From a4af8bc9fda126dd201e7ecb86fc4a1d448678aa Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sun, 5 Jun 2011 00:00:00 -0500 Subject: [PATCH] postfix-2.9-20110605 --- postfix/HISTORY | 24 +++++++++++ postfix/README_FILES/POSTSCREEN_README | 25 ++++------- postfix/WISHLIST | 27 ++++++++++++ postfix/html/POSTSCREEN_README.html | 22 ++++------ postfix/html/postconf.5.html | 17 ++++---- postfix/html/postdrop.1.html | 2 +- postfix/man/man5/postconf.5 | 16 +++---- postfix/proto/POSTSCREEN_README.html | 22 ++++------ postfix/proto/postconf.proto | 17 ++++---- postfix/src/global/mail_version.h | 2 +- postfix/src/master/master_ent.c | 6 ++- postfix/src/postdrop/postdrop.c | 4 +- postfix/src/postscreen/postscreen.h | 2 +- postfix/src/postscreen/postscreen_state.c | 2 +- postfix/src/postscreen/postscreen_tests.c | 51 +++++++++++++---------- postfix/src/smtpd/smtpd_check.c | 4 +- 16 files changed, 147 insertions(+), 96 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 35735c497..0b653fac5 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -16804,3 +16804,27 @@ Apologies for any names omitted. bouncing mail to alias) alias owner lookup. Problem reported by William Ono. Files: local/command.c, local/mailbox.c, local/unknown.c, local/bounce_workaround.c. + +20110516 + + Update the warning when permit_naked_ip_address is used, + and add permit_sasl_authenticated to the list of suggested + alternatives. File: smtpd/smtpd_check.c. + +20110601 + + Bugfix (introduced Postfix 2.6 with master_service_disable) + loop control error when parsing a malformed master.cf file. + Found by Coverity. File: master/master_ent.c. + +20110602 + + Bugfix (introduced: Postfix 2.7): "sendmail -t" reported + "protocol error" after queue file write error. File: + postdrop/postdrop.c. + +20110605 + + Cleanup: removed the PSC_STATE_FLAG_CACHE_EXPIRED flag. + Nothing uses this anymore. Files: postscreen/postscreen.h, + postscreen/postscreen_state.c, postscreen/postscreen_tests.c. diff --git a/postfix/README_FILES/POSTSCREEN_README b/postfix/README_FILES/POSTSCREEN_README index 71fb3eb33..999772858 100644 --- a/postfix/README_FILES/POSTSCREEN_README +++ b/postfix/README_FILES/POSTSCREEN_README @@ -15,7 +15,8 @@ impact on legitimate email traffic. postscreen(8) should not be used on SMTP ports that receive mail from end-user clients (MUAs). In a typical deployment, postscreen(8) is used on the "port 25" -service, while MUA clients submit mail via the submission service. +service, while MUA clients submit mail via the submission service (port 587) +which normally requires client authentication. postscreen(8) is part of a multi-layer defense. @@ -36,8 +37,8 @@ postscreen(8) is part of a multi-layer defense. applications. Each layer reduces the spam volume. The general strategy is to use the less -expensive defenses first, and to use the more expensive defenses for the spam -that remains. +expensive defenses first, and to use the more expensive defenses only for the +spam that remains. Topics in this document: @@ -171,22 +172,14 @@ parameters. Expired entries are silently renewed if possible. MMXX PPoolliiccyy tteesstt When the remote SMTP client is not on the static access list or temporary -whitelist, postscreen(8) can implement a number of whitelist tests before it -grants the client a temporary whitelist status to talk to a Postfix SMTP server -process. +whitelist, postscreen(8) can implement a number of whitelist tests, before it +grants the client a temporary whitelist status that allows it to talk to a +Postfix SMTP server process. By listening on both primary and backup MX addresses, postscreen(8) can deny the temporary whitelist status to clients that connect only to backup MX hosts -(an old trick to take advantage of backup MX hosts with weaker anti-spam -policies). - -Note 1: The status of this feature is still experimental, and implementation -details are likely to change. - -Note 2: MX policy enforcement is currently supported only for domains with one -Postfix MTA. Support for domains with multiple Postfix MTAs will have to wait -until Postfix has a database client that can update a shared postscreen(8) -database. +(an old spammer trick to take advantage of backup MX hosts with weaker anti- +spam policies than primary MX hosts). * First, configure the host to listen on both primary and backup MX addresses. Use the appropriate ifconfig command for the local operating diff --git a/postfix/WISHLIST b/postfix/WISHLIST index f2a13b73f..2bc3bc716 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -8,6 +8,33 @@ Wish list: Make the rules for how to use close-on-exec more explicit. + Trick from amavisd: save listen socket/fifo/etc state, clear + their close-on-exec flags, exec the same program file to + re-initialize (with saved socket state on command line or + in environment), then restore the listen socket/fifo/etc + close-on-exec flags. This could be a way to mitigate the + impact of memory/file leaks, and to implement "postfix + reload" support for master(8) features that currently don't + support this. + + postscreen: wait for DNS completion after early HANGUP + and log DNSBL. + + Some Sendmail configurations trigger sub-optimal behavior + when the postscreen_whitelist_interfaces parameter lists + primary MX addresses only. When postscreen's "deep protocol + tests" are successful on the primary MX address (i.e. they + result in 4XX responses to RCPT TO), some Sendmail + configurations keep the primary MX connection open until + AFTER they finish talking to the backup MX address. The + problem is that the backup connection runs into a WHITELIST + VETO condition because the whitelisting database has not + yet been updated with the PASS NEW result for the primary + MX connection. Unfortunately postscreen can't update the + whitelisting database before the primary MX connection is + closed, because a client may still make a mistake. + + Don't forget Apple's code donation for fetching mail from IMAP server. diff --git a/postfix/html/POSTSCREEN_README.html b/postfix/html/POSTSCREEN_README.html index 6b501fdec..bd4e66677 100644 --- a/postfix/html/POSTSCREEN_README.html +++ b/postfix/html/POSTSCREEN_README.html @@ -31,7 +31,8 @@ pass its tests; by allowing whitelisted clients to skip tests,

