From: Wietse Venema Date: Fri, 20 Jul 2007 05:00:00 +0000 (-0500) Subject: postfix-2.5-20070720 X-Git-Tag: v2.5.0-RC1~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec9e8eb50c2eae550016dd8d1196066fe807bae7;p=thirdparty%2Fpostfix.git postfix-2.5-20070720 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 493b2d2a1..2658c13d1 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13606,13 +13606,36 @@ Apologies for any names omitted. 20070614 - Workaround: some EXIM servers require SASL login without - authzid (authoriZation ID), i.e. the client must send only - the authcid (authentiCation ID) + the authcid's password. - The IETF draft document says that in this case the server - shall derive the authzid from the authcid. And since the - Postfix client always used the same value for authzid and - authcid, dropping the authzid should not create problems - (lightly tested with Cyrus SASL servers). To get the old - behavior specify "send_cyrus_sasl_authzid = yes". File: - xsasl/xsasl_cyrus_client.c. + Workaround: some non-Cyrus SASL SMTP servers require SASL + login without authzid (authoriZation ID), i.e. the client + must send only the authcid (authentiCation ID) + the authcid's + password. In this case the server is supposed to derive + the authzid from the authcid. This works as expected when + authenticating to a Cyrus SASL SMTP server. To get the old + behavior specify "send_cyrus_sasl_authzid = yes", in which + case Postfix sends the (authzid, authcid, password), with + the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c. + +20070619 + + Portability: /dev/poll support for Solaris chroot jail setup + scripts. Files: examples/chroot-setup/Solaris8, + examples/chroot-setup/Solaris10. + +20070713 + + The RFC documents at www.faqs.org are being polluted with + "feedback" spam. The Postfix hypertext documentation now + points to tools.ietf.org. File: mantools/postlink. + +20070719 + + Feature: updated smtp-sink with new options to send a + pre-formatted message from file, and to handle replies other + than the expected 2xx or 3xx. File: smtpstone/smtp-source.c. + + Cleanup: streamlined Milter client error handling, so that + the (Postfix SMTP server's Milter client) does not get out + of sync with Milter applications after the (cleanup server's + Milter client) encounters some non-recoverable problem. + Files: milter/milter8.c, smtpd/smtpd.c. diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index ee39ad617..b10a6814d 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -146,7 +146,9 @@ In order to allow mail relaying by authenticated clients: /etc/postfix/main.cf: smtpd_recipient_restrictions = - permit_mynetworks permit_sasl_authenticated ... + permit_mynetworks + permit_sasl_authenticated + reject_unauth_destination To report SASL login names in Received: message headers (Postfix version 2.3 and later): @@ -356,20 +358,20 @@ bold font. 250-ETRN 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 250 8BITMIME - AAUUTTHH PPLLAAIINN ddGGVVzzddAABB00ZZXXNN00AAHHRRllcc33RRwwYYXXNNzz + AAUUTTHH PPLLAAIINN AAHHRRllcc33QQAAddGGVVzzddHHBBhhcc33MM== 235 Authentication successful -Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded form of -username\0username\0password (the \0 is a null byte). The example above is for -a user named `test' with password `testpass'. +Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded form of +\0username\0password (the \0 is a null byte). The example above is for a user +named `test' with password `testpass'. In order to generate base64 encoded authentication information you can use one of the following commands: - % printf 'username\0username\0password' | mmencode + % printf '\0username\0password' | mmencode % perl -MMIME::Base64 -e \ - 'print encode_base64("username\0username\0password");' + 'print encode_base64("\0username\0password");' The mmencode command is part of the metamail software. MIME::Base64 is available from http://www.cpan.org/. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 67b7af21d..0227312f2 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -20,10 +20,10 @@ before proceeding. Incompatibility with Postfix snapshot 20070614 ============================================== -By default, the Cyrus SASL client no longer sends an authoriZation -ID (authzid); it sends only the authentiCation ID (authcid) plus -the authcid's password. Specify "send_cyrus_sasl_authzid = yes" to -get the old behavior. +By default, the Postfix Cyrus SASL client no longer sends a SASL +authoriZation ID (authzid); it sends only the SASL authentiCation +ID (authcid) plus the authcid's password. Specify "send_cyrus_sasl_authzid += yes" to get the old behavior. Incompatibility with Postfix snapshot 20070613 ============================================== diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 6c1975bfa..db194c8bb 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,5 +1,16 @@ Wish list: + Absent a formal spec, model IPv6 RBL lookups after the IPv6 + PTR lookups (one zone per hex nibble, nibbles in reversed + order). How to specify whether to query an RBL server for + status info about an IPv6 address? One could argue that as + long as IPv6 traffic is small an unsupported lookup doesn't + matter; and once IPv6 takes off, the RBL servers better + start supporting IPv6 client status information. + + Don't log "warning: XXXXX: undeliverable postmaster + notification discarded" for spam from outside. + Really need a cleanup driver that allows testing against Milter applications instead of synthetic events. This would have to provide stubs for clients that talk to Postfix @@ -65,10 +76,14 @@ Wish list: into mailer-daemon (current bahavior) or disallow (strict behavior, currently implemented only in the SMTP server). - The type of var_message_limit should be changed from int - to long or better, to take advantage of LP64 architectures. - This also requires checking all expressions in which - var_message_limit appears. + Plan for time_t larger than long, or wait for LP64 to + dominate the world? + + The type of var_message_limit (and other file size/offset + configuration parameters or internal protocol attributes) + should be changed from int to off_t. This also requires + checking all expressions in which var_message_limit etc. + appears. Add M flag (enable multi-recipient delivery) to pipe daemon. diff --git a/postfix/examples/chroot-setup/Solaris10 b/postfix/examples/chroot-setup/Solaris10 index a815218f9..8647d9a8c 100644 --- a/postfix/examples/chroot-setup/Solaris10 +++ b/postfix/examples/chroot-setup/Solaris10 @@ -61,6 +61,7 @@ more=" /dev/tcp6 /dev/udp /dev/tcp +/dev/poll /dev/rawip /dev/ticlts /dev/ticotsord @@ -71,6 +72,7 @@ more=" /devices/pseudo/tcp6@0:tcp6 /devices/pseudo/udp@0:udp /devices/pseudo/tcp@0:tcp +/devices/pseudo/poll@0:poll /devices/pseudo/icmp@0:icmp /devices/pseudo/tl@0:ticlts /devices/pseudo/tl@0:ticotsord diff --git a/postfix/examples/chroot-setup/Solaris8 b/postfix/examples/chroot-setup/Solaris8 index dd749466d..973e7310e 100644 --- a/postfix/examples/chroot-setup/Solaris8 +++ b/postfix/examples/chroot-setup/Solaris8 @@ -61,6 +61,7 @@ more=" /dev/tcp6 /dev/udp /dev/tcp +/dev/poll /dev/rawip /dev/ticlts /dev/ticotsord @@ -71,6 +72,7 @@ more=" /devices/pseudo/tcp6@0:tcp6 /devices/pseudo/udp@0:udp /devices/pseudo/tcp@0:tcp +/devices/pseudo/poll@0:poll /devices/pseudo/icmp@0:icmp /devices/pseudo/tl@0:ticlts /devices/pseudo/tl@0:ticotsord diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html index 3824e7de2..20c46a615 100644 --- a/postfix/html/SASL_README.html +++ b/postfix/html/SASL_README.html @@ -28,7 +28,7 @@ Dovecot provides an alternative that may be worth considering.

How Postfix uses SASL authentication information

-

Postfix SASL support (RFC 2554) can be used to authenticate +

Postfix SASL support (RFC 2554) can be used to authenticate remote SMTP clients to the Postfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server.

@@ -239,7 +239,9 @@ SMTP server 
 /etc/postfix/main.cf:
     smtpd_recipient_restrictions = 
-        permit_mynetworks permit_sasl_authenticated ...
+        permit_mynetworks 
+        permit_sasl_authenticated 
+        reject_unauth_destination
@@ -537,13 +539,13 @@ client is shown in bold font.

250-ETRN 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 250 8BITMIME -AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz +AUTH PLAIN AHRlc3QAdGVzdHBhc3M= 235 Authentication successful -

Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded -form of username\0username\0password (the \0 is a null byte). The +

Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded +form of \0username\0password (the \0 is a null byte). The example above is for a user named `test' with password `testpass'.

@@ -552,14 +554,14 @@ you can use one of the following commands: 

-% printf 'username\0username\0password' | mmencode 
+% printf '\0username\0password' | mmencode 
 
