From 49b1392b4eeba6fbf50adadd151d54e0485c3356 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 1 Feb 2019 00:00:00 -0500 Subject: [PATCH] postfix-3.4-20190201 --- postfix/HISTORY | 8 ++++++ postfix/RELEASE_NOTES | 35 ++++++++++++----------- postfix/conf/postfix-script | 35 ++++++++++++++++++++++- postfix/html/postconf.5.html | 43 ++++++++++++++++++++++++++++- postfix/html/postfix.1.html | 20 ++++++++++++++ postfix/man/man1/postfix.1 | 16 +++++++++++ postfix/man/man5/postconf.5 | 24 +++++++++++++++- postfix/mantools/postlink | 3 ++ postfix/proto/postconf.proto | 31 ++++++++++++++++++++- postfix/src/global/Makefile.in | 1 + postfix/src/global/mail_params.c | 9 ++++++ postfix/src/global/mail_params.h | 12 ++++++++ postfix/src/global/mail_version.h | 2 +- postfix/src/global/maillog_client.c | 17 ++++++++++++ postfix/src/postfix/postfix.c | 16 +++++++++++ 15 files changed, 251 insertions(+), 21 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index bfdb67446..c400b856e 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24012,3 +24012,11 @@ Apologies for any names omitted. 20190128 Testing: run libtls tests under Valgrind. File tls/Makefile.in. + +20190129 + + Safety: require that $maillog_file matches one of the + pathname prefixes specified in $maillog_file_prefixes. The + maillog file is created by root, and the prefixes limit the + damage from a single configuration error. Files: + global/mail_params.[hc], global/maillog_client.c. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index c87676085..ddf248e94 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -35,8 +35,8 @@ Incompatible changes with snapshot 20190126-nonprod This introduces a new master.cf service type 'unix-dgram' that is used by the new postlogd(8) daemon. This type is not supported by -older Postfix versions. Before backing out to an Postfix 3.3 or -earlier, edit the master.cf file and remove the postlog entry. +older Postfix versions. Before backing out to an older release, +edit the master.cf file and remove the postlog entry. Major changes with snapshot 20190126-nonprod ============================================ @@ -52,10 +52,11 @@ Support for logging to file or stdout. This disables syslog logging. To enable Postfix logging to file or stdout: -------------------------------------------- -Add the following line to master.cf (no whitespace at the start of the line): +Add the following line to master.cf if not already present (no +whitespace at the start of the line): postlog unix-dgram n - n - 1 postlogd -To write logs to Postfix logfile: +To write logs to Postfix logfile (see below for logfile rotation): # postfix stop # postconf maillog_file=/var/log/postfix.log # postfix start @@ -64,24 +65,26 @@ To write logs to stdout, typically while Postfix runs in a container: # postconf maillog_file=/dev/stdout # postfix start-fg +The maillog_file parameter must contain a prefix that is specified +with the maillog_file_prefixes parameter (default: /var, /dev/stdout). +This limits the damage from a single configuration mistake. + To rotate a Postfix logfile with a daily cronjob: ------------------------------------------------- -The following applies when the maillog_file parameter specifies a -reguar file. - -- Rename the current logfile in the same directory, appending the - current date to file file name. The following adds a suffix - of the form YYYYMMDD to file name: - # mv postfix.log postfix.log.$(date +%Y%M%d) +The command "postfix logrotate" renames the logfile by appending a +suffix that contains the date and time, reloads Postfix so that it +closes the old logfile, and after a brief pause compresses the old +logfile. This command will not rotate the log if it specifies a +pathname under the /dev directory, such as /dev/stdout. -- DO NOT YET COMPRESS THE FILE. POSTFIX STILL WRITES TO IT. +The command "postfix logrotate" does not (yet) remove old logfiles. -- Reload Postfix, so that postlogd(8) will start writing to a new - file: - # postfix reload +Configuration parameters: +- maillog_file_compressor (gzip) +- maillog_file_rotate_suffix (%Y%M%d-%H%M%S) -- Compress the old file, and move it elsewhere if needed. +See the postconf(5) manpage for detailed descriptions. Limitations of logging to Postfix logfile or stdout: ---------------------------------------------------- diff --git a/postfix/conf/postfix-script b/postfix/conf/postfix-script index 0526681c3..72855e25c 100755 --- a/postfix/conf/postfix-script +++ b/postfix/conf/postfix-script @@ -405,8 +405,41 @@ tls) "$@" ;; +logrotate) + case $# in + 1) ;; + *) $FATAL "usage postfix $1 (no arguments)"; exit 1;; + esac + for name in maillog_file maillog_file_compressor \ + maillog_file_rotate_suffix + do + value="`$command_directory/postconf -h $name`" + case "$value" in + "") $FATAL "empty '$name' parameter value - logfile rotation failed" + exit 1;; + esac + eval $name='"$value"'; + done + + case "$maillog_file" in + /dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;; + esac + + ( + suffix="`date +$maillog_file_rotate_suffix`" || exit 1 + mv "$maillog_file" "$maillog_file.$suffix" || exit 1 + $daemon_directory/master -t 2>/dev/null || + kill -HUP `sed 1q pid/master.pid` + sleep 1 + "$maillog_file_compressor" "$maillog_file.$suffix" || exit 1 + ) || { + $FATAL "logfile '$maillog_file' rotation failed" + exit 1 + } + ;; + *) - $FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration)" + $FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration, logrotate)" exit 1 ;; diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 6aa08434c..39550614f 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -6245,13 +6245,54 @@ substitutions in regular expression maps.

