From: Wietse Venema Date: Tue, 23 Mar 2010 05:00:00 +0000 (-0500) Subject: postfix-2.8-20100323 X-Git-Tag: v2.8.0-RC1~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dce50c68a4b8ebe89dc195750016ab93a17ca36b;p=thirdparty%2Fpostfix.git postfix-2.8-20100323 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 52daefc20..0dd53715b 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15599,7 +15599,7 @@ Apologies for any names omitted. server will not wait (up to 6 seconds) for the address verification result. File: global/mail_params.h. - Final slution for the I/O event starvation problem when a + Final solution for the I/O event starvation problem when a timer call-back schedules a zero-delay timer request. File: util/events.c. @@ -15739,5 +15739,18 @@ Apologies for any names omitted. Feature: smtp_address_preference (default: ipv6) to control the order in which the Postfix SMTP client will connect to a destination that has IPv6 and IPv4 addresses with equal - MX preference. Files: global/mail_params.c, smtp/smtp.c, - smtp/smtp_params.c, smtp/smtp_addr.c, proto/postconf.proto. + MX preference. Files: global/mail_params.h, smtp/smtp.c, + smtp/smtp_params.c, smtp/smtp_addr.c, dns/dns_rr.c, + and documentation. + +20100321 + + Feature: allow Milter applications to use a lower protocol + version than the version that Postfix is configured for. + Based on an idea by Kouhei Sutou. File: milter/milter8.c. + +20100322 + + Bugfix (introduced 20100305) the new smtp_address_preference + feature was not tested with LMTP support. Problem reported + by Stefan Foerster. File: smtp/smtp.c. diff --git a/postfix/README_FILES/MILTER_README b/postfix/README_FILES/MILTER_README index 87996fe3f..084ea4de5 100644 --- a/postfix/README_FILES/MILTER_README +++ b/postfix/README_FILES/MILTER_README @@ -277,16 +277,18 @@ The remedy is to increase the Postfix milter_protocol version number. See, however, the limitations section below for features that aren't supported by Postfix. -If the Postfix milter_protocol setting specifies a too high version, the -libmilter library simply hangs up without logging a warning, and you see a -Postfix warning message like one of the following: +With Postfix 2.7 and earlier, if the Postfix milter_protocol setting specifies +a too high version, the libmilter library simply hangs up without logging a +warning, and you see a Postfix warning message like one of the following: warning: milter inet:host:port: can't read packet header: Unknown error : 0 warning: milter inet:host:port: can't read packet header: Success warning: milter inet:host:port: can't read SMFIC_DATA reply packet header: No such file or directory -The remedy is to lower the Postfix milter_protocol version number. +The remedy is to lower the Postfix milter_protocol version number. Postfix 2.8 +and later will automatically turn off protocol features that the application's +libmilter library does not expect. MMiilltteerr pprroottooccooll ttiimmeeoouuttss diff --git a/postfix/WISHLIST b/postfix/WISHLIST index bb3e2d6e0..064ad644a 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -2,9 +2,28 @@ Wish list: Remove this file from the stable release. - Add smtpd_sender_login_maps to proxy_read_maps. What other - parameters are worthy of being whitelisted for proxy access? - Is there a way to automate this decision? + Add some checks for tokens starting with #. A challenge + is to report sensible context from the guts of some low-level + parser, without introducing a great deal of clumsiness. + + Add sendmail macros for {verify} and maybe other TLS info. + + Find out if we are doing the correct thing by looking at + state->milter_reject_text when expanding {rcpt_addr} or + {rcpt_host}. + + Find out why post_mail() etc. block when the qmgr fifo + is full. This causes delays in the queue manager. + + Add smtpd_sender_login_maps to proxy_read_maps, and make + sure that defaults are set before proxy_read_maps is + evaluated. What other parameters are worthy of being + whitelisted for proxy access? Is there a way to automate + this decision? + + How to ensure that proxy_read_maps is processed after all + its dependencies are initialized, or just bite the bullet + and rewrite the parameter initialization code. The cleanup virtual alias expansion limit does not really deliver on its promises. 1) It promises to truncate the diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html index f4f7512ef..bb5a38590 100644 --- a/postfix/html/MILTER_README.html +++ b/postfix/html/MILTER_README.html @@ -466,7 +466,8 @@ version, the libmilter library will log an error message like this: number. See, however, the limitations section below for features that aren't supported by Postfix.

