From: Wietse Venema Date: Tue, 27 Dec 2022 05:00:00 +0000 (-0500) Subject: postfix-3.8-20221227 X-Git-Tag: v3.8.0-RC1~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a5b41e7bef06980d62ceb0233cd5df5ef691f1bc;p=thirdparty%2Fpostfix.git postfix-3.8-20221227 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index d755d3492..a08e80121 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -26693,3 +26693,31 @@ Apologies for any names omitted. tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. Found during code review. File: tls/tls_fprint.c. + +20221215 + + Foolproofing: postscreen segfault with postscreen_dnsbl_threshold + < 1. It should reject such input with a fatal error instead. + Discovered by Benny Pedersen. File: postscreen/postscreen.c. + + Documentation: replaced instances of '.domain' in some + examples; clarified that bcc maps are indexed by envelope + address; lmtp_line_length_limit default wasn't updated to + 998. File: proto/postconf.proto. + +20221227 + + Documentation: the mysql_table(5) manpage did not document + the tls_ciphers feature that was added in Postfix 2.11. + File: proto/mysql_table. + + Cleanup: added a pre-release check that the parameter lists + in the proto/*_table documentation match the global/dict*.c + implementations. Files: Makefile.in, mantools/check-table-proto + + Documentation: consistent xxxx_table formatting to make + parameter documentation easier to match against the + corresponding implementation. Files: proto/mysql_table, + proto/pgsql_table, proto/ldap_table. + + Typofixes for changes made 20221207. File: tls/tls_fprint.c. diff --git a/postfix/Makefile.in b/postfix/Makefile.in index 5bc7a7cb1..474e9b5ec 100644 --- a/postfix/Makefile.in +++ b/postfix/Makefile.in @@ -117,7 +117,7 @@ manpages: # Some checks require a bin/postconf executable. pre-release-checks: typo-check missing-proxy-read-maps-check \ postlink-check postfix-files-check check-spell-history \ - check-double-history + check-double-history check-table-proto postfix-files-check: mantools/check-postfix-files | diff /dev/null - @@ -155,6 +155,9 @@ check-spell-history: check-double-history: mantools/check-double-history | diff /dev/null - +check-table-proto: + mantools/check-table-proto | diff /dev/null - + # The build-time shlib_directory setting must take precedence over # the installed main.cf settings, otherwise we can't update an # installed system from dynamicmaps=yes<->dynamicmaps=no or from diff --git a/postfix/WISHLIST b/postfix/WISHLIST index e923ba58c..ffd9567d1 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -80,11 +80,16 @@ Wish list: default_transport_maps? This would simplify configuration. Add a pointer to + https://fabianlee.org/2019/10/23/docker-running-a-postfix-container-for-testing-mail-during-development/ + and https://github.com/docker-mailserver/docker-mailserver + + Add a pointer to + https://github.com/tarickb/sasl-xoauth2 and/or http://mmogilvi.users.sourceforge.net/software/oauthbearer.html in documentation or on-line howtos. - Read http://mmogilvi.users.sourceforge.net/software/oauthbearer.html - and see how we can improve on the Postfix side. + Read the above links and see how we can improve usability on + the Postfix side. Add verp=+= to the qmgr "from=" logging. This is already implemented but not yet integrated. diff --git a/postfix/html/ldap_table.5.html b/postfix/html/ldap_table.5.html index d35f5e1be..e49a63c22 100644 --- a/postfix/html/ldap_table.5.html +++ b/postfix/html/ldap_table.5.html @@ -648,11 +648,12 @@ LDAP_TABLE(5) LDAP_TABLE(5) be removed in a future Postfix version. OTHER OBSOLETE FEATURES - For backwards compatibility with the pre 2.2 LDAP clients, result_fil- - ter can for now be used instead of result_format, when the latter - parameter is not also set. The new name better reflects the function - of the parameter. This compatibility interface may be removed in a - future release. + result_filter (No default) + For backwards compatibility with the pre 2.2 LDAP clients, + result_filter can for now be used instead of result_format, when + the latter parameter is not also set. The new name better + reflects the function of the parameter. This compatibility + interface may be removed in a future release. SEE ALSO postmap(1), Postfix lookup table manager diff --git a/postfix/html/mysql_table.5.html b/postfix/html/mysql_table.5.html index a196c1ddc..006e07995 100644 --- a/postfix/html/mysql_table.5.html +++ b/postfix/html/mysql_table.5.html @@ -60,7 +60,9 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) TCP you have to specify hosts = 127.0.0.1 - user, password + user + + password The user name and password to log into the mysql server. Exam- ple: user = someone @@ -252,6 +254,11 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) This parameter is available with Postfix 2.11 and later. + tls_ciphers + The list of permissible ciphers for SSL encryption. + + This parameter is available with Postfix 2.11 and later. + tls_verify_cert (default: no) Verify that the server's name matches the common name in the certificate. diff --git a/postfix/html/pgsql_table.5.html b/postfix/html/pgsql_table.5.html index 1acc49417..d0382c46e 100644 --- a/postfix/html/pgsql_table.5.html +++ b/postfix/html/pgsql_table.5.html @@ -56,7 +56,9 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) matically closed after being idle for about 1 minute, and are re-opened as necessary. - user, password + user + + password The user name and password to log into the pgsql server. Exam- ple: user = someone diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index accd101b7..6e2634079 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -475,7 +475,7 @@ Examples: 
 address_verify_sender = <>
-address_verify_sender = postmaster@my.domain
+address_verify_sender = postmaster@mydomain

