From: Wietse Venema Date: Wed, 27 Apr 2005 05:00:00 +0000 (-0500) Subject: postfix-2.3-20050427 X-Git-Tag: v2.3-RC1~79 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6d850219a1f2bf07d371c458940bce015acd8e7;p=thirdparty%2Fpostfix.git postfix-2.3-20050427 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 4c118e437..611d00d79 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -10693,6 +10693,17 @@ Apologies for any names omitted. Bugfix: simplified and improved the 20050422 fall-back relay fix. File: smtp/smtp_connect.c. +20050427 + + Final solution for the 20050422 fall-back relay problem: + truncate the fall-back host list when the local MTA is MX + for some destination. Files: util/argv.c, smtp/smtp_connect.c. + + Cleanup: extra dsn_vstring_update_dsn() routine to shut up + GCC complaints about valid code. Files: src/global/dsn_util.c, + src/global/mbox_open.c, src/lmtp/lmtp_addr.c, src/smtp/smtp_addr.c, + src/smtp/smtp_connect.c. + Open problems: Med: disable header address rewriting after XCLIENT? diff --git a/postfix/README_FILES/RESTRICTION_CLASS_README b/postfix/README_FILES/RESTRICTION_CLASS_README index 0dc53a08d..be15bc968 100644 --- a/postfix/README_FILES/RESTRICTION_CLASS_README +++ b/postfix/README_FILES/RESTRICTION_CLASS_README @@ -29,7 +29,7 @@ Example: smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination - hash:/etc/postfix/recipient_access + check_recipient_access hash:/etc/postfix/recipient_access /etc/postfix/recipient_access: joe@my.domain permissive @@ -61,7 +61,7 @@ SMTP client IP address, and therefore is subject to IP spoofing. /etc/postfix/main.cf: smtpd_recipient_restrictions = - hash:/etc/postfix/access + check_recipient_access hash:/etc/postfix/access ...the usual stuff... /etc/postfix/access: @@ -86,7 +86,7 @@ subject to SMTP sender spoofing. /etc/postfix/main.cf: smtpd_recipient_restrictions = - hash:/etc/postfix/protected_destinations + check_recipient_access hash:/etc/postfix/protected_destinations ...the usual stuff... smtpd_restriction_classes = insiders_only diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index 0c5eb1112..54c65bfcb 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -295,11 +295,11 @@ sample client. Only then get back to Postfix. EEnnaabblliinngg SSAASSLL aauutthheennttiiccaattiioonn iinn tthhee PPoossttffiixx SSMMTTPP cclliieenntt Turn on client-side SASL authentication, and specify a table with per-host or -per-destination username and password information. Postfix first looks up the -server hostname; if no entry is found, then Postfix looks up the destination -domain name. Usually, this is the right-hand part of an email address, but it -can also be a hostname or address enclosed in [], with an optional ":port", as -specified with relayhost in with transport_maps. +per-destination username and password information. Postfix first searches the +table for an entry with the server hostname; if no entry is found, then Postfix +searches the table for an entry with the next-hop destination. Usually, that is +the right-hand part of an email address, but it can also be the information +that is specified with the relayhost parameter or with a transport(5) table. /etc/postfix/main.cf: smtp_sasl_auth_enable = yes diff --git a/postfix/html/RESTRICTION_CLASS_README.html b/postfix/html/RESTRICTION_CLASS_README.html index 857ef431c..c27f5f060 100644 --- a/postfix/html/RESTRICTION_CLASS_README.html +++ b/postfix/html/RESTRICTION_CLASS_README.html @@ -49,7 +49,7 @@ care about these low-level details.

smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination - hash:/etc/postfix/recipient_access + check_recipient_access hash:/etc/postfix/recipient_access /etc/postfix/recipient_access: joe@my.domain permissive @@ -101,7 +101,7 @@ to IP spoofing. 