 % perl -MMIME::Base64 -e \
-    'print encode_base64("username\0username\0password");'
+    'print encode_base64("\0username\0password");'
diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html index 1eb182bbc..230c1dcf1 100644 --- a/postfix/html/access.5.html +++ b/postfix/html/access.5.html @@ -179,7 +179,7 @@ ACCESS(5) ACCESS(5) REJECT ACTIONS Postfix version 2.3 and later support enhanced status - codes as defined in RFC 3463. When no code is specified + codes as defined in RFC 3463. When no code is specified at the beginning of the text below, Postfix inserts a default enhanced status code of "5.7.1" in the case of reject actions, and "4.7.1" in the case of defer actions. @@ -322,7 +322,7 @@ ACCESS(5) ACCESS(5) ENHANCED STATUS CODES Postfix version 2.3 and later support enhanced status - codes as defined in RFC 3463. When an enhanced status + codes as defined in RFC 3463. When an enhanced status code is specified in an access table, it is subject to modification. The following transformations are needed when the same access table is used for client, helo, diff --git a/postfix/html/aliases.5.html b/postfix/html/aliases.5.html index 30cddaa27..6ed4b8bb3 100644 --- a/postfix/html/aliases.5.html +++ b/postfix/html/aliases.5.html @@ -65,7 +65,7 @@ ALIASES(5) ALIASES(5) address Mail is forwarded to address, which is compatible - with the RFC 822 standard. + with the RFC 822 standard. /file/name Mail is appended to /file/name. See local(8) for @@ -174,7 +174,7 @@ ALIASES(5) ALIASES(5) .forward files. STANDARDS - RFC 822 (ARPA Internet Text Messages) + RFC 822 (ARPA Internet Text Messages) SEE ALSO local(8), local delivery agent diff --git a/postfix/html/bounce.8.html b/postfix/html/bounce.8.html index 5d8aef4d7..d62ce02c8 100644 --- a/postfix/html/bounce.8.html +++ b/postfix/html/bounce.8.html @@ -43,12 +43,12 @@ BOUNCE(8) BOUNCE(8) on retry logic in their own client. STANDARDS - RFC 822 (ARPA Internet Text Messages) - RFC 2045 (Format of Internet Message Bodies) - RFC 2822 (ARPA Internet Text Messages) - RFC 3462 (Delivery Status Notifications) - RFC 3464 (Delivery Status Notifications) - RFC 3834 (Auto-Submitted: message header) + RFC 822 (ARPA Internet Text Messages) + RFC 2045 (Format of Internet Message Bodies) + RFC 2822 (ARPA Internet Text Messages) + RFC 3462 (Delivery Status Notifications) + RFC 3464 (Delivery Status Notifications) + RFC 3834 (Auto-Submitted: message header) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index eb5a6202c..45325867f 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -55,11 +55,11 @@ CLEANUP(8) CLEANUP(8) bounce the message back to the sender in case of trouble. STANDARDS - RFC 822 (ARPA Internet Text Messages) - RFC 2045 (MIME: Format of Internet Message Bodies) - RFC 2046 (MIME: Media Types) - RFC 3463 (Enhanced Status Codes) - RFC 3464 (Delivery status notifications) + RFC 822 (ARPA Internet Text Messages) + RFC 2045 (MIME: Format of Internet Message Bodies) + RFC 2046 (MIME: Media Types) + RFC 3463 (Enhanced Status Codes) + RFC 3464 (Delivery status notifications) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/html/defer.8.html b/postfix/html/defer.8.html index 5d8aef4d7..d62ce02c8 100644 --- a/postfix/html/defer.8.html +++ b/postfix/html/defer.8.html @@ -43,12 +43,12 @@ BOUNCE(8) BOUNCE(8) on retry logic in their own client. STANDARDS - RFC 822 (ARPA Internet Text Messages) - RFC 2045 (Format of Internet Message Bodies) - RFC 2822 (ARPA Internet Text Messages) - RFC 3462 (Delivery Status Notifications) - RFC 3464 (Delivery Status Notifications) - RFC 3834 (Auto-Submitted: message header) + RFC 822 (ARPA Internet Text Messages) + RFC 2045 (Format of Internet Message Bodies) + RFC 2822 (ARPA Internet Text Messages) + RFC 3462 (Delivery Status Notifications) + RFC 3464 (Delivery Status Notifications) + RFC 3834 (Auto-Submitted: message header) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/html/discard.8.html b/postfix/html/discard.8.html index 9325692c5..2be0a00a1 100644 --- a/postfix/html/discard.8.html +++ b/postfix/html/discard.8.html @@ -18,7 +18,7 @@ DISCARD(8) DISCARD(8) queue file, a sender address, a domain or host name that is treated as the reason for discarding the mail, and recipient information. The reason may be prefixed with an - RFC 3463-compatible detail code. This program expects to + RFC 3463-compatible detail code. This program expects to be run from the master(8) process manager. The discard(8) delivery agent pretends to deliver all diff --git a/postfix/html/error.8.html b/postfix/html/error.8.html index 180b843b8..d0ca50937 100644 --- a/postfix/html/error.8.html +++ b/postfix/html/error.8.html @@ -17,8 +17,8 @@ ERROR(8) ERROR(8) requests from the queue manager. Each request specifies a queue file, a sender address, the reason for non-delivery (specified as the next-hop destination), and recipient - information. The reason may be prefixed with an RFC - 3463-compatible detail code; if none is specified a + information. The reason may be prefixed with an RFC + 3463-compatible detail code; if none is specified a default 4.0.0 or 5.0.0 code is used instead. This program expects to be run from the master(8) process manager. @@ -37,7 +37,7 @@ ERROR(8) ERROR(8) privilege. STANDARDS - RFC 3463 (Enhanced Status Codes) + RFC 3463 (Enhanced Status Codes) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html index 0edb3fde2..f0f68aa0e 100644 --- a/postfix/html/header_checks.5.html +++ b/postfix/html/header_checks.5.html @@ -299,12 +299,12 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) or one body line at a time. A decision made for one line is not carried over to the next line. - o If text in the message body is encoded (RFC 2045) + o If text in the message body is encoded (RFC 2045) then the rules need to be specified for the encoded form. - o Likewise, when message headers are encoded (RFC - 2047) then the rules need to be specified for the + o Likewise, when message headers are encoded (RFC + 2047) then the rules need to be specified for the encoded form. Message headers added by the cleanup(8) daemon itself are @@ -386,8 +386,8 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) postmap(1), Postfix lookup table management postsuper(1), Postfix janitor postcat(1), show Postfix queue file contents - RFC 2045, base64 and quoted-printable encoding rules - RFC 2047, message header encoding for non-ASCII text + RFC 2045, base64 and quoted-printable encoding rules + RFC 2047, message header encoding for non-ASCII text README FILES DATABASE_README, Postfix lookup table overview diff --git a/postfix/html/ldap_table.5.html b/postfix/html/ldap_table.5.html index 19edaa59f..9653b1a1f 100644 --- a/postfix/html/ldap_table.5.html +++ b/postfix/html/ldap_table.5.html @@ -143,7 +143,7 @@ LDAP_TABLE(5) LDAP_TABLE(5) timeout = 5 search_base (No default; you must configure this) - The RFC2253 base DN at which to conduct the search, + The RFC2253 base DN at which to conduct the search, e.g. search_base = dc=your, dc=com @@ -153,21 +153,21 @@ LDAP_TABLE(5) LDAP_TABLE(5) %% This is replaced by a literal '%' character. - %s This is replaced by the input key. RFC 2253 + %s This is replaced by the input key. RFC 2253 quoting is used to make sure that the input key does not add unexpected metacharacters. %u When the input key is an address of the form - user@domain, %u is replaced by the (RFC - 2253) quoted local part of the address. + user@domain, %u is replaced by the (RFC + 2253) quoted local part of the address. Otherwise, %u is replaced by the entire search string. If the localpart is empty, the search is suppressed and returns no results. %d When the input key is an address of the form - user@domain, %d is replaced by the (RFC - 2253) quoted domain part of the address. + user@domain, %d is replaced by the (RFC + 2253) quoted domain part of the address. Otherwise, the search is suppressed and returns no results. @@ -191,7 +191,7 @@ LDAP_TABLE(5) LDAP_TABLE(5) returns no results. query_filter (default: mailacceptinggeneralid=%s) - The RFC2254 filter used to search the directory, + The RFC2254 filter used to search the directory, where %s is a substitute for the address Postfix is trying to resolve, e.g. @@ -203,21 +203,21 @@ LDAP_TABLE(5) LDAP_TABLE(5) %% This is replaced by a literal '%' character. (Postfix 2.2 and later). - %s This is replaced by the input key. RFC 2254 + %s This is replaced by the input key. RFC 2254 quoting is used to make sure that the input key does not add unexpected metacharacters. %u When the input key is an address of the form - user@domain, %u is replaced by the (RFC - 2254) quoted local part of the address. + user@domain, %u is replaced by the (RFC + 2254) quoted local part of the address. Otherwise, %u is replaced by the entire search string. If the localpart is empty, the search is suppressed and returns no results. %d When the input key is an address of the form - user@domain, %d is replaced by the (RFC - 2254) quoted domain part of the address. + user@domain, %d is replaced by the (RFC + 2254) quoted domain part of the address. Otherwise, the search is suppressed and returns no results. @@ -612,7 +612,7 @@ LDAP_TABLE(5) LDAP_TABLE(5) tory entries whose mailacceptinggeneralid attribute is "ldapuser", read the "maildrop" attributes of those found, and build a list of their maildrops, which will be treated - as RFC822 addresses to which the message will be deliv- + as RFC822 addresses to which the message will be deliv- ered. SEE ALSO diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 65101c012..482d3e236 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -99,21 +99,21 @@ SMTP(8) SMTP(8) low privilege. STANDARDS - RFC 821 (SMTP protocol) - RFC 822 (ARPA Internet Text Messages) - RFC 1651 (SMTP service extensions) - RFC 1652 (8bit-MIME transport) - RFC 1870 (Message Size Declaration) - RFC 2033 (LMTP protocol) - RFC 2034 (SMTP Enhanced Error Codes) - RFC 2045 (MIME: Format of Internet Message Bodies) - RFC 2046 (MIME: Media Types) - RFC 2554 (AUTH command) - RFC 2821 (SMTP protocol) - RFC 2920 (SMTP Pipelining) - RFC 3207 (STARTTLS command) - RFC 3461 (SMTP DSN Extension) - RFC 3463 (Enhanced Status Codes) + RFC 821 (SMTP protocol) + RFC 822 (ARPA Internet Text Messages) + RFC 1651 (SMTP service extensions) + RFC 1652 (8bit-MIME transport) + RFC 1870 (Message Size Declaration) + RFC 2033 (LMTP protocol) + RFC 2034 (SMTP Enhanced Error Codes) + RFC 2045 (MIME: Format of Internet Message Bodies) + RFC 2046 (MIME: Media Types) + RFC 2554 (AUTH command) + RFC 2821 (SMTP protocol) + RFC 2920 (SMTP Pipelining) + RFC 3207 (STARTTLS command) + RFC 3461 (SMTP DSN Extension) + RFC 3463 (Enhanced Status Codes) DIAGNOSTICS Problems and transactions are logged to syslogd(8). Cor- @@ -193,7 +193,7 @@ SMTP(8) SMTP(8) smtp_quote_rfc821_envelope (yes) Quote addresses in SMTP MAIL FROM and RCPT TO com- - mands as required by RFC 821. + mands as required by RFC 821. smtp_skip_5xx_greeting (yes) Skip SMTP servers that greet with a 5XX status code @@ -253,13 +253,13 @@ SMTP(8) SMTP(8) will ignore in the LHLO response from a remote LMTP server. - Available in Postfix version 2.5 and later: + Available in Postfix version 2.4.4 and later: send_cyrus_sasl_authzid (no) - When authenticating to a SASL server, with the - default setting "no", send no authoriZation ID - (authzid); send only the authentiCation ID (auth- - cid) plus the authcid's password. + When authenticating to a remote SMTP or LMTP server + with the default setting "no", send no SASL autho- + riZation ID (authzid); send only the SASL authenti- + Cation ID (authcid) plus the authcid's password. MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index de3fd4f54..26708b5df 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -183,7 +183,7 @@ LOCAL(8) LOCAL(8) ventions defined in <sysexits.h>. Exit status 0 means normal successful completion. - Postfix version 2.3 and later support RFC 3463-style + Postfix version 2.3 and later support RFC 3463-style enhanced status codes. If a command terminates with a non-zero exit status, and the command output begins with an enhanced status code, this status code takes precedence @@ -318,8 +318,8 @@ LOCAL(8) LOCAL(8) the default_privs configuration parameter. STANDARDS - RFC 822 (ARPA Internet Text Messages) - RFC 3463 (Enhanced status codes) + RFC 822 (ARPA Internet Text Messages) + RFC 3463 (Enhanced status codes) DIAGNOSTICS Problems and transactions are logged to syslogd(8). Cor- diff --git a/postfix/html/oqmgr.8.html b/postfix/html/oqmgr.8.html index a17925cd1..f9db969c5 100644 --- a/postfix/html/oqmgr.8.html +++ b/postfix/html/oqmgr.8.html @@ -149,8 +149,8 @@ OQMGR(8) OQMGR(8) manager of the arrival of new mail one would request I. STANDARDS - RFC 3463 (Enhanced status codes) - RFC 3464 (Delivery status notifications) + RFC 3463 (Enhanced status codes) + RFC 3464 (Delivery status notifications) SECURITY The oqmgr(8) daemon is not security sensitive. It reads diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index df7810652..6da46ca08 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -127,7 +127,7 @@ PIPE(8) PIPE(8) ters in the command-line $sender and $recip- ient address localparts (text to the left of the right-most @ character), according to an - 8-bit transparent version of RFC 822. This + 8-bit transparent version of RFC 822. This is recommended for delivery via UUCP or BSMTP. @@ -302,8 +302,8 @@ PIPE(8) PIPE(8) ${sasl_sender} This macro expands to the SASL sender name - (i.e. the original submitter as per RFC - 2554) used during the reception of the mes- + (i.e. the original submitter as per RFC + 2554) used during the reception of the mes- sage. This is available in Postfix 2.2 and later. @@ -345,14 +345,14 @@ PIPE(8) PIPE(8) for case folding. STANDARDS - RFC 3463 (Enhanced status codes) + RFC 3463 (Enhanced status codes) DIAGNOSTICS Command exit status codes are expected to follow the con- ventions defined in <sysexits.h>. Exit status 0 means normal successful completion. - Postfix version 2.3 and later support RFC 3463-style + Postfix version 2.3 and later support RFC 3463-style enhanced status codes. If a command terminates with a non-zero exit status, and the command output begins with an enhanced status code, this status code takes precedence diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index 0d5daca65..6304118f7 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -215,7 +215,7 @@ POSTALIAS(1) POSTALIAS(1) becomes, for example, "postfix/smtpd". STANDARDS - RFC 822 (ARPA Internet Text Messages) + RFC 822 (ARPA Internet Text Messages) SEE ALSO aliases(5), format of alias database input file. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index f15cad0d9..e461dac4b 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -94,7 +94,7 @@ is rejected by an access(5) map restriction.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -1163,7 +1163,7 @@ is placed into the Postfix configuration directory.

