From: Wietse Venema Date: Sat, 10 Apr 2021 05:00:00 +0000 (-0500) Subject: postfix-3.6-20210410 X-Git-Tag: v3.6.0-RC1~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9e893737add57cc7f8d24b11c651b3621bc497a;p=thirdparty%2Fpostfix.git postfix-3.6-20210410 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index f193a8522..c05ca1a72 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -25473,10 +25473,28 @@ Apologies for any names omitted. by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. File: global/haproxy_srvr.c. - Missing null pointer check (introduced: Postfix alpha) after - null argv[0] value. Found by Coverity, reported by Jaroslav - Skarvada. File: global/mail_task.c. - 20210404 Unbroke a ton of regression tests after DNS-related changes. + +20210406 + + More specific warnings for incorrect net/mask syntax. Files: + util/cidr_match.c, util/dict_cidr.ref. + +20210410 + + Added an msg_panic() call to silence a Coverity warning, + File: global/mail_task.c. + + Documentation: updated containerization suggestions in + the postfix(1) manpage. File: postfix/postfix.c. + + Documentation: added text and ASCII art to illustrate how + tlsproxy(8) is used for outbound SMTP connection caching + and for inbound postscreen(8) TLS support. File: + proto/OVERVIEW.html. + + Documentation: added text and ASCII art to illustrate how + postlogd(8) provides an alternative to syslog logging. + File: proto/OVERVIEW.html. diff --git a/postfix/README_FILES/OVERVIEW b/postfix/README_FILES/OVERVIEW index e4344a116..d45672e10 100644 --- a/postfix/README_FILES/OVERVIEW +++ b/postfix/README_FILES/OVERVIEW @@ -282,16 +282,41 @@ queues. Postfix version 2.2 and later. More information about this feature is in the CONNECTION_CACHE_README document. - /-- smtp(8) --> Internet + /-- smtp(8) --> Internet qmgr(8) - | - \-- | smtp(8) --> Internet - | - ^ - | + | + \-- | smtp(8) + | + | ^ + v | + + scache(8) + + A Postfix smtp(8) client can reuse a TLS-encrypted connection (with + "smtp_tls_connection_reuse = yes"). This can greatly reduce the overhead of + connection setup and improves message delivery rates. After a Postfix smtp + (8) client connects to a remote SMTP server and sends plaintext EHLO and + STARTTLS commands, the smtp(8) client inserts a tlsproxy(8) process into + the connection as shown below. + + After the mail transaction completes, the Postfix smtp(8) client gives its + connection to the tlsproxy(8) process to the scache(8) server, which keeps + the connection open for a limited amount of time. The smtp(8) client + continues with some other mail delivery request. Meanwhile, any Postfix + smtp(8) client can ask the scache(8) server for that cached connection and + reuse it for mail delivery. + + /-- smtp(8) --> tlsproxy(8) --> Internet - scache(8) + qmgr(8) + | + \-- | smtp(8) + | + | ^ + v | + + scache(8) * The showq(8) servers list the Postfix queue status. This is the queue listing service that does the work for the mailq(1) and postqueue(1) @@ -375,25 +400,43 @@ queues. the implementation simple, postscreen(8) delegates DNS allow/denylist lookups to dnsblog(8) server processes, and delegates TLS encryption/ decryption to tlsproxy(8) server processes. This delegation is invisible to - the remote SMTP client, and is not shown in the diagram below. + the remote SMTP client. + + zombie + + \ + + zombie - tlsproxy(8) - - smtpd(8) + + \ / + + other --- postscreen(8) + + / \ - zombie + other - - smtpd(8) - \ + / - zombie - - smtpd(8) + zombie - \ / + * The postlogd(8) server provides an alternative to syslog logging, which + remains the default. This feature is available with Postfix version 3.4 or + later, and supports the following modes: - other --- postscreen(8) + o Logging to file, which addresses a usability problem with MacOS, and + eliminates information loss caused by systemd rate limits. - / \ + commands -> postlogd(8) -> /path/to/file + or daemons - other - - smtpd(8) + o Logging to stdout, which eliminates a syslog dependency when Postfix + runs inside a container. - / + commands -> postlogd(8) -> stdout inherited + or daemons from "postfix start-fg" - zombie + See MAILLOG_README for details and limitations. PPoossttffiixx ssuuppppoorrtt ccoommmmaannddss diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 32c59c0ea..757bb9802 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,8 +1,5 @@ Wish list: - Update the OVERVIEW page: add postlogd; add tlsproxy to - connection caching section. - Make smtpd_relay_before_recipient_restrictions settable in smtpd_checks tests. diff --git a/postfix/html/OVERVIEW.html b/postfix/html/OVERVIEW.html index ba25fdc7b..be680e02e 100644 --- a/postfix/html/OVERVIEW.html +++ b/postfix/html/OVERVIEW.html @@ -561,21 +561,59 @@ about this feature is in the CONNECTION_C /-- smtp(8) ---> Internet - +--> Internet + qmgr(8) -   |
|
|
|
v   +|
|
|
|
v - \-- smtp(8) ---> Internet - - ^
| -   +   \-- smtp(8) +  + +   ^
| + + scache(8) + + + +

