From: Wietse Venema Date: Wed, 6 Oct 2010 05:00:00 +0000 (-0500) Subject: postfix-2.8-20101006 X-Git-Tag: v2.8.0-RC1~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acd3f112c8183adbbb1068243eef789325cd0397;p=thirdparty%2Fpostfix.git postfix-2.8-20101006 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 5178e7411..836267297 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -16039,3 +16039,36 @@ Apologies for any names omitted. Cleanup: minor cleanups and invisible fixes. Files: postscreen/postscreen_misc.c, postscreen/postscreen.h, postscreen/postscreen_tests.c. + +20100923 + + Cleanup: renamed MUMBLE_FLAG_MUMBLE aggregates to + MUMBLE_MASK_MUMBLE for consistency with other Postfix code. + Files: postscreen/*.[hc]. + +20100930 + + Cleanup: flag PIPELINING errors with NOOP and VRFY. File: + smtpd/smtpd.c. + +20101006 + + Bugfix (introduced: 20100914) dangling pointer when a client + makes N > 1 simultaneous connections and closes M < N + connections before postscreen has delivered the DNSBL score + to the corresponding pseudothreads. In practice the pointer + will refer to a block of 0xff bytes; the program terminates + with a segmentation violation, and is restarted immediately + by the master daemon. Files: postscreen/postscreen_early.c, + postscreen/postscreen_dnsbl.c. + + Cleanup: avoid repeated delivery to mailing list members + with pathological nested alias configurations. The local(8) + delivery agent now keeps the owner-alias attribute of the + parent alias, when delivering mail to a child alias that + does not have its own owner alias. With this change, local + addresses from that child alias will be written to a new + queue file, and a temporary error with one local address + will no longer result in repeated delivery to other mailing + list members. Specify "reset_owner_alias = yes" for the + older behavior. File: local/alias.c. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 61acfaa9c..630b2cee7 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -33,6 +33,20 @@ This is supported only when the default value is stress-dependent postscreen parameters always evaluate as if the stress value is equal to the empty string. +Incompatibility with snapshot 20101006 +====================================== + +To avoid repeated delivery to mailing list members with pathological +nested alias configurations, the local(8) delivery agent now keeps +the owner-alias attribute of the parent alias, when delivering mail +to a child alias that does not have its own owner alias. + +With this change, local addresses from that child alias will be +written to a new queue file, and a temporary error with one local +address will no longer result in repeated delivery to other mailing +list members. Specify "reset_owner_alias = yes" for the older, +more fragile, behavior. + Incompatibility with snapshot 20100912 ====================================== diff --git a/postfix/WISHLIST b/postfix/WISHLIST index ee392b5b1..77871f84e 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -4,6 +4,8 @@ Wish list: Consistency: in postconf.proto make
..
tags bold. + Milter addrcpt - use Sendmail default DSN + postscreen(8): listen on multiple IP addresses and enforce that the client contacts the primary MX address first (i.e. punish hosts that contact the secondary before the primary). diff --git a/postfix/html/dnsblog.8.html b/postfix/html/dnsblog.8.html index d455de14a..8306a6677 100644 --- a/postfix/html/dnsblog.8.html +++ b/postfix/html/dnsblog.8.html @@ -47,30 +47,31 @@ DNSBLOG(8) DNSBLOG(8) built-in watchdog timer. postscreen_dnsbl_sites (empty) - Optional list of DNS blocklist domains. + Optional list of DNS blocklist domains, filters and + weight factors. ipc_timeout (3600s) The time limit for sending or receiving information over an internal communication channel. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". SEE ALSO @@ -79,7 +80,7 @@ DNSBLOG(8) DNSBLOG(8) syslogd(5), system logging LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. HISTORY diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index ff058f925..e2cfed120 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -400,60 +400,65 @@ LOCAL(8) LOCAL(8) Defer delivery when a mailbox file is not owned by its recipient. + reset_owner_alias (no) + Reset the local(8) delivery agent's idea of the + owner-alias attribute, when delivering mail to a + child alias that does not have its own owner alias. + DELIVERY METHOD CONTROLS - The precedence of local(8) delivery methods from high to - low is: aliases, .forward files, mailbox_transport_maps, - mailbox_transport, mailbox_command_maps, mailbox_command, - home_mailbox, mail_spool_directory, fallback_trans- + The precedence of local(8) delivery methods from high to + low is: aliases, .forward files, mailbox_transport_maps, + mailbox_transport, mailbox_command_maps, mailbox_command, + home_mailbox, mail_spool_directory, fallback_trans- port_maps, fallback_transport, and luser_relay. alias_maps (see 'postconf -d' output) - The alias databases that are used for local(8) + The alias databases that are used for local(8) delivery. forward_path (see 'postconf -d' output) The local(8) delivery agent search list for finding - a .forward file with user-specified delivery meth- + a .forward file with user-specified delivery meth- ods. mailbox_transport_maps (empty) - Optional lookup tables with per-recipient message - delivery transports to use for local(8) mailbox - delivery, whether or not the recipients are found + Optional lookup tables with per-recipient message + delivery transports to use for local(8) mailbox + delivery, whether or not the recipients are found in the UNIX passwd database. mailbox_transport (empty) - Optional message delivery transport that the - local(8) delivery agent should use for mailbox - delivery to all local recipients, whether or not + Optional message delivery transport that the + local(8) delivery agent should use for mailbox + delivery to all local recipients, whether or not they are found in the UNIX passwd database. mailbox_command_maps (empty) - Optional lookup tables with per-recipient external + Optional lookup tables with per-recipient external commands to use for local(8) mailbox delivery. mailbox_command (empty) - Optional external command that the local(8) deliv- + Optional external command that the local(8) deliv- ery agent should use for mailbox delivery. home_mailbox (empty) - Optional pathname of a mailbox file relative to a + Optional pathname of a mailbox file relative to a local(8) user's home directory. mail_spool_directory (see 'postconf -d' output) - The directory where local(8) UNIX-style mailboxes + The directory where local(8) UNIX-style mailboxes are kept. fallback_transport_maps (empty) - Optional lookup tables with per-recipient message - delivery transports for recipients that the - local(8) delivery agent could not find in the + Optional lookup tables with per-recipient message + delivery transports for recipients that the + local(8) delivery agent could not find in the aliases(5) or UNIX password database. fallback_transport (empty) - Optional message delivery transport that the - local(8) delivery agent should use for names that - are not found in the aliases(5) or UNIX password + Optional message delivery transport that the + local(8) delivery agent should use for names that + are not found in the aliases(5) or UNIX password database. luser_relay (empty) @@ -463,7 +468,7 @@ LOCAL(8) LOCAL(8) Available in Postfix version 2.2 and later: command_execution_directory (empty) - The local(8) delivery agent working directory for + The local(8) delivery agent working directory for delivery to external command. MAILBOX LOCKING CONTROLS @@ -472,15 +477,15 @@ LOCAL(8) LOCAL(8) sive lock on a mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive + The time between attempts to acquire an exclusive lock on a mailbox file or bounce(8) logfile. stale_lock_time (500s) - The time after which a stale exclusive mailbox + The time after which a stale exclusive mailbox lockfile is removed. mailbox_delivery_lock (see 'postconf -d' output) - How to lock a UNIX-style local(8) mailbox before + How to lock a UNIX-style local(8) mailbox before attempting delivery. RESOURCE AND RATE CONTROLS @@ -488,17 +493,17 @@ LOCAL(8) LOCAL(8) Time limit for delivery to external commands. duplicate_filter_limit (1000) - The maximal number of addresses remembered by the - address duplicate filter for aliases(5) or vir- + The maximal number of addresses remembered by the + address duplicate filter for aliases(5) or vir- tual(5) alias expansion, or for showq(8) queue dis- plays. local_destination_concurrency_limit (2) - The maximal number of parallel deliveries via the + The maximal number of parallel deliveries via the local mail delivery transport to the same recipient - (when "local_destination_recipient_limit = 1") or - the maximal number of parallel deliveries to the - same local domain (when "local_destination_recipi- + (when "local_destination_recipient_limit = 1") or + the maximal number of parallel deliveries to the + same local domain (when "local_destination_recipi- ent_limit > 1"). local_destination_recipient_limit (1) @@ -511,55 +516,55 @@ LOCAL(8) LOCAL(8) SECURITY CONTROLS allow_mail_to_commands (alias, forward) - Restrict local(8) mail delivery to external com- + Restrict local(8) mail delivery to external com- mands. allow_mail_to_files (alias, forward) - Restrict local(8) mail delivery to external files. + Restrict local(8) mail delivery to external files. command_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery - agent allows in $name expansions of $mailbox_com- + Restrict the characters that the local(8) delivery + agent allows in $name expansions of $mailbox_com- mand and $command_execution_directory. default_privs (nobody) - The default rights used by the local(8) delivery + The default rights used by the local(8) delivery agent for delivery to external file or command. forward_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery - agent allows in $name expansions of $forward_path. + Restrict the characters that the local(8) delivery + agent allows in $name expansions of $forward_path. Available in Postfix version 2.2 and later: execution_directory_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery + Restrict the characters that the local(8) delivery agent allows in $name expansions of $command_execu- tion_directory. Available in Postfix version 2.5.3 and later: strict_mailbox_ownership (yes) - Defer delivery when a mailbox file is not owned by + Defer delivery when a mailbox file is not owned by its recipient. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal + The maximal number of digits after the decimal point when logging sub-second delay values. export_environment (see 'postconf -d' output) - The list of environment variables that a Postfix + The list of environment variables that a Postfix process will export to non-Postfix processes. ipc_timeout (3600s) @@ -567,39 +572,39 @@ LOCAL(8) LOCAL(8) over an internal communication channel. local_command_shell (empty) - Optional shell program for local(8) delivery to + Optional shell program for local(8) delivery to non-Postfix command. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- + The maximal number of incoming connections that a + Postfix daemon process will service before termi- nating voluntarily. prepend_delivered_header (command, file, forward) - The message delivery contexts where the Postfix - local(8) delivery agent prepends a Delivered-To: - message header with the address that the mail was + The message delivery contexts where the Postfix + local(8) delivery agent prepends a Delivered-To: + message header with the address that the mail was delivered to. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. propagate_unmatched_extensions (canonical, virtual) - What address lookup tables copy an address exten- + What address lookup tables copy an address exten- sion from the lookup key to the lookup result. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. recipient_delimiter (empty) @@ -607,8 +612,8 @@ LOCAL(8) LOCAL(8) sions (user+foo). require_home_directory (no) - Whether or not a local(8) recipient's home direc- - tory must exist before mail delivery is attempted. + Require that a local(8) recipient's home directory + exists before mail delivery is attempted. syslog_facility (mail) The syslog facility of Postfix logging. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 43c79745e..27ad367f4 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -2587,6 +2587,16 @@ Example: + + +
dnsblog_reply_delay +(default: 0s)
+ +