-

If the Postfix milter_protocol setting specifies a too high +

With Postfix 2.7 and earlier, if the Postfix milter_protocol +setting specifies a too high version, the libmilter library simply hangs up without logging a warning, and you see a Postfix warning message like one of the following:

@@ -480,7 +481,9 @@ warning: milter inet:host:port: can't read SMFIC_DATA reply packet

The remedy is to lower the Postfix milter_protocol version -number.

+number. Postfix 2.8 and later will automatically turn off protocol +features that the application's libmilter library does not expect. +

Milter protocol timeouts

diff --git a/postfix/html/master.5.html b/postfix/html/master.5.html index e28361305..adfd46b6f 100644 --- a/postfix/html/master.5.html +++ b/postfix/html/master.5.html @@ -110,9 +110,9 @@ MASTER(5) MASTER(5) tion parameter in main.cf). pass The service listens on a UNIX-domain socket, - receives one open connection (file descrip- - tor passing) per connection request, and is - accessible to local clients only. + and is accessible to local clients only. It + receives one open connection (file descrip- + tor passing) per connection request. The service name is a pathname relative to the Postfix queue directory (pathname con- diff --git a/postfix/html/postcat.1.html b/postfix/html/postcat.1.html index 52a2eb7da..de3ef5d18 100644 --- a/postfix/html/postcat.1.html +++ b/postfix/html/postcat.1.html @@ -20,7 +20,7 @@ POSTCAT(1) POSTCAT(1) By default, postcat(1) shows the envelope and message con- tent, as if the options -beh were specified. To view mes- - sage content only, specify -bh (Postfix 2.7 and later). + sage headers only, specify -bh (Postfix 2.7 and later). Options: diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index f245be210..a41f426fb 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -283,7 +283,7 @@ of an address verification request in progress.

By default, the Postfix SMTP server polls the verify(8) service up to three times under non-overload conditions, and only once when -under overload. With Postfix version 2.6 and earlier, the SMTP +under overload. With Postfix version 2.5 and earlier, the SMTP server always polls the verify(8) service up to three times by default.

@@ -11400,6 +11400,13 @@ part before delivering the mail.

/^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2 +
+    # Bounce-never mail sink. Use notify_classes=bounce,resource,software
+    # to send bounced mail to the postmaster (with message body removed).
+    /^(RCPT\s+TO:.*?)\bNOTIFY=\S+\b(.*)/ $1 NOTIFY=NEVER $2
+    /^(RCPT\s+TO:.*)/                    $1 NOTIFY=NEVER
+
+

This feature is available in Postfix 2.7.

diff --git a/postfix/man/man1/postcat.1 b/postfix/man/man1/postcat.1 index bf01c06c4..57aacb9d5 100644 --- a/postfix/man/man1/postcat.1 +++ b/postfix/man/man1/postcat.1 @@ -20,7 +20,7 @@ standard input. By default, \fBpostcat\fR(1) shows the envelope and message content, as if the options \fB-beh\fR were specified. To -view message content only, specify \fB-bh\fR (Postfix 2.7 +view message headers only, specify \fB-bh\fR (Postfix 2.7 and later). Options: diff --git a/postfix/man/man5/master.5 b/postfix/man/man5/master.5 index 414806353..3df5cf9d1 100644 --- a/postfix/man/man5/master.5 +++ b/postfix/man/man5/master.5 @@ -102,9 +102,9 @@ The service name is a pathname relative to the Postfix queue directory (pathname controlled with the \fBqueue_directory\fR configuration parameter in main.cf). .IP \fBpass\fR -The service listens on a UNIX-domain socket, receives one -open connection (file descriptor passing) per connection -request, and is accessible to local clients only. +The service listens on a UNIX-domain socket, and is accessible +to local clients only. It receives one open connection (file +descriptor passing) per connection request. The service name is a pathname relative to the Postfix queue directory (pathname controlled with the \fBqueue_directory\fR diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index ce8c53971..aeadd20bd 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -163,7 +163,7 @@ of an address verification request in progress. .PP By default, the Postfix SMTP server polls the \fBverify\fR(8) service up to three times under non-overload conditions, and only once when -under overload. With Postfix version 2.6 and earlier, the SMTP +under overload. With Postfix version 2.5 and earlier, the SMTP server always polls the \fBverify\fR(8) service up to three times by default. .PP @@ -7039,6 +7039,17 @@ Examples: .ad .ft R .PP +.nf +.na +.ft C + # Bounce-never mail sink. Use notify_classes=bounce,resource,software + # to send bounced mail to the postmaster (with message body removed). + /^(RCPT\es+TO:.*?)\ebNOTIFY=\eS+\eb(.*)/ $1 NOTIFY=NEVER $2 + /^(RCPT\es+TO:.*)/ $1 NOTIFY=NEVER +.fi +.ad +.ft R +.PP This feature is available in Postfix 2.7. .SH smtpd_data_restrictions (default: empty) Optional access restrictions that the Postfix SMTP server applies diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html index 7bd2a7135..5e3a50857 100644 --- a/postfix/proto/MILTER_README.html +++ b/postfix/proto/MILTER_README.html @@ -466,7 +466,8 @@ version, the libmilter library will log an error message like this: number. See, however, the limitations section below for features that aren't supported by Postfix.

