20170206
- Bugfix (introduced: Postfix 3.0): when check_mumble_a_access
+ Bugfix (introduced: Postfix 3.0): check_mumble_a_access
did not handle [ipaddress], unlike check_mumble_mx_access.
When check_mumble_a_access was introduced, some condition
was not updated. Reported by James (postfix_tracker). File:
Cleanup: typofixes from klemens. The only change in compiled
code is in one identical mysql error message that also
appears in the pgsql client. Files: about 50.
+
+20170221
+
+ Compatibility fix (introduced: Postfix 3.1): some Milter
+ applications do not recognize macros sent as {name} when macros
+ have single-character names. Postfix now sends such macros
+ without {} as it has done historically. Viktor Dukhovni. File:
+ milter/milter.c.
+
+20170228
+
+ Documentation: re-word scary warnings at the top of SASL_README
+ and TLS_README.
+
+20170402
+
+ Bugfix (introduced: Postfix 3.2): restore the SMTP server
+ receive override options at the end of an SMTP session,
+ after the options may have been modified by an smtpd_milter_maps
+ setting of "DISABLE". Problem report by Christian Rößner,
+ root cause analysis by Viktor Dukhovni. File: smtpd/smtpd.c.
+
+20170430
+
+ Safety net: append a null byte to vstring buffers, so that
+ C-style string operations won't scribble past the end. File:
+ vstring.[hc].
|_______________________________|_____________________________________________|
| |Specifies options for the postfix-install |
|POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, |
-| |the only supported option is "-keep-new- |
+| |the only supported option is "-keep-build- |
| |mtime". |
|_______________________________|_____________________________________________|
| |Specifies non-default compiler options for |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
| |Specifies options for the postfix-install |
|POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, |
-| |the only supported option is "-keep-new- |
+| |the only supported option is "-keep-build- |
| |mtime". |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
| |Specifies non-default compiler options for |
-------------------------------------------------------------------------------
-W\bWa\bar\brn\bni\bin\bng\bg
-
-People who go to the trouble of installing Postfix may have the expectation
-that Postfix is more secure than some other mailers. The Cyrus SASL library
-contains a lot of code. With this, Postfix becomes as secure as other mail
-systems that use the Cyrus SASL library. Dovecot provides an alternative that
-may be worth considering.
-
H\bHo\bow\bw P\bPo\bos\bst\btf\bfi\bix\bx u\bus\bse\bes\bs S\bSA\bAS\bSL\bL a\bau\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn
SMTP servers need to decide whether an SMTP client is authorized to send mail
belong to the specific SASL implementation that Postfix will use. This document
covers both the Postfix and non-Postfix configuration.
+NOTE: People who go to the trouble of installing Postfix may have the
+expectation that Postfix is more secure than some other mailers. The Cyrus SASL
+library contains a lot of code. With this, Postfix becomes as secure as other
+mail systems that use the Cyrus SASL library. Dovecot provides an alternative
+that may be worth considering.
+
You can read more about the following topics:
* Configuring SASL authentication in the Postfix SMTP server
-------------------------------------------------------------------------------
-W\bWA\bAR\bRN\bNI\bIN\bNG\bG
-
-By turning on TLS support in Postfix, you not only get the ability to encrypt
-mail and to authenticate remote SMTP clients or servers. You also turn on
-thousands and thousands of lines of OpenSSL library code. Assuming that OpenSSL
-is written as carefully as Wietse's own code, every 1000 lines introduce one
-additional bug into Postfix.
-
W\bWh\bha\bat\bt P\bPo\bos\bst\btf\bfi\bix\bx T\bTL\bLS\bS s\bsu\bup\bpp\bpo\bor\brt\bt d\bdo\boe\bes\bs f\bfo\bor\br y\byo\bou\bu
Transport Layer Security (TLS, formerly called SSL) provides certificate-based
authentication and encrypted sessions. An encrypted session protects the
information that is transmitted with SMTP mail or with SASL authentication.
- NOTE: This document describes a TLS user interface that was introduced
- with Postfix version 2.3. Support for an older user interface is documented
- in TLS_LEGACY_README, which also describes the differences between Postfix
- and the third-party patch on which Postfix version 2.2 TLS support was
- based.
+NOTE: By turning on TLS support in Postfix, you not only get the ability to
+encrypt mail and to authenticate remote SMTP clients or servers. You also turn
+on hundreds of thousands of lines of OpenSSL library code. Assuming that
+OpenSSL is written as carefully as Wietse's own code, every 1000 lines
+introduce one additional bug into Postfix.
Topics covered in this document:
Disable -DSNAPSHOT and -DNONPROD in makedefs.
+ Merge in the code to relax smtp_mx_address_limit if 'strict'
+ enforcement would result in the elimination of one IP address
+ family.