postscreen(8) should not be used on SMTP ports that receive mail from end-user clients (MUAs). In a typical deployment, postscreen(8) is used on the "port 25" service, while MUA clients -submit mail via the submission service.

+submit mail via the submission service (port 587) which normally +requires client authentication.

postscreen(8) is part of a multi-layer defense.

@@ -59,7 +60,7 @@ SpamAssassin, and Milter applications.

Each layer reduces the spam volume. The general strategy is to use the less expensive defenses first, and to use the more expensive -defenses for the spam that remains.

+defenses only for the spam that remains.

Topics in this document:

@@ -233,21 +234,14 @@ parameters. Expired entries are silently renewed if possible.

When the remote SMTP client is not on the static access list or temporary whitelist, postscreen(8) can implement a number of -whitelist tests before it grants the client a temporary whitelist -status to talk to a Postfix SMTP server process.

+whitelist tests, before it grants the client a temporary whitelist +status that allows it to talk to a Postfix SMTP server process.

By listening on both primary and backup MX addresses, postscreen(8) can deny the temporary whitelist status to clients that connect -only to backup MX hosts (an old trick to take advantage of backup -MX hosts with weaker anti-spam policies).

- -

Note 1: The status of this feature is still experimental, and -implementation details are likely to change.

- -

Note 2: MX policy enforcement is currently supported only for -domains with one Postfix MTA. Support for domains with multiple -Postfix MTAs will have to wait until Postfix has a database client -that can update a shared postscreen(8) database.

+only to backup MX hosts (an old spammer trick to take advantage of +backup MX hosts with weaker anti-spam policies than primary MX +hosts).