A Postfix smtp(8) client can reuse a TLS-encrypted connection +(with "smtp_tls_connection_reuse = yes"). This can greatly reduce +the overhead of connection setup and improves message delivery +rates. After a Postfix smtp(8) client connects to a remote SMTP +server and sends plaintext EHLO and STARTTLS commands, the smtp(8) +client inserts a tlsproxy(8) process into the connection as shown +below.

+ +

After the mail transaction completes, the Postfix smtp(8) client +gives its connection to the tlsproxy(8) process to the scache(8) +server, which keeps the connection open for a limited amount of +time. The smtp(8) client continues with some other mail delivery +request. Meanwhile, any Postfix smtp(8) client can ask the scache(8) +server for that cached connection and reuse it for mail delivery. +

+ + + + + + + + - + + + +
/-- smtp(8) +--> tlsproxy(8) + --> Internet
qmgr(8) |
|
|
|
v
  \-- smtp(8)
  ^
|
scache(8)
@@ -746,41 +784,85 @@ pass its tests; by allowing allowlisted clients to skip tests, later. To keep the implementation simple, postscreen(8) delegates DNS allow/denylist lookups to dnsblog(8) server processes, and delegates TLS encryption/decryption to tlsproxy(8) server processes. -This delegation is invisible to the remote SMTP client, and is not -shown in the diagram below.

+This delegation is invisible to the remote SMTP client.

- + - + - - + - - + - - + - + +
zombie
zombie
\
\
zombie - +
zombie - tlsproxy(8) - - smtpd(8)
\
\ /
other +
other --- postscreen(8)
/
/ \
other +
other - - smtpd(8)
/
/
zombie
zombie
+ +

  • The postlogd(8) server provides an alternative to syslog +logging, which remains the default. This feature is available with +Postfix version 3.4 or later, and supports the following modes: +

    + + + + +

    See MAILLOG_README for details and limitations.

    +

    Postfix support commands

    diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index 32c04801c..4541c47db 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -41,11 +41,15 @@ POSTFIX(1) POSTFIX(1) ground, and enable master(8) "init" mode when running as PID 1. This command requires that multi-instance support is disabled (i.e. the multi_instance_directories parameter value must be - empty). When running Postfix inside a container, mount the con- - tainer host's /dev/log socket inside the container (example: - "docker run -v /dev/log:/dev/log ...") and specify a distinct - Postfix "syslog_name" prefix that identifies logging from the - Postfix instance. + empty). + + When running Postfix inside a container, see MAILLOG_README for + logging to stdout. Postfix logs to syslog by default, which + requires a) running a syslogd process inside the container, or + b) mounting the container host's /dev/log socket inside the con- + tainer (example: "docker run -v /dev/log:/dev/log ..."), and c) + a distinct Postfix "syslog_name" prefix that identifies logging + from the Postfix instance. stop Stop the Postfix mail system in an orderly fashion. If possible, running processes are allowed to terminate at their earliest diff --git a/postfix/man/man1/postfix.1 b/postfix/man/man1/postfix.1 index 0231ee646..5f52e69fd 100644 --- a/postfix/man/man1/postfix.1 +++ b/postfix/man/man1/postfix.1 @@ -43,11 +43,15 @@ in the foreground, and enable \fBmaster\fR(8) "init" mode when running as PID 1. This command requires that multi\-instance support is disabled (i.e. the multi_instance_directories parameter -value must be empty). When running Postfix inside a container, -mount the container host's /dev/log socket inside the -container (example: "docker run \-v /dev/log:/dev/log ...") -and specify a distinct Postfix "syslog_name" prefix that -identifies logging from the Postfix instance. +value must be empty). + +When running Postfix inside a container, see MAILLOG_README +for logging to stdout. Postfix logs to syslog by default, +which requires a) running a syslogd process inside the +container, or b) mounting the container host's /dev/log +socket inside the container (example: "docker run \-v +/dev/log:/dev/log ..."), and c) a distinct Postfix "syslog_name" +prefix that identifies logging from the Postfix instance. .IP \fBstop\fR Stop the Postfix mail system in an orderly fashion. If possible, running processes are allowed to terminate at diff --git a/postfix/proto/OVERVIEW.html b/postfix/proto/OVERVIEW.html index a71527264..663070156 100644 --- a/postfix/proto/OVERVIEW.html +++ b/postfix/proto/OVERVIEW.html @@ -561,21 +561,59 @@ about this feature is in the CONNECTION_CACHE_README document.