Specify "/dev/stdout" for logging to standard output. Stdout logging requires that Postfix is started with "postfix start-fg".

-

Note: Some Postfix non-daemon programs may still log information +

Note 1: The maillog_file parameter value must contain a prefix +that is specified with the maillog_file_prefixes parameter.

+ +

Note 2: Some Postfix non-daemon programs may still log information to syslogd(8), before they have processed their configuration parameters and command-line options.

This feature is available in Postfix 3.4 and later.

+ + +
maillog_file_compressor +(default: gzip)
+ +

The program to run after rotating $maillog_file with "postfix +logrotate". The command is run with the rotated file as its first +argument.

+ +

This feature is available in Postfix 3.4 and later.

+ + +
+ +
maillog_file_prefixes +(default: /var, /dev/stdout)
+ +

A list of allowed prefixes for a maillog_file value. This is a +safety feature to contain the damage from a single configuration +mistake. Specify one or more prefix strings, separated by comma or +whitespace.

+ +

This feature is available in Postfix 3.4 and later.

+ + +
+ +
maillog_file_rotate_suffix +(default: %Y%M%d-%H%M%S)
+ +

The format of the suffix to append to $maillog_file while rotating +the file with "postfix logrotate". See strftime(3) for syntax. The +default suffix, YYYYMMDD-HHMMSS, allows logs to be rotated frequently. +

+ +

This feature is available in Postfix 3.4 and later.