Enable inter-operability with SMTP clients that implement an obsolete -version of the AUTH command (RFC 2554). Examples of such clients +version of the AUTH command (RFC 2554). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.

@@ -1798,7 +1798,7 @@ address, or Recipient address. maps_rbl_reject_code configuration parameter. Note: The numerical SMTP response code is required, and must appear at the start of the reply. With Postfix version 2.3 and later this information may be followed -by an RFC 3463 enhanced status code. +by an RFC 3463 enhanced status code.
$rbl_domain
@@ -1971,7 +1971,7 @@ client request is rejected by the "defer" restriction.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -2967,7 +2967,7 @@ on whether the operating system implements IPv6.

Note: you MUST stop and start Postfix after changing this parameter.

-

On systems that pre-date IPV6_V6ONLY support (RFC 3493), an +

On systems that pre-date IPV6_V6ONLY support (RFC 3493), an IPv6 server will also accept IPv4 connections, even when IPv4 is turned off with the inet_protocols parameter. On systems with IPV6_V6ONLY support, Postfix will use separate server sockets for @@ -2978,7 +2978,7 @@ corresponding protocol.

Postfix will to DNS type A record lookups, and will convert IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date -IPV6_V6ONLY support (RFC 3493).

+IPV6_V6ONLY support (RFC 3493).

When IPv6 support is enabled via the inet_protocols parameter, Postfix will do DNS type AAAA record lookups.

@@ -3054,7 +3054,7 @@ restriction.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -4188,7 +4188,7 @@ a neighboring system.
permit_sasl_authenticated
Append the domain name in $myorigin or $mydomain when the -client is successfully authenticated via the RFC 2554 (AUTH) +client is successfully authenticated via the RFC 2554 (AUTH) protocol.
permit_tls_clientcerts
@@ -4772,7 +4772,7 @@ client request is blocked by the rej

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -5316,7 +5316,7 @@ restriction.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -6346,7 +6346,7 @@ client request is rejected by the "reject" restriction.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -6454,7 +6454,7 @@ restriction.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -6646,7 +6646,7 @@ the mail server (NOT RECOMMENDED). looking inside quotes.

By default, the Postfix address resolver does not quote the -address localpart as per RFC 822, so that additional @ or % or ! +address localpart as per RFC 822, so that additional @ or % or ! operators remain visible. This behavior is safe but it is also technically incorrect.

@@ -6718,16 +6718,17 @@ The name of the directory with example Postfix configuration files.
send_cyrus_sasl_authzid (default: no)
-

When authenticating to a SASL server, with the default setting -"no", send no authoriZation ID (authzid); send only the authentiCation -ID (authcid) plus the authcid's password.

+

When authenticating to a remote SMTP or LMTP server with the +default setting "no", send no SASL authoriZation ID (authzid); send +only the SASL authentiCation ID (authcid) plus the authcid's password. +

The non-default setting "yes" enables the behavior of older -Postfix versions. These always send an authzid that is equal to -the authcid, but this causes inter-operability problems with some -SMTP servers.

+Postfix versions. These always send a SASL authzid that is equal +to the SASL authcid, but this causes inter-operability problems +with some SMTP servers.

-

This feature is available in Postfix 2.5 and later.

+

This feature is available in Postfix 2.4.4 and later.

@@ -7353,7 +7354,7 @@ the CommonName is checked. The behavior may be changed with the smtp_tls_enforce_peername option.

This option is useful only if you are definitely sure that you -will only connect to servers that support RFC 2487 _and_ that +will only connect to servers that support RFC 2487 _and_ that provide valid server certificates. Typical use is for clients that send all their email to a dedicated mailhub.

@@ -7664,12 +7665,12 @@ The default time unit is s (seconds).

Quote addresses in SMTP MAIL FROM and RCPT TO commands as required -by RFC 821. This includes putting quotes around an address localpart +by RFC 821. This includes putting quotes around an address localpart that ends in ".".

-The default is to comply with RFC 821. If you have to send mail to +The default is to comply with RFC 821. If you have to send mail to a broken SMTP server, configure a special SMTP client in master.cf:

@@ -8156,7 +8157,7 @@ access only to the system superuser account ("root").

With mandatory TLS encryption, require that the remote SMTP server hostname matches the information in the remote SMTP server -certificate. As of RFC 2487 the requirements for hostname checking +certificate. As of RFC 2487 the requirements for hostname checking for MTA clients are not specified.

This option can be set to "no" to disable strict peer name @@ -9299,7 +9300,7 @@ network or network address listed in $myne

permit_sasl_authenticated
Permit the request when the client is successfully -authenticated via the RFC 2554 (AUTH) protocol.
+authenticated via the RFC 2554 (AUTH) protocol.
permit_tls_all_clientcerts
@@ -9648,7 +9649,7 @@ applies in the context of the SMTP END-OF-DATA command.

(default: no)

Mandatory TLS: announce STARTTLS support to SMTP clients, -and require that clients use TLS encryption. According to RFC 2487 +and require that clients use TLS encryption. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP server. This option is off by default and should be used only on dedicated servers.

@@ -11435,7 +11436,7 @@ to SMTP clients, but do not require that clients use TLS encryption.
encrypt
Mandatory TLS encryption: announce STARTTLS support to SMTP clients, and require that clients use TLS -encryption. According to RFC 2487 this MUST NOT be applied in case +encryption. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP server. Instead, this option should be used only on dedicated servers.
@@ -11667,12 +11668,12 @@ This feature is available in Postfix 2.0 and later.

Require that addresses received in SMTP MAIL FROM and RCPT TO commands are enclosed with <>, and that those addresses do -not contain RFC 822 style comments or phrases. This stops mail +not contain RFC 822 style comments or phrases. This stops mail from poorly written software.

-By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL +By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL FROM and RCPT TO addresses.

@@ -12025,7 +12026,7 @@ always 450 in case of a temporary DNS error.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -12042,7 +12043,7 @@ with 450 when the mapping failed due to a temporary error condition.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -12058,7 +12059,7 @@ specified with the HELO or EHLO command is rejected by the

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -12158,7 +12159,7 @@ accept the address anyway.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

@@ -12182,7 +12183,7 @@ accept the address anyway.

