From: Wietse Venema Date: Wed, 21 May 2003 05:00:00 +0000 (-0500) Subject: postfix-2.0.10 X-Git-Tag: v2.0.10^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd9edf9103fdc5afcbc8de1fdc78c0c30dbf59df;p=thirdparty%2Fpostfix.git postfix-2.0.10 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index d71d9a292..b92b35e4c 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -7727,9 +7727,48 @@ Apologies for any names omitted. and 2) MIME input processing is turned off, and 3) MIME 8bit->7bit conversion is requested upon delivery via SMTP. +20030424 + + Cleanup: readlline() did not terminate the result before + complaining about lines starting with whitespace. + + Cleanup: eliminated valid_hostname warning for invalid + queue file names. File: global/mail_queue.c. + + Bugfix: the Postfix sendmail command applied the message + size limit when running as newaliases. The limiting code + is now moved to the message enqueuing branch of the code. + File: sendmail/sendmail.c. + +20030429 + + Bugfix: "," was not recognized in proxy_read_maps settings. + Fix by Leandro Santi. File: proxymap/proxymap.c. + +20030502 + + Bugfix: defer delivery after .forward etc. file read error. + File: local/token.c. Problem reported by Ben Rosengart, + Panix. + +20030520 + + Cleanup: future time stamps in Received: headers and negative + delays in delivery agent logging after "postdrop -r", + because deferred queue files had future file modification + times. File: src/postsuper/postsuper.c. + +20030521 + + Cleanup: nqmgr warnings about "recipient count mismatch" + after "postdrop -r", because the cleanup server did not + count the "already done" recipients. Problem reported by + Richard Stockton, Gramma Software. Files: + cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c + Open problems: - Low: smtp-source may block when sending large test messages. + Low: smtp-source may block when sending large test messages. Low: after successful delivery, per-queue window += 1/window, after failure, queue window -= 1 (Victor). diff --git a/postfix/README_FILES/FILTER_README b/postfix/README_FILES/FILTER_README index e59ccfa51..ecdf61d71 100644 --- a/postfix/README_FILES/FILTER_README +++ b/postfix/README_FILES/FILTER_README @@ -236,8 +236,9 @@ program. Note: the localhost port 10025 SMTP server filter should announce itself as "220 localhost...". Postfix aborts delivery when it -connects to an SMTP server that uses the same hostname, because -that normally means you have a mail delivery loop problem. +connects to an SMTP server that uses the same hostname as Postfix +("host greeted me with my own hostname"), because that +normally means you have a mail delivery loop problem. The example here assumes that the /some/where/filter command is a PERL script. PERL has modules that make talking SMTP easy. The @@ -280,9 +281,9 @@ mail. The "-o local_recipient_maps=" and "-o relay_recipient_maps=" avoid unnecessary table lookups. -The "-o myhostname=localhost.domain.tld" avoids a possible problem -if your content filter is based on a proxy that simply relays SMTP -commands. +The "-o myhostname=localhost.domain.tld" avoids false alarms ("host + greeted me with my own hostname") if your content +filter is based on a proxy that simply relays SMTP commands. The "-o smtpd_xxx_restrictions" and "-o mynetworks=127.0.0.0/8" turn off UCE controls that would only waste time here. diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index e2d1d39df..b2b6aa9a4 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -50,7 +50,8 @@ UCE restriction. SASL authentication information is not passed on via message headers or via SMTP. It is no-one's business what username and authentication -method the poster was using in order to access the mail server. +method the poster was using in order to access the mail server. The +people who need to know can find the information in the maillog file. When sending mail, Postfix looks up the server hostname or destination domain (the address remote part) in a table, and if a username/password @@ -227,6 +228,19 @@ can use one of the following commands: mmencode is part of the metamail software. MIME::Base64 is available from www.cpan.org. +Trouble