A debugging aid to artifically delay DNS responses.

+ +

This feature is available in Postfix 2.8.

+ +
dont_remove @@ -8234,6 +8244,59 @@ the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED).

+ + +
reset_owner_alias +(default: no)
+ +

Reset the local(8) delivery agent's idea of the owner-alias +attribute, when delivering mail to a child alias that does not have +its own owner alias.

+ +

This feature is available in Postfix 2.8 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"yes".

+ +

As documented in aliases(5), when an alias name has a +companion alias named owner-name, delivery errors will be +reported to the owner alias instead of the sender. This configuration +is recommended for mailing lists.

+ +

A less known property of the owner alias is that it also forces +the local(8) delivery agent to write local and remote addresses +from alias expansion to a new queue file, instead of attempting to +deliver mail to local addresses as soon as they come out of alias +expansion.

+ +

Writing local addresses from alias expansion to a new queue +file allows for robust handling of temporary delivery errors: errors +with one local member have no effect on deliveries to other members +of the list. On the other hand, delivery to local addresses as +soon as they come out of alias expansion is fragile: a temporary +error with one local address from alias expansion will cause the +entire alias to be expanded repeatedly until the error goes away, +or until the message expires in the queue. In that case, a problem +with one list member results in multiple message deliveries to other +list members.

+ +

The default behavior of Postfix 2.8 and later is to keep the +owner-alias attribute of the parent alias, when delivering mail to +a child alias that does not have its own owner alias. Then, local +addresses from that child alias will be written to a new queue file, +and a temporary error with one local address will not affect delivery +to other mailing list members.

+ +

Unfortunately, older Postfix releases reset the owner-alias +attribute when delivering mail to a child alias that does not have +its own owner alias. The local(8) delivery agent then attempts to +deliver local addresses as soon as they come out of child alias +expansion. If delivery to any address from child alias expansion +fails with a temporary error condition, the entire mailing list may +be expanded repeatedly until the mail expires in the queue, resulting +in multiple deliveries of the same message to mailing list members. +