 /etc/postfix/main.cf:
     smtpd_recipient_restrictions =
-        hash:/etc/postfix/access
+        check_recipient_access hash:/etc/postfix/access
         ...the usual stuff...
 
 /etc/postfix/access:
@@ -132,7 +132,7 @@ therefore is subject to SMTP sender spoofing. 

 
 /etc/postfix/main.cf:
     smtpd_recipient_restrictions =
-        hash:/etc/postfix/protected_destinations
+        check_recipient_access hash:/etc/postfix/protected_destinations
         ...the usual stuff...
 
     smtpd_restriction_classes = insiders_only
diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index 414aee0a4..e9f45f25b 100644
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -443,11 +443,12 @@ Postfix SMTP client
 
 
 Turn on client-side SASL authentication, and specify a table
 with per-host or per-destination username and password information.
-Postfix first looks up the server hostname; if no entry is found,
-then Postfix looks up the destination domain name. Usually, this
-is the right-hand part of an email address, but it can also be a
-hostname or address enclosed in [], with an optional ":port", as
-specified with relayhost in with transport_maps. 

+Postfix first searches the table for an entry with the server
+hostname; if no entry is found, then Postfix searches the table for
+an entry with the next-hop destination.  Usually, that is the
+right-hand part of an email address, but it can also be the information
+that is specified with the relayhost parameter or with a transport(5)
+table. 

 
 

 
diff --git a/postfix/proto/RESTRICTION_CLASS_README.html b/postfix/proto/RESTRICTION_CLASS_README.html
index 3c5ca1825..c3d85dd15 100644
--- a/postfix/proto/RESTRICTION_CLASS_README.html
+++ b/postfix/proto/RESTRICTION_CLASS_README.html
@@ -49,7 +49,7 @@ care about these low-level details. 

     smtpd_recipient_restrictions = 
 	permit_mynetworks
 	reject_unauth_destination
-	hash:/etc/postfix/recipient_access
+	check_recipient_access hash:/etc/postfix/recipient_access
 
 /etc/postfix/recipient_access:
     joe@my.domain	permissive
@@ -101,7 +101,7 @@ to IP spoofing. 

 
 /etc/postfix/main.cf:
     smtpd_recipient_restrictions =
-        hash:/etc/postfix/access
+        check_recipient_access hash:/etc/postfix/access
         ...the usual stuff...
 
 /etc/postfix/access:
@@ -132,7 +132,7 @@ therefore is subject to SMTP sender spoofing. 

 
 /etc/postfix/main.cf:
     smtpd_recipient_restrictions =
-        hash:/etc/postfix/protected_destinations
+        check_recipient_access hash:/etc/postfix/protected_destinations
         ...the usual stuff...
 
     smtpd_restriction_classes = insiders_only
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index 931eed9a6..9b019129f 100644
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -443,11 +443,12 @@ Postfix SMTP client
 
 
 Turn on client-side SASL authentication, and specify a table
 with per-host or per-destination username and password information.
-Postfix first looks up the server hostname; if no entry is found,
-then Postfix looks up the destination domain name. Usually, this
-is the right-hand part of an email address, but it can also be a
-hostname or address enclosed in [], with an optional ":port", as
-specified with relayhost in with transport_maps. 

+Postfix first searches the table for an entry with the server
+hostname; if no entry is found, then Postfix searches the table for
+an entry with the next-hop destination.  Usually, that is the
+right-hand part of an email address, but it can also be the information
+that is specified with the relayhost parameter or with a transport(5)
+table. 