    /-- smtp(8) ---> Internet - +--> Internet + qmgr(8) -   |
    |
    |
    |
    v       +|
    |
    |
    |
    v     - \-- smtp(8) ---> Internet - - ^
    |     -   +   \-- smtp(8) +  + +   ^
    |     + + scache(8) + + + +

    A Postfix smtp(8) client can reuse a TLS-encrypted connection +(with "smtp_tls_connection_reuse = yes"). This can greatly reduce +the overhead of connection setup and improves message delivery +rates. After a Postfix smtp(8) client connects to a remote SMTP +server and sends plaintext EHLO and STARTTLS commands, the smtp(8) +client inserts a tlsproxy(8) process into the connection as shown +below.

    + +

    After the mail transaction completes, the Postfix smtp(8) client +gives its connection to the tlsproxy(8) process to the scache(8) +server, which keeps the connection open for a limited amount of +time. The smtp(8) client continues with some other mail delivery +request. Meanwhile, any Postfix smtp(8) client can ask the scache(8) +server for that cached connection and reuse it for mail delivery. +

    + + + + + + + + - + + + +
    /-- smtp(8) +--> tlsproxy(8) + --> Internet
    qmgr(8) |
    |
    |
    |
    v
      \-- smtp(8)
      ^
    |
    scache(8)
    @@ -746,41 +784,85 @@ postscreen(8) minimizes its impact on legitimate email traffic. later. To keep the implementation simple, postscreen(8) delegates DNS allow/denylist lookups to dnsblog(8) server processes, and delegates TLS encryption/decryption to tlsproxy(8) server processes. -This delegation is invisible to the remote SMTP client, and is not -shown in the diagram below.

    +This delegation is invisible to the remote SMTP client.

    - + - + - - + - - + - - + - + +
    zombie
    zombie
    \
    \
    zombie - +
    zombie - tlsproxy(8) - - smtpd(8)
    \
    \ /
    other +
    other --- postscreen(8)
    /
    / \
    other +
    other - - smtpd(8)
    /
    /
    zombie
    zombie
    + +

  • The postlogd(8) server provides an alternative to syslog +logging, which remains the default. This feature is available with +Postfix version 3.4 or later, and supports the following modes: +

    + + + + +

    See MAILLOG_README for details and limitations.