@@ -4939,7 +4939,7 @@ and for receiving the initial remote LMTP server response.

lmtp_line_length_limit -(default: 990)
+(default: 998)

The LMTP-specific version of the smtp_line_length_limit configuration parameter. See there for details.

@@ -9704,7 +9704,7 @@ This feature is available in Postfix 2.1 and later.

Optional BCC (blind carbon-copy) address lookup tables, indexed by -recipient address. The BCC address (multiple results are not +envelope recipient address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix.

@@ -10407,7 +10407,7 @@ in Postfix version 2.3. (default: empty)

Optional BCC (blind carbon-copy) address lookup tables, indexed -by sender address. The BCC address (multiple results are not +by envelope sender address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix.

@@ -10500,9 +10500,9 @@ The table format and lookups are documented in canoni

-Example: you want to rewrite the SENDER address "user@ugly.domain" -to "user@pretty.domain", while still being able to send mail to -the RECIPIENT address "user@ugly.domain". +Example: you want to rewrite the SENDER address "user@ugly.example" +to "user@pretty.example", while still being able to send mail to +the RECIPIENT address "user@ugly.example".

diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index c60e1134d..1fc5361dc 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -195,13 +195,13 @@ POSTSCREEN(8) POSTSCREEN(8) postscreen_dnsbl_threshold parameters). postscreen_dnsbl_reply_map (empty) - A mapping from actual DNSBL domain name which includes a secret - password, to the DNSBL domain name that postscreen will reply - with when it rejects mail. + A mapping from an actual DNSBL domain name which includes a + secret password, to the DNSBL domain name that postscreen will + reply with when it rejects mail. postscreen_dnsbl_sites (empty) - Optional list of DNS allow/denylist domains, filters and weight - factors. + Optional list of patterns with DNS allow/denylist domains, fil- + ters and weight factors. postscreen_dnsbl_threshold (1) The inclusive lower bound for blocking a remote SMTP client, diff --git a/postfix/man/man5/ldap_table.5 b/postfix/man/man5/ldap_table.5 index 464f51795..660f2c581 100644 --- a/postfix/man/man5/ldap_table.5 +++ b/postfix/man/man5/ldap_table.5 @@ -701,6 +701,7 @@ for this form will be removed in a future Postfix version. .nf .ad .fi +.IP "\fBresult_filter (No default)\fR" For backwards compatibility with the pre 2.2 LDAP clients, \fBresult_filter\fR can for now be used instead of \fBresult_format\fR, when the latter parameter is not also set. diff --git a/postfix/man/man5/mysql_table.5 b/postfix/man/man5/mysql_table.5 index 6c62b210a..2b01aca8c 100644 --- a/postfix/man/man5/mysql_table.5 +++ b/postfix/man/man5/mysql_table.5 @@ -76,7 +76,8 @@ localhost over TCP you have to specify .nf hosts = 127.0.0.1 .fi -.IP "\fBuser, password\fR" +.IP "\fBuser\fR" +.IP "\fBpassword\fR" The user name and password to log into the mysql server. Example: .nf @@ -271,6 +272,10 @@ Directory containing X509 Certification Authority certificates in separate individual files. .sp This parameter is available with Postfix 2.11 and later. +.IP "\fBtls_ciphers\fR" +The list of permissible ciphers for SSL encryption. +.sp +This parameter is available with Postfix 2.11 and later. .IP "\fBtls_verify_cert (default: no)\fR" Verify that the server's name matches the common name in the certificate. diff --git a/postfix/man/man5/pgsql_table.5 b/postfix/man/man5/pgsql_table.5 index a0ccddc3e..00a2da3dc 100644 --- a/postfix/man/man5/pgsql_table.5 +++ b/postfix/man/man5/pgsql_table.5 @@ -71,7 +71,8 @@ Examples: The hosts are tried in random order. The connections are automatically closed after being idle for about 1 minute, and are re\-opened as necessary. -.IP "\fBuser, password\fR" +.IP "\fBuser\fR" +.IP "\fBpassword\fR" The user name and password to log into the pgsql server. Example: .nf diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index b2f5fd493..8ce1bacf1 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -287,7 +287,7 @@ Examples: .na .ft C address_verify_sender = <> -address_verify_sender = postmaster@my.domain +address_verify_sender = postmaster@mydomain .fi .ad .ft R @@ -3113,7 +3113,7 @@ and for receiving the initial remote LMTP server response. .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). -.SH lmtp_line_length_limit (default: 990) +.SH lmtp_line_length_limit (default: 998) The LMTP\-specific version of the smtp_line_length_limit configuration parameter. See there for details. .PP @@ -6089,7 +6089,7 @@ receive_override_options = no_address_mappings This feature is available in Postfix 2.1 and later. .SH recipient_bcc_maps (default: empty) Optional BCC (blind carbon\-copy) address lookup tables, indexed by -recipient address. The BCC address (multiple results are not +envelope recipient address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix. .PP Specify zero or more "type:name" lookup tables, separated by @@ -6594,7 +6594,7 @@ This parameter should not be used. It was replaced by sender_dependent_relayhost in Postfix version 2.3. .SH sender_bcc_maps (default: empty) Optional BCC (blind carbon\-copy) address lookup tables, indexed -by sender address. The BCC address (multiple results are not +by envelope sender address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix. .PP Specify zero or more "type:name" lookup tables, separated by @@ -6658,9 +6658,9 @@ Optional address mapping lookup tables for envelope and header sender addresses. The table format and lookups are documented in \fBcanonical\fR(5). .PP -Example: you want to rewrite the SENDER address "user@ugly.domain" -to "user@pretty.domain", while still being able to send mail to -the RECIPIENT address "user@ugly.domain". +Example: you want to rewrite the SENDER address "user@ugly.example" +to "user@pretty.example", while still being able to send mail to +the RECIPIENT address "user@ugly.example". .PP Note: $sender_canonical_maps is processed before $canonical_maps. .PP diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8 index dbe24811a..0687a5e14 100644 --- a/postfix/man/man8/postscreen.8 +++ b/postfix/man/man8/postscreen.8 @@ -218,11 +218,12 @@ DNSBL score is equal to or greater than a threshold (as defined with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold parameters). .IP "\fBpostscreen_dnsbl_reply_map (empty)\fR" -A mapping from actual DNSBL domain name which includes a secret +A mapping from an actual DNSBL domain name which includes a secret password, to the DNSBL domain name that postscreen will reply with when it rejects mail. .IP "\fBpostscreen_dnsbl_sites (empty)\fR" -Optional list of DNS allow/denylist domains, filters and weight +Optional list of patterns with DNS allow/denylist domains, filters +and weight factors. .IP "\fBpostscreen_dnsbl_threshold (1)\fR" The inclusive lower bound for blocking a remote SMTP client, based on diff --git a/postfix/mantools/check-table-proto b/postfix/mantools/check-table-proto new file mode 100755 index 000000000..8fcb951f0 --- /dev/null +++ b/postfix/mantools/check-table-proto @@ -0,0 +1,32 @@ +#!