 
 

 
diff --git a/postfix/src/global/dsn_util.c b/postfix/src/global/dsn_util.c
index 740de2cb9..f79d68d1a 100644
--- a/postfix/src/global/dsn_util.c
+++ b/postfix/src/global/dsn_util.c
@@ -52,6 +52,10 @@
 /*	const char *dsn;
 /*	const char *format;
 /*
+/*	DSN_VSTRING *dsn_vstring_update_dsn(dv, dsn)
+/*	DSN_VSTRING *dv;
+/*	const char *dsn;
+/*
 /*	void	dsn_vstring_free(dv)
 /*	DSN_VSTRING *dv;
 /*
@@ -84,6 +88,8 @@
 /*	free text, or both. Specify a null pointer (or zero-length
 /*	string) for information that should not be updated.
 /*
+/*	dsn_vstring_update_dsn() pacifies the gcc compiler.
+/*
 /*	dsn_vstring_free() recycles the storage that was allocated
 /*	by dsn_vstring_alloc() and dsn_vstring_update().
 /*
@@ -261,3 +267,15 @@ DSN_VSTRING *dsn_vstring_update(DSN_VSTRING *dv, const char *dsn,
     }
     return (dv);
 }
+
+/* dsn_vstring_update_dsn - update DSN */
+
+DSN_VSTRING *dsn_vstring_update_dsn(DSN_VSTRING *dv, const char *dsn)
+{
+    size_t  len;
+
+    if ((len = dsn_valid(dsn)) == 0)
+	msg_panic("dsn_vstring_update_dsn: bad dsn: \"%s\"", dsn);
+    DSN_UPDATE(dv->dsn, dsn, len);
+    return (dv);
+}
diff --git a/postfix/src/global/dsn_util.h b/postfix/src/global/dsn_util.h
index 75c44aed5..c78cdedd0 100644
--- a/postfix/src/global/dsn_util.h
+++ b/postfix/src/global/dsn_util.h
@@ -73,6 +73,7 @@ typedef struct {
 
 extern DSN_VSTRING *dsn_vstring_alloc(int);
 extern PRINTFLIKE(3, 4) DSN_VSTRING *dsn_vstring_update(DSN_VSTRING *, const char *, const char *,...);
+extern DSN_VSTRING *dsn_vstring_update_dsn(DSN_VSTRING *, const char *);
 extern void dsn_vstring_free(DSN_VSTRING *);
 