shooting the SASL internals +=================================== + +[based on text by Liviu Daia] + +In the Cyrus SASL sources you'll find a subdirectory named "sample". +Run make there, then run the resulting sample server and client in +separate terminals. Strace / ktrace / truss the server to see what +makes it unhappy, fix the problem, then write the authors thanking +them for providing such useful logging. Repeat the previous step +until you can successfully authenticate with the sample client. +Only then get back to Postfix. + Enabling SASL authentication in the Postfix SMTP client ======================================================= diff --git a/postfix/README_FILES/VIRTUAL_README b/postfix/README_FILES/VIRTUAL_README index fd833bc0a..5c9df7613 100644 --- a/postfix/README_FILES/VIRTUAL_README +++ b/postfix/README_FILES/VIRTUAL_README @@ -24,12 +24,13 @@ It looks up the user mailbox location, uid and gid via separate maps, and the mailbox location map can specify either mailbox or maildir delivery (controlled by trailing slash on mailbox name). -The agent does not support user+foo address extensions, aliases or -.forward files (use the virtual table instead), and therefore -doesn't support file or program aliases. This choice was made to -simplify and streamline the code (it allowed me to dispense with -70% of local's code - mostly the bits that are a security headache) -- if you need this functionality, this agent isn't for you. +The agent allows but ignores user+foo address extensions, does not +support aliases or .forward files (use the virtual table instead), +and therefore doesn't support file or program aliases. This choice +was made to simplify and streamline the code (it allowed me to +dispense with 70% of local's code - mostly the bits that are a +security headache) - if you need this functionality, this agent +isn't for you. It also doesn't support writing to a common spool as root and then chowning the mailbox to the user - I felt this functionality didn't @@ -67,7 +68,7 @@ virtual_mailbox_domains Specifies the list of domains that should be delivered to the $virtual_transport delivery agent (default: virtual). As of - version 1.2, Postfix is smart enough that you don't have to + version 2.0, Postfix is smart enough that you don't have to list every virtual domain in a Postfix transport map. virtual_mailbox_maps @@ -160,9 +161,9 @@ Example 1: using the virtual delivery agent for all local mail ============================================================== This example does not use the Postfix local delivery agent at all. -With this configuration Postfix does no user+foo address extension, -no alias expansion, no .forward file expansion, and no lookups of -recipients in /etc/passwd. +With this configuration Postfix does no alias expansion, no .forward +file expansion, no lookups of recipients in /etc/passwd, and allows +but ignores user+foo address extensions. Instead of "hash" specify "dbm" or "btree", depending on your system type. The command "postconf -m" displays possible lookup table diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 80857d088..24ecff786 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -1,8 +1,14 @@ # -# Postfix master process configuration file. Each line describes how -# a mailer component program should be run. The fields that make up -# each line are described below. A "-" field value requests that a -# default value be used for that field. +# Postfix master process configuration file. Each logical line +# describes how a Postfix daemon program should be run. +# +# A logical line starts with non-whitespace, non-comment text. +# Empty lines and whitespace-only lines are ignored, as are comment +# lines whose first non-whitespace character is a `#'. +# A line that starts with whitespace continues a logical line. +# +# The fields that make up each line are described below. A "-" field +# value requests that a default value be used for that field. # # Service: any name that is valid for the specified transport type # (the next field). With INET transports, a service is specified as @@ -59,12 +65,6 @@ # SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS. # ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL. # -# DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR -# POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD -# -# DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL -# DELIVER MAIL MULTIPLE TIMES. -# # DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES. # # ========================================================================== diff --git a/postfix/conf/pcre_table b/postfix/conf/pcre_table index c8db65bac..ad5bd0bc9 100644 --- a/postfix/conf/pcre_table +++ b/postfix/conf/pcre_table @@ -135,7 +135,7 @@ # # EXAMPLE SMTPD ACCESS MAP # # Protect your outgoing majordomo exploders -# /^(?!owner-)(.*)-outgoing@/ 550 Use ${1}@${2} instead +# /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead # # # Bounce friend@whatever, except when whatever is our domain (you would # # be better just bouncing all friend@ mail - this is just an example). diff --git a/postfix/conf/sample-mime.cf b/postfix/conf/sample-mime.cf index 67aa22800..ac4d9f241 100644 --- a/postfix/conf/sample-mime.cf +++ b/postfix/conf/sample-mime.cf @@ -66,4 +66,4 @@ strict_8bitmime = no # # This blocks mail from poorly written mail software. # -strict_mime_domain_encoding = no +strict_mime_encoding_domain = no diff --git a/postfix/conf/sample-pcre-access.cf b/postfix/conf/sample-pcre-access.cf index c9735698f..03aa27a8c 100644 --- a/postfix/conf/sample-pcre-access.cf +++ b/postfix/conf/sample-pcre-access.cf @@ -45,7 +45,7 @@ # Protect your outgoing majordomo exploders # -/^(?!owner-)(.*)-outgoing@/ 550 Use ${1}@${2} instead +/^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead # Bounce friend@whatever, except when whatever is our domain (you would diff --git a/postfix/conf/sample-regexp-access.cf b/postfix/conf/sample-regexp-access.cf index 6d6d1c27e..10df2529d 100644 --- a/postfix/conf/sample-regexp-access.cf +++ b/postfix/conf/sample-regexp-access.cf @@ -30,4 +30,6 @@ /^postmaster@/ OK # Protect your outgoing majordomo exploders -/^(.*)-outgoing@(.*)$/!/^owner-.*/ 550 Use ${1}@${2} instead +if !/^owner-.*/ +/^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead +endif diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index 0e793b6a2..1a50ad5ad 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -133,7 +133,7 @@ CLEANUP(8) CLEANUP(8) ple, bounces from qmail or from old versions of Postfix). - strict_mime_domain_encoding + strict_mime_encoding_domain Reject mail with invalid Content-Transfer-Encoding: information for message/* or multipart/*. This blocks mail from poorly written software. diff --git a/postfix/html/pcre_table.5.html b/postfix/html/pcre_table.5.html index 31da45f43..6be1fd8c7 100644 --- a/postfix/html/pcre_table.5.html +++ b/postfix/html/pcre_table.5.html @@ -136,7 +136,7 @@ PCRE_TABLE(5) PCRE_TABLE(5) EXAMPLE SMTPD ACCESS MAP # Protect your outgoing majordomo exploders - /^(?!owner-)(.*)-outgoing@/ 550 Use ${1}@${2} instead + /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead # Bounce friend@whatever, except when whatever is our domain (you would # be better just bouncing all friend@ mail - this is just an example). diff --git a/postfix/man/man5/pcre_table.5 b/postfix/man/man5/pcre_table.5 index 6293ed4a8..7fcedcb88 100644 --- a/postfix/man/man5/pcre_table.5 +++ b/postfix/man/man5/pcre_table.5 @@ -119,7 +119,7 @@ or $(n) if they aren't followed by whitespace. .na .nf # Protect your outgoing majordomo exploders -/^(?!owner-)(.*)-outgoing@/ 550 Use ${1}@${2} instead +/^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead # Bounce friend@whatever, except when whatever is our domain (you would # be better just bouncing all friend@ mail - this is just an example). diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index 19a0106f5..8505ae271 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -121,7 +121,7 @@ this also breaks majordomo approval requests when the included request contains valid 8-bit MIME mail, and it breaks bounces from mailers that do not properly encapsulate 8-bit content (for example, bounces from qmail or from old versions of Postfix). -.IP \fBstrict_mime_domain_encoding\fR +.IP \fBstrict_mime_encoding_domain\fR Reject mail with invalid \fBContent-Transfer-Encoding:\fR information for message/* or multipart/*. This blocks mail from poorly written software. diff --git a/postfix/proto/pcre_table b/postfix/proto/pcre_table index c8512c70c..eab2ebbee 100644 --- a/postfix/proto/pcre_table +++ b/postfix/proto/pcre_table @@ -111,7 +111,7 @@ # or $(n) if they aren't followed by whitespace. # EXAMPLE SMTPD ACCESS MAP # # Protect your outgoing majordomo exploders -# /^(?!owner-)(.