/bin/sh + +# Reports database configuration settings without proto/xxx_table documentation + +LANG=C; export LANG +LC_ALL=C; export LC_ALL + +trap 'rm -f from-source.tmp from-doc.tmp 2>/dev/null' 0 1 2 3 15 + +# For each database type, extract parameter names from its postconf +# include file, and compare the result against a list of names from +# the corresponding proto/xxx_table file. + +# Force a failure if the pcf*suffixes.h files do not exist. Avoid using +# bash-specific shell features. +for map in `(ls src/postconf/pcf*suffixes.h || kill $$) | + sed 's;src/postconf/pcf_\(.*\)_suffixes.h$;\1;'` +do + # Extract parameter names from source code. + tr -cd '[A-zA-z_0-9\12]' < src/postconf/pcf_${map}_suffixes.h | + sort > from-source.tmp + # Extract parameter names from documentation. + sed -n '/^# *\.IP *"*\\fB\([a-zA-Z_0-9][a-zA-Z_0-9]*\).*/{ + s//\1/ + p + }' proto/${map}_table | sort > from-doc.tmp + cmp -s from-source.tmp from-doc.tmp || { + echo Settings in global/dict_${map}.c and proto/${map}_table differ. + diff from-source.tmp from-doc.tmp + } +done + diff --git a/postfix/proto/ldap_table b/postfix/proto/ldap_table index fe3626a90..be4c014d0 100644 --- a/postfix/proto/ldap_table +++ b/postfix/proto/ldap_table @@ -681,6 +681,7 @@ # OTHER OBSOLETE FEATURES # .ad # .fi +# .IP "\fBresult_filter (No default)\fR" # For backwards compatibility with the pre # 2.2 LDAP clients, \fBresult_filter\fR can for now be used instead # of \fBresult_format\fR, when the latter parameter is not also set. diff --git a/postfix/proto/mysql_table b/postfix/proto/mysql_table index 6870acf40..a018e58b5 100644 --- a/postfix/proto/mysql_table +++ b/postfix/proto/mysql_table @@ -66,7 +66,8 @@ # .nf # hosts = 127.0.0.1 # .fi -# .IP "\fBuser, password\fR" +# .IP "\fBuser\fR" +# .IP "\fBpassword\fR" # The user name and password to log into the mysql server. # Example: # .nf @@ -261,6 +262,10 @@ # in separate individual files. # .sp # This parameter is available with Postfix 2.11 and later. +# .IP "\fBtls_ciphers\fR" +# The list of permissible ciphers for SSL encryption. +# .sp +# This parameter is available with Postfix 2.11 and later. # .IP "\fBtls_verify_cert (default: no)\fR" # Verify that the server's name matches the common name in the # certificate. diff --git a/postfix/proto/pgsql_table b/postfix/proto/pgsql_table index 05cd2c6cf..0a2897a1b 100644 --- a/postfix/proto/pgsql_table +++ b/postfix/proto/pgsql_table @@ -61,7 +61,8 @@ # The hosts are tried in random order. The connections are # automatically closed after being idle for about 1 minute, # and are re-opened as necessary. -# .IP "\fBuser, password\fR" +# .IP "\fBuser\fR" +# .IP "\fBpassword\fR" # The user name and password to log into the pgsql server. # Example: # .nf diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 07dca9f78..24d474b92 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -436,7 +436,7 @@ Examples: 