+ +
resolve_dequoted_address diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 9712179a2..024612ec6 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -1466,6 +1466,10 @@ disable_vrfy_command = no .fi .ad .ft R +.SH dnsblog_reply_delay (default: 0s) +A debugging aid to artifically delay DNS responses. +.PP +This feature is available in Postfix 2.8. .SH dont_remove (default: 0) Don't remove queue files and save them to the "saved" mail queue. This is a debugging aid. To inspect the envelope information and @@ -4711,6 +4715,52 @@ Require that a \fBlocal\fR(8) recipient's home directory exists before mail delivery is attempted. By default this test is disabled. It can be useful for environments that import home directories to the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). +.SH reset_owner_alias (default: no) +Reset the \fBlocal\fR(8) delivery agent's idea of the owner-alias +attribute, when delivering mail to a child alias that does not have +its own owner alias. +.PP +This feature is available in Postfix 2.8 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"yes". +.PP +As documented in \fBaliases\fR(5), when an alias \fIname\fR has a +companion alias named owner-\fIname\fR, delivery errors will be +reported to the owner alias instead of the sender. This configuration +is recommended for mailing lists. +.PP +A less known property of the owner alias is that it also forces +the \fBlocal\fR(8) delivery agent to write local and remote addresses +from alias expansion to a new queue file, instead of attempting to +deliver mail to local addresses as soon as they come out of alias +expansion. +.PP +Writing local addresses from alias expansion to a new queue +file allows for robust handling of temporary delivery errors: errors +with one local member have no effect on deliveries to other members +of the list. On the other hand, delivery to local addresses as +soon as they come out of alias expansion is fragile: a temporary +error with one local address from alias expansion will cause the +entire alias to be expanded repeatedly until the error goes away, +or until the message expires in the queue. In that case, a problem +with one list member results in multiple message deliveries to other +list members. +.PP +The default behavior of Postfix 2.8 and later is to keep the +owner-alias attribute of the parent alias, when delivering mail to +a child alias that does not have its own owner alias. Then, local +addresses from that child alias will be written to a new queue file, +and a temporary error with one local address will not affect delivery +to other mailing list members. +.PP +Unfortunately, older Postfix releases reset the owner-alias +attribute when delivering mail to a child alias that does not have +its own owner alias. The \fBlocal\fR(8) delivery agent then attempts to +deliver local addresses as soon as they come out of child alias +expansion. If delivery to any address from child alias expansion +fails with a temporary error condition, the entire mailing list may +be expanded repeatedly until the mail expires in the queue, resulting +in multiple deliveries of the same message to mailing list members. .SH resolve_dequoted_address (default: yes) Resolve a recipient address safely instead of correctly, by looking inside quotes. diff --git a/postfix/man/man8/dnsblog.8 b/postfix/man/man8/dnsblog.8 index f18b81c3b..2a361344c 100644 --- a/postfix/man/man8/dnsblog.8 +++ b/postfix/man/man8/dnsblog.8 @@ -47,7 +47,8 @@ configuration files. How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. .IP "\fBpostscreen_dnsbl_sites (empty)\fR" -Optional list of DNS blocklist domains. +Optional list of DNS blocklist domains, filters and weight +factors. .IP "\fBipc_timeout (3600s)\fR" The time limit for sending or receiving information over an internal communication channel. diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8 index 4a847abbc..5b6bc81b4 100644 --- a/postfix/man/man8/local.8 +++ b/postfix/man/man8/local.8 @@ -415,6 +415,10 @@ expanding aliases or .forward files. Available in Postfix version 2.5.3 and later: .IP "\fBstrict_mailbox_ownership (yes)\fR" Defer delivery when a mailbox file is not owned by its recipient. +.IP "\fBreset_owner_alias (no)\fR" +Reset the \fBlocal\fR(8) delivery agent's idea of the owner-alias +attribute, when delivering mail to a child alias that does not have +its own owner alias. .SH "DELIVERY METHOD CONTROLS" .na .nf @@ -573,7 +577,7 @@ The location of the Postfix top-level queue directory. .IP "\fBrecipient_delimiter (empty)\fR" The separator between user names and address extensions (user+foo). .IP "\fBrequire_home_directory (no)\fR" -Whether or not a \fBlocal\fR(8) recipient's home directory must exist +Require that a \fBlocal\fR(8) recipient's home directory exists before mail delivery is attempted. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 90e589407..2f933155b 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -681,6 +681,7 @@ while (<>) { s;\btls_append_default_CA\b;$&;g; s;\bfrozen_delivered_to\b;$&;g; + s;\breset_owner_alias\b;$&;g; # Transport-dependent magical parameters. @@ -905,6 +906,7 @@ while (<>) { s;\bmulti_instance_enable\b;$&;g; # postscreen + s;\bdnsblog_reply_delay\b;$&;g; s;\bpostscreen_cache_map\b;$&;g; s;\bpostscreen_cache_cleanup_interval\b;$&;g; s;\bpostscreen_cache_retention_time\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 5f37e1a3e..8f3ae15fc 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -13282,3 +13282,57 @@ it passes the test, before it can talk to a real Postfix SMTP server.

This feature is available in Postfix 2.8.

+%PARAM dnsblog_reply_delay 0s + +

A debugging aid to artifically delay DNS responses.

+ +

This feature is available in Postfix 2.8.

+ +%PARAM reset_owner_alias no + +

Reset the local(8) delivery agent's idea of the owner-alias +attribute, when delivering mail to a child alias that does not have +its own owner alias.

+ +

This feature is available in Postfix 2.8 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"yes".

+ +

As documented in aliases(5), when an alias name has a +companion alias named owner-name, delivery errors will be +reported to the owner alias instead of the sender. This configuration +is recommended for mailing lists.

+ +

A less known property of the owner alias is that it also forces +the local(8) delivery agent to write local and remote addresses +from alias expansion to a new queue file, instead of attempting to +deliver mail to local addresses as soon as they come out of alias +expansion.

+ +

Writing local addresses from alias expansion to a new queue +file allows for robust handling of temporary delivery errors: errors +with one local member have no effect on deliveries to other members +of the list. On the other hand, delivery to local addresses as +soon as they come out of alias expansion is fragile: a temporary +error with one local address from alias expansion will cause the +entire alias to be expanded repeatedly until the error goes away, +or until the message expires in the queue. In that case, a problem +with one list member results in multiple message deliveries to other +list members.

+ +

The default behavior of Postfix 2.8 and later is to keep the +owner-alias attribute of the parent alias, when delivering mail to +a child alias that does not have its own owner alias. Then, local +addresses from that child alias will be written to a new queue file, +and a temporary error with one local address will not affect delivery +to other mailing list members.

+ +

Unfortunately, older Postfix releases reset the owner-alias +attribute when delivering mail to a child alias that does not have +its own owner alias. The local(8) delivery agent then attempts to +deliver local addresses as soon as they come out of child alias +expansion. If delivery to any address from child alias expansion +fails with a temporary error condition, the entire mailing list may +be expanded repeatedly until the mail expires in the queue, resulting +in multiple deliveries of the same message to mailing list members. +