 /* LICENSE
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index b6236a6c9..fd71ce170 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change the patchlevel and the release date. Snapshots change the
   * release date only.
   */
-#define MAIL_RELEASE_DATE	"20050426"
+#define MAIL_RELEASE_DATE	"20050427"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #define VAR_MAIL_VERSION	"mail_version"
diff --git a/postfix/src/global/mbox_open.c b/postfix/src/global/mbox_open.c
index 181ac17c7..bc6f6e233 100644
--- a/postfix/src/global/mbox_open.c
+++ b/postfix/src/global/mbox_open.c
@@ -127,7 +127,7 @@ MBOX   *mbox_open(const char *path, int flags, int mode, struct stat * st,
 	st = &local_statbuf;
     if ((fp = safe_open(path, flags | O_NONBLOCK, mode, st,
 			chown_uid, chown_gid, why->vstring)) == 0) {
-	dsn_vstring_update(why, mbox_dsn(errno, def_dsn), "");
+	dsn_vstring_update_dsn(why, mbox_dsn(errno, def_dsn));
 	return (0);
     }
     close_on_exec(vstream_fileno(fp), CLOSE_ON_EXEC);
@@ -151,13 +151,13 @@ MBOX   *mbox_open(const char *path, int flags, int mode, struct stat * st,
 	if (dot_lockfile(path, why->vstring) == 0) {
 	    locked |= MBOX_DOT_LOCK;
 	} else if (errno == EEXIST) {
-	    dsn_vstring_update(why, mbox_dsn(EAGAIN, def_dsn), "");
+	    dsn_vstring_update_dsn(why, mbox_dsn(EAGAIN, def_dsn));
 	    vstream_fclose(fp);
 	    return (0);
 	} else if (lock_style & MBOX_DOT_LOCK_MAY_FAIL) {
 	    msg_warn("%s", vstring_str(why->vstring));
 	} else {
-	    dsn_vstring_update(why, mbox_dsn(errno, def_dsn), "");
+	    dsn_vstring_update_dsn(why, mbox_dsn(errno, def_dsn));
 	    vstream_fclose(fp);
 	    return (0);
 	}
@@ -177,7 +177,7 @@ MBOX   *mbox_open(const char *path, int flags, int mode, struct stat * st,
 	    && HUNKY_DORY(MBOX_FCNTL_LOCK, MYFLOCK_STYLE_FCNTL)) {
 	    locked |= lock_style;
 	} else {
-	    dsn_vstring_update(why, mbox_dsn(errno, def_dsn), "");
+	    dsn_vstring_update_dsn(why, mbox_dsn(errno, def_dsn));
 	    if (locked & MBOX_DOT_LOCK)
 		dot_unlockfile(path);
 	    vstream_fclose(fp);
diff --git a/postfix/src/lmtp/lmtp_addr.c b/postfix/src/lmtp/lmtp_addr.c
index af44ebb8f..50e3c3429 100644
--- a/postfix/src/lmtp/lmtp_addr.c
+++ b/postfix/src/lmtp/lmtp_addr.c
@@ -195,15 +195,15 @@ static DNS_RR *lmtp_addr_one(DNS_RR *addr_list, char *host, unsigned pref,
 	addr_list = dns_rr_append(addr_list, addr);
 	break;
     default:
-	dsn_vstring_update(why, "4.4.3", "");
+	dsn_vstring_update_dsn(why, "4.4.3");
 	lmtp_errno = LMTP_RETRY;
 	break;
     case DNS_FAIL:
-	dsn_vstring_update(why, "4.4.3", "");
+	dsn_vstring_update_dsn(why, "4.4.3");
 	lmtp_errno = LMTP_FAIL;
 	break;
     case DNS_NOTFOUND:
-	dsn_vstring_update(why, "4.4.4", "");
+	dsn_vstring_update_dsn(why, "4.4.4");
 	lmtp_errno = LMTP_FAIL;
 	break;
     }
diff --git a/postfix/src/smtp/smtp_addr.c b/postfix/src/smtp/smtp_addr.c
index 618dfab9c..2f1735460 100644
--- a/postfix/src/smtp/smtp_addr.c
+++ b/postfix/src/smtp/smtp_addr.c
@@ -170,16 +170,16 @@ static DNS_RR *smtp_addr_one(DNS_RR *addr_list, char *host, unsigned pref,
 	    addr_list = dns_rr_append(addr_list, addr);
 	    return (addr_list);
 	default:
-	    dsn_vstring_update(why, "4.4.3", "");
+	    dsn_vstring_update_dsn(why, "4.4.3");
 	    smtp_errno = SMTP_ERR_RETRY;
 	    return (addr_list);
 	case DNS_FAIL:
-	    dsn_vstring_update(why, "4.4.3", "");
+	    dsn_vstring_update_dsn(why, "4.4.3");
 	    if (smtp_errno != SMTP_ERR_RETRY)
 		smtp_errno = SMTP_ERR_FAIL;
 	    return (addr_list);
 	case DNS_NOTFOUND:
-	    dsn_vstring_update(why, "4.4.4", "");
+	    dsn_vstring_update_dsn(why, "4.4.4");
 	    if (smtp_errno != SMTP_ERR_RETRY)
 		smtp_errno = SMTP_ERR_FAIL;
 	    /* maybe native naming service will succeed */
@@ -415,13 +415,13 @@ DNS_RR *smtp_domain_addr(char *name, int misc_flags, DSN_VSTRING *why,
      */
     switch (dns_lookup(name, T_MX, 0, &mx_names, (VSTRING *) 0, why->vstring)) {
     default:
-	dsn_vstring_update(why, "4.4.3", "");
+	dsn_vstring_update_dsn(why, "4.4.3");
 	smtp_errno = SMTP_ERR_RETRY;
 	if (var_ign_mx_lookup_err)
 	    addr_list = smtp_host_addr(name, misc_flags, why);
 	break;
     case DNS_FAIL:
-	dsn_vstring_update(why, "5.4.3", "");
+	dsn_vstring_update_dsn(why, "5.4.3");
 	smtp_errno = SMTP_ERR_FAIL;
 	if (var_ign_mx_lookup_err)
 	    addr_list = smtp_host_addr(name, misc_flags, why);
diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c
index 73fecccc2..62c914207 100644
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@@ -594,7 +594,7 @@ int     smtp_connect(SMTP_STATE *state)
 	    addr_list = smtp_domain_addr(domain, misc_flags, why, &i_am_mx);
 	    /* If we're MX host, don't connect to non-MX backups. */
 	    if (i_am_mx)
-		cpp[1] = 0;
+		argv_truncate(sites, cpp - sites->argv + 1);
 	}
 	state->final_server = (cpp[1] == 0);
 