-

If the Postfix milter_protocol setting specifies a too high +

With Postfix 2.7 and earlier, if the Postfix milter_protocol +setting specifies a too high version, the libmilter library simply hangs up without logging a warning, and you see a Postfix warning message like one of the following:

@@ -480,7 +481,9 @@ warning: milter inet:host:port: can't read SMFIC_DATA reply packet

The remedy is to lower the Postfix milter_protocol version -number.

+number. Postfix 2.8 and later will automatically turn off protocol +features that the application's libmilter library does not expect. +

Milter protocol timeouts

diff --git a/postfix/proto/master b/postfix/proto/master index 15b82f4e2..3d3f07bc9 100644 --- a/postfix/proto/master +++ b/postfix/proto/master @@ -96,9 +96,9 @@ # queue directory (pathname controlled with the \fBqueue_directory\fR # configuration parameter in main.cf). # .IP \fBpass\fR -# The service listens on a UNIX-domain socket, receives one -# open connection (file descriptor passing) per connection -# request, and is accessible to local clients only. +# The service listens on a UNIX-domain socket, and is accessible +# to local clients only. It receives one open connection (file +# descriptor passing) per connection request. # # The service name is a pathname relative to the Postfix # queue directory (pathname controlled with the \fBqueue_directory\fR diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 5a88698f4..ad076c7c6 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -310,7 +310,7 @@ of an address verification request in progress.

By default, the Postfix SMTP server polls the verify(8) service up to three times under non-overload conditions, and only once when -under overload. With Postfix version 2.6 and earlier, the SMTP +under overload. With Postfix version 2.5 and earlier, the SMTP server always polls the verify(8) service up to three times by default.

@@ -12736,6 +12736,13 @@ part before delivering the mail.

/^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2 +
+    # Bounce-never mail sink. Use notify_classes=bounce,resource,software 
+    # to send bounced mail to the postmaster (with message body removed).
+    /^(RCPT\s+TO:.*?)\bNOTIFY=\S+\b(.*)/ $1 NOTIFY=NEVER $2
+    /^(RCPT\s+TO:.*)/                    $1 NOTIFY=NEVER
+
+

This feature is available in Postfix 2.7.