diff --git a/postfix/src/dnsblog/dnsblog.c b/postfix/src/dnsblog/dnsblog.c index 5cbfa161a..425a70267 100644 --- a/postfix/src/dnsblog/dnsblog.c +++ b/postfix/src/dnsblog/dnsblog.c @@ -37,7 +37,8 @@ /* How much time a Postfix daemon process may take to handle a /* request before it is terminated by a built-in watchdog timer. /* .IP "\fBpostscreen_dnsbl_sites (empty)\fR" -/* Optional list of DNS blocklist domains. +/* Optional list of DNS blocklist domains, filters and weight +/* factors. /* .IP "\fBipc_timeout (3600s)\fR" /* The time limit for sending or receiving information over an internal /* communication channel. @@ -90,6 +91,7 @@ #include #include #include +#include /* DNS library. */ @@ -101,6 +103,11 @@ /* Application-specific. */ + /* + * Tunable parameters. + */ +int var_dnsblog_delay; + /* * Static so we don't allocate and free on every request. */ @@ -118,8 +125,8 @@ static VSTRING *result; /* static void dnsblog_query - query DNSBL for client address */ -static VSTRING *dnsblog_query(VSTRING *result, const char *dnsbl_domain, - const char *addr) +static VSTRING *dnsblog_query(VSTRING *result, const char *dnsbl_domain, + const char *addr) { const char *myname = "dnsblog_query"; ARGV *octets; @@ -224,6 +231,8 @@ static void dnsblog_service(VSTREAM *client_stream, char *unused_service, ATTR_TYPE_STR, MAIL_ATTR_ACT_CLIENT_ADDR, addr, ATTR_TYPE_END) == 2) { (void) dnsblog_query(result, STR(rbl_domain), STR(addr)); + if (var_dnsblog_delay > 0) + sleep(var_dnsblog_delay); attr_print(client_stream, ATTR_FLAG_NONE, ATTR_TYPE_STR, MAIL_ATTR_RBL_DOMAIN, STR(rbl_domain), ATTR_TYPE_STR, MAIL_ATTR_ACT_CLIENT_ADDR, STR(addr), @@ -250,6 +259,10 @@ MAIL_VERSION_STAMP_DECLARE; int main(int argc, char **argv) { + static const CONFIG_TIME_TABLE time_table[] = { + VAR_DNSBLOG_DELAY, DEF_DNSBLOG_DELAY, &var_dnsblog_delay, 0, 0, + 0, + }; /* * Fingerprint executables and core dumps. @@ -257,6 +270,7 @@ int main(int argc, char **argv) MAIL_VERSION_STAMP_ALLOCATE; multi_server_main(argc, argv, dnsblog_service, + MAIL_SERVER_TIME_TABLE, time_table, MAIL_SERVER_POST_INIT, post_jail_init, MAIL_SERVER_UNLIMITED, 0); diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 6ccf57553..7b10077e0 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2897,6 +2897,10 @@ extern char *var_msg_strip_chars; #define DEF_FROZEN_DELIVERED 1 extern bool var_frozen_delivered; +#define VAR_RESET_OWNER_ATTR "reset_owner_alias" +#define DEF_RESET_OWNER_ATTR 0 +extern bool var_reset_owner_attr; + /* * Delay logging time roundup. */ @@ -3351,6 +3355,10 @@ extern bool var_ps_helo_required; #define DEF_PS_DISABLE_VRFY "$" VAR_DISABLE_VRFY_CMD extern bool var_ps_disable_vrfy; +#define VAR_DNSBLOG_DELAY "dnsblog_reply_delay" +#define DEF_DNSBLOG_DELAY "0s" +extern int var_dnsblog_delay; + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 3a92662dc..953e47eef 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20100923" +#define MAIL_RELEASE_DATE "20101006" #define MAIL_VERSION_NUMBER "2.8" #ifdef SNAPSHOT diff --git a/postfix/src/local/alias.c b/postfix/src/local/alias.c index dc613efc0..0fc0b9fbf 100644 --- a/postfix/src/local/alias.c +++ b/postfix/src/local/alias.c @@ -265,7 +265,8 @@ int deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr, } else { canon_owner = 0; /* Note: this does not reset the envelope sender. */ - RESET_OWNER_ATTR(state.msg_attr, state.level); + if (var_reset_owner_attr) + RESET_OWNER_ATTR(state.msg_attr, state.level); } /* diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index fecd18293..43e5c271c 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -381,6 +381,10 @@ /* Available in Postfix version 2.5.3 and later: /* .IP "\fBstrict_mailbox_ownership (yes)\fR" /* Defer delivery when a mailbox file is not owned by its recipient. +/* .IP "\fBreset_owner_alias (no)\fR" +/* Reset the \fBlocal\fR(8) delivery agent's idea of the owner-alias +/* attribute, when delivering mail to a child alias that does not have +/* its own owner alias. /* DELIVERY METHOD CONTROLS /* .ad /* .fi @@ -529,7 +533,7 @@ /* .IP "\fBrecipient_delimiter (empty)\fR" /* The separator between user names and address extensions (user+foo). /* .IP "\fBrequire_home_directory (no)\fR" -/* Whether or not a \fBlocal\fR(8) recipient's home directory must exist +/* Require that a \fBlocal\fR(8) recipient's home directory exists /* before mail delivery is attempted. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. @@ -648,6 +652,7 @@ int var_mailtool_compat; char *var_mailbox_lock; int var_mailbox_limit; bool var_frozen_delivered; +bool var_reset_owner_attr; bool var_strict_mbox_owner; int local_cmd_deliver_mask; @@ -896,6 +901,7 @@ int main(int argc, char **argv) VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir, VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat, VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered, + VAR_RESET_OWNER_ATTR, DEF_RESET_OWNER_ATTR, &var_reset_owner_attr, VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner, 0, }; diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index 98e32443c..d3c270ebe 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -571,7 +571,7 @@ static void ps_service(VSTREAM *smtp_client_stream, * tests. Whitelist the client when all enabled test results are still * valid. */ - if ((state->flags & PS_STATE_FLAG_ANY_FAIL) == 0 + if ((state->flags & PS_STATE_MASK_ANY_FAIL) == 0 && ps_cache_map != 0 && (stamp_str = ps_cache_lookup(ps_cache_map, state->smtp_client_addr)) != 0) { saved_flags = state->flags; @@ -580,7 +580,7 @@ static void ps_service(VSTREAM *smtp_client_stream, if (msg_verbose) msg_info("%s: cached + recent flags: %s", myname, ps_print_state_flags(state->flags, myname)); - if ((state->flags & PS_STATE_FLAG_ANY_TODO_FAIL) == 0) { + if ((state->flags & PS_STATE_MASK_ANY_TODO_FAIL) == 0) { msg_info("PASS OLD %s", state->smtp_client_addr); ps_conclude(state); return; @@ -622,9 +622,9 @@ static void ps_service(VSTREAM *smtp_client_stream, * If the client has no up-to-date results for some tests, do those tests * first. Otherwise, skip the tests and hand off the connection. */ - if (state->flags & PS_STATE_FLAG_EARLY_TODO) + if (state->flags & PS_STATE_MASK_EARLY_TODO) ps_early_tests(state); - else if (state->flags & (PS_STATE_FLAG_SMTPD_TODO | PS_STATE_FLAG_NOFORWARD)) + else if (state->flags & (PS_STATE_MASK_SMTPD_TODO | PS_STATE_FLAG_NOFORWARD)) ps_smtpd_tests(state); else ps_conclude(state); @@ -647,7 +647,7 @@ static int ps_cache_validator(const char *client_addr, * expired longer ago than the cache retention time. */ ps_parse_tests(&dummy, stamp_str, event_time() - var_ps_cache_ret); - return ((dummy.flags & PS_STATE_FLAG_ANY_TODO) == 0); + return ((dummy.flags & PS_STATE_MASK_ANY_TODO) == 0); } /* pre_jail_init - pre-jail initialization */ diff --git a/postfix/src/postscreen/postscreen.h b/postfix/src/postscreen/postscreen.h index 4eb3adf64..374389a64 100644 --- a/postfix/src/postscreen/postscreen.h +++ b/postfix/src/postscreen/postscreen.h @@ -49,6 +49,7 @@ typedef struct { time_t pregr_stamp; /* pregreet expiration time */ time_t dnsbl_stamp; /* dnsbl expiration time */ VSTRING *dnsbl_reply; /* dnsbl reject text */ + int dnsbl_index; /* dnsbl request index */ /* Built-in SMTP protocol engine. */ time_t pipel_stamp; /* pipelining expiration time */ time_t nsmtp_stamp; /* non-smtp command expiration time */ @@ -126,71 +127,71 @@ typedef struct { /* * Aggregates for individual tests. */ -#define PS_STATE_FLAG_PREGR_TODO_FAIL \ +#define PS_STATE_MASK_PREGR_TODO_FAIL \ (PS_STATE_FLAG_PREGR_TODO | PS_STATE_FLAG_PREGR_FAIL) -#define PS_STATE_FLAG_DNSBL_TODO_FAIL \ +#define PS_STATE_MASK_DNSBL_TODO_FAIL \ (PS_STATE_FLAG_DNSBL_TODO | PS_STATE_FLAG_DNSBL_FAIL) -#define PS_STATE_FLAG_PIPEL_TODO_FAIL \ +#define PS_STATE_MASK_PIPEL_TODO_FAIL \ (PS_STATE_FLAG_PIPEL_TODO | PS_STATE_FLAG_PIPEL_FAIL) -#define PS_STATE_FLAG_NSMTP_TODO_FAIL \ +#define PS_STATE_MASK_NSMTP_TODO_FAIL \ (PS_STATE_FLAG_NSMTP_TODO | PS_STATE_FLAG_NSMTP_FAIL) -#define PS_STATE_FLAG_BARLF_TODO_FAIL \ +#define PS_STATE_MASK_BARLF_TODO_FAIL \ (PS_STATE_FLAG_BARLF_TODO | PS_STATE_FLAG_BARLF_FAIL) -#define PS_STATE_FLAG_PIPEL_TODO_SKIP \ +#define PS_STATE_MASK_PIPEL_TODO_SKIP \ (PS_STATE_FLAG_PIPEL_TODO | PS_STATE_FLAG_PIPEL_SKIP) -#define PS_STATE_FLAG_NSMTP_TODO_SKIP \ +#define PS_STATE_MASK_NSMTP_TODO_SKIP \ (PS_STATE_FLAG_NSMTP_TODO | PS_STATE_FLAG_NSMTP_SKIP) -#define PS_STATE_FLAG_BARLF_TODO_SKIP \ +#define PS_STATE_MASK_BARLF_TODO_SKIP \ (PS_STATE_FLAG_BARLF_TODO | PS_STATE_FLAG_BARLF_SKIP) -#define PS_STATE_FLAG_PIPEL_TODO_PASS_FAIL \ - (PS_STATE_FLAG_PIPEL_TODO_FAIL | PS_STATE_FLAG_PIPEL_PASS) -#define PS_STATE_FLAG_NSMTP_TODO_PASS_FAIL \ - (PS_STATE_FLAG_NSMTP_TODO_FAIL | PS_STATE_FLAG_NSMTP_PASS) -#define PS_STATE_FLAG_BARLF_TODO_PASS_FAIL \ - (PS_STATE_FLAG_BARLF_TODO_FAIL | PS_STATE_FLAG_BARLF_PASS) +#define PS_STATE_MASK_PIPEL_TODO_PASS_FAIL \ + (PS_STATE_MASK_PIPEL_TODO_FAIL | PS_STATE_FLAG_PIPEL_PASS) +#define PS_STATE_MASK_NSMTP_TODO_PASS_FAIL \ + (PS_STATE_MASK_NSMTP_TODO_FAIL | PS_STATE_FLAG_NSMTP_PASS) +#define PS_STATE_MASK_BARLF_TODO_PASS_FAIL \ + (PS_STATE_MASK_BARLF_TODO_FAIL | PS_STATE_FLAG_BARLF_PASS) /* * Separate aggregates for early tests and deep tests. */ -#define PS_STATE_FLAG_EARLY_DONE \ +#define PS_STATE_MASK_EARLY_DONE \ (PS_STATE_FLAG_PREGR_DONE | PS_STATE_FLAG_DNSBL_DONE) -#define PS_STATE_FLAG_EARLY_TODO \ +#define PS_STATE_MASK_EARLY_TODO \ (PS_STATE_FLAG_PREGR_TODO | PS_STATE_FLAG_DNSBL_TODO) -#define PS_STATE_FLAG_EARLY_PASS \ +#define PS_STATE_MASK_EARLY_PASS \ (PS_STATE_FLAG_PREGR_PASS | PS_STATE_FLAG_DNSBL_PASS) -#define PS_STATE_FLAG_EARLY_FAIL \ +#define PS_STATE_MASK_EARLY_FAIL \ (PS_STATE_FLAG_PREGR_FAIL | PS_STATE_FLAG_DNSBL_FAIL) -#define PS_STATE_FLAG_SMTPD_TODO \ +#define PS_STATE_MASK_SMTPD_TODO \ (PS_STATE_FLAG_PIPEL_TODO | PS_STATE_FLAG_NSMTP_TODO | \ PS_STATE_FLAG_BARLF_TODO) -#define PS_STATE_FLAG_SMTPD_PASS \ +#define PS_STATE_MASK_SMTPD_PASS \ (PS_STATE_FLAG_PIPEL_PASS | PS_STATE_FLAG_NSMTP_PASS | \ PS_STATE_FLAG_BARLF_PASS) -#define PS_STATE_FLAG_SMTPD_FAIL \ +#define PS_STATE_MASK_SMTPD_FAIL \ (PS_STATE_FLAG_PIPEL_FAIL | PS_STATE_FLAG_NSMTP_FAIL | \ PS_STATE_FLAG_BARLF_FAIL) /* * Super-aggregates for all tests combined. */ -#define PS_STATE_FLAG_ANY_FAIL \ +#define PS_STATE_MASK_ANY_FAIL \ (PS_STATE_FLAG_BLIST_FAIL | \ - PS_STATE_FLAG_EARLY_FAIL | PS_STATE_FLAG_SMTPD_FAIL) + PS_STATE_MASK_EARLY_FAIL | PS_STATE_MASK_SMTPD_FAIL) -#define PS_STATE_FLAG_ANY_PASS \ - (PS_STATE_FLAG_EARLY_PASS | PS_STATE_FLAG_SMTPD_PASS) +#define PS_STATE_MASK_ANY_PASS \ + (PS_STATE_MASK_EARLY_PASS | PS_STATE_MASK_SMTPD_PASS) -#define PS_STATE_FLAG_ANY_TODO \ - (PS_STATE_FLAG_EARLY_TODO | PS_STATE_FLAG_SMTPD_TODO) +#define PS_STATE_MASK_ANY_TODO \ + (PS_STATE_MASK_EARLY_TODO | PS_STATE_MASK_SMTPD_TODO) -#define PS_STATE_FLAG_ANY_TODO_FAIL \ - (PS_STATE_FLAG_ANY_TODO | PS_STATE_FLAG_ANY_FAIL) +#define