From: Wietse Venema Date: Fri, 4 Jan 2002 05:00:00 +0000 (-0500) Subject: snapshot-20020104 X-Git-Tag: v1.1.0~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad0d1b5833e947c1f54c08c8abd5c87a83d5d8aa;p=thirdparty%2Fpostfix.git snapshot-20020104 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 473ea8a83..f93a2518e 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -5881,9 +5881,9 @@ Apologies for any names omitted. 20020101 Security: new alternate_config_directories parameter that - lists directories that a set-gid command will accept as - its configuration directory. The list must be specified in - the default main.cf file. File: global/mail_conf.c. + specifies what directories a set-gid command will accept + as its configuration directory. The list must be specified + in the default main.cf file. File: global/mail_conf.c. Cleanup: "sendmail -qRsite" is no longer implemented by connecting to the SMTP port. It is now implemented by @@ -5891,13 +5891,13 @@ Apologies for any names omitted. 20020203 - Cleanup: all installation information is maintained by the - main.cf file. The install.cf file is used only when upgrading - from an older Postfix release. + Cleanup: INSTALL.sh now records all installation information + in the main.cf file. The now obsolete install.cf file is + used only when upgrading from an older Postfix release. - Cleanup: INSTALL.sh now takes non-default settings on the - command line, and has a "-upgrade" command line option to - turn on non-interactive installation. + Cleanup: INSTALL.sh now takes name=value settings on the + command line, and has a new "-upgrade" command line option + to turn on non-interactive installation. Security: additional run-time checks to discourage sharing of Postfix user/group ID values with other accounts. diff --git a/postfix/INSTALL b/postfix/INSTALL index 301d288cd..8164bb112 100644 --- a/postfix/INSTALL +++ b/postfix/INSTALL @@ -218,19 +218,18 @@ In order to install or upgrade Postfix: NB: this group was optional with older Postfix releases; it is now required. -- Run the INSTALL.sh script as the super-user: +- Run one of the following commands as the super-user: # make install (interactive version, first time install) # make upgrade (non-interactive version, for upgrades) - The non-interactive version needs the /etc/postfix/install.cf - file from a previous installation. If the file does not exist, - use interactive installation instead. + The non-interactive version needs the /etc/postfix/main.cf file + from a previous installation. If the file does not exist, use + interactive installation instead. - The INSTALL.sh script offers suggestions for pathnames that you - can override, either by editing INSTALL.sh or by specifying your - preferences interactively. INSTALL.sh stores your preferences in - /etc/postfix/install.cf in order to ease future installs. + The interactive version offers suggestions for pathnames that + you can override interactively, and stores your preferences in + /etc/postfix/main.cf for convenient future upgrades. - Proceed to the section on how you wish to run Postfix on your particular machine: diff --git a/postfix/INSTALL.sh b/postfix/INSTALL.sh index 9ae62cfd9..f2811dc96 100644 --- a/postfix/INSTALL.sh +++ b/postfix/INSTALL.sh @@ -1,9 +1,11 @@ #!