 address_verify_sender = <>
-address_verify_sender = postmaster@my.domain
+address_verify_sender = postmaster@mydomain

@@ -3607,7 +3607,7 @@ This feature is available in Postfix 2.1 and later.

Optional BCC (blind carbon-copy) address lookup tables, indexed by -recipient address. The BCC address (multiple results are not +envelope recipient address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix.

@@ -3955,7 +3955,7 @@ that rewrite into a form that ends in the "@" null domain.

%PARAM sender_bcc_maps

Optional BCC (blind carbon-copy) address lookup tables, indexed -by sender address. The BCC address (multiple results are not +by envelope sender address. The BCC address (multiple results are not supported) is added when mail enters from outside of Postfix.

@@ -4029,9 +4029,9 @@ The table format and lookups are documented in canonical(5).

-Example: you want to rewrite the SENDER address "user@ugly.domain" -to "user@pretty.domain", while still being able to send mail to -the RECIPIENT address "user@ugly.domain". +Example: you want to rewrite the SENDER address "user@ugly.example" +to "user@pretty.example", while still being able to send mail to +the RECIPIENT address "user@ugly.example".

@@ -10902,7 +10902,7 @@ parameter. See there for details.

This feature is available in Postfix 2.3 and later.

-%PARAM lmtp_line_length_limit 990 +%PARAM lmtp_line_length_limit 998

The LMTP-specific version of the smtp_line_length_limit configuration parameter. See there for details.

diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 10cf9aa88..775a72d1e 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -9,3 +9,5 @@ src global mail_dict c src postalias postalias c src postmap postmap c manpage File postqueue postqueue c + Fix by Viktor Dukhovni Files tls tls h tls tls_dane c + Discovered by Benny Pedersen File postscreen postscreen c diff --git a/postfix/proto/stop.spell-cc b/postfix/proto/stop.spell-cc index ea6ad0038..852768896 100644 --- a/postfix/proto/stop.spell-cc +++ b/postfix/proto/stop.spell-cc @@ -1786,3 +1786,5 @@ deinit reinit COMPAR deduplicate +digestbyname +mdctxPtr diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history index 20afd36a8..837a48b78 100644 --- a/postfix/proto/stop.spell-history +++ b/postfix/proto/stop.spell-history @@ -29,3 +29,12 @@ Jesper Pau Mahoney manpages +Andreas +Menzel +Weigel +checkok +cipherbyname +Foolproofing +Pedersen +Typofixes +segfault diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 078d2374c..34a251eb6 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20221207" +#define MAIL_RELEASE_DATE "20221227" #define MAIL_VERSION_NUMBER "3.8" #ifdef SNAPSHOT diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index a246ff793..8dbdc8d70 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -190,11 +190,12 @@ /* with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold /* parameters). /* .IP "\fBpostscreen_dnsbl_reply_map (empty)\fR" -/* A mapping from actual DNSBL domain name which includes a secret +/* A mapping from an actual DNSBL domain name which includes a secret /* password, to the DNSBL domain name that postscreen will reply with /* when it rejects mail. /* .IP "\fBpostscreen_dnsbl_sites (empty)\fR" -/* Optional list of DNS allow/denylist domains, filters and weight +/* Optional list of patterns with DNS allow/denylist domains, filters +/* and weight /* factors. /* .IP "\fBpostscreen_dnsbl_threshold (1)\fR" /* The inclusive lower bound for blocking a remote SMTP client, based on @@ -1174,7 +1175,7 @@ int main(int argc, char **argv) 0, }; static const CONFIG_INT_TABLE int_table[] = { - VAR_PSC_DNSBL_THRESH, DEF_PSC_DNSBL_THRESH, &var_psc_dnsbl_thresh, 0, 0, + VAR_PSC_DNSBL_THRESH, DEF_PSC_DNSBL_THRESH, &var_psc_dnsbl_thresh, 1, 0, VAR_PSC_CMD_COUNT, DEF_PSC_CMD_COUNT, &var_psc_cmd_count, 1, 0, VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0, 0, diff --git a/postfix/src/tls/tls_fprint.c b/postfix/src/tls/tls_fprint.c index c9f32e716..802157045 100644 --- a/postfix/src/tls/tls_fprint.c +++ b/postfix/src/tls/tls_fprint.c @@ -221,7 +221,7 @@ const EVP_MD *tls_digest_byname(const char *mdalg, EVP_MD_CTX **mdctxPtr) checkok(md = EVP_get_digestbyname(mdalg)); /* - * Sanity check: Newer shared libraries could (hypothentical ABI break) + * Sanity check: Newer shared libraries could (hypothetical ABI break) * allow larger digests, we avoid such poison algorithms. */ checkok(EVP_MD_size(md) <= EVP_MAX_MD_SIZE); @@ -260,7 +260,7 @@ char *tls_serverid_digest(TLS_SESS_STATE *TLScontext, * panic if the fallback algorithm is not available, as it was verified * available in tls_client_init() and must not simply vanish. Our * provider set is not expected to change once the OpenSSL library is - * initialised. + * initialized. */ if (tls_digest_byname(mdalg = LN_sha256, &mdctx) == 0 && tls_digest_byname(mdalg = props->mdalg, &mdctx) == 0)