PS_STATE_MASK_ANY_TODO_FAIL \ + (PS_STATE_MASK_ANY_TODO | PS_STATE_MASK_ANY_FAIL) -#define PS_STATE_FLAG_ANY_UPDATE \ - (PS_STATE_FLAG_ANY_PASS) +#define PS_STATE_MASK_ANY_UPDATE \ + (PS_STATE_MASK_ANY_PASS) /* * See log_adhoc.c for discussion. @@ -378,8 +379,8 @@ extern void ps_cache_update(DICT_CACHE *, const char *, const char *); * postscreen_dnsbl.c */ extern void ps_dnsbl_init(void); -extern int ps_dnsbl_retrieve(const char *, const char **); -extern void ps_dnsbl_request(const char *, void (*) (int, char *), char *); +extern int ps_dnsbl_retrieve(const char *, const char **, int); +extern int ps_dnsbl_request(const char *, void (*) (int, char *), char *); /* * postscreen_tests.c diff --git a/postfix/src/postscreen/postscreen_dnsbl.c b/postfix/src/postscreen/postscreen_dnsbl.c index 77f6b9c20..289a38bf1 100644 --- a/postfix/src/postscreen/postscreen_dnsbl.c +++ b/postfix/src/postscreen/postscreen_dnsbl.c @@ -8,14 +8,15 @@ /* /* void ps_dnsbl_init(void) /* -/* void ps_dnsbl_request(client_addr, callback, context) +/* int ps_dnsbl_request(client_addr, callback, context) /* char *client_addr; /* void (*callback)(int, char *); /* char *context; /* -/* int ps_dnsbl_retrieve(client_addr, dnsbl_name) +/* int ps_dnsbl_retrieve(client_addr, dnsbl_name, dnsbl_index) /* char *client_addr; /* const char **dnsbl_name; +/* int dnsbl_index; /* DESCRIPTION /* This module implements preliminary support for DNSBL lookups. /* Multiple requests for the same information are handled with @@ -33,6 +34,8 @@ /* on to the callback function. The callback should ignore its /* first argument (it exists for compatibility with Postfix /* generic event infrastructure). +/* The result value is the index for the ps_dnsbl_retrieve() +/* call. /* /* ps_dnsbl_retrieve() retrieves the result score requested with /* ps_dnsbl_request() and decrements the reference count. It @@ -141,6 +144,19 @@ typedef struct { (sp)->index = 0; \ } while (0) +#define PS_CALL_BACK_INDEX_OF_LAST(sp) ((sp)->index - 1) + +#define PS_CALL_BACK_CANCEL(sp, idx) do { \ + PS_CALL_BACK_ENTRY *_cb_; \ + if ((idx) < 0 || (idx) >= (sp)->index) \ + msg_panic("%s: index %d must be >= 0 and < %d", \ + myname, (idx), (sp)->index); \ + _cb_ = (sp)->table + (idx); \ + event_cancel_timer(_cb_->callback, _cb_->context); \ + _cb_->callback = 0; \ + _cb_->context = 0; \ + } while (0) + #define PS_CALL_BACK_EXTEND(hp, sp) do { \ if ((sp)->index >= (sp)->limit) { \ int _count_ = ((sp)->limit ? (sp)->limit * 2 : 5); \ @@ -160,7 +176,8 @@ typedef struct { #define PS_CALL_BACK_NOTIFY(sp, ev) do { \ PS_CALL_BACK_ENTRY *_cb_; \ for (_cb_ = (sp)->table; _cb_ < (sp)->table + (sp)->index; _cb_++) \ - _cb_->callback((ev), _cb_->context); \ + if (_cb_->callback != 0) \ + _cb_->callback((ev), _cb_->context); \ } while (0) #define PS_NULL_EVENT (0) @@ -264,7 +281,8 @@ static int ps_dnsbl_match(const char *filter, ARGV *reply) /* ps_dnsbl_retrieve - retrieve blocklist score, decrement reference count */ -int ps_dnsbl_retrieve(const char *client_addr, const char **dnsbl_name) +int ps_dnsbl_retrieve(const char *client_addr, const char **dnsbl_name, + int dnsbl_index) { const char *myname = "ps_dnsbl_retrieve"; PS_DNSBL_SCORE *score; @@ -277,6 +295,11 @@ int ps_dnsbl_retrieve(const char *client_addr, const char **dnsbl_name) htable_find(dnsbl_score_cache, client_addr)) == 0) msg_panic("%s: no blocklist score for %s", myname, client_addr); + /* + * Disable callbacks. + */ + PS_CALL_BACK_CANCEL(score, dnsbl_index); + /* * Reads are destructive. */ @@ -376,7 +399,7 @@ static void ps_dnsbl_receive(int event, char *context) /* ps_dnsbl_request - send dnsbl query, increment reference count */ -void ps_dnsbl_request(const char *client_addr, +int ps_dnsbl_request(const char *client_addr, void (*callback) (int, char *), char *context) { @@ -420,7 +443,7 @@ void ps_dnsbl_request(const char *client_addr, score->pending_lookups); if (score->pending_lookups == 0) event_request_timer(callback, context, EVENT_NULL_DELAY); - return; + return (PS_CALL_BACK_INDEX_OF_LAST(score)); } if (msg_verbose > 1) msg_info("%s: create blocklist score for %s", myname, client_addr); @@ -458,6 +481,7 @@ void ps_dnsbl_request(const char *client_addr, (char *) stream, DNSBLOG_TIMEOUT); score->pending_lookups += 1; } + return (PS_CALL_BACK_INDEX_OF_LAST(score)); } /* ps_dnsbl_init - initialize */ diff --git a/postfix/src/postscreen/postscreen_early.c b/postfix/src/postscreen/postscreen_early.c index 8fc8fade8..27e22e284 100644 --- a/postfix/src/postscreen/postscreen_early.c +++ b/postfix/src/postscreen/postscreen_early.c @@ -89,7 +89,7 @@ static void ps_early_event(int event, char *context) /* * Check if the SMTP client spoke before its turn. */ - if ((state->flags & PS_STATE_FLAG_PREGR_TODO_FAIL) + if ((state->flags & PS_STATE_MASK_PREGR_TODO_FAIL) == PS_STATE_FLAG_PREGR_TODO) { state->pregr_stamp = event_time() + var_ps_pregr_ttl; PS_PASS_SESSION_STATE(state, "pregreet test", @@ -110,7 +110,8 @@ static void ps_early_event(int event, char *context) if (state->flags & PS_STATE_FLAG_DNSBL_TODO) { dnsbl_score = - ps_dnsbl_retrieve(state->smtp_client_addr, &dnsbl_name); + ps_dnsbl_retrieve(state->smtp_client_addr, &dnsbl_name, + state->dnsbl_index); if (dnsbl_score < var_ps_dnsbl_thresh) { state->dnsbl_stamp = event_time() + var_ps_dnsbl_ttl; PS_PASS_SESSION_STATE(state, "dnsbl test", @@ -148,7 +149,7 @@ static void ps_early_event(int event, char *context) * Pass the connection to a