From: Wietse Z Venema Date: Sun, 10 Mar 2024 05:00:00 +0000 (-0500) Subject: postfix-3.10-20240310 X-Git-Tag: v3.10.0~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6993c3a48ebc3ac6cefd9913dab4b8c23b66ab8;p=thirdparty%2Fpostfix.git postfix-3.10-20240310 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index a922b978b..acf125219 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -27978,3 +27978,29 @@ Apologies for any names omitted. Cleanup: removed unused Makefile targets (lint, shar, printfck). Files Makefile.* src/*/Makefile.in. + +20230310 + + Bugfix (introduced: 2.3): the Milter client function to + report an "unknown" command sent only the command name but + not the command arguments. Found during code maintenance. + File: smtpd/smtpd.c. + + Bugfix (introduced: 2.3): after receiving an unknown command, + and after a Milter application callback function xxfi_unknown() + returned SMFIR_REJECT, the Postfix SMTP server replied with + a generic "Command rejected" instead of the more specific + "Error: command not recognized". The Postfix SMTP server + continues to return a generic "service unavailable" response + after xxfi_unknown() returns SMFIR_TEMPFAIL. The Milter API + does not allow other xxfi_unknown() return values. File: + smtpd/smtpd.c. + + Bugfix (introduced: Postfix 3.0): the Postfix SMTP server + command handler for unimplemented commands did not report + the command (and arguments) to the Milter API for unknown + *or unimplemented* commands. File: smtpd/smtpd.c. + + Documentation: added text that the read-only "service_name" + configuration parameter was introduced in Postfix 3.3. File: + proto/postconf.proto. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index f3d9860a2..bb053f8cb 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -10,9 +10,6 @@ Wish list: The mongodb client needs tests. - Remove .printfck directories, and remove printfck targets - from Makefiles. - In documentation and configuration file examples, replace IPv4 address prefixes from Cloud9 with 192.168.* from RFC 1918, and replace IPv6 address prefixes with unique local diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 0ac9b68c7..a1a0c0063 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -10883,6 +10883,8 @@ relay unix - - n - - smtp -o syslog_name=postfix/$service_name +

This feature is available in Postfix 3.3 and later.

+ diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index cf96e48cb..38821b16b 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -6943,6 +6943,8 @@ relay unix \- \- n \- \- smtp .fi .ad .ft R +.PP +This feature is available in Postfix 3.3 and later. .SH service_throttle_time (default: 60s) How long the Postfix \fBmaster\fR(8) waits before forking a server that appears to be malfunctioning. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index d13719b4b..a434e1853 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -8424,6 +8424,8 @@ relay unix - - n - - smtp -o syslog_name=postfix/$service_name +

This feature is available in Postfix 3.3 and later.

+ %PARAM process_id read-only

diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index f6df421ce..55d625fbc 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -119,3 +119,5 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html File tlsmgr tlsmgr c restrictions Files dns dns h dns dns_lookup c dns dns_rr c systems 6 bytes for LP64 File dns dns h + xxfi_unknown return values File smtpd smtpd c + or unimplemented commands File smtpd smtpd c diff --git a/postfix/proto/stop.spell-cc b/postfix/proto/stop.spell-cc index 097c7ac7f..a554e48b3 100644 --- a/postfix/proto/stop.spell-cc +++ b/postfix/proto/stop.spell-cc @@ -1839,3 +1839,4 @@ dfhHnopqvx fhHoqvx foqvx ILP +xxfi diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 3dbaa254d..2461069bb 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20240309" +#define MAIL_RELEASE_DATE "20240310" #define MAIL_VERSION_NUMBER "3.10" #ifdef SNAPSHOT diff --git a/postfix/src/milter/test-milter.c b/postfix/src/milter/test-milter.c index 0494ff0e7..c34589085 100644 --- a/postfix/src/milter/test-milter.c +++ b/postfix/src/milter/test-milter.c @@ -108,7 +108,7 @@ static int test_body_reply = SMFIS_CONTINUE; static int test_eom_reply = SMFIS_CONTINUE; #if SMFI_VERSION > 2 -static int test_unknown_reply = SMFIS_CONTINUE; +static int test_unknown_reply = SMFIS_REJECT; #endif static int test_close_reply = SMFIS_CONTINUE; @@ -502,7 +502,7 @@ static const struct noproto_map noproto_map[] = { "header", SMFIP_NOHDRS, SMFIP_NR_HDR, &test_header_reply, &smfilter.xxfi_header, "eoh", SMFIP_NOEOH, SMFIP_NR_EOH, &test_eoh_reply, &smfilter.xxfi_eoh, "body", SMFIP_NOBODY, SMFIP_NR_BODY, &test_body_reply, &smfilter.xxfi_body, - "unknown", SMFIP_NOUNKNOWN, SMFIP_NR_UNKN, &test_connect_reply, &smfilter.xxfi_unknown, + "unknown", SMFIP_NOUNKNOWN, SMFIP_NR_UNKN, &test_unknown_reply, &smfilter.xxfi_unknown, 0, }; diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index bce0d43f6..3807f0cc5 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -5502,15 +5502,27 @@ static void tls_reset(SMTPD_STATE *state) static int unimpl_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) { + const char *err; /* * When a connection is closed we want to log the request counts for * unimplemented STARTTLS or AUTH commands separately, instead of logging * those commands as "unknown". By handling unimplemented commands with * this dummy function, we avoid messing up the command processing loop. + * Note: the xxfi_unknown() Milter callback has only two valid returns: + * it must either tempfail or reject. */ state->error_mask |= MAIL_ERROR_PROTOCOL; - smtpd_chat_reply(state, "502 5.5.1 Error: command not implemented"); + if (state->milters != 0 + && (err = milter_unknown_event(state->milters, + STR(state->buffer))) != 0 + && err[0] == '4') { + smtpd_chat_reply(state, "%s", err); + } else { + if (err[0] != '5') + msg_warn("unexpected SMFIC_UNKNOWN response: %s", err); + smtpd_chat_reply(state, "502 5.5.1 Error: command not implemented"); + } return (-1); } @@ -5565,6 +5577,9 @@ static SMTPD_CMD smtpd_cmd_table[] = { {SMTPD_CMD_ETRN, etrn_cmd, SMTPD_CMD_FLAG_LIMIT,}, {SMTPD_CMD_QUIT, quit_cmd, SMTPD_CMD_FLAG_PRE_TLS,}, {SMTPD_CMD_HELP, help_cmd, SMTPD_CMD_FLAG_PRE_TLS,}, +#ifdef TEST_SMTPD_UNIMPL + {"unimpl", unimpl_cmd,}, +#endif {0,}, }; @@ -6003,13 +6018,18 @@ static void smtpd_proto(SMTPD_STATE *state) } /* state->access_denied == 0 || cmdp->action == quit_cmd */ if (cmdp->name == 0) { + /* See unimpl_cmd() for valid xxfi_unknown() return values. */ if (state->milters != 0 && (err = milter_unknown_event(state->milters, - argv[0].strval)) != 0 - && (err = check_milter_reply(state, err)) != 0) { + STR(state->buffer))) != 0 + && err[0] == '4') { smtpd_chat_reply(state, "%s", err); - } else - smtpd_chat_reply(state, "500 5.5.2 Error: command not recognized"); + } else { + if (err[0] != '5') + msg_warn("unexpected SMFIC_UNKNOWN response: %s", err); + smtpd_chat_reply(state, + "500 5.5.2 Error: command not recognized"); + } state->error_mask |= MAIL_ERROR_PROTOCOL; state->error_count++; continue;