/bin/sh -# Sample Postfix installation script. Run this from the top-level -# Postfix source directory. +# Postfix installation script. Run from the top-level Postfix source directory. # -# Usage: sh INSTALL.sh [-upgrade] name=value ... +# Usage: sh INSTALL.sh [-non-interactive] name=value ... +# +# Non-interective mode uses settings from /etc/postfix/main.cf (or +# from /etc/postfix/install.cf when upgrading from a < 2002 release). PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd umask 022 @@ -13,20 +15,21 @@ umask 022 for arg do case $arg in - *=*) IFS= eval $arg;; -"-upgrade") upgrade=1;; - *) echo Error: usage: $0 [-upgrade] name=value ... 1>&2; exit 1;; + *=*) IFS= eval $arg;; +-non-interactive) non_interactive=1;; + *) echo Error: usage: $0 [-non-interactive] name=value ... 1>&2 + exit 1;; esac done # Discourage old habits. -test -z "$upgrade" -a ! -t 0 && { - echo Error: for non-interactive installation, run: \"$0 -upgrade\" 1>&2 +test -z "$non_interactive" -a ! -t 0 && { + echo Error: for non-interactive installation, run: \"$0 -non-interactive\" 1>&2 exit 1 } -test -z "$upgrade" && cat <&1 >/dev/null || { +grep setgid_group $CONFIG_DIRECTORY/main.cf >/dev/null 2>&1 || { if [ -f $CONFIG_DIRECTORY/install.cf ] then . $CONFIG_DIRECTORY/install.cf setgid_group=${setgid-$setgid_group} manpage_path=${manpages-$manpage_path} - elif [ ! -t 0 -a -z "$install_root" ] + elif [ -n "$non_interactive" ] then - echo \"make upgrade\" requires the $CONFIG_DIRECTORY/main.cf 1>&2 + echo Error: \"make upgrade\" requires the $CONFIG_DIRECTORY/main.cf 1>&2 echo file from a sufficiently recent Postfix installation. 1>&2 echo 1>&2 echo Use \"make install\" instead. 1>&2 @@ -216,7 +219,7 @@ grep setgid_group $CONFIG_DIRECTORY/main.cf 2>&1 >/dev/null || { # Override default settings. -test -z "$upgrade" && for name in daemon_directory command_directory \ +test -z "$non_interactive" && for name in daemon_directory command_directory \ queue_directory sendmail_path newaliases_path mailq_path mail_owner \ setgid_group manpage_path do @@ -328,9 +331,10 @@ then compare_or_replace a+r,go-w conf/$file $CONFIG_DIRECTORY/$file || exit 1 done else - cp `censored_ls conf/*` $CONFIG_DIRECTORY || exit 1 - chmod a+r,go-w $CONFIG_DIRECTORY/* || exit 1 - + for file in `cd conf; censored_ls * | grep -v postfix-script` + do + compare_or_replace a+r,go-w conf/$file $CONFIG_DIRECTORY/$file || exit 1 + done test -z "$install_root" && need_config=1 fi diff --git a/postfix/Makefile b/postfix/Makefile index eb9b06aad..138c96961 100644 --- a/postfix/Makefile +++ b/postfix/Makefile @@ -15,7 +15,7 @@ update depend printfck clean tidy depend_update: Makefiles $(MAKE) MAKELEVEL= $@ install: - @echo Please review the 0README instructions first. + @echo Please review the INSTALL instructions first. makefiles Makefiles: $(MAKE) -f Makefile.in MAKELEVEL= Makefiles diff --git a/postfix/Makefile.in b/postfix/Makefile.in index 4e2a83178..04d4bdac7 100644 --- a/postfix/Makefile.in +++ b/postfix/Makefile.in @@ -29,7 +29,7 @@ install: update sh INSTALL.sh upgrade: update - sh INSTALL.sh -upgrade + sh INSTALL.sh -non-interactive depend clean: set -e; for i in $(DIRS); do \ diff --git a/postfix/Makefile.init b/postfix/Makefile.init index eb9b06aad..138c96961 100644 --- a/postfix/Makefile.init +++ b/postfix/Makefile.init @@ -15,7 +15,7 @@ update depend printfck clean tidy depend_update: Makefiles $(MAKE) MAKELEVEL= $@ install: - @echo Please review the 0README instructions first. + @echo Please review the INSTALL instructions first. makefiles Makefiles: $(MAKE) -f Makefile.in MAKELEVEL= Makefiles diff --git a/postfix/VERP_README b/postfix/VERP_README index 8ee3a2558..3ed89f1ad 100644 --- a/postfix/VERP_README +++ b/postfix/VERP_README @@ -27,13 +27,13 @@ delimiter characters Postfix uses when VERP style delivery is