    +

    Postfix support commands

    diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index 0fab4ceb6..e12397d12 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -1989,6 +1989,7 @@ mail_stream.o: mail_stream.c mail_stream.o: mail_stream.h mail_stream.o: opened.h mail_task.o: ../../include/check_arg.h +mail_task.o: ../../include/msg.h mail_task.o: ../../include/safe.h mail_task.o: ../../include/sys_defs.h mail_task.o: ../../include/vbuf.h diff --git a/postfix/src/global/mail_task.c b/postfix/src/global/mail_task.c index 733645d38..4f006768b 100644 --- a/postfix/src/global/mail_task.c +++ b/postfix/src/global/mail_task.c @@ -18,7 +18,9 @@ /* The result is overwritten with each call. /* /* A null argv0 argument requests that the current result is -/* returned, or "unknown" when no current result exists. +/* returned. +/* DIAGNOSTICS +/* Panic: argv0 is a null pointer, but no current result exists. /* LICENSE /* .ad /* .fi @@ -44,6 +46,7 @@ #include #include +#include /* Global library. */ @@ -59,8 +62,6 @@ const char *mail_task(const char *argv0) const char *slash; const char *tag; - if (argv0 == 0 && canon_name == 0) - argv0 = "unknown"; if (argv0) { if (canon_name == 0) canon_name = vstring_alloc(10); @@ -73,5 +74,7 @@ const char *mail_task(const char *argv0) mail_conf_eval(DEF_SYSLOG_NAME); vstring_sprintf(canon_name, "%s/%s", tag, argv0); } + if (canon_name == 0) + msg_panic("mail_task: no current result"); return (vstring_str(canon_name)); } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4586850a8..9b5e60df9 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20210405" +#define MAIL_RELEASE_DATE "20210410" #define MAIL_VERSION_NUMBER "3.6" #ifdef SNAPSHOT diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index 2270ce41b..357124ff5 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -37,11 +37,15 @@ /* when running as PID 1. /* This command requires that multi-instance support is /* disabled (i.e. the multi_instance_directories parameter -/* value must be empty). When running Postfix inside a container, -/* mount the container host's /dev/log socket inside the -/* container (example: "docker run -v /dev/log:/dev/log ...") -/* and specify a distinct Postfix "syslog_name" prefix that -/* identifies logging from the Postfix instance. +/* value must be empty). +/* +/* When running Postfix inside a container, see MAILLOG_README +/* for logging to stdout. Postfix logs to syslog by default, +/* which requires a) running a syslogd process inside the +/* container, or b) mounting the container host's /dev/log +/* socket inside the container (example: "docker run -v +/* /dev/log:/dev/log ..."), and c) a distinct Postfix "syslog_name" +/* prefix that identifies logging from the Postfix instance. /* .IP \fBstop\fR /* Stop the Postfix mail system in an orderly fashion. If /* possible, running processes are allowed to terminate at diff --git a/postfix/src/util/check_arg.h b/postfix/src/util/check_arg.h index 3a8389507..09f09326a 100644 --- a/postfix/src/util/check_arg.h +++ b/postfix/src/util/check_arg.h @@ -125,7 +125,7 @@ * assignment is made in unreachable code, the compiler "should" not emit * any references to those assignment targets. We use the "extern" class so * that gcc will not complain about unused variables. Using "extern" breaks - * when a compiler does emit references unreachable assignment targets. + * when a compiler does emit references to unreachable assignment targets. * Hopefully, those cases will be rare. */ #define CHECK_VAL_HELPER_DCL(tag, type) extern type CHECK_VAL_DUMMY(type) diff --git a/postfix/src/util/cidr_match.c b/postfix/src/util/cidr_match.c index a2692369c..0ae7c5626 100644 --- a/postfix/src/util/cidr_match.c +++ b/postfix/src/util/cidr_match.c @@ -220,14 +220,23 @@ VSTRING *cidr_match_parse(CIDR_MATCH *ip, char *pattern, int match, * Parse the pattern into network and mask, destroying the pattern. */ if ((mask = split_at(mask_search, '/')) != 0) { + const char *parse_error; + ip->addr_family = CIDR_MATCH_ADDR_FAMILY(pattern); ip->addr_bit_count = CIDR_MATCH_ADDR_BIT_COUNT(ip->addr_family); ip->addr_byte_count = CIDR_MATCH_ADDR_BYTE_COUNT(ip->addr_family); - if (!alldig(mask) - || (ip->mask_shift = atoi(mask)) > ip->addr_bit_count - || inet_pton(ip->addr_family, pattern, ip->net_bytes) != 1) { + if (!alldig(mask)) { + parse_error = "bad mask value"; + } else if ((ip->mask_shift = atoi(mask)) > ip->addr_bit_count) { + parse_error = "bad mask length"; + } else if (inet_pton(ip->addr_family, pattern, ip->net_bytes) != 1) { + parse_error = "bad network value"; + } else { + parse_error = 0; + } + if (parse_error != 0) { vstring_sprintf(why ? why : (why = vstring_alloc(20)), - "bad net/mask pattern: \"%s/%s\"", pattern, mask); + "%s in \"%s/%s\"", parse_error, pattern, mask); return (why); } if (ip->mask_shift > 0) { diff --git a/postfix/src/util/dict_cidr.ref b/postfix/src/util/dict_cidr.ref index a83de6b0c..305e3fd30 100644 --- a/postfix/src/util/dict_cidr.ref +++ b/postfix/src/util/dict_cidr.ref @@ -1,13 +1,13 @@ ./dict_open: warning: cidr map dict_cidr.map, line 5: non-null host address bits in "172.16.1.3/21", perhaps you should use "172.16.0.0/21" instead: skipping this rule -./dict_open: warning: cidr map dict_cidr.map, line 6: bad net/mask pattern: "172.16.1.3/33": skipping this rule -./dict_open: warning: cidr map dict_cidr.map, line 7: bad net/mask pattern: "172.999.0.0/21": skipping this rule +./dict_open: warning: cidr map dict_cidr.map, line 6: bad mask length in "172.16.1.3/33": skipping this rule +./dict_open: warning: cidr map dict_cidr.map, line 7: bad network value in "172.999.0.0/21": skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 8: bad address pattern: "172.16.1.999": skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 9: no lookup result: skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 38: non-null host address bits in "1.0.0.0/0", perhaps you should use "0.0.0.0/0" instead: skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 40: non-null host address bits in "1::/0", perhaps you should use "::/0" instead: skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 42: missing ']' character after "[1234": skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 43: garbage after "[1234]": skipping this rule -./dict_open: warning: cidr map dict_cidr.map, line 44: bad net/mask pattern: "172.16.1.3/3x": skipping this rule +./dict_open: warning: cidr map dict_cidr.map, line 44: bad mask value in "172.16.1.3/3x": skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 45: ENDIF without IF: skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 46: ENDIF without IF: skipping this rule ./dict_open: warning: cidr map dict_cidr.map, line 49: no address pattern: skipping this rule