if (var_smtpd_sasl_enable) smtpd_sasl_auth_reset(state); #endif - chat_reset(state); + chat_reset(state, 0); mail_reset(state); rcpt_reset(state); } @@ -1616,6 +1622,7 @@ int main(int argc, char **argv) VAR_REJECT_CODE, DEF_REJECT_CODE, &var_reject_code, 0, 0, VAR_NON_FQDN_CODE, DEF_NON_FQDN_CODE, &var_non_fqdn_code, 0, 0, VAR_SMTPD_JUNK_CMD, DEF_SMTPD_JUNK_CMD, &var_smtpd_junk_cmd_limit, 1, 0, + VAR_SMTPD_HIST_THRSH, DEF_SMTPD_HIST_THRSH, &var_smtpd_hist_thrsh, 1, 0, 0, }; static CONFIG_TIME_TABLE time_table[] = { diff --git a/postfix/src/smtpd/smtpd_acl.in b/postfix/src/smtpd/smtpd_acl.in index e633c48d5..99955409f 100644 --- a/postfix/src/smtpd/smtpd_acl.in +++ b/postfix/src/smtpd/smtpd_acl.in @@ -4,6 +4,7 @@ smtpd_delay_reject 0 mynetworks 127.0.0.0/8,168.100.189.0/28 relay_domains porcupine.org +smtpd_null_access_lookup_key <> # # Test check_domain_access() # @@ -105,3 +106,7 @@ rcpt ok@ok.domain rcpt anyone@ok.domain # Expect: OK rcpt bad-sender@ok.domain +# +# check_sender_access specific +# +mail <> diff --git a/postfix/src/smtpd/smtpd_acl.ref b/postfix/src/smtpd/smtpd_acl.ref index 34e351866..294891fd0 100644 --- a/postfix/src/smtpd/smtpd_acl.ref +++ b/postfix/src/smtpd/smtpd_acl.ref @@ -7,6 +7,8 @@ OK OK >>> relay_domains porcupine.org OK +>>> smtpd_null_access_lookup_key <> +OK >>> # >>> # Test check_domain_access() >>> # @@ -162,3 +164,9 @@ OK >>> # Expect: OK >>> rcpt bad-sender@ok.domain OK +>>> # +>>> # check_sender_access specific +>>> # +>>> mail <> +./smtpd_check: reject: MAIL from bar.duno.com[44.33.44.33]: 550 <>: Sender address rejected: Go away postmaster; from=<> +550 <>: Sender address rejected: Go away postmaster diff --git a/postfix/src/smtpd/smtpd_chat.c b/postfix/src/smtpd/smtpd_chat.c index 0c875fada..b9be60015 100644 --- a/postfix/src/smtpd/smtpd_chat.c +++ b/postfix/src/smtpd/smtpd_chat.c @@ -107,6 +107,9 @@ static void smtp_chat_append(SMTPD_STATE *state, char *direction) { char *line; + if (state->notify_mask == 0) + return; + if (state->history == 0) state->history = argv_alloc(10); line = concatenate(direction, STR(state->buffer), (char *) 0); diff --git a/postfix/src/smtpd/smtpd_check_access b/postfix/src/smtpd/smtpd_check_access index afb5487c9..b9cf1761f 100644 --- a/postfix/src/smtpd/smtpd_check_access +++ b/postfix/src/smtpd/smtpd_check_access @@ -29,3 +29,4 @@ reject.domain REJECT reject@ok.domain REJECT ok@ok.domain OK ok.domain OK +<> 550 Go away postmaster