+
Convert postalias(1) to store external-form keys, and convert
aliases(5) to perform external-first lookup with fallback to
internal form, to make it consistent with the rest of Postfix.
In the bounce daemon, set util_utf8_enable if returning an
SMTPUTF8 message.
+ Merge in the code to check database client configuration
+ files for unknown or duplicate settings.
+
Add a header_body_checks extension callback in smtp_proto.c
that implements the PASS action.
<tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td>
Specifies options for the <tt>postfix-install</tt> command, separated
by whitespace. Currently, the only supported option is
-"<tt>-keep-new-mtime</tt>". </td> </tr>
+"<tt>-keep-build-mtime</tt>". </td> </tr>
<tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies
non-default compiler options for building Postfix dynamically-linked
<hr>
-<h2>Warning</h2>
-
-<p> People who go to the trouble of installing Postfix may have the
-expectation that Postfix is more secure than some other mailers.
-The Cyrus SASL library contains a lot of code. With this, Postfix
-becomes as secure as other mail systems that use the Cyrus SASL
-library. Dovecot provides an alternative that may be worth
-considering. </p>
-
<h2><a name="intro">How Postfix uses SASL authentication</a></h2>
<p> SMTP servers need to decide whether an SMTP client is authorized
implementation that Postfix will use. This document covers both the
Postfix and non-Postfix configuration. </p>
+<p> NOTE: People who go to the trouble of installing Postfix may
+have the expectation that Postfix is more secure than some other
+mailers. The Cyrus SASL library contains a lot of code. With this,
+Postfix becomes as secure as other mail systems that use the Cyrus
+SASL library. Dovecot provides an alternative that may be worth
+considering. </p>
+
<p> You can read more about the following topics: </p>
<ul>
<hr>
-<h2> WARNING </h2>
-
-<p> By turning on TLS support in Postfix, you not only get the
-ability to encrypt mail and to authenticate remote SMTP clients or servers.
-You also turn on thousands and thousands of lines of OpenSSL library
-code. Assuming that OpenSSL is written as carefully as Wietse's
-own code, every 1000 lines introduce one additional bug into
-Postfix. </p>
-
<h2> What Postfix TLS support does for you </h2>
<p> Transport Layer Security (TLS, formerly called SSL) provides
encrypted session protects the information that is transmitted with
SMTP mail or with SASL authentication. </p>
-<blockquote> <p> <a name="client_tls_obs"></a> <a
-name="client_tls_harden"></a> NOTE: This document describes a TLS
-user interface that was introduced with Postfix version 2.3. Support
-for an older user interface is documented in <a href="TLS_LEGACY_README.html">TLS_LEGACY_README</a>,
-which also describes the differences between Postfix and the
-third-party patch on which Postfix version 2.2 TLS support was
-based. </p> </blockquote>
+<p> NOTE: By turning on TLS support in Postfix, you not only get
+the ability to encrypt mail and to authenticate remote SMTP clients
+or servers. You also turn on hundreds of thousands of lines of
+OpenSSL library code. Assuming that OpenSSL is written as carefully
+as Wietse's own code, every 1000 lines introduce one additional bug
+into Postfix. </p>
<p> Topics covered in this document: </p>
The directory with Postfix support programs and daemon programs.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix process will
- import from a non-Postfix parent process.
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
<b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
- An optional list of non-default Postfix configuration directo-
- ries; these directories belong to additional Postfix instances
- that share the Postfix executable files and documentation with
- the default Postfix instance, and that are started, stopped,
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance.
<b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
The optional instance name of this Postfix instance.
<b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
- Allow this Postfix instance to be started, stopped, etc., by a
+ Allow this Postfix instance to be started, stopped, etc., by a
multi-instance manager.
<b><a href="postconf.5.html#postmulti_start_commands">postmulti_start_commands</a> (start)</b>
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
treats as "start" commands.
<b><a href="postconf.5.html#postmulti_stop_commands">postmulti_stop_commands</a> (see 'postconf -d' output)</b>
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
treats as "stop" commands.
<b><a href="postconf.5.html#postmulti_control_commands">postmulti_control_commands</a> (reload flush)</b>
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
treats as "control" commands, that operate on running instances.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix 3.0 and later:
<b><a href="postconf.5.html#meta_directory">meta_directory</a> (see 'postconf -d' output)</b>
- The location of non-executable files that are shared among mul-
- tiple Postfix instances, such as postfix-files, dynamicmaps.cf,
- and
the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">mas-
+ The location of non-executable files that are shared among mul-
+ tiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+ and
the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">mas-
ter.cf</a>.proto.