requested but no explicit delimiters are specified. - verp_delimiter_filter (default: -+=) controls what characters -Postfix accepts as VERP delimiter characters. Many characters can -not be used as VERP delimiter characters, either because they -already have a special meaning in email addresses (such as the @ -or the %), because they appear as part of a username or domain name -(such as alphanumerics), or because they are non-ASCII or control -characters. And who knows, some characters may tickle bugs in -vulnerable software. +Postfix accepts as VERP delimiter characters on the sendmail command +line and in SMTP commands. Many characters must not be used as VERP +delimiter characters, either because they already have a special +meaning in email addresses (such as the @ or the %), because they +are used as part of a username or domain name (such as alphanumerics), +or because they are non-ASCII or control characters. And who knows, +some characters may tickle bugs in vulnerable software. Using VERP with majordomo etc. mailing lists ============================================ @@ -125,8 +125,7 @@ VERP support in the Postfix QMQP server When the Postfix QMQP server receives mail with an envelope sender address of the form: - prefix-@origin-@[] + listname-@your.domain-@[] -Postfix generates VERP sender addresses using prefix@domain as the -original sender address, and using "-=" as the VERP delimiters, -because qmail/ezmlm expect this. +Postfix generates sender addresses listname-user=domain@your.domain, +using "-=" as the VERP delimiters because qmail/ezmlm expect this. diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index 33bf54496..acf424ac0 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -509,12 +509,24 @@ debugger_command = # sendmail_path: The full pathname of the Postfix sendmail command. # This is the Sendmail-compatible mail posting interface. # +sendmail_path = + # newaliases_path: The full pathname of the Postfix newaliases command. # This is the Sendmail-compatible command to build alias databases. # +newaliases_path = + # mailq_path: The full pathname of the Postfix mailq command. This # is the Sendmail-compatible mail queue listing command. # +mailq_path = + # setgid_group: The group for mail submission and queue management # commands. This must be a group name with a numerical group ID that # is not shared with other accounts, not even with the Postfix account. +# +setgid_group = + +# manpage_path: The location of the Postfix on-line manual pages. +# +manpage_path = diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index dce2d4076..d6c476725 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -228,8 +228,8 @@ static const char *check_myhostname(void) if ((dot = strchr(name, '.')) == 0) { if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0) msg_warn("My hostname %s is not a fully qualified name - set %s or %s in %s/%s", - name, VAR_MYHOSTNAME, VAR_MYDOMAIN, - var_config_dir, MAIN_CONF_FILE); + name, VAR_MYHOSTNAME, VAR_MYDOMAIN, + var_config_dir, MAIN_CONF_FILE); else name = concatenate(name, ".", domain, (char *) 0); } @@ -258,14 +258,17 @@ static void check_default_privs(void) struct passwd *pwd; if ((pwd = getpwnam(var_default_privs)) == 0) - msg_fatal("%s:%s: unknown user name value: %s", - MAIN_CONF_FILE, VAR_DEFAULT_PRIVS, var_default_privs); + msg_fatal("file %s/%s: parameter %s: unknown user name value: %s", + var_config_dir, MAIN_CONF_FILE, + VAR_DEFAULT_PRIVS, var_default_privs); if ((var_default_uid = pwd->pw_uid) == 0) - msg_fatal("%s:%s: privileged user