@@ -732,7 +732,7 @@ int     smtp_connect(SMTP_STATE *state)
 	     */
 	    if (IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites)) {
 		msg_warn("%s configuration problem", VAR_FALLBACK_RELAY);
-		dsn_vstring_update(why, "4.3.5", "");
+		dsn_vstring_update_dsn(why, "4.3.5");
 		smtp_errno = SMTP_ERR_RETRY;
 	    }
 
@@ -742,7 +742,7 @@ int     smtp_connect(SMTP_STATE *state)
 	     */
 	    else if (strcmp(sites->argv[0], var_relayhost) == 0) {
 		msg_warn("%s configuration problem", VAR_RELAYHOST);
-		dsn_vstring_update(why, "4.3.5", "");
+		dsn_vstring_update_dsn(why, "4.3.5");
 		smtp_errno = SMTP_ERR_RETRY;
 	    }
 
diff --git a/postfix/src/util/argv.c b/postfix/src/util/argv.c
index bf3fb84ce..33f1843d1 100644
--- a/postfix/src/util/argv.c
+++ b/postfix/src/util/argv.c
@@ -23,6 +23,10 @@
 /*
 /*	void	argv_terminate(argvp);
 /*	ARGV	*argvp;
+/*
+/*	void	argv_truncate(argvp, len);
+/*	ARGV	*argvp;
+/*	int	len;
 /* DESCRIPTION
 /*	The functions in this module manipulate arrays of string
 /*	pointers. An ARGV structure contains the following members:
@@ -49,6 +53,10 @@
 /*	returns a null pointer.
 /*
 /*	argv_terminate() null-terminates its string array argument.
+/*
+/*	argv_truncate() trucates its argument to the specified
+/*	number of entries, but does not reallocate memory. The
+/*	result is null-terminated.
 /* SEE ALSO
 /*	msg(3) diagnostics interface
 /* DIAGNOSTICS
@@ -177,3 +185,23 @@ void    argv_terminate(ARGV *argvp)
      */
     argvp->argv[argvp->argc] = 0;
 }
+
+/* argv_truncate - truncate string array */
+
+void    argv_truncate(ARGV *argvp, int len)
+{
+    char  **cpp;
+
+    /*
+     * Sanity check.
+     */
+    if (len < 0)
+	msg_panic("argv_truncate: bad length %d", len);
+
+    if (len < argvp->argc) {
+	for (cpp = argvp->argv + len; cpp < argvp->argv + argvp->argc; cpp++)
+	    myfree(*cpp);
+	argvp->argc = len;
+	argvp->argv[argvp->argc] = 0;
+    }
+}
diff --git a/postfix/src/util/argv.h b/postfix/src/util/argv.h
index f490c7034..9c0e75851 100644
--- a/postfix/src/util/argv.h
+++ b/postfix/src/util/argv.h
@@ -24,6 +24,7 @@ extern ARGV *argv_alloc(int);
 extern void argv_add(ARGV *,...);
 extern void argv_addn(ARGV *,...);
 extern void argv_terminate(ARGV *);
+extern void argv_truncate(ARGV *, int);
 extern ARGV *argv_free(ARGV *);
 
 extern ARGV *argv_split(const char *, const char *);