+ +
mailq_path diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index aeec1c36c..4c5c4f937 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -84,6 +84,15 @@ POSTFIX(1) POSTFIX(1) fix 2.0 and earlier, use "$config_directory/post-install set-permissions". + logrotate + Rotate the logfile specified with $maillog_file, by appending a + time-stamp suffix that is formatted according to $mail- + log_file_rotate_suffix, and by compressing the file with the + command specified with $maillog_file_compressor. This will not + rotate /dev/* files. + + This feature is available in Postfix 3.4 and later. + tls subcommand Enable opportunistic TLS in the Postfix SMTP client or server, and manage Postfix SMTP server TLS private keys and certifi- @@ -269,6 +278,17 @@ POSTFIX(1) POSTFIX(1) The name of an optional logfile that is written by the Postfix postlogd(8) service. + maillog_file_compressor (gzip) + The program to run after rotating $maillog_file with "postfix + logrotate". + + maillog_file_prefixes (/var, /dev/stdout) + A list of allowed prefixes for a maillog_file value. + + maillog_file_rotate_suffix (%Y%M%d-%H%M%S) + The format of the suffix to append to $maillog_file while rotat- + ing the file with "postfix logrotate". + postlog_service_name (postlog) The name of the postlogd(8) service entry in master.cf. diff --git a/postfix/man/man1/postfix.1 b/postfix/man/man1/postfix.1 index bc5775a62..7a8a39cd2 100644 --- a/postfix/man/man1/postfix.1 +++ b/postfix/man/man1/postfix.1 @@ -83,6 +83,14 @@ already installed Postfix system. This feature is available in Postfix 2.1 and later. With Postfix 2.0 and earlier, use "\fB$config_directory/post\-install set\-permissions\fR". +.IP "\fBlogrotate\fR" +Rotate the logfile specified with $maillog_file, by appending +a time\-stamp suffix that is formatted according to +$maillog_file_rotate_suffix, and by compressing the file +with the command specified with $maillog_file_compressor. +This will not rotate /dev/* files. +.sp +This feature is available in Postfix 3.4 and later. .IP "\fBtls\fR \fIsubcommand\fR" Enable opportunistic TLS in the Postfix SMTP client or server, and manage Postfix SMTP server TLS private keys and @@ -239,6 +247,14 @@ Available in Postfix version 3.4 and later: .IP "\fBmaillog_file (empty)\fR" The name of an optional logfile that is written by the Postfix \fBpostlogd\fR(8) service. +.IP "\fBmaillog_file_compressor (gzip)\fR" +The program to run after rotating $maillog_file with "postfix +logrotate". +.IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR" +A list of allowed prefixes for a maillog_file value. +.IP "\fBmaillog_file_rotate_suffix (%Y%M%d\-%H%M%S)\fR" +The format of the suffix to append to $maillog_file while rotating +the file with "postfix logrotate". .IP "\fBpostlog_service_name (postlog)\fR" The name of the \fBpostlogd\fR(8) service entry in master.cf. .SH "FILES" diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index fa01f867a..dd8ab8e44 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3754,11 +3754,33 @@ The name of an optional logfile that is written by the Postfix Specify "/dev/stdout" for logging to standard output. Stdout logging requires that Postfix is started with "postfix start\-fg". .PP -Note: Some Postfix non\-daemon programs may still log information +Note 1: The maillog_file parameter value must contain a prefix +that is specified with the maillog_file_prefixes parameter. +.PP +Note 2: Some Postfix non\-daemon programs may still log information to \fBsyslogd\fR(8), before they have processed their configuration parameters and command\-line options. .PP This feature is available in Postfix 3.4 and later. +.SH maillog_file_compressor (default: gzip) +The program to run after rotating $maillog_file with "postfix +logrotate". The command is run with the rotated file as its first +argument. +.PP +This feature is available in Postfix 3.4 and later. +.SH maillog_file_prefixes (default: /var, /dev/stdout) +A list of allowed prefixes for a maillog_file value. This is a +safety feature to contain the damage from a single configuration +mistake. Specify one or more prefix strings, separated by comma or +whitespace. +.PP +This feature is available in Postfix 3.4 and later. +.SH maillog_file_rotate_suffix (default: %Y%M%d\-%H%M%S) +The format of the suffix to append to $maillog_file while rotating +the file with "postfix logrotate". See \fBstrftime\fR(3) for syntax. The +default suffix, YYYYMMDD\-HHMMSS, allows logs to be rotated frequently. +.PP +This feature is available in Postfix 3.4 and later. .SH mailq_path (default: see "postconf \-d" output) Sendmail compatibility feature that specifies where the Postfix \fBmailq\fR(1) command is installed. This command can be used to diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 8cd48b2ea..31b0172c6 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -1119,6 +1119,9 @@ while (<>) { # Internal logging. s;\bmail[-]*\n*[ ]*log_file\b;$&;g; + s;\bmail[-]*\n*[ ]*log_file_compressor\b;$&;g; + s;\bmail[-]*\n*[ ]*log_file_prefixes\b;$&;g; + s;\bmail[-]*\n*[ ]*log_file_rotate_suffix\b;$&;g; s;\bpostlog_service_name\b;$&;g; s;\bpostlogd_watchdog_timeout\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 5c53add8e..12978a8e8 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -17534,7 +17534,10 @@ postlogd(8) service. A non-empty value disables logging to syslogd(8). Specify "/dev/stdout" for logging to standard output. Stdout logging requires that Postfix is started with "postfix start-fg".