*)-outgoing@/ 550 Use ${1}@${2} instead +# /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead # # # Bounce friend@whatever, except when whatever is our domain (you would # # be better just bouncing all friend@ mail - this is just an example). diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index ba7b6bf32..b5a20a165 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -107,7 +107,7 @@ /* request contains valid 8-bit MIME mail, and it breaks bounces from /* mailers that do not properly encapsulate 8-bit content (for example, /* bounces from qmail or from old versions of Postfix). -/* .IP \fBstrict_mime_domain_encoding\fR +/* .IP \fBstrict_mime_encoding_domain\fR /* Reject mail with invalid \fBContent-Transfer-Encoding:\fR /* information for message/* or multipart/*. This blocks mail /* from poorly written software. diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c index 77734a8b0..950be4a5c 100644 --- a/postfix/src/cleanup/cleanup_envelope.c +++ b/postfix/src/cleanup/cleanup_envelope.c @@ -207,6 +207,8 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, char *buf, vstring_free(clean_addr); myfree(state->orig_rcpt); state->orig_rcpt = 0; + } else if (type == REC_TYPE_DONE) { + /* void */ ; } else if (type == REC_TYPE_WARN) { if ((state->warn_time = atol(buf)) < 0) { state->errs |= CLEANUP_STAT_BAD; diff --git a/postfix/src/cleanup/cleanup_extracted.c b/postfix/src/cleanup/cleanup_extracted.c index 19131642d..93aa0f071 100644 --- a/postfix/src/cleanup/cleanup_extracted.c +++ b/postfix/src/cleanup/cleanup_extracted.c @@ -160,8 +160,11 @@ static void cleanup_extracted_process(CLEANUP_STATE *state, int type, char *buf, myfree(state->orig_rcpt); state->orig_rcpt = 0; return; + } else if (type == REC_TYPE_DONE) { + return; } else if (type == REC_TYPE_ORCP) { state->orig_rcpt = mystrdup(buf); + return; } if (type != REC_TYPE_END) { cleanup_out(state, type, buf, len); diff --git a/postfix/src/global/mail_queue.c b/postfix/src/global/mail_queue.c index 54916c8b5..bb00522fc 100644 --- a/postfix/src/global/mail_queue.c +++ b/postfix/src/global/mail_queue.c @@ -311,7 +311,7 @@ int mail_queue_id_ok(const char *queue_id) /* * OK if in valid hostname form. */ - return (valid_hostname(queue_id, DO_GRIPE)); + return (valid_hostname(queue_id, DONT_GRIPE)); } /* mail_queue_enter - make mail queue entry with locally-unique name */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index c3e5ca925..9df4cebce 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,10 +20,10 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20030418" +#define MAIL_RELEASE_DATE "20030521" #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "2.0.9" +#define DEF_MAIL_VERSION "2.0.10" extern char *var_mail_version; /* diff --git a/postfix/src/local/token.c b/postfix/src/local/token.c index c427eb704..897def9cc 100644 --- a/postfix/src/local/token.c +++ b/postfix/src/local/token.c @@ -98,6 +98,7 @@ #include #include #include +#include /* Application-specific. */ @@ -207,6 +208,10 @@ int deliver_token_stream(LOCAL_STATE state, USER_ATTR usr_attr, break; } } + if (vstream_ferror(fp)) + status = defer_append(BOUNCE_FLAG_KEEP, + BOUNCE_ATTR(state.msg_attr), + "error reading .forward file: %m"); vstring_free(buf); return (status); } diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c index c87206bf4..634352fe2 100644 --- a/postfix/src/pickup/pickup.c +++ b/postfix/src/pickup/pickup.c @@ -178,6 +178,8 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info, if ((type = rec_get(qfile, buf, var_line_limit)) < 0 || strchr(expected, type) == 0) return (file_read_error(info, type)); + if (msg_verbose) + msg_info("%s: read %c %s", info->id, type, vstring_str(buf)); if (type == *expected) break; if (type == REC_TYPE_FROM) @@ -194,6 +196,8 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info, info->rcpt = mystrdup(vstring_str(buf)); if (type == REC_TYPE_TIME) continue; + if (type == REC_TYPE_SIZE) + continue; if (type == REC_TYPE_ATTR) { if ((error_text = split_nameval(vstring_str(buf), &attr_name, &attr_value)) != 0) { diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c index 6832aa9bd..141702406 100644 --- a/postfix/src/postdrop/postdrop.c +++ b/postfix/src/postdrop/postdrop.c @@ -315,9 +315,6 @@ int main(int argc, char **argv) } if (rec_type == REC_TYPE_ERROR) msg_fatal("uid=%ld: malformed input", (long) uid); - if (rec_type == REC_TYPE_TIME) - rec_fprintf(dst->stream, REC_TYPE_TIME, "%ld", - (long) time((time_t *) 0)); if (strchr(*expected, rec_type) == 0) msg_fatal("uid=%ld: unexpected record type: %d", (long) uid, rec_type); if (rec_type == **expected) diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c index d8831fc26..85f9a3ddb 100644 --- a/postfix/src/postsuper/postsuper.c +++ b/postfix/src/postsuper/postsuper.c @@ -188,6 +188,7 @@ #include #include #include /* remove() */ +#include /* Utility library. */ @@ -428,6 +429,7 @@ static int requeue_one(const char **queue_names, const char *queue_id) VSTRING *new_path_buf; int found; int tries; + struct utimbuf tbuf; /* * Sanity check. No early returns beyond this point. @@ -454,6 +456,9 @@ static int requeue_one(const char **queue_names, const char *queue_id) continue; (void) mail_queue_path(new_path_buf, MAIL_QUEUE_MAILDROP, queue_id); if (postrename(old_path, STR(new_path_buf)) == 0) { + tbuf.actime = tbuf.modtime = time((time_t *) 0); + if (utime(STR(new_path_buf), &tbuf) < 0) + msg_warn("%s: reset time stamps: %m", STR(new_path_buf)); msg_info("%s: requeued", queue_id); found = 1; break; diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c index fd93a8275..88418b500 100644 --- a/postfix/src/proxymap/proxymap.c +++ b/postfix/src/proxymap/proxymap.c @@ -350,7 +350,7 @@ DICT *dict_proxy_open(const char *map, int open_flags, int dict_flags) static void post_jail_init(char *unused_name, char **unused_argv) { - const char *sep = " \t\r\n"; + const char *sep = ", \t\r\n"; char *saved_filter; char *bp; char *type_name; diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index 954bd0717..29bc38feb 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -378,6 +378,13 @@ static void enqueue(const int flags, const char *encoding, const char *sender, */ buf = vstring_alloc(100); + /* + * Stop run-away process accidents by limiting the queue file size. This + * is not a defense against DOS attack. + */ + if (var_message_limit > 0 && get_file_limit() > var_message_limit) + set_file_limit((off_t) var_message_limit); + /* * The sender name is provided by the user. In principle, the mail pickup * service could deduce the sender name from queue file ownership, but: @@ -428,7 +435,6 @@ static void enqueue(const int flags, const char *encoding, const char *sender, * * XXX Should limit the size of envelope records. */ - rec_fprintf(dst, REC_TYPE_TIME, "%ld", (long) time((time_t *) 0)); if (full_name || (full_name = fullname()) != 0) rec_fputs(dst, REC_TYPE_FULL, full_name); rec_fputs(dst, REC_TYPE_FROM, saved_sender); @@ -612,13 +618,6 @@ int main(int argc, char **argv) if (chdir(var_queue_dir)) msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir); - /* - * Stop run-away process accidents by limiting the queue file size. This - * is not a defense against DOS attack. - */ - if (var_message_limit > 0 && get_file_limit() > var_message_limit) - set_file_limit((off_t) var_message_limit); - signal(SIGPIPE, SIG_IGN); /* diff --git a/postfix/src/util/readlline.c b/postfix/src/util/readlline.c index 9be31eab1..49f1beb7a 100644 --- a/postfix/src/util/readlline.c +++ b/postfix/src/util/readlline.c @@ -101,6 +101,7 @@ VSTRING *readlline(VSTRING *buf, VSTREAM *fp, int *lineno) break; } } + VSTRING_TERMINATE(buf); /* * Invalid input: continuing text without preceding text. Allowing this @@ -118,6 +119,5 @@ VSTRING *readlline(VSTRING *buf, VSTREAM *fp, int *lineno) /* * Done. */ - VSTRING_TERMINATE(buf); return (LEN(buf) > 0 ? buf : 0); }