-Do not change this unless you have a complete understanding of RFC 821. +Do not change this unless you have a complete understanding of RFC 821.

diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index 6061cfa58..b0f867749 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -75,7 +75,7 @@ POSTQUEUE(1) POSTQUEUE(1) -s site Schedule immediate delivery of all mail that is queued for the named site. A numerical site must be - specified as a valid RFC 2821 address literal + specified as a valid RFC 2821 address literal enclosed in [], just like in email addresses. The site must be eligible for the "fast flush" service. See flush(8) for more information about the "fast diff --git a/postfix/html/qmgr.8.html b/postfix/html/qmgr.8.html index 6679ec2cc..ce4106af8 100644 --- a/postfix/html/qmgr.8.html +++ b/postfix/html/qmgr.8.html @@ -155,8 +155,8 @@ QMGR(8) QMGR(8) manager of the arrival of new mail one would request I. STANDARDS - RFC 3463 (Enhanced status codes) - RFC 3464 (Delivery status notifications) + RFC 3463 (Enhanced status codes) + RFC 3464 (Delivery status notifications) SECURITY The qmgr(8) daemon is not security sensitive. It reads diff --git a/postfix/html/smtp-sink.1.html b/postfix/html/smtp-sink.1.html index 92e298c9a..6dfc676fe 100644 --- a/postfix/html/smtp-sink.1.html +++ b/postfix/html/smtp-sink.1.html @@ -260,7 +260,7 @@ SMTP-SINK(1) SMTP-SINK(1) per-message capture file name. time-stamp - A time stamp as defined in RFC 2822. + A time stamp as defined in RFC 2822. SEE ALSO smtp-source(1), SMTP/LMTP message generator diff --git a/postfix/html/smtp-source.1.html b/postfix/html/smtp-source.1.html index 31f285055..ca707017c 100644 --- a/postfix/html/smtp-source.1.html +++ b/postfix/html/smtp-source.1.html @@ -35,23 +35,32 @@ SMTP-SOURCE(1) SMTP-SOURCE(1) available when Postfix is built without IPv6 sup- port. - -c Display a running counter that is incremented each + -A Don't abort when the server sends something other + than the expected positive reply code. + + -c Display a running counter that is incremented each time an SMTP DATA command completes. -C count - When a host sends RESET instead of SYN|ACK, try - count times before giving up. The default count is + When a host sends RESET instead of SYN|ACK, try + count times before giving up. The default count is 1. Specify a larger count in order to work around a problem with TCP/IP stacks that send RESET when the listen queue is full. - -d Don't disconnect after sending a message; send the + -d Don't disconnect after sending a message; send the next message over the same connection. -f from - Use the specified sender address (default: + Use the specified sender address (default: <foo@myhostname>). + -F file + Send the pre-formatted message header and body in + the specified file, while prepending '.' before + lines that begin with '.', and while appending CRLF + after each line. + -l length Send length bytes as message payload. The length does not include message headers. @@ -81,6 +90,11 @@ SMTP-SOURCE(1) SMTP-SOURCE(1) action (default: 1). Recipient names are generated by prepending a number to the recipient address. + -R interval + Wait for a random period of time 0 <= n <= interval + between messages. Suspending one thread does not + affect other delivery threads. + -s session_count Run the specified number of SMTP sessions in paral- lel (default: 1). @@ -92,11 +106,6 @@ SMTP-SOURCE(1) SMTP-SOURCE(1) -t to Use the specified recipient address (default: <foo@myhostname>). - -R interval - Wait for a random period of time 0 <= n <= interval - between messages. Suspending one thread does not - affect other delivery threads. - -v Make the program more verbose, for debugging pur- poses. diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 65101c012..482d3e236 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -99,21 +99,21 @@ SMTP(8) SMTP(8) low privilege. STANDARDS - RFC 821 (SMTP protocol) - RFC 822 (ARPA Internet Text Messages) - RFC 1651 (SMTP service extensions) - RFC 1652 (8bit-MIME transport) - RFC 1870 (Message Size Declaration) - RFC 2033 (LMTP protocol) - RFC 2034 (SMTP Enhanced Error Codes) - RFC 2045 (MIME: Format of Internet Message Bodies) - RFC 2046 (MIME: Media Types) - RFC 2554 (AUTH command) - RFC 2821 (SMTP protocol) - RFC 2920 (SMTP Pipelining) - RFC 3207 (STARTTLS command) - RFC 3461 (SMTP DSN Extension) - RFC 3463 (Enhanced Status Codes) + RFC 821 (SMTP protocol) + RFC 822 (ARPA Internet Text Messages) + RFC 1651 (SMTP service extensions) + RFC 1652 (8bit-MIME transport) + RFC 1870 (Message Size Declaration) + RFC 2033 (LMTP protocol) + RFC 2034 (SMTP Enhanced Error Codes) + RFC 2045 (MIME: Format of Internet Message Bodies) + RFC 2046 (MIME: Media Types) + RFC 2554 (AUTH command) + RFC 2821 (SMTP protocol) + RFC 2920 (SMTP Pipelining) + RFC 3207 (STARTTLS command) + RFC 3461 (SMTP DSN Extension) + RFC 3463 (Enhanced Status Codes) DIAGNOSTICS Problems and transactions are logged to syslogd(8). Cor- @@ -193,7 +193,7 @@ SMTP(8) SMTP(8) smtp_quote_rfc821_envelope (yes) Quote addresses in SMTP MAIL FROM and RCPT TO com- - mands as required by RFC 821. + mands as required by RFC 821. smtp_skip_5xx_greeting (yes) Skip SMTP servers that greet with a 5XX status code @@ -253,13 +253,13 @@ SMTP(8) SMTP(8) will ignore in the LHLO response from a remote LMTP server. - Available in Postfix version 2.5 and later: + Available in Postfix version 2.4.4 and later: send_cyrus_sasl_authzid (no) - When authenticating to a SASL server, with the - default setting "no", send no authoriZation ID - (authzid); send only the authentiCation ID (auth- - cid) plus the authcid's password. + When authenticating to a remote SMTP or LMTP server + with the default setting "no", send no SASL autho- + riZation ID (authzid); send only the SASL authenti- + Cation ID (authcid) plus the authcid's password. MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 01f4b58db..557a543c3 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -41,19 +41,19 @@ SMTPD(8) SMTPD(8) SMTP server can be run chrooted at fixed low privilege. STANDARDS - RFC 821 (SMTP protocol) - RFC 1123 (Host requirements) - RFC 1652 (8bit-MIME transport) - RFC 1869 (SMTP service extensions) - RFC 1870 (Message Size Declaration) - RFC 1985 (ETRN command) - RFC 2034 (SMTP Enhanced Error Codes) - RFC 2554 (AUTH command) - RFC 2821 (SMTP protocol) - RFC 2920 (SMTP Pipelining) - RFC 3207 (STARTTLS command) - RFC 3461 (SMTP DSN Extension) - RFC 3463 (Enhanced Status Codes) + RFC 821 (SMTP protocol) + RFC 1123 (Host requirements) + RFC 1652 (8bit-MIME transport) + RFC 1869 (SMTP service extensions) + RFC 1870 (Message Size Declaration) + RFC 1985 (ETRN command) + RFC 2034 (SMTP Enhanced Error Codes) + RFC 2554 (AUTH command) + RFC 2821 (SMTP protocol) + RFC 2920 (SMTP Pipelining) + RFC 3207 (STARTTLS command) + RFC 3461 (SMTP DSN Extension) + RFC 3463 (Enhanced Status Codes) DIAGNOSTICS Problems and transactions are logged to syslogd(8). @@ -78,7 +78,7 @@ SMTPD(8) SMTPD(8) broken_sasl_auth_clients (no) Enable inter-operability with SMTP clients that implement an obsolete version of the AUTH command - (RFC 2554). + (RFC 2554). disable_vrfy_command (no) Disable the SMTP VRFY command. @@ -91,7 +91,7 @@ SMTPD(8) SMTPD(8) strict_rfc821_envelopes (no) Require that addresses received in SMTP MAIL FROM and RCPT TO commands are enclosed with <>, and that - those addresses do not contain RFC 822 style com- + those addresses do not contain RFC 822 style com- ments or phrases. Available in Postfix version 2.1 and later: @@ -283,7 +283,7 @@ SMTPD(8) SMTPD(8) feature. SASL AUTHENTICATION CONTROLS - Postfix SASL support (RFC 2554) can be used to authenti- + Postfix SASL support (RFC 2554) can be used to authenti- cate remote SMTP clients to the Postfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server. See the SASL_README document for details. @@ -291,7 +291,7 @@ SMTPD(8) SMTPD(8) broken_sasl_auth_clients (no) Enable inter-operability with SMTP clients that implement an obsolete version of the AUTH command - (RFC 2554). + (RFC 2554). smtpd_sasl_auth_enable (no) Enable SASL authentication in the Postfix SMTP diff --git a/postfix/html/trace.8.html b/postfix/html/trace.8.html index 5d8aef4d7..d62ce02c8 100644 --- a/postfix/html/trace.8.html +++ b/postfix/html/trace.8.html @@ -43,12 +43,12 @@ BOUNCE(8) BOUNCE(8) on retry logic in their own client. STANDARDS - RFC 822 (ARPA Internet Text Messages) - RFC 2045 (Format of Internet Message Bodies) - RFC 2822 (ARPA Internet Text Messages) - RFC 3462 (Delivery Status Notifications) - RFC 3464 (Delivery Status Notifications) - RFC 3834 (Auto-Submitted: message header) + RFC 822 (ARPA Internet Text Messages) + RFC 2045 (Format of Internet Message Bodies) + RFC 2822 (ARPA Internet Text Messages) + RFC 3462 (Delivery Status Notifications) + RFC 3464 (Delivery Status Notifications) + RFC 3834 (Auto-Submitted: message header) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html index 3d7e5268a..7d1e21bdb 100644 --- a/postfix/html/virtual.8.html +++ b/postfix/html/virtual.8.html @@ -131,7 +131,7 @@ VIRTUAL(8) VIRTUAL(8) virtual delivery agent will terminate with a fatal error. STANDARDS - RFC 822 (ARPA Internet Text Messages) + RFC 822 (ARPA Internet Text Messages) DIAGNOSTICS Mail bounces when the recipient has no mailbox or when the diff --git a/postfix/man/man1/smtp-source.1 b/postfix/man/man1/smtp-source.1 index 0dabccf98..21b4e06ca 100644 --- a/postfix/man/man1/smtp-source.1 +++ b/postfix/man/man1/smtp-source.1 @@ -33,6 +33,9 @@ Postfix is built without IPv6 support. .IP \fB-6\fR Connect to the server with IPv6. This option is not available when Postfix is built without IPv6 support. +.IP "\fB-A\fR" +Don't abort when the server sends something other than the +expected positive reply code. .IP \fB-c\fR Display a running counter that is incremented each time an SMTP DATA command completes. @@ -46,6 +49,10 @@ Don't disconnect after sending a message; send the next message over the same connection. .IP "\fB-f \fIfrom\fR" Use the specified sender address (default: ). +.IP "\fB-F \fIfile\fR" +Send the pre-formatted message header and body in the +specified \fIfile\fR, while prepending '.' before lines that +begin with '.', and while appending CRLF after each line. .IP "\fB-l \fIlength\fR" Send \fIlength\fR bytes as message payload. The length does not include message headers. @@ -69,15 +76,15 @@ Old mode: don't send HELO, and don't send message headers. Send the specified number of recipients per transaction (default: 1). Recipient names are generated by prepending a number to the recipient address. +.IP "\fB-R \fIinterval\fR" +Wait for a random period of time 0 <= n <= interval between messages. +Suspending one thread does not affect other delivery threads. .IP "\fB-s \fIsession_count\fR" Run the specified number of SMTP sessions in parallel (default: 1). .IP "\fB-S \fIsubject\fR" Send mail with the named subject line (default: none). .IP "\fB-t \fIto\fR" Use the specified recipient address (default: ). -.IP "\fB-R \fIinterval\fR" -Wait for a random period of time 0 <= n <= interval between messages. -Suspending one thread does not affect other delivery threads. .IP \fB-v\fR Make the program more verbose, for debugging purposes. .IP "\fB-w \fIinterval\fR" diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 678792d71..6b5a4c9d4 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3727,16 +3727,16 @@ This feature is available in Postfix 2.0 and later. .SH sample_directory (default: /etc/postfix) The name of the directory with example Postfix configuration files. .SH send_cyrus_sasl_authzid (default: no) -When authenticating to a SASL server, with the default setting -"no", send no authoriZation ID (authzid); send only the authentiCation -ID (authcid) plus the authcid's password. +When authenticating to a remote SMTP or LMTP server with the +default setting "no", send no SASL authoriZation ID (authzid); send +only the SASL authentiCation ID (authcid) plus the authcid's password. .PP The non-default setting "yes" enables the behavior of older -Postfix versions. These always send an authzid that is equal to -the authcid, but this causes inter-operability problems with some -SMTP servers. +Postfix versions. These always send a SASL authzid that is equal +to the SASL authcid, but this causes inter-operability problems +with some SMTP servers. .PP -This feature is available in Postfix 2.5 and later. +This feature is available in Postfix 2.4.4 and later. .SH sender_based_routing (default: no) This parameter should not be used. It was replaced by sender_dependent_relayhost_maps in Postfix version 2.3. diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 73932bae7..dd49319f5 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -227,11 +227,11 @@ A case insensitive list of LHLO keywords (pipelining, starttls, auth, etc.) that the LMTP client will ignore in the LHLO response from a remote LMTP server. .PP -Available in Postfix version 2.5 and later: +Available in Postfix version 2.4.4 and later: .IP "\fBsend_cyrus_sasl_authzid (no)\fR" -When authenticating to a SASL server, with the default setting -"no", send no authoriZation ID (authzid); send only the authentiCation -ID (authcid) plus the authcid's password. +When authenticating to a remote SMTP or LMTP server with the +default setting "no", send no SASL authoriZation ID (authzid); send +only the SASL authentiCation ID (authcid) plus the authcid's password. .SH "MIME PROCESSING CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index cb3c162f6..ae6d162e6 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -788,7 +788,7 @@ while (<>) { s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; - s/\bRFC\s*([1-9]\d*)/$&<\/a>/; + s/\bRFC\s*([1-9]\d*)/$&<\/a>/; # Split README/RFC/parameter/restriction hyperlinks that span line breaks diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html index fd3441892..161ad058f 100644 --- a/postfix/proto/SASL_README.html +++ b/postfix/proto/SASL_README.html @@ -239,7 +239,9 @@ SMTP server 