%PARAM smtp_reply_filter diff --git a/postfix/src/global/dsn_mask.c b/postfix/src/global/dsn_mask.c index 3c183aa4a..8485be17f 100644 --- a/postfix/src/global/dsn_mask.c +++ b/postfix/src/global/dsn_mask.c @@ -29,7 +29,7 @@ /* NOTIFY option to internal form. /* /* dsn_notify_str() converts internal form to the representation -/* used in the MAIL FROM .. NOTIFY command. The result is in +/* used in the RCPT TO .. NOTIFY command. The result is in /* volatile memory and is clobbered whenever str_name_mask() /* is called. /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 01f2bf605..92835492f 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20100306" +#define MAIL_RELEASE_DATE "20100323" #define MAIL_VERSION_NUMBER "2.8" #ifdef SNAPSHOT diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index 6fea0f06a..3aa5cbb97 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -209,7 +209,7 @@ static const NAME_CODE smfir_table[] = { #define SMFIP_NOUNKNOWN (1L<<8) /* filter does not want unknown cmd */ #define SMFIP_NODATA (1L<<9) /* filter does not want DATA */ /* Introduced with Sendmail 8.14. */ -#define SMFIP_SKIP (1L<<10)/* MTA supports SMFIS_SKIP */ +#define SMFIP_SKIP (1L<<10)/* MTA supports SMFIR_SKIP */ #define SMFIP_RCPT_REJ (1L<<11)/* filter wants rejected RCPTs */ #define SMFIP_NR_CONN (1L<<12)/* filter won't reply for connect */ #define SMFIP_NR_HELO (1L<<13)/* filter won't reply for HELO */ @@ -444,12 +444,15 @@ typedef struct { * * XXX Is this still needed? Sendmail 8.14 provides a proper way to negotiate * what replies the mail filter will send. + * + * XXX Keep this table in reverse numerical order. This is needed by the code + * that implements compatibility with older Milter protocol versions. */ static const NAME_CODE milter8_event_masks[] = { - "2", MILTER8_V2_PROTO_MASK, - "3", MILTER8_V3_PROTO_MASK, - "4", MILTER8_V4_PROTO_MASK, "6", MILTER8_V6_PROTO_MASK, + "4", MILTER8_V4_PROTO_MASK, + "3", MILTER8_V3_PROTO_MASK, + "2", MILTER8_V2_PROTO_MASK, "no_header_reply", SMFIP_NOHREPL, 0, -1, }; @@ -1775,6 +1778,41 @@ static void milter8_connect(MILTER8 *milter) if (milter->ev_mask & SMFIP_RCPT_REJ) milter->m.flags |= MILTER_FLAG_WANT_RCPT_REJ; + /* + * Allow the remote application to run an older protocol version, but + * don't them send events that their protocol version doesn't support. + * Based on a suggestion by Kouhei Sutou. + * + * XXX When the Milter sends a protocol version that we don't have + * information for, use the information for the next-lower protocol + * version instead. This code assumes that the milter8_event_masks table + * is organized in reverse numerical order. + */ + if (milter->version < my_version) { + const NAME_CODE *np; + int version; + + for (np = milter8_event_masks; /* see below */ ; np++) { + if (np->name == 0) { + msg_warn("milter %s: unexpected protocol version %d", + milter->m.name, milter->version); + break; + } + if ((version = atoi(np->name)) > 0 && version <= milter->version) { + milter->np_mask |= (SMFIP_NOSEND_MASK & ~np->code); + if (msg_verbose) + msg_info("%s: non-protocol events for milter %s" + " protocol version %d: %s", + myname, milter->m.name, milter->version, + str_name_mask_opt(milter->buf, + "non-protocol event mask", + smfip_table, milter->np_mask, + NAME_MASK_NUMBER)); + break; + } + } + } + /* * Initial negotiations completed. */ diff --git a/postfix/src/milter/test-milter.c b/postfix/src/milter/test-milter.c index 2fa88c81a..69e83bc77 100644 --- a/postfix/src/milter/test-milter.c +++ b/postfix/src/milter/test-milter.c @@ -397,11 +397,23 @@ static sfsistat test_unknown(SMFICTX *ctx, const char *what) #endif +#if SMFI_VERSION > 5 + static sfsistat test_negotiate(SMFICTX *, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long *, unsigned long *, unsigned long *, unsigned long *); +#endif + +#ifndef SMFIF_CHGFROM +#define SMFIF_CHGFROM 0 +#endif +#ifndef SMFIP_HDR_LEADSPC +#define SMFIP_HDR_LEADSPC 0 +#define misc_mask 0 +#endif + static struct smfiDesc smfilter = { "test-milter", diff --git a/postfix/src/postcat/postcat.c b/postfix/src/postcat/postcat.c index 7c687bfe4..62f85fee9 100644 --- a/postfix/src/postcat/postcat.c +++ b/postfix/src/postcat/postcat.c @@ -14,7 +14,7 @@ /* /* By default, \fBpostcat\fR(1) shows the envelope and message /* content, as if the options \fB-beh\fR were specified. To -/* view message content only, specify \fB-bh\fR (Postfix 2.7 +/* view message headers only, specify \fB-bh\fR (Postfix 2.7 /* and later). /* /* Options: diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index e00c91d33..3cf74660c 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -864,7 +864,7 @@ static int deliver_message(const char *service, DELIVER_REQUEST *request) state->request = request; state->src = request->fp; state->service = service; - state->misc_flags = smtp_addr_pref; + state->misc_flags |= smtp_addr_pref; SMTP_RCPT_INIT(state); /*