From 2a07cb88482be4181ffe11e6a4e269e2e9a74a5f Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Tue, 7 Feb 2006 00:00:00 -0500 Subject: [PATCH] postfix-2.3-20060207 --- postfix/HISTORY | 35 +++++++++++++++---- postfix/RELEASE_NOTES | 9 +++++ postfix/conf/post-install | 1 + postfix/src/global/mail_version.h | 2 +- postfix/src/oqmgr/qmgr_message.c | 8 ++++- postfix/src/proxymap/proxymap.c | 6 ++++ postfix/src/qmgr/qmgr_message.c | 8 ++++- postfix/src/smtpd/smtpd.c | 4 ++- postfix/src/smtpd/smtpd_check.c | 21 +++-------- postfix/src/trivial-rewrite/trivial-rewrite.c | 10 ++++-- 10 files changed, 75 insertions(+), 29 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index bad71993e..27159b2bd 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -11977,8 +11977,33 @@ Apologies for any names omitted. reject mail when reject_plaintext_session is specified while TLS isn't compiled in. File: smtpd/smtpd_check.c. +20060204 + + Bugfix: disable content_inspection for "sendmail -bv" + probes. File: *qmgr/qmgr_message.c. + +20060207 + + Robustness: place the "do we have TLS" guards within method + implementations, instead of putting them around method + invocations. File: smtpd/smtpd_check.c. + + Bugfix: duplicate the cleanup(8) DSN envelope ID syntax + check in smtpd(8), so that clients get better error replies. + File: smtpd/smtpd_check.c. + + Bugfix: change 20060203 broke the reject_plaintext_session + feature. + + The trivial-rewrite and proxymap multi-server processes now + terminate soon after all their clients disconnect, instead + of waiting for another 100 seconds. This allows the processes + to refresh more frequently on low-traffic systems. + Wish list: + Fix XCLIENT/XFORWARD: send xtext and accept old non-xtext. + Make the map case folding/locking options configurable, if not at run-time then at least at compile time so we get consistent behavior across applications. @@ -12017,10 +12042,6 @@ Wish list: panics when a non-default maximal_queue_lifetime setting includes no time unit. - In second-line servers such as proxymap and trivial-rewrite, - set the max_idle time limit to a relatively small value so - that processes will refresh more often. - After the 20051222 ISASCII paranoia, lowercase() lowercases ASCII text only. @@ -12144,6 +12165,9 @@ Wish list: To be perfectly safe, no process other than the queue manager should move a queue file from the active queue. + This could involve tagging a queue file, and use up another + permission bit. + Low: postsuper re-run after renaming files, but only a limited number of times. @@ -12155,9 +12179,6 @@ Wish list: delivery agent which is error(8) in disguise, and which calls defer_append() instead of bounce_append(). - Low: postmap/postalias should not try to open a bogus file - when given an unsupported dictionary type. - Med: find a way to log the sender address when MAIL FROM is rejected due to lack of disk space. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 3f88005cd..e4ea548cc 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -17,6 +17,15 @@ Incompatibility with Postfix 2.1 and earlier If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2 before proceeding. +Incompatibility with snapshot 20060207 +====================================== + +The Postfix SMTP server no longer complains when TLS support is not +compiled in, but permit_tls_clientcerts, permit_tls_all_clientcerts, +or check_ccert_access are used. These features now are effectively +ignored. However, the reject_plaintext_session feature is not +ignored and will reject mail. + Incompatibility with snapshot 20060123 ====================================== diff --git a/postfix/conf/post-install b/postfix/conf/post-install index ee6efa894..1d919ccfe 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -473,6 +473,7 @@ test -n "$create" && { test -n "$set_permission" && { chown $recursive $owner $path || exit 1 test -z "$group" || chgrp $recursive $group $path || exit 1 + # Don't "chmod -R"; queue file status is encoded in mode bits. if [ "$type" = "d" -a -n "$recursive" ] then find $path -type d -exec chmod $mode "{}" ";" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index d564ee652..2a0240f78 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20060203" +#define MAIL_RELEASE_DATE "20060207" #define MAIL_VERSION_NUMBER "2.3" #ifdef SNAPSHOT diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index 146c7c678..5895b2e06 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -916,8 +916,14 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) /* * Content filtering overrides the address resolver. + * + * XXX Bypass content_filter inspection for user-generated probes + * (sendmail -bv). MTA-generated probes never have the "please filter + * me" bits turned on, but we handle them here anyway for the sake of + * future proofing. */ - else if (message->filter_xport) { + else if (message->filter_xport + && (message->tflags & DEL_REQ_TRACE_ONLY_MASK) == 0) { reply.flags = 0; vstring_strcpy(reply.transport, message->filter_xport); if ((nexthop = split_at(STR(reply.transport), ':')) == 0 diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c index 7b9326a55..b34251b7c 100644 --- a/postfix/src/proxymap/proxymap.c +++ b/postfix/src/proxymap/proxymap.c @@ -404,6 +404,12 @@ static void post_jail_init(char *unused_name, char **unused_argv) (void) htable_enter(proxy_read_maps, type_name, (char *) 0); } myfree(saved_filter); + + /* + * This process is called by clients that already enforce the max_idle + * time, so we don't have to do it another time. + */ + var_idle_limit = 1; } /* pre_accept - see if tables have changed */ diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index fdef95bce..29e43f9aa 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -958,8 +958,14 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) /* * Content filtering overrides the address resolver. + * + * XXX Bypass content_filter inspection for user-generated probes + * (sendmail -bv). MTA-generated probes never have the "please filter + * me" bits turned on, but we handle them here anyway for the sake of + * future proofing. */ - else if (message->filter_xport) { + else if (message->filter_xport + && (message->tflags & DEL_REQ_TRACE_ONLY_MASK) == 0) { reply.flags = 0; vstring_strcpy(reply.transport, message->filter_xport); if ((nexthop = split_at(STR(reply.transport), ':')) == 0 diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 4a6a9e5b2..74a90af2f 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -1656,7 +1656,9 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) smtpd_chat_reply(state, "501 5.7.1 DSN support is disabled"); return (-1); } - if (dsn_envid || xtext_unquote(state->dsn_buf, arg + 6) == 0) { + if (dsn_envid + || xtext_unquote(state->dsn_buf, arg + 6) == 0 + || !allprint(STR(state->dsn_buf))) { state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "501 5.5.4 Bad ENVID parameter syntax"); return (-1); diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 82c1d0346..3b8228f50 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -967,6 +967,7 @@ static int reject_plaintext_session(SMTPD_STATE *state) return (smtpd_check_reject(state, MAIL_ERROR_POLICY, var_plaintext_code, "4.7.1", "Session encryption is required")); + return (SMTPD_CHECK_DUNNO); } /* permit_inet_interfaces - succeed if client my own address */ @@ -1206,9 +1207,9 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient); /* permit_tls_clientcerts - OK/DUNNO for message relaying */ -#ifdef USE_TLS static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs) { +#ifdef USE_TLS const char *found; if (!state->tls_context) @@ -1231,11 +1232,10 @@ static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs) msg_info("relay_clientcerts: No match for fingerprint '%s'", state->tls_context->peer_fingerprint); } +#endif return (SMTPD_CHECK_DUNNO); } -#endif - /* check_relay_domains - OK/FAIL for message relaying */ static int check_relay_domains(SMTPD_STATE *state, char *recipient, @@ -2551,11 +2551,11 @@ static int check_server_access(SMTPD_STATE *state, const char *table, /* check_ccert_access - access for TLS clients by certificate fingerprint */ -#ifdef USE_TLS static int check_ccert_access(SMTPD_STATE *state, const char *table, const char *def_acl) { +#ifdef USE_TLS char *myname = "check_ccert_access"; int found; @@ -2583,11 +2583,10 @@ static int check_ccert_access(SMTPD_STATE *state, const char *table, state->tls_context->peer_CN, SMTPD_NAME_CCERT, def_acl)); } +#endif return (SMTPD_CHECK_DUNNO); } -#endif - /* check_mail_access - OK/FAIL based on mail address lookup */ static int check_mail_access(SMTPD_STATE *state, const char *table, @@ -3519,9 +3518,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, SMTPD_NAME_CLIENT); } } else if (is_map_command(state, name, CHECK_CCERT_ACL, &cpp)) { -#ifdef USE_TLS status = check_ccert_access(state, *cpp, def_acl); -#endif } /* @@ -3702,13 +3699,9 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO); #endif } else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) { -#ifdef USE_TLS status = permit_tls_clientcerts(state, 1); -#endif } else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) { -#ifdef USE_TLS status = permit_tls_clientcerts(state, 0); -#endif } else if (strcasecmp(name, REJECT_UNKNOWN_RCPTDOM) == 0) { if (state->recipient) status = reject_unknown_address(state, state->recipient, @@ -3868,13 +3861,9 @@ void smtpd_check_rewrite(SMTPD_STATE *state) SMTPD_CHECK_DUNNO); #endif } else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) { -#ifdef USE_TLS status = permit_tls_clientcerts(state, 1); -#endif } else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) { -#ifdef USE_TLS status = permit_tls_clientcerts(state, 0); -#endif } else { msg_warn("parameter %s: invalid request: %s", VAR_LOC_RWR_CLIENTS, name); diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index cdcd6dba8..0f2e17ea5 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -473,7 +473,7 @@ static void pre_accept(char *unused_name, char **unused_argv) #endif -#ifdef CHECK_TABLE_STATS_PERIODICALLY +#ifdef SNAPSHOT static void check_table_stats(int unused_event, char *unused_context) { @@ -525,9 +525,15 @@ static void post_jail_init(char *unused_name, char **unused_argv) transport_post_init(resolve_regular.transport_info); if (resolve_verify.transport_info) transport_post_init(resolve_verify.transport_info); -#ifdef CHECK_TABLE_STATS_PERIODICALLY +#ifdef SNAPSHOT check_table_stats(0, (char *) 0); #endif + + /* + * This process is called by clients that already enforce the max_idle + * time, so we don't have to do it another time. + */ + var_idle_limit = 1; } /* main - pass control to the multi-threaded skeleton code */ -- 2.47.3