 /etc/postfix/main.cf:
     smtpd_recipient_restrictions = 
-        permit_mynetworks permit_sasl_authenticated ...
+        permit_mynetworks 
+        permit_sasl_authenticated 
+        reject_unauth_destination
@@ -537,13 +539,13 @@ client is shown in bold font.

250-ETRN 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 250 8BITMIME -AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz +AUTH PLAIN AHRlc3QAdGVzdHBhc3M= 235 Authentication successful -

Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded -form of username\0username\0password (the \0 is a null byte). The +

Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded +form of \0username\0password (the \0 is a null byte). The example above is for a user named `test' with password `testpass'.

@@ -552,14 +554,14 @@ you can use one of the following commands: 

-% printf 'username\0username\0password' | mmencode 
+% printf '\0username\0password' | mmencode 
 
 % perl -MMIME::Base64 -e \
-    'print encode_base64("username\0username\0password");'
+    'print encode_base64("\0username\0password");'
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 5a72ba8ad..cd412cf9e 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -10606,13 +10606,14 @@ behavior was hard-coded to be "always on".

%PARAM send_cyrus_sasl_authzid no -

When authenticating to a SASL server, with the default setting -"no", send no authoriZation ID (authzid); send only the authentiCation -ID (authcid) plus the authcid's password.

+

When authenticating to a remote SMTP or LMTP server with the +default setting "no", send no SASL authoriZation ID (authzid); send +only the SASL authentiCation ID (authcid) plus the authcid's password. +

The non-default setting "yes" enables the behavior of older -Postfix versions. These always send an authzid that is equal to -the authcid, but this causes inter-operability problems with some -SMTP servers.

+Postfix versions. These always send a SASL authzid that is equal +to the SASL authcid, but this causes inter-operability problems +with some SMTP servers.

-

This feature is available in Postfix 2.5 and later.

+

This feature is available in Postfix 2.4.4 and later.

diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index d7f9c0f56..ad7741841 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -41,9 +41,12 @@ extern bool var_show_unk_rcpt_table; * What problem classes should be reported to the postmaster via email. * Default is bad problems only. See mail_error(3). Even when mail notices * are disabled, problems are still logged to the syslog daemon. + * + * Do not add "protocol" to the default setting. It gives Postfix a bad + * reputation: people get mail whenever spam software makes a mistake. */ #define VAR_NOTIFY_CLASSES "notify_classes" -#define DEF_NOTIFY_CLASSES "resource, software" +#define DEF_NOTIFY_CLASSES "resource, software" /* Not: "protocol" */ extern char *var_notify_classes; /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 9285ed049..a6a413364 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20070614" +#define MAIL_RELEASE_DATE "20070720" #define MAIL_VERSION_NUMBER "2.5" #ifdef SNAPSHOT diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index a3b2e364e..2753d7c4b 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -64,6 +64,10 @@ #include #include +#ifndef SHUT_RDWR +#define SHUT_RDWR 2 +#endif + /* Sendmail 8 Milter protocol. */ #ifdef USE_LIBMILTER_INCLUDES @@ -437,7 +441,22 @@ static int milter8_conf_error(MILTER8 *milter) { const char *reply; + /* + * While reading the following, keep in mind that a client-side Milter + * socket is shared between the Postfix SMTP server and the cleanup + * server. The SMTP server reports only the SMTP events to the Milter. + * The cleanup server reports the headers and body to the Milter, and + * receives the header or body modification requests from the Milter. + * + * XXX When the cleanup server closes its end of the Milter socket after + * some local/remote configuration error, the SMTP server is left out of + * sync with the Milter. Sending an ABORT to the Milters will not restore + * synchronization, because there may be any number of Milter replies + * already in flight. Workaround: poison the socket and force the SMTP + * server to abandon it. + */ if (milter->fp != 0) { + (void) shutdown(vstream_fileno(milter->fp), SHUT_RDWR); (void) vstream_fclose(milter->fp); milter->fp = 0; } @@ -456,7 +475,22 @@ static int milter8_comm_error(MILTER8 *milter) { const char *reply; + /* + * While reading the following, keep in mind that a client-side Milter + * socket is shared between the Postfix SMTP server and the cleanup + * server. The SMTP server reports only the SMTP events to the Milter. + * The cleanup server reports the headers and body to the Milter, and + * receives the header or body modification requests from the Milter. + * + * XXX When the cleanup server closes its end of the Milter socket after + * some local or remote remote protocol error, the SMTP server is left + * out of sync with the Milter. Sending an ABORT to the Milters will not + * restore synchronization, because there may be any number of Milter + * replies already in flight. Workaround: poison the socket and force the + * SMTP server to abandon it. + */ if (milter->fp != 0) { + (void) shutdown(vstream_fileno(milter->fp), SHUT_RDWR); (void) vstream_fclose(milter->fp); milter->fp = 0; } @@ -475,28 +509,6 @@ static int milter8_comm_error(MILTER8 *milter) return (milter->state = MILTER8_STAT_ERROR); } -/* milter8_edit_error - local queue file update error */ - -static void milter8_edit_error(MILTER8 *milter, const char *reply) -{ - - /* - * Close the socket, so we don't have to skip pending replies from this - * Milter instance. - */ - if (milter->fp != 0) { - (void) vstream_fclose(milter->fp); - milter->fp = 0; - } - - /* - * Set the socket state to ERROR, so we don't try to send further MTA - * events to this Milter instance. - */ - milter8_def_reply(milter, reply); - milter->state = MILTER8_STAT_ERROR; -} - /* milter8_close_stream - close stream to milter application */ static void milter8_close_stream(MILTER8 *milter) @@ -895,6 +907,7 @@ static const char *milter8_event(MILTER8 *milter, int event, const char *retval = 0; VSTRING *body_line_buf = 0; int done = 0; + int body_edit_lockout = 0; #define DONT_SKIP_REPLY 0 @@ -1000,6 +1013,22 @@ static const char *milter8_event(MILTER8 *milter, int event, * processing. * * XXX Bound the loop iteration count. + * + * While reading the following, keep in mind that a client-side Milter + * socket is shared between the Postfix SMTP server and the cleanup + * server. The SMTP server reports only the SMTP events to the Milter. + * The cleanup server reports the headers and body to the Milter, and + * receives the header or body modification requests from the Milter. + * + * In the end-of-body stage, the Milter may reply with one or more queue + * file edit requests before it replies with its final decision: accept, + * reject, etc. After a local queue file edit error, do not close the + * Milter socket in the cleanup server. Instead skip all further Milter + * replies until the final decision. This way the Postfix SMTP server + * stays in sync with the Milter, and Postfix doesn't have to lose the + * ability to handle multiple deliveries within the same SMTP session. + * This requires that the Postfix SMTP server uses something other than + * CLEANUP_STAT_WRITE when it loses contact with the cleanup server. */ #define IN_CONNECT_EVENT(e) ((e) == SMFIC_CONNECT || (e) == SMFIC_HELO) @@ -1027,10 +1056,18 @@ static const char *milter8_event(MILTER8 *milter, int event, /* * Handle unfinished message body replacement first. + * + * XXX When SMFIR_REPLBODY is followed by some different request, we + * assume that the body replacement operation is complete. The queue + * file editing implementation currently does not support sending + * part 1 of the body replacement text, doing some other queue file + * updates, and then sending part 2 of the body replacement text. To + * avoid loss of data, we log an error when SMFIR_REPLBODY requests + * are alternated with other requests. */ if (body_line_buf != 0 && cmd != SMFIR_REPLBODY) { /* In case the last body replacement line didn't end in CRLF. */ - if (LEN(body_line_buf) > 0) + if (edit_resp == 0 && LEN(body_line_buf) > 0) edit_resp = parent->repl_body(parent->chg_context, MILTER_BODY_LINE, body_line_buf); @@ -1038,10 +1075,7 @@ static const char *milter8_event(MILTER8 *milter, int event, edit_resp = parent->repl_body(parent->chg_context, MILTER_BODY_END, (VSTRING *) 0); - if (edit_resp) { - milter8_edit_error(milter, edit_resp); - MILTER8_EVENT_BREAK(milter->def_reply); - } + body_edit_lockout = 1; vstring_free(body_line_buf); body_line_buf = 0; } @@ -1095,7 +1129,6 @@ static const char *milter8_event(MILTER8 *milter, int event, if (IN_CONNECT_EVENT(event)) { msg_warn("milter %s: DISCARD action is not allowed " "for connect or helo", milter->m.name); - milter8_conf_error(milter); MILTER8_EVENT_BREAK(milter->def_reply); } else { /* No more events for this message. */ @@ -1231,6 +1264,9 @@ static const char *milter8_event(MILTER8 *milter, int event, MILTER8_DATA_STRING, milter->body, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); + /* Skip to the next request after previous edit error. */ + if (edit_resp) + continue; /* XXX Sendmail 8 compatibility. */ if (index == 0) index = 1; @@ -1255,10 +1291,6 @@ static const char *milter8_event(MILTER8 *milter, int event, edit_resp = parent->del_header(parent->chg_context, (ssize_t) index, STR(milter->buf)); - if (edit_resp) { - milter8_edit_error(milter, edit_resp); - MILTER8_EVENT_BREAK(milter->def_reply); - } continue; #endif @@ -1271,13 +1303,12 @@ static const char *milter8_event(MILTER8 *milter, int event, MILTER8_DATA_STRING, milter->body, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); + /* Skip to the next request after previous edit error. */ + if (edit_resp) + continue; edit_resp = parent->add_header(parent->chg_context, STR(milter->buf), STR(milter->body)); - if (edit_resp) { - milter8_edit_error(milter, edit_resp); - MILTER8_EVENT_BREAK(milter->def_reply); - } continue; /* @@ -1294,6 +1325,9 @@ static const char *milter8_event(MILTER8 *milter, int event, MILTER8_DATA_STRING, milter->body, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); + /* Skip to the next request after previous edit error. */ + if (edit_resp) + continue; if ((ssize_t) index + 1 < 1) { msg_warn("milter %s: bad insert header index: %ld", milter->m.name, (long) index); @@ -1304,10 +1338,6 @@ static const char *milter8_event(MILTER8 *milter, int event, (ssize_t) index + 1, STR(milter->buf), STR(milter->body)); - if (edit_resp) { - milter8_edit_error(milter, edit_resp); - MILTER8_EVENT_BREAK(milter->def_reply); - } continue; #endif @@ -1319,12 +1349,11 @@ static const char *milter8_event(MILTER8 *milter, int event, MILTER8_DATA_STRING, milter->buf, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); + /* Skip to the next request after previous edit error. */ + if (edit_resp) + continue; edit_resp = parent->add_rcpt(parent->chg_context, STR(milter->buf)); - if (edit_resp) { - milter8_edit_error(milter, edit_resp); - MILTER8_EVENT_BREAK(milter->def_reply); - } continue; /* @@ -1335,12 +1364,11 @@ static const char *milter8_event(MILTER8 *milter, int event, MILTER8_DATA_STRING, milter->buf, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); + /* Skip to the next request after previous edit error. */ + if (edit_resp) + continue; edit_resp = parent->del_rcpt(parent->chg_context, STR(milter->buf)); - if (edit_resp) { - milter8_edit_error(milter, edit_resp); - MILTER8_EVENT_BREAK(milter->def_reply); - } continue; /* @@ -1348,10 +1376,20 @@ static const char *milter8_event(MILTER8 *milter, int event, * update the message size. */ case SMFIR_REPLBODY: + if (body_edit_lockout) { + msg_warn("milter %s: body replacement requests can't " + "currently be mixed with other requests", + milter->m.name); + milter8_conf_error(milter); + MILTER8_EVENT_BREAK(milter->def_reply); + } if (milter8_read_data(milter, data_size, MILTER8_DATA_BUFFER, milter->body, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); + /* Skip to the next request after previous edit error. */ + if (edit_resp) + continue; /* Start body replacement. */ if (body_line_buf == 0) { body_line_buf = vstring_alloc(var_line_limit); @@ -1376,10 +1414,6 @@ static const char *milter8_event(MILTER8 *milter, int event, VSTRING_ADDCH(body_line_buf, ch); } } - if (edit_resp) { - milter8_edit_error(milter, edit_resp); - MILTER8_EVENT_BREAK(milter->def_reply); - } continue; } } @@ -1410,6 +1444,15 @@ static const char *milter8_event(MILTER8 *milter, int event, if (body_line_buf) vstring_free(body_line_buf); + /* + * XXX Some cleanup clients ask the cleanup server to bounce mail for + * them. In that case we must override a hard reject retval result after + * queue file update failure. This is not a big problem; the odds are + * small that a Milter application sends a hard reject after replacing + * the message body. + */ + if (edit_resp && (retval == 0 || strchr("DS4", retval[0]) == 0)) + retval = edit_resp; return (retval); } diff --git a/postfix/src/milter/test-list b/postfix/src/milter/test-list index 62c4bb6b3..d4cef7a7c 100644 --- a/postfix/src/milter/test-list +++ b/postfix/src/milter/test-list @@ -1,49 +1,49 @@ # Reject with text -./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c connect -p inet:9999@127.0.0.1 -./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c helo -p inet:9999@127.0.0.1 -./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c mail -p inet:9999@127.0.0.1 -./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c rcpt -p inet:9999@127.0.0.1 -./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c header -p inet:9999@127.0.0.1 -./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c eoh -p inet:9999@127.0.0.1 -./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c body -p inet:9999@127.0.0.1 -./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c eom -p inet:9999@127.0.0.1 +./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c connect -p inet:9999@0.0.0.0 +./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c helo -p inet:9999@0.0.0.0 +./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c mail -p inet:9999@0.0.0.0 +./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c rcpt -p inet:9999@0.0.0.0 +./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c header -p inet:9999@0.0.0.0 +./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c eoh -p inet:9999@0.0.0.0 +./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c body -p inet:9999@0.0.0.0 +./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c eom -p inet:9999@0.0.0.0 # Tempfail tests -./test-milter -C 1 -a tempfail -c connect -p inet:9999@127.0.0.1 -./test-milter -C 1 -a tempfail -c helo -p inet:9999@127.0.0.1 -./test-milter -C 1 -a tempfail -c mail -p inet:9999@127.0.0.1 -./test-milter -C 1 -a tempfail -c rcpt -p inet:9999@127.0.0.1 -./test-milter -C 1 -a tempfail -c header -p inet:9999@127.0.0.1 -./test-milter -C 1 -a tempfail -c eoh -p inet:9999@127.0.0.1 -./test-milter -C 1 -a tempfail -c body -p inet:9999@127.0.0.1 -./test-milter -C 1 -a tempfail -c eom -p inet:9999@127.0.0.1 +./test-milter -C 1 -a tempfail -c connect -p inet:9999@0.0.0.0 +./test-milter -C 1 -a tempfail -c helo -p inet:9999@0.0.0.0 +./test-milter -C 1 -a tempfail -c mail -p inet:9999@0.0.0.0 +./test-milter -C 1 -a tempfail -c rcpt -p inet:9999@0.0.0.0 +./test-milter -C 1 -a tempfail -c header -p inet:9999@0.0.0.0 +./test-milter -C 1 -a tempfail -c eoh -p inet:9999@0.0.0.0 +./test-milter -C 1 -a tempfail -c body -p inet:9999@0.0.0.0 +./test-milter -C 1 -a tempfail -c eom -p inet:9999@0.0.0.0 # Reject tests -./test-milter -C 1 -a reject -c connect -p inet:9999@127.0.0.1 -./test-milter -C 1 -a reject -c helo -p inet:9999@127.0.0.1 -./test-milter -C 1 -a reject -c mail -p inet:9999@127.0.0.1 -./test-milter -C 1 -a reject -c rcpt -p inet:9999@127.0.0.1 -./test-milter -C 1 -a reject -c header -p inet:9999@127.0.0.1 -./test-milter -C 1 -a reject -c eoh -p inet:9999@127.0.0.1 -./test-milter -C 1 -a reject -c body -p inet:9999@127.0.0.1 -./test-milter -C 1 -a reject -c eom -p inet:9999@127.0.0.1 +./test-milter -C 1 -a reject -c connect -p inet:9999@0.0.0.0 +./test-milter -C 1 -a reject -c helo -p inet:9999@0.0.0.0 +./test-milter -C 1 -a reject -c mail -p inet:9999@0.0.0.0 +./test-milter -C 1 -a reject -c rcpt -p inet:9999@0.0.0.0 +./test-milter -C 1 -a reject -c header -p inet:9999@0.0.0.0 +./test-milter -C 1 -a reject -c eoh -p inet:9999@0.0.0.0 +./test-milter -C 1 -a reject -c body -p inet:9999@0.0.0.0 +./test-milter -C 1 -a reject -c eom -p inet:9999@0.0.0.0 # Accept tests -./test-milter -C 1 -a accept -c connect -p inet:9999@127.0.0.1 -./test-milter -C 1 -a accept -c helo -p inet:9999@127.0.0.1 -./test-milter -C 1 -a accept -c rcpt -p inet:9999@127.0.0.1 -./test-milter -C 1 -a accept -c mail -p inet:9999@127.0.0.1 -./test-milter -C 1 -a accept -c header -p inet:9999@127.0.0.1 -./test-milter -C 1 -a accept -c eoh -p inet:9999@127.0.0.1 -./test-milter -C 1 -a accept -c body -p inet:9999@127.0.0.1 -./test-milter -C 1 -a accept -c eom -p inet:9999@127.0.0.1 +./test-milter -C 1 -a accept -c connect -p inet:9999@0.0.0.0 +./test-milter -C 1 -a accept -c helo -p inet:9999@0.0.0.0 +./test-milter -C 1 -a accept -c rcpt -p inet:9999@0.0.0.0 +./test-milter -C 1 -a accept -c mail -p inet:9999@0.0.0.0 +./test-milter -C 1 -a accept -c header -p inet:9999@0.0.0.0 +./test-milter -C 1 -a accept -c eoh -p inet:9999@0.0.0.0 +./test-milter -C 1 -a accept -c body -p inet:9999@0.0.0.0 +./test-milter -C 1 -a accept -c eom -p inet:9999@0.0.0.0 # discard tests -./test-milter -C 1 -a discard -c connect -p inet:9999@127.0.0.1 -./test-milter -C 1 -a discard -c helo -p inet:9999@127.0.0.1 -./test-milter -C 1 -a discard -c rcpt -p inet:9999@127.0.0.1 -./test-milter -C 1 -a discard -c mail -p inet:9999@127.0.0.1 -./test-milter -C 1 -a discard -c header -p inet:9999@127.0.0.1 -./test-milter -C 1 -a discard -c eoh -p inet:9999@127.0.0.1 -./test-milter -C 1 -a discard -c body -p inet:9999@127.0.0.1 -./test-milter -C 1 -a discard -c eom -p inet:9999@127.0.0.1 +./test-milter -C 1 -a discard -c connect -p inet:9999@0.0.0.0 +./test-milter -C 1 -a discard -c helo -p inet:9999@0.0.0.0 +./test-milter -C 1 -a discard -c rcpt -p inet:9999@0.0.0.0 +./test-milter -C 1 -a discard -c mail -p inet:9999@0.0.0.0 +./test-milter -C 1 -a discard -c header -p inet:9999@0.0.0.0 +./test-milter -C 1 -a discard -c eoh -p inet:9999@0.0.0.0 +./test-milter -C 1 -a discard -c body -p inet:9999@0.0.0.0 +./test-milter -C 1 -a discard -c eom -p inet:9999@0.0.0.0 diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 6b6d6791c..701e8fe90 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -205,11 +205,11 @@ /* auth, etc.) that the LMTP client will ignore in the LHLO response /* from a remote LMTP server. /* .PP -/* Available in Postfix version 2.5 and later: +/* Available in Postfix version 2.4.4 and later: /* .IP "\fBsend_cyrus_sasl_authzid (no)\fR" -/* When authenticating to a SASL server, with the default setting -/* "no", send no authoriZation ID (authzid); send only the authentiCation -/* ID (authcid) plus the authcid's password. +/* When authenticating to a remote SMTP or LMTP server with the +/* default setting "no", send no SASL authoriZation ID (authzid); send +/* only the SASL authentiCation ID (authcid) plus the authcid's password. /* MIME PROCESSING CONTROLS /* .ad /* .fi diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 4bcab36d8..44d0246a9 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -2068,7 +2068,8 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) * Check the queue file space, if applicable. */ if (!USE_SMTPD_PROXY(state)) { - if ((err = smtpd_check_queue(state)) != 0) { + if (SMTPD_STAND_ALONE(state) == 0 + && (err = smtpd_check_queue(state)) != 0) { /* XXX Reset access map side effects. */ mail_reset(state); smtpd_chat_reply(state, "%s", err); @@ -2758,6 +2759,25 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) state->cleanup = 0; } + /* + * XXX If we lost the cleanup server, the Postfix SMTP server will be out + * of sync with Milter applications. Sending an ABORT to the Milters is + * not sufficient to restore synchronization, because there may be any + * number of Milter replies already in flight. Destroying and recreating + * the Milters (and faking the connect and ehlo events) is too much + * trouble for testing and maintenance. Workaround: force the Postfix + * SMTP server to hang up with a 421 response in the rare case that the + * cleanup server breaks AND that the remote SMTP client continues the + * session after end-of-data. + * + * XXX Should use something other than CLEANUP_STAT_WRITE when we lose + * contact with the cleanup server. This requires internal changes to the + * mail_stream module; these may affect other mail_stream_service() users + * (qmqpd, sendmail, ...). + */ + if (smtpd_milters != 0 && (state->err & CLEANUP_STAT_WRITE) != 0) + state->access_denied = mystrdup("421 4.3.0 Mail system error"); + /* * Handle any errors. One message may suffer from multiple errors, so * complain only about the most severe error. Forgive any previous client @@ -4208,6 +4228,17 @@ static void pre_jail_init(char *unused_name, char **unused_argv) xclient_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xclient_hosts); xforward_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xforward_hosts); hogger_list = namadr_list_init(MATCH_FLAG_NONE, var_smtpd_hoggers); + + /* + * Open maps before dropping privileges so we can read passwords etc. + * + * XXX We should not do this in stand-alone (sendmail -bs) mode, but we + * can't use SMTPD_STAND_ALONE(state) here. This means "sendmail -bs" + * will try to connect to proxymap when invoked by root for mail + * submission. To fix, we would have to pass stand-alone mode information + * via different means. For now we have to tell people not to run mail + * clients as root. + */ if (getuid() == 0 || getuid() == var_owner_uid) smtpd_check_init(); debug_peer_init(); diff --git a/postfix/src/smtpstone/smtp-source.c b/postfix/src/smtpstone/smtp-source.c index 52306cf8c..2bd61592d 100644 --- a/postfix/src/smtpstone/smtp-source.c +++ b/postfix/src/smtpstone/smtp-source.c @@ -27,6 +27,9 @@ /* .IP \fB-6\fR /* Connect to the server with IPv6. This option is not available when /* Postfix is built without IPv6 support. +/* .IP "\fB-A\fR" +/* Don't abort when the server sends something other than the +/* expected positive reply code. /* .IP \fB-c\fR /* Display a running counter that is incremented each time /* an SMTP DATA command completes. @@ -40,6 +43,10 @@ /* message over the same connection. /* .IP "\fB-f \fIfrom\fR" /* Use the specified sender address (default: ). +/* .IP "\fB-F \fIfile\fR" +/* Send the pre-formatted message header and body in the +/* specified \fIfile\fR, while prepending '.' before lines that +/* begin with '.', and while appending CRLF after each line. /* .IP "\fB-l \fIlength\fR" /* Send \fIlength\fR bytes as message