real SMTP server, or enter the dummy * engine for deep tests. */ - if (state->flags & (PS_STATE_FLAG_NOFORWARD | PS_STATE_FLAG_SMTPD_TODO)) + if (state->flags & (PS_STATE_FLAG_NOFORWARD | PS_STATE_MASK_SMTPD_TODO)) ps_smtpd_tests(state); else ps_conclude(state); @@ -166,7 +167,8 @@ static void ps_early_event(int event, char *context) read_buf, sizeof(read_buf) - 1, MSG_PEEK)) <= 0) { /* Avoid memory leak. */ if (state->flags & PS_STATE_FLAG_DNSBL_TODO) - (void) ps_dnsbl_retrieve(state->smtp_client_addr, &dnsbl_name); + (void) ps_dnsbl_retrieve(state->smtp_client_addr, &dnsbl_name, + state->dnsbl_index); /* XXX Wait for DNS replies to come in. */ ps_hangup_event(state); return; @@ -180,7 +182,8 @@ static void ps_early_event(int event, char *context) case PS_ACT_DROP: /* Avoid memory leak. */ if (state->flags & PS_STATE_FLAG_DNSBL_TODO) - (void) ps_dnsbl_retrieve(state->smtp_client_addr, &dnsbl_name); + (void) ps_dnsbl_retrieve(state->smtp_client_addr, &dnsbl_name, + state->dnsbl_index); PS_DROP_SESSION_STATE(state, "521 5.5.1 Protocol error\r\n"); return; case PS_ACT_ENFORCE: @@ -207,8 +210,8 @@ static void ps_early_event(int event, char *context) */ state->flags |= PS_STATE_FLAG_PREGR_DONE; if (elapsed.dt_sec >= PS_EFF_GREET_WAIT - || ((state->flags & PS_STATE_FLAG_EARLY_DONE) - == PS_STATE_FLAGS_TODO_TO_DONE(state->flags & PS_STATE_FLAG_EARLY_TODO))) + || ((state->flags & PS_STATE_MASK_EARLY_DONE) + == PS_STATE_FLAGS_TODO_TO_DONE(state->flags & PS_STATE_MASK_EARLY_TODO))) ps_early_event(EVENT_TIME, context); else event_request_timer(ps_early_event, context, @@ -233,8 +236,8 @@ static void ps_early_dnsbl_event(int unused_event, char *context) * dangling pointer. */ state->flags |= PS_STATE_FLAG_DNSBL_DONE; - if ((state->flags & PS_STATE_FLAG_EARLY_DONE) - == PS_STATE_FLAGS_TODO_TO_DONE(state->flags & PS_STATE_FLAG_EARLY_TODO)) + if ((state->flags & PS_STATE_MASK_EARLY_DONE) + == PS_STATE_FLAGS_TODO_TO_DONE(state->flags & PS_STATE_MASK_EARLY_TODO)) event_request_timer(ps_early_event, context, EVENT_NULL_DELAY); } @@ -266,8 +269,11 @@ void ps_early_tests(PS_STATE *state) * Run a DNS blocklist query. */ if ((state->flags & PS_STATE_FLAG_DNSBL_TODO) != 0) - ps_dnsbl_request(state->smtp_client_addr, ps_early_dnsbl_event, - (char *) state); + state->dnsbl_index = + ps_dnsbl_request(state->smtp_client_addr, ps_early_dnsbl_event, + (char *) state); + else + state->dnsbl_index = -1; /* * Wait for the client to respond or for DNS lookup to complete. diff --git a/postfix/src/postscreen/postscreen_misc.c b/postfix/src/postscreen/postscreen_misc.c index 443db5fee..0015ba998 100644 --- a/postfix/src/postscreen/postscreen_misc.c +++ b/postfix/src/postscreen/postscreen_misc.c @@ -95,14 +95,14 @@ void ps_conclude(PS_STATE *state) * blacklisting. There may still be unfinished tests; those tests will * need to be completed when the client returns in a later session. */ - if (state->flags & PS_STATE_FLAG_ANY_FAIL) - state->flags &= ~PS_STATE_FLAG_ANY_PASS; + if (state->flags & PS_STATE_MASK_ANY_FAIL) + state->flags &= ~PS_STATE_MASK_ANY_PASS; /* * Log our final blessing when all unfinished tests were completed. */ - if ((state->flags & PS_STATE_FLAG_ANY_PASS) == - PS_STATE_FLAGS_TODO_TO_PASS(state->flags & PS_STATE_FLAG_ANY_TODO)) + if ((state->flags & PS_STATE_MASK_ANY_PASS) == + PS_STATE_FLAGS_TODO_TO_PASS(state->flags & PS_STATE_MASK_ANY_TODO)) msg_info("PASS %s %s", (state->flags & PS_STATE_FLAG_NEW) == 0 ? "OLD" : "NEW", state->smtp_client_addr); @@ -111,7 +111,7 @@ void ps_conclude(PS_STATE *state) * client gets whitelisted in the course of multiple sessions, as long as * that client does not "fail" any test. */ - if ((state->flags & PS_STATE_FLAG_ANY_UPDATE) != 0 + if ((state->flags & PS_STATE_MASK_ANY_UPDATE) != 0 && ps_cache_map != 0) { ps_print_tests(ps_temp, state); ps_cache_update(ps_cache_map, state->smtp_client_addr, STR(ps_temp)); diff --git a/postfix/src/postscreen/postscreen_smtpd.c b/postfix/src/postscreen/postscreen_smtpd.c index 33955f0a3..2e4af5022 100644 --- a/postfix/src/postscreen/postscreen_smtpd.c +++ b/postfix/src/postscreen/postscreen_smtpd.c @@ -576,7 +576,7 @@ static void ps_smtpd_read_event(int event, char *context) * Bare newline test. */ if (ch == '\n') { - if ((state->flags & PS_STATE_FLAG_BARLF_TODO_SKIP) + if ((state->flags & PS_STATE_MASK_BARLF_TODO_SKIP) == PS_STATE_FLAG_BARLF_TODO) { msg_info("BARE NEWLINE from %s", state->smtp_client_addr); PS_FAIL_SESSION_STATE(state, PS_STATE_FLAG_BARLF_FAIL); @@ -661,7 +661,7 @@ static void ps_smtpd_read_event(int event, char *context) break; /* Non-SMTP command test. */ - if ((state->flags & PS_STATE_FLAG_NSMTP_TODO_SKIP) + if ((state->flags & PS_STATE_MASK_NSMTP_TODO_SKIP) == PS_STATE_FLAG_NSMTP_TODO && cmdp->name == 0 && (is_header(command) || (*var_ps_forbid_cmds @@ -699,7 +699,7 @@ static void ps_smtpd_read_event(int event, char *context) } } /* Command PIPELINING test. */ - if ((state->flags & PS_STATE_FLAG_PIPEL_TODO_SKIP) + if ((state->flags & PS_STATE_MASK_PIPEL_TODO_SKIP) == PS_STATE_FLAG_PIPEL_TODO && !PS_SMTPD_BUFFER_EMPTY(state)) { printable(command, '?'); msg_info("COMMAND PIPELINING from %s after %.100s", @@ -740,21 +740,21 @@ static void ps_smtpd_read_event(int event, char *context) * tests with some later command. */ if (cmdp->action == ps_rcpt_cmd) { - if ((state->flags & PS_STATE_FLAG_BARLF_TODO_PASS_FAIL) + if ((state->flags & PS_STATE_MASK_BARLF_TODO_PASS_FAIL) == PS_STATE_FLAG_BARLF_TODO) { PS_PASS_SESSION_STATE(state, "bare