-

Note: Some Postfix non-daemon programs may still log information +

Note 1: The maillog_file parameter value must contain a prefix +that is specified with the maillog_file_prefixes parameter.

+ +

Note 2: Some Postfix non-daemon programs may still log information to syslogd(8), before they have processed their configuration parameters and command-line options.

@@ -17561,3 +17564,29 @@ one-letter suffix that specifies the time unit). Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).

This feature is available in Postfix 3.4 and later.

+ +%PARAM maillog_file_prefixes /var, /dev/stdout + +

A list of allowed prefixes for a maillog_file value. This is a +safety feature to contain the damage from a single configuration +mistake. Specify one or more prefix strings, separated by comma or +whitespace.

+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM maillog_file_compressor gzip + +

The program to run after rotating $maillog_file with "postfix +logrotate". The command is run with the rotated file as its first +argument.

+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM maillog_file_rotate_suffix %Y%M%d-%H%M%S + +

The format of the suffix to append to $maillog_file while rotating +the file with "postfix logrotate". See strftime(3) for syntax. The +default suffix, YYYYMMDD-HHMMSS, allows logs to be rotated frequently. +

+ +

This feature is available in Postfix 3.4 and later.

diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index 21caa0d97..512a82641 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -1910,6 +1910,7 @@ mail_version.o: ../../include/vbuf.h mail_version.o: ../../include/vstring.h mail_version.o: mail_version.c mail_version.o: mail_version.h +maillog_client.o: ../../include/argv.h maillog_client.o: ../../include/attr.h maillog_client.o: ../../include/check_arg.h maillog_client.o: ../../include/htable.h diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index a504cce05..8953fe6a2 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -147,6 +147,9 @@ /* int warn_compat_break_mynetworks_style; /* /* char *var_maillog_file; +/* char *var_maillog_file_pfxs; +/* char *var_maillog_file_comp; +/* char *var_maillog_file_stamp; /* char *var_postlog_service; /* DESCRIPTION /* This module (actually the associated include file) defines @@ -352,6 +355,9 @@ char *var_drop_hdrs; bool var_enable_orcpt; char *var_maillog_file; +char *var_maillog_file_pfxs; +char *var_maillog_file_comp; +char *var_maillog_file_stamp; char *var_postlog_service; const char null_format_string[1] = ""; @@ -677,6 +683,9 @@ void mail_params_init() VAR_MULTI_GROUP, DEF_MULTI_GROUP, &var_multi_group, 0, 0, VAR_MULTI_NAME, DEF_MULTI_NAME, &var_multi_name, 0, 0, VAR_MAILLOG_FILE, DEF_MAILLOG_FILE, &var_maillog_file, 0, 0, + VAR_MAILLOG_FILE_PFXS, DEF_MAILLOG_FILE_PFXS, &var_maillog_file_pfxs, 1, 0, + VAR_MAILLOG_FILE_COMP, DEF_MAILLOG_FILE_COMP, &var_maillog_file_comp, 1, 0, + VAR_MAILLOG_FILE_STAMP, DEF_MAILLOG_FILE_STAMP, &var_maillog_file_stamp, 1, 0, VAR_POSTLOG_SERVICE, DEF_POSTLOG_SERVICE, &var_postlog_service, 1, 0, 0, }; diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 05b7fc283..cac8002d5 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -4180,6 +4180,18 @@ extern bool var_dns_ncache_ttl_fix; #define DEF_MAILLOG_FILE "" extern char *var_maillog_file; +#define