payload. The length does not /* include message headers. @@ -63,15 +70,15 @@ /* Send the specified number of recipients per transaction (default: 1). /* Recipient names are generated by prepending a number to the /* recipient address. +/* .IP "\fB-R \fIinterval\fR" +/* Wait for a random period of time 0 <= n <= interval between messages. +/* Suspending one thread does not affect other delivery threads. /* .IP "\fB-s \fIsession_count\fR" /* Run the specified number of SMTP sessions in parallel (default: 1). /* .IP "\fB-S \fIsubject\fR" /* Send mail with the named subject line (default: none). /* .IP "\fB-t \fIto\fR" /* Use the specified recipient address (default: ). -/* .IP "\fB-R \fIinterval\fR" -/* Wait for a random period of time 0 <= n <= interval between messages. -/* Suspending one thread does not affect other delivery threads. /* .IP \fB-v\fR /* Make the program more verbose, for debugging purposes. /* .IP "\fB-w \fIinterval\fR" @@ -154,6 +161,7 @@ typedef struct SESSION { int xfer_count; /* # of xfers in session */ int rcpt_done; /* # of recipients done */ int rcpt_count; /* # of recipients to go */ + int rcpt_accepted; /* # of recipients accepted */ VSTREAM *stream; /* open connection */ int connect_count; /* # of connect()s to retry */ struct SESSION *next; /* connect() queue linkage */ @@ -199,6 +207,7 @@ static int fixed_delay = 0; static int talk_lmtp = 0; static char *subject = 0; static int number_rcpts = 0; +static int allow_reject = 0; static void enqueue_connect(SESSION *); static void start_connect(SESSION *); @@ -213,6 +222,8 @@ static void rcpt_done(int, char *); static void send_data(int, char *); static void data_done(int, char *); static void dot_done(int, char *); +static void send_rset(int, char *); +static void rset_done(int, char *); static void send_quit(SESSION *); static void quit_done(int, char *); @@ -492,8 +503,13 @@ static void read_banner(int unused_event, char *context) /* * Read and parse the server's SMTP greeting banner. */ - if (((resp = response(session->stream, buffer))->code / 100) != 2) - msg_fatal("bad startup: %d %s", resp->code, resp->str); + if (((resp = response(session->stream, buffer))->code / 100) == 2) { + /* void */ ; + } else if (allow_reject) { + msg_warn("rejected at server banner: %d %s", resp->code, resp->str); + } else { + msg_fatal("rejected at server banner: %d %s", resp->code, resp->str); + } /* * Send helo or send the envelope sender address. @@ -540,8 +556,13 @@ static void helo_done(int unused_event, char *context) if ((except = vstream_setjmp(session->stream)) != 0) msg_fatal("%s while sending %s", exception_text(except), protocol); - if ((resp = response(session->stream, buffer))->code / 100 != 2) + if ((resp = response(session->stream, buffer))->code / 100 == 2) { + /* void */ ; + } else if (allow_reject) { + msg_warn("%s rejected: %d %s", protocol, resp->code, resp->str); + } else { msg_fatal("%s rejected: %d %s", protocol, resp->code, resp->str); + } send_mail(session); } @@ -580,12 +601,17 @@ static void mail_done(int unused, char *context) if ((except = vstream_setjmp(session->stream)) != 0) msg_fatal("%s while sending sender", exception_text(except)); - if ((resp = response(session->stream, buffer))->code / 100 != 2) + if ((resp = response(session->stream, buffer))->code / 100 == 2) { + session->rcpt_count = recipients; + session->rcpt_done = 0; + session->rcpt_accepted = 0; + send_rcpt(unused, context); + } else if (allow_reject) { + msg_warn("sender rejected: %d %s", resp->code, resp->str); + send_rset(unused, context); + } else { msg_fatal("sender rejected: %d %s", resp->code, resp->str); - - session->rcpt_count = recipients; - session->rcpt_done = 0; - send_rcpt(unused, context); + } } /* send_rcpt - send recipient address */ @@ -630,16 +656,23 @@ static void rcpt_done(int unused, char *context) if ((except = vstream_setjmp(session->stream)) != 0) msg_fatal("%s while sending recipient", exception_text(except)); - if ((resp = response(session->stream, buffer))->code / 100 != 2) + if ((resp = response(session->stream, buffer))->code / 100 == 2) { + session->rcpt_accepted++; + } else if (allow_reject) { + msg_warn("recipient rejected: %d %s", resp->code, resp->str); + } else { msg_fatal("recipient rejected: %d %s", resp->code, resp->str); + } /* * Send another RCPT command or send DATA. */ if (session->rcpt_count > 0) send_rcpt(unused, context); - else + else if (session->rcpt_accepted > 0) send_data(unused, context); + else + send_rset(unused, context); } /* send_data - send DATA command */ @@ -664,7 +697,7 @@ static void send_data(int unused_event, char *context) /* data_done - send message content */ -static void data_done(int unused_event, char *context) +static void data_done(int unused, char *context) { SESSION *session = (SESSION *) context; RESPONSE *resp; @@ -677,8 +710,15 @@ static void data_done(int unused_event, char *context) */ if ((except = vstream_setjmp(session->stream)) != 0) msg_fatal("%s while sending DATA command", exception_text(except)); - if ((resp = response(session->stream, buffer))->code != 354) - msg_fatal("data %d %s", resp->code, resp->str); + if ((resp = response(session->stream, buffer))->code == 354) { + /* see below */ ; + } else if (allow_reject) { + msg_warn("data rejected: %d %s", resp->code, resp->str); + send_rset(unused, context); + return; + } else { + msg_fatal("data rejected: %d %s", resp->code, resp->str); + } /* * Send basic header to keep mailers that bother to examine them happy. @@ -737,7 +777,7 @@ static void data_done(int unused_event, char *context) event_enable_read(vstream_fileno(session->stream), dot_done, (char *) session); } -/* dot_done - send QUIT */ +/* dot_done - send QUIT or start another transaction */ static void dot_done(int unused_event, char *context) { @@ -751,8 +791,13 @@ static void dot_done(int unused_event, char *context) if ((except = vstream_setjmp(session->stream)) != 0) msg_fatal("%s while sending message", exception_text(except)); do { /* XXX this could block */ - if ((resp = response(session->stream, buffer))->code / 100 != 2) - msg_fatal("data %d %s", resp->code, resp->str); + if ((resp = response(session->stream, buffer))->code / 100 == 2) { + /* void */ ; + } else if (allow_reject) { + msg_warn("end of data rejected: %d %s", resp->code, resp->str); + } else { + msg_fatal("end of data rejected: %d %s", resp->code, resp->str); + } } while (talk_lmtp && --session->rcpt_done > 0); session->xfer_count++; @@ -767,6 +812,48 @@ static void dot_done(int unused_event, char *context) } } +/* send_rset - send RSET command */ + +static void send_rset(int unused_event, char *context) +{ + SESSION *session = (SESSION *) context; + + command(session->stream, "RSET"); + event_enable_read(vstream_fileno(session->stream), rset_done, (char *) session); +} + +/* rset_done - handle RSET reply */ + +static void rset_done(int unused_event, char *context) +{ + SESSION *session = (SESSION *) context; + RESPONSE *resp; + int except; + + /* + * Get response to RSET command. + */ + if ((except = vstream_setjmp(session->stream)) != 0) + msg_fatal("%s while sending message", exception_text(except)); + if ((resp = response(session->stream, buffer))->code / 100 == 2) { + /* void */ + } else if (allow_reject) { + msg_warn("rset rejected: %d %s", resp->code, resp->str); + } else { + msg_fatal("rset rejected: %d %s", resp->code, resp->str); + } + + /* + * Say goodbye or send the next message. + */ + if (disconnect || message_count < 1) { + send_quit(session); + } else { + event_disable_readwrite(vstream_fileno(session->stream)); + start_another(session); + } +} + /* send_quit - send QUIT command */ static void send_quit(SESSION *session) @@ -815,6 +902,7 @@ int main(int argc, char **argv) int aierr; const char *protocols = INET_PROTO_NAME_ALL; INET_PROTO_INFO *proto_info; + char *message_file = 0; /* * Fingerprint executables and core dumps. @@ -827,7 +915,7 @@ int main(int argc, char **argv) /* * Parse JCL. */ - while ((ch = GETOPT(argc, argv, "46cC:df:l:Lm:M:Nor:R:s:S:t:vw:")) > 0) { + while ((ch = GETOPT(argc, argv, "46AcC:df:F:l:Lm:M:Nor:R:s:S:t:vw:")) > 0) { switch (ch) { case '4': protocols = INET_PROTO_NAME_IPV4; @@ -835,6 +923,9 @@ int main(int argc, char **argv) case '6': protocols = INET_PROTO_NAME_IPV6; break; + case 'A': + allow_reject = 1; + break; case 'c': count++; break; @@ -848,16 +939,16 @@ int main(int argc, char **argv) case 'f': sender = optarg; break; + case 'F': + if (message_file == 0 && message_length > 0) + msg_fatal("-l option cannot be used with -F"); + message_file = optarg; + break; case 'l': + if (message_file != 0) + msg_fatal("-l option cannot be used with -F"); if ((message_length = atoi(optarg)) <= 0) msg_fatal("bad message length: %s", optarg); - message_data = mymalloc(message_length); - memset(message_data, 'X', message_length); - for (i = 80; i < message_length; i += 80) { - message_data[i - 80] = "0123456789"[(i / 80) % 10]; - message_data[i - 2] = '\r'; - message_data[i - 1] = '\n'; - } break; case 'L': talk_lmtp = 1; @@ -922,6 +1013,40 @@ int main(int argc, char **argv) if (random_delay > 0) srand(getpid()); + /* + * Initialize the message content, SMTP encoded. smtp_fputs() will append + * another \r\n but we don't care. + */ + if (message_file != 0) { + VSTREAM *fp; + VSTRING *buf = vstring_alloc(100); + VSTRING *msg = vstring_alloc(100); + + if ((fp = vstream_fopen(message_file, O_RDONLY, 0)) == 0) + msg_fatal("open %s: %m", message_file); + while (vstring_get_nonl(buf, fp) != VSTREAM_EOF) { + if (*vstring_str(buf) == '.') + VSTRING_ADDCH(msg, '.'); + vstring_memcat(msg, vstring_str(buf), VSTRING_LEN(buf)); + vstring_memcat(msg, "\r\n", 2); + } + if (vstream_ferror(fp)) + msg_fatal("read %s: %m", message_file); + vstream_fclose(fp); + vstring_free(buf); + message_length = VSTRING_LEN(msg); + message_data = vstring_export(msg); + send_headers = 0; + } else if (message_length > 0) { + message_data = mymalloc(message_length); + memset(message_data, 'X', message_length); + for (i = 80; i < message_length; i += 80) { + message_data[i - 80] = "0123456789"[(i / 80) % 10]; + message_data[i - 2] = '\r'; + message_data[i - 1] = '\n'; + } + } + /* * Translate endpoint address to internal form. */ diff --git a/postfix/src/xsasl/xsasl_cyrus_client.c b/postfix/src/xsasl/xsasl_cyrus_client.c index e49728d24..c496f8f33 100644 --- a/postfix/src/xsasl/xsasl_cyrus_client.c +++ b/postfix/src/xsasl/xsasl_cyrus_client.c @@ -66,7 +66,7 @@ #include /* - * Global library. + * Global library */ #include