From: Wietse Venema Date: Fri, 17 Sep 2010 05:00:00 +0000 (-0500) Subject: postfix-2.8-20100917 X-Git-Tag: v2.8.0-RC1~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce154345ff18536ee8eadb091bb61358d1d70deb;p=thirdparty%2Fpostfix.git postfix-2.8-20100917 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 8b9509bbb..e4371d948 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -16005,7 +16005,26 @@ Apologies for any names omitted. Workaround: better handling of pregreeting spambots. The postscreen built-in SMTP engine no longer sends a 220 banner to a client that falls into the pregeet trap. This eliminates - many "non-SMTP command" records in postscreen logging, as + many "NON-SMTP COMMAND" records in postscreen logging, as the SMTP client and server no longer get out of sync. It also results in better logging of sender/recipient information. - file: postscreen/postscreen-smtpd.c. + File: postscreen/postscreen_smtpd.c. + +20100916 + + Cleanup: postscreen now uses the first responding DNSBL + name in the "5.7.1 Service unavailable" reply, instead of + the last responding one. File: postscreen/postscreen_dnsbl.c. + + Cleanup: the 20100914 "postscreen_greet_wait" speedup did + not happen as often as it should, because some older code + still turned on PREGREET tests gratuitously, causing a full + greet-wait delay. File: postscreen/postscreen_tests.c. + + Cleanup: to avoid "address in use" problems, postscreen now + closes the listening socket after "postfix stop". It also + closes the socket after "postfix reload" but that does not + hurt. Files: master/event_server.c, master/multi_server.c. + + Cleanup: postscreen now logs CONNECT and DISCONNECT events. + Files: postscreen/postscreen.c, postscreen/postscreen_misc.c. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index db92c6953..4c535474f 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20100916" +#define MAIL_RELEASE_DATE "20100917" #define MAIL_VERSION_NUMBER "2.8" #ifdef SNAPSHOT diff --git a/postfix/src/master/event_server.c b/postfix/src/master/event_server.c index 0335d6922..3f80cf082 100644 --- a/postfix/src/master/event_server.c +++ b/postfix/src/master/event_server.c @@ -285,6 +285,7 @@ static void event_server_timeout(int unused_event, char *unused_context) int event_server_drain(void) { + const char *myname = "event_server_drain"; int fd; switch (fork()) { @@ -295,8 +296,13 @@ int event_server_drain(void) case 0: (void) msg_cleanup((MSG_CLEANUP_FN) 0); event_fork(); - for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) + for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) { event_disable_readwrite(fd); + (void) close(fd); + /* Play safe - don't reuse this file number. */ + if (DUP2(STDIN_FILENO, fd) < 0) + msg_warn("%s: dup2(%d, %d): %m", myname, STDIN_FILENO, fd); + } var_use_limit = 1; return (0); /* Let the master start a new process. */ diff --git a/postfix/src/master/multi_server.c b/postfix/src/master/multi_server.c index df67d3279..5a93c4c76 100644 --- a/postfix/src/master/multi_server.c +++ b/postfix/src/master/multi_server.c @@ -267,6 +267,7 @@ static void multi_server_timeout(int unused_event, char *unused_context) int multi_server_drain(void) { + const char *myname = "multi_server_drain"; int fd; switch (fork()) { @@ -277,8 +278,13 @@ int multi_server_drain(void) case 0: (void) msg_cleanup((MSG_CLEANUP_FN) 0); event_fork(); - for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) + for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) { event_disable_readwrite(fd); + (void) close(fd); + /* Play safe - don't reuse this file number. */ + if (DUP2(STDIN_FILENO, fd) < 0) + msg_warn("%s: dup2(%d, %d): %m", myname, STDIN_FILENO, fd); + } var_use_limit = 1; return (0); /* Let the master start a new process. */ diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index 2026c0919..d2671ee07 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -475,7 +475,7 @@ static void ps_service(VSTREAM *smtp_client_stream, */ if (getpeername(vstream_fileno(smtp_client_stream), (struct sockaddr *) & addr_storage, &addr_storage_len) < 0) { - msg_warn("getpeername: %m"); + msg_warn("getpeername: %m -- dropping this connection"); ps_send_reply(vstream_fileno(smtp_client_stream), "unknown_address", "unknown_port", "421 4.3.2 No system resources\r\n"); @@ -489,7 +489,8 @@ static void ps_service(VSTREAM *smtp_client_stream, if ((aierr = sockaddr_to_hostaddr((struct sockaddr *) & addr_storage, addr_storage_len, &smtp_client_addr, &smtp_client_port, 0)) != 0) { - msg_warn("cannot convert client address/port to string: %s", + msg_warn("cannot convert client address/port to string: %s" + " -- dropping this connection", MAI_STRERROR(aierr)); ps_send_reply(vstream_fileno(smtp_client_stream), "unknown_address", "unknown_port", @@ -504,6 +505,8 @@ static void ps_service(VSTREAM *smtp_client_stream, myname, ps_post_queue_length, ps_check_queue_length, smtp_client_addr.buf, smtp_client_port.buf); + msg_info("CONNECT from %s", smtp_client_addr.buf); + /* * Bundle up all the loose session pieces. This zeroes all flags and time * stamps. diff --git a/postfix/src/postscreen/postscreen_dnsbl.c b/postfix/src/postscreen/postscreen_dnsbl.c index 794a008dc..77f6b9c20 100644 --- a/postfix/src/postscreen/postscreen_dnsbl.c +++ b/postfix/src/postscreen/postscreen_dnsbl.c @@ -348,7 +348,8 @@ static void ps_dnsbl_receive(int event, char *context) if (site->filter == 0 || ps_dnsbl_match(site->filter, reply_argv ? reply_argv : (reply_argv = argv_split(STR(reply_addr), " ")))) { - score->dnsbl = head->safe_dnsbl; + if (score->dnsbl == 0) + score->dnsbl = head->safe_dnsbl; score->total += site->weight; if (msg_verbose > 1) msg_info("%s: filter=\"%s\" weight=%d score=%d", @@ -424,6 +425,7 @@ void ps_dnsbl_request(const char *client_addr, if (msg_verbose > 1) msg_info("%s: create blocklist score for %s", myname, client_addr); score = (PS_DNSBL_SCORE *) mymalloc(sizeof(*score)); + score->dnsbl = 0; score->total = 0; score->refcount = 1; score->pending_lookups = 0; diff --git a/postfix/src/postscreen/postscreen_misc.c b/postfix/src/postscreen/postscreen_misc.c index 94e487572..de129cec2 100644 --- a/postfix/src/postscreen/postscreen_misc.c +++ b/postfix/src/postscreen/postscreen_misc.c @@ -123,10 +123,11 @@ void ps_conclude(PS_STATE *state) if ((state->flags & PS_STATE_FLAG_NOFORWARD) == 0) { ps_send_socket(state); } else { - if ((state->flags & PS_STATE_FLAG_HANGUP) == 0) + if ((state->flags & PS_STATE_FLAG_HANGUP) == 0) (void) ps_send_reply(vstream_fileno(state->smtp_client_stream), state->smtp_client_addr, state->smtp_client_port, state->final_reply); + msg_info("DISCONNECT %s", state->smtp_client_addr); ps_free_session_state(state); } } diff --git a/postfix/src/postscreen/postscreen_tests.c b/postfix/src/postscreen/postscreen_tests.c index cfd2de586..a2baddabf 100644 --- a/postfix/src/postscreen/postscreen_tests.c +++ b/postfix/src/postscreen/postscreen_tests.c @@ -234,13 +234,19 @@ void ps_parse_tests(PS_STATE *state, /* * Gratuitously make postscreen logging more useful by turning on all * enabled pre-handshake tests when any pre-handshake test is turned on. + * + * XXX Don't enable PREGREET gratuitously before the test expires. With a + * short TTL for DNSBL whitelisting, turning on PREGREET would force a + * full postscreen_greet_wait too frequently. */ +#if 0 if (state->flags & PS_STATE_FLAG_EARLY_TODO) { if (PS_PREGR_TEST_ENABLE()) state->flags |= PS_STATE_FLAG_PREGR_TODO; if (PS_DNSBL_TEST_ENABLE()) state->flags |= PS_STATE_FLAG_DNSBL_TODO; } +#endif } /* ps_print_tests - print postscreen cache record */