newline test", PS_STATE_FLAG_BARLF_PASS); /* XXX Reset to PS_TIME_STAMP_DISABLED on failure. */ state->barlf_stamp = event_time() + var_ps_barlf_ttl; } - if ((state->flags & PS_STATE_FLAG_NSMTP_TODO_PASS_FAIL) + if ((state->flags & PS_STATE_MASK_NSMTP_TODO_PASS_FAIL) == PS_STATE_FLAG_NSMTP_TODO) { PS_PASS_SESSION_STATE(state, "non-smtp test", PS_STATE_FLAG_NSMTP_PASS); /* XXX Reset to PS_TIME_STAMP_DISABLED on failure. */ state->nsmtp_stamp = event_time() + var_ps_nsmtp_ttl; } - if ((state->flags & PS_STATE_FLAG_PIPEL_TODO_PASS_FAIL) + if ((state->flags & PS_STATE_MASK_PIPEL_TODO_PASS_FAIL) == PS_STATE_FLAG_PIPEL_TODO) { PS_PASS_SESSION_STATE(state, "pipelining test", PS_STATE_FLAG_PIPEL_PASS); diff --git a/postfix/src/postscreen/postscreen_tests.c b/postfix/src/postscreen/postscreen_tests.c index 181f02a0b..02b6965e5 100644 --- a/postfix/src/postscreen/postscreen_tests.c +++ b/postfix/src/postscreen/postscreen_tests.c @@ -246,7 +246,7 @@ void ps_parse_tests(PS_STATE *state, * full postscreen_greet_wait too frequently. */ #if 0 - if (state->flags & PS_STATE_FLAG_EARLY_TODO) { + if (state->flags & PS_STATE_MASK_EARLY_TODO) { if (PS_PREGR_TEST_ENABLE()) state->flags |= PS_STATE_FLAG_PREGR_TODO; if (PS_DNSBL_TEST_ENABLE()) @@ -264,7 +264,7 @@ char *ps_print_tests(VSTRING *buf, PS_STATE *state) /* * Sanity check. */ - if ((state->flags & PS_STATE_FLAG_ANY_UPDATE) == 0) + if ((state->flags & PS_STATE_MASK_ANY_UPDATE) == 0) msg_panic("%s: attempt to save a no-update record", myname); /* diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index ce6a4de79..5e074a509 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -4198,8 +4198,8 @@ static SMTPD_CMD smtpd_cmd_table[] = { SMTPD_CMD_RCPT, rcpt_cmd, 0, SMTPD_CMD_DATA, data_cmd, SMTPD_CMD_FLAG_LAST, SMTPD_CMD_RSET, rset_cmd, SMTPD_CMD_FLAG_LIMIT, - SMTPD_CMD_NOOP, noop_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS, - SMTPD_CMD_VRFY, vrfy_cmd, SMTPD_CMD_FLAG_LIMIT, + SMTPD_CMD_NOOP, noop_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST, + SMTPD_CMD_VRFY, vrfy_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_LAST, SMTPD_CMD_ETRN, etrn_cmd, SMTPD_CMD_FLAG_LIMIT, SMTPD_CMD_QUIT, quit_cmd, SMTPD_CMD_FLAG_PRE_TLS, SMTPD_CMD_XCLIENT, xclient_cmd, 0, diff --git a/postfix/src/util/events.c b/postfix/src/util/events.c index c8cc6aeca..d79596f57 100644 --- a/postfix/src/util/events.c +++ b/postfix/src/util/events.c @@ -234,7 +234,7 @@ typedef struct { typedef struct EVENT_FDTABLE EVENT_FDTABLE; struct EVENT_FDTABLE { - EVENT_NOTIFY_RDWR callback; + EVENT_NOTIFY_RDWR_FN callback; char *context; }; static EVENT_MASK event_rmask; /* enabled read events */ @@ -508,7 +508,7 @@ typedef struct EVENT_TIMER EVENT_TIMER; struct EVENT_TIMER { time_t when; /* when event is wanted */ - EVENT_NOTIFY_TIME callback; /* callback function */ + EVENT_NOTIFY_TIME_FN callback; /* callback function */ char *context; /* callback context */ long loop_instance; /* event_loop() call instance */ RING ring; /* linkage */ @@ -720,7 +720,7 @@ void event_fork(void) /* event_enable_read - enable read events */ -void event_enable_read(int fd, EVENT_NOTIFY_RDWR callback, char *context) +void event_enable_read(int fd, EVENT_NOTIFY_RDWR_FN callback, char *context) { const char *myname = "event_enable_read"; EVENT_FDTABLE *fdp; @@ -775,7 +775,7 @@ void event_enable_read(int fd, EVENT_NOTIFY_RDWR callback, char *context) /* event_enable_write - enable write events */ -void event_enable_write(int fd, EVENT_NOTIFY_RDWR callback, char *context) +void event_enable_write(int fd, EVENT_NOTIFY_RDWR_FN callback, char *context) { const char *myname = "event_enable_write"; EVENT_FDTABLE *fdp; @@ -885,7 +885,7 @@ void event_disable_readwrite(int fd) /* event_request_timer - (re)set timer */ -time_t event_request_timer(EVENT_NOTIFY_TIME callback, char *context, int delay) +time_t event_request_timer(EVENT_NOTIFY_TIME_FN callback, char *context, int delay) { const char *myname = "event_request_timer"; RING *ring; @@ -956,7 +956,7 @@ time_t event_request_timer(EVENT_NOTIFY_TIME callback, char *context, int delay /* event_cancel_timer - cancel timer */ -int event_cancel_timer(EVENT_NOTIFY_TIME callback, char *context) +int event_cancel_timer(EVENT_NOTIFY_TIME_FN callback, char *context) { const char *myname = "event_cancel_timer"; RING *ring; diff --git a/postfix/src/util/events.h b/postfix/src/util/events.h index 6ea89119a..dfa1e3f6b 100644 --- a/postfix/src/util/events.h +++ b/postfix/src/util/events.h @@ -19,15 +19,15 @@ /* * External interface. */ -typedef void (*EVENT_NOTIFY_RDWR) (int, char *); -typedef void (*EVENT_NOTIFY_TIME) (int, char *); +typedef void (*EVENT_NOTIFY_RDWR_FN) (int, char *); +typedef void (*EVENT_NOTIFY_TIME_FN) (int, char *); extern time_t event_time(void); -extern void event_enable_read(int, EVENT_NOTIFY_RDWR, char *); -extern void event_enable_write(int, EVENT_NOTIFY_RDWR, char *); +extern void event_enable_read(int, EVENT_NOTIFY_RDWR_FN, char *); +extern void event_enable_write(int, EVENT_NOTIFY_RDWR_FN, char *); extern void event_disable_readwrite(int); -extern time_t event_request_timer(EVENT_NOTIFY_TIME, char *, int); -extern int event_cancel_timer(EVENT_NOTIFY_TIME, char *); +extern time_t event_request_timer(EVENT_NOTIFY_TIME_FN, char *, int); +extern int event_cancel_timer(EVENT_NOTIFY_TIME_FN, char *); extern void event_loop(int); extern void event_drain(int); extern void event_fork(void);