is not allowed: %s", - MAIN_CONF_FILE, VAR_DEFAULT_PRIVS, var_default_privs); + msg_fatal("file %s/%s: parameter %s: user %s has privileged user ID", + var_config_dir, MAIN_CONF_FILE, + VAR_DEFAULT_PRIVS, var_default_privs); if ((var_default_gid = pwd->pw_gid) == 0) - msg_fatal("%s:%s: privileged group is not allowed: %s", - MAIN_CONF_FILE, VAR_DEFAULT_PRIVS, var_default_privs); + msg_fatal("file %s/%s: parameter %s: user %s has privileged group ID", + var_config_dir, MAIN_CONF_FILE, + VAR_DEFAULT_PRIVS, var_default_privs); } /* check_mail_owner - lookup owner user attributes and validate */ @@ -275,14 +278,17 @@ static void check_mail_owner(void) struct passwd *pwd; if ((pwd = getpwnam(var_mail_owner)) == 0) - msg_fatal("%s:%s: unknown user name value: %s", - MAIN_CONF_FILE, VAR_MAIL_OWNER, var_mail_owner); + msg_fatal("file %s/%s: parameter %s: unknown user name value: %s", + var_config_dir, MAIN_CONF_FILE, + VAR_MAIL_OWNER, var_mail_owner); if ((var_owner_uid = pwd->pw_uid) == 0) - msg_fatal("%s:%s: privileged user is not allowed: %s", - MAIN_CONF_FILE, VAR_MAIL_OWNER, var_mail_owner); + msg_fatal("file %s/%s: parameter %s: user %s has privileged user ID", + var_config_dir, MAIN_CONF_FILE, + VAR_MAIL_OWNER, var_mail_owner); if ((var_owner_gid = pwd->pw_gid) == 0) - msg_fatal("%s:%s: privileged group is not allowed: %s", - MAIN_CONF_FILE, VAR_MAIL_OWNER, var_mail_owner); + msg_fatal("file %s/%s: parameter %s: user %s has privileged group ID", + var_config_dir, MAIN_CONF_FILE, + VAR_MAIL_OWNER, var_mail_owner); /* * This detects only some forms of sharing. Enumerating the entire @@ -292,8 +298,9 @@ static void check_mail_owner(void) */ if ((pwd = getpwuid(var_owner_uid)) != 0 && strcmp(pwd->pw_name, var_mail_owner) != 0) - msg_fatal("%s:%s: %s is sharing the user ID with %s", - MAIN_CONF_FILE, VAR_MAIL_OWNER, var_mail_owner, pwd->pw_name); + msg_fatal("file %s/%s: parameter %s: user %s has same user ID as %s", + var_config_dir, MAIN_CONF_FILE, + VAR_MAIL_OWNER, var_mail_owner, pwd->pw_name); } /* check_sgid_group - lookup setgid group attributes and validate */ @@ -303,11 +310,13 @@ static void check_sgid_group(void) struct group *grp; if ((grp = getgrnam(var_sgid_group)) == 0) - msg_fatal("%s:%s: unknown group name: %s", - MAIN_CONF_FILE, VAR_SGID_GROUP, var_sgid_group); + msg_fatal("file %s/%s: parameter %s: unknown group name: %s", + var_config_dir, MAIN_CONF_FILE, + VAR_SGID_GROUP, var_sgid_group); if ((var_sgid_gid = grp->gr_gid) == 0) - msg_fatal("%s:%s: privileged group is not allowed: %s", - MAIN_CONF_FILE, VAR_SGID_GROUP, var_sgid_group); + msg_fatal("file %s/%s: parameter %s: group %s has privileged group ID", + var_config_dir, MAIN_CONF_FILE, + VAR_SGID_GROUP, var_sgid_group); /* * This detects only some forms of sharing. Enumerating the entire group @@ -316,8 +325,44 @@ static void check_sgid_group(void) */ if ((grp = getgrgid(var_sgid_gid)) != 0 && strcmp(grp->gr_name, var_sgid_group) != 0) - msg_fatal("%s:%s: group %s is sharing the group ID with %s", - MAIN_CONF_FILE, VAR_SGID_GROUP, var_sgid_group, grp->gr_name); + msg_fatal("file %s/%s: parameter %s: group %s has same group ID as %s", + var_config_dir, MAIN_CONF_FILE, + VAR_SGID_GROUP, var_sgid_group, grp->gr_name); +} + +/* check_overlap - disallow UID or GID sharing */ + +static void check_overlap(void) +{ + if (strcmp(var_default_privs, var_mail_owner) == 0) + msg_fatal("file %s/%s: parameters %s and %s specify the same user %s", + var_config_dir, MAIN_CONF_FILE, + VAR_DEFAULT_PRIVS, VAR_MAIL_OWNER, + var_default_privs); + if (var_default_uid == var_owner_uid) + msg_fatal("file %s/%s: parameters %s and %s: users %s and %s have the same user ID: %ld", + var_config_dir, MAIN_CONF_FILE, + VAR_DEFAULT_PRIVS, VAR_MAIL_OWNER, + var_default_privs, var_mail_owner, + (long) var_owner_uid); + if (var_default_gid == var_owner_gid) + msg_fatal("file %s/%s: parameters %s and %s: users %s and %s have the same group ID: %ld", + var_config_dir, MAIN_CONF_FILE, + VAR_DEFAULT_PRIVS, VAR_MAIL_OWNER, + var_default_privs, var_mail_owner, + (long) var_owner_gid); + if (var_default_gid == var_sgid_gid) + msg_fatal("file %s/%s: parameters %s and %s: user %s and group %s have the same group ID: %ld", + var_config_dir, MAIN_CONF_FILE, + VAR_DEFAULT_PRIVS, VAR_SGID_GROUP, + var_default_privs, var_sgid_group, + (long) var_sgid_gid); + if (var_owner_gid == var_sgid_gid) + msg_fatal("file %s/%s: parameters %s and %s: user %s and group %s have the same group ID: %ld", + var_config_dir, MAIN_CONF_FILE, + VAR_MAIL_OWNER, VAR_SGID_GROUP, + var_mail_owner, var_sgid_group, + (long) var_sgid_gid); } /* mail_params_init - configure built-in parameters */ @@ -410,7 +455,8 @@ void mail_params_init() get_mail_conf_str_table(first_str_defaults); if (!msg_syslog_facility(var_syslog_facility)) - msg_fatal("unknown %s configuration parameter value: %s", + msg_fatal("file %s/%s: parameter %s: unrecognized value: %s", + var_config_dir, MAIN_CONF_FILE, VAR_SYSLOG_FACILITY, var_syslog_facility); /* @@ -419,10 +465,14 @@ void mail_params_init() * the domain. */ get_mail_conf_str_fn_table(function_str_defaults); - if (!valid_hostname(var_myhostname, DO_GRIPE) - || !valid_hostname(var_mydomain, DO_GRIPE)) - msg_fatal("main.cf configuration error: bad %s or %s parameter value", - VAR_MYHOSTNAME, VAR_MYDOMAIN); + if (!valid_hostname(var_myhostname, DO_GRIPE)) + msg_fatal("file %s/%s: parameter %s: bad parameter value: %s", + var_config_dir, MAIN_CONF_FILE, + VAR_MYHOSTNAME, var_myhostname); + if (!valid_hostname(var_mydomain, DO_GRIPE)) + msg_fatal("file %s/%s: parameter %s: bad parameter value: %s", + var_config_dir, MAIN_CONF_FILE, + VAR_MYDOMAIN, var_mydomain); /* * Variables that are needed by almost every program. @@ -434,22 +484,7 @@ void mail_params_init() check_default_privs(); check_mail_owner(); check_sgid_group(); - - /* - * Discourage UID or GID sharing. - */ - if (var_default_uid == var_owner_uid) - msg_fatal("%s: %s and %s must not have the same user ID", - MAIN_CONF_FILE, VAR_DEFAULT_PRIVS, VAR_MAIL_OWNER); - if (var_default_gid == var_owner_gid) - msg_fatal("%s: %s and %s must not have the same group ID", - MAIN_CONF_FILE, VAR_DEFAULT_PRIVS, VAR_MAIL_OWNER); - if (var_default_gid == var_sgid_gid) - msg_fatal("%s: %s and %s must not have the same group ID", - MAIN_CONF_FILE, VAR_DEFAULT_PRIVS, VAR_SGID_GROUP); - if (var_owner_gid == var_sgid_gid) - msg_fatal("%s: %s and %s must not have the same group ID", - MAIN_CONF_FILE, VAR_MAIL_OWNER, VAR_SGID_GROUP); + check_overlap(); /* * Variables whose defaults are determined at runtime, after other @@ -488,6 +523,7 @@ void mail_params_init() * One more sanity check. */ if ((cp = verp_delims_verify(var_verp_delims)) != 0) - msg_fatal("%s or %s configuration problem: %s", + msg_fatal("file %s/%s: parameters %s and %s: %s", + var_config_dir, MAIN_CONF_FILE, VAR_VERP_DELIMS, VAR_VERP_FILTER, cp); } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 59eba8e3c..8e5a5a72e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20020103" +#define DEF_MAIL_VERSION "Snapshot-20020104" extern char *var_mail_version; /* LICENSE