VAR_MAILLOG_FILE_PFXS "maillog_file_prefixes" +#define DEF_MAILLOG_FILE_PFXS "/var, /dev/stdout" +extern char *var_maillog_file_pfxs; + +#define VAR_MAILLOG_FILE_COMP "maillog_file_compressor" +#define DEF_MAILLOG_FILE_COMP "gzip" +extern char *var_maillog_file_comp; + +#define VAR_MAILLOG_FILE_STAMP "maillog_file_rotate_suffix" +#define DEF_MAILLOG_FILE_STAMP "%Y%M%d-%H%M%S" +extern char *var_maillog_file_stamp; + #define VAR_POSTLOG_SERVICE "postlog_service_name" #define DEF_POSTLOG_SERVICE MAIL_SERVICE_POSTLOG extern char *var_postlog_service; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index f4675fa95..5bbc46706 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190129" +#define MAIL_RELEASE_DATE "20190201" #define MAIL_VERSION_NUMBER "3.4" #ifdef SNAPSHOT diff --git a/postfix/src/global/maillog_client.c b/postfix/src/global/maillog_client.c index ab8c91503..36def640d 100644 --- a/postfix/src/global/maillog_client.c +++ b/postfix/src/global/maillog_client.c @@ -81,10 +81,12 @@ * System library. */ #include +#include /* * Utility library. */ +#include #include #include #include @@ -205,6 +207,21 @@ void maillog_client_init(const char *progname, int flags) char *myhostname; char *service_path; + if (var_maillog_file && *var_maillog_file) { + ARGV *good_prefixes = argv_split(var_maillog_file_pfxs, + CHARS_COMMA_SP); + char **cpp; + + for (cpp = good_prefixes->argv; /* see below */ ; cpp++) { + if (*cpp == 0) + msg_fatal("%s value '%s' does not match any prefix in %s", + VAR_MAILLOG_FILE, var_maillog_file, + VAR_MAILLOG_FILE_PFXS); + if (strncmp(var_maillog_file, *cpp, strlen(*cpp)) == 0) + break; + } + argv_free(good_prefixes); + } if (var_myhostname && *var_myhostname) { myhostname = var_myhostname; } else if ((myhostname = import_hostname) == 0) { diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index 1758c411d..f8b3de450 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -77,6 +77,14 @@ /* This feature is available in Postfix 2.1 and later. With /* Postfix 2.0 and earlier, use "\fB$config_directory/post-install /* set-permissions\fR". +/* .IP "\fBlogrotate\fR" +/* Rotate the logfile specified with $maillog_file, by appending +/* a time-stamp suffix that is formatted according to +/* $maillog_file_rotate_suffix, and by compressing the file +/* with the command specified with $maillog_file_compressor. +/* This will not rotate /dev/* files. +/* .sp +/* This feature is available in Postfix 3.4 and later. /* .IP "\fBtls\fR \fIsubcommand\fR" /* Enable opportunistic TLS in the Postfix SMTP client or /* server, and manage Postfix SMTP server TLS private keys and @@ -229,6 +237,14 @@ /* .IP "\fBmaillog_file (empty)\fR" /* The name of an optional logfile that is written by the Postfix /* \fBpostlogd\fR(8) service. +/* .IP "\fBmaillog_file_compressor (gzip)\fR" +/* The program to run after rotating $maillog_file with "postfix +/* logrotate". +/* .IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR" +/* A list of allowed prefixes for a maillog_file value. +/* .IP "\fBmaillog_file_rotate_suffix (%Y%M%d-%H%M%S)\fR" +/* The format of the suffix to append to $maillog_file while rotating +/* the file with "postfix logrotate". /* .IP "\fBpostlog_service_name (postlog)\fR" /* The name of the \fBpostlogd\fR(8) service entry in master.cf. /* FILES -- 2.47.3