<b><a href="postconf.5.html#shlib_directory">shlib_directory</a> (see 'postconf -d' output)</b>
- The location of Postfix dynamically-linked libraries (libpost-
- fix-*.so), and the default location of Postfix database plugins
- (postfix-*.so) that have a relative pathname in the dynam-
+ The location of Postfix dynamically-linked libraries (libpost-
+ fix-*.so), and the default location of Postfix database plugins
+ (postfix-*.so) that have a relative pathname in the dynam-
icmaps.cf file.
<b>FILES</b>
.IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
The directory with Postfix support programs and daemon programs.
.IP "\fBimport_environment (see 'postconf -d' output)\fR"
-The list of environment parameters that a Postfix process will
-import from a non\-Postfix parent process.
+The list of environment parameters that a privileged Postfix
+process will import from a non\-Postfix parent process, or name=value
+environment overrides.
.IP "\fBmulti_instance_directories (empty)\fR"
An optional list of non\-default Postfix configuration directories;
these directories belong to additional Postfix instances that share
<tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td>
Specifies options for the <tt>postfix-install</tt> command, separated
by whitespace. Currently, the only supported option is
-"<tt>-keep-new-mtime</tt>". </td> </tr>
+"<tt>-keep-build-mtime</tt>". </td> </tr>
<tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies
non-default compiler options for building Postfix dynamically-linked
<hr>
-<h2>Warning</h2>
-
-<p> People who go to the trouble of installing Postfix may have the
-expectation that Postfix is more secure than some other mailers.
-The Cyrus SASL library contains a lot of code. With this, Postfix
-becomes as secure as other mail systems that use the Cyrus SASL
-library. Dovecot provides an alternative that may be worth
-considering. </p>
-
<h2><a name="intro">How Postfix uses SASL authentication</a></h2>
<p> SMTP servers need to decide whether an SMTP client is authorized
implementation that Postfix will use. This document covers both the
Postfix and non-Postfix configuration. </p>
+<p> NOTE: People who go to the trouble of installing Postfix may
+have the expectation that Postfix is more secure than some other
+mailers. The Cyrus SASL library contains a lot of code. With this,
+Postfix becomes as secure as other mail systems that use the Cyrus
+SASL library. Dovecot provides an alternative that may be worth
+considering. </p>
+
<p> You can read more about the following topics: </p>
<ul>
<hr>
-<h2> WARNING </h2>
-
-<p> By turning on TLS support in Postfix, you not only get the
-ability to encrypt mail and to authenticate remote SMTP clients or servers.
-You also turn on thousands and thousands of lines of OpenSSL library
-code. Assuming that OpenSSL is written as carefully as Wietse's
-own code, every 1000 lines introduce one additional bug into
-Postfix. </p>
-
<h2> What Postfix TLS support does for you </h2>
<p> Transport Layer Security (TLS, formerly called SSL) provides
encrypted session protects the information that is transmitted with
SMTP mail or with SASL authentication. </p>
-<blockquote> <p> <a name="client_tls_obs"></a> <a
-name="client_tls_harden"></a> NOTE: This document describes a TLS
-user interface that was introduced with Postfix version 2.3. Support
-for an older user interface is documented in TLS_LEGACY_README,
-which also describes the differences between Postfix and the
-third-party patch on which Postfix version 2.2 TLS support was
-based. </p> </blockquote>
+<p> NOTE: By turning on TLS support in Postfix, you not only get
+the ability to encrypt mail and to authenticate remote SMTP clients
+or servers. You also turn on hundreds of thousands of lines of
+OpenSSL library code. Assuming that OpenSSL is written as carefully
+as Wietse's own code, every 1000 lines introduce one additional bug
+into Postfix. </p>
<p> Topics covered in this document: </p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20170218"
+#define MAIL_RELEASE_DATE "20170502"
#define MAIL_VERSION_NUMBER "3.3"
#ifdef SNAPSHOT
VSTRING *canon_buf = vstring_alloc(20);
const char *value;
const char *name;
+ const char *cname;
while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) {
if (msg_verbose)
msg_info("%s: \"%s\"", myname, name);
if (*name != '{') /* } */
- name = STR(vstring_sprintf(canon_buf, "{%s}", name));
- if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) {
+ cname = STR(vstring_sprintf(canon_buf, "{%s}", name));
+ else
+ cname = name;
+ if ((value = milters->mac_lookup(cname, milters->mac_context)) != 0) {
if (msg_verbose)
msg_info("%s: result \"%s\"", myname, value);
argv_add(argv, name, value, (char *) 0);
} else if (milters->macro_defaults != 0
- && (value = htable_find(milters->macro_defaults, name)) != 0) {
+ && (value = htable_find(milters->macro_defaults, cname)) != 0) {
if (msg_verbose)
msg_info("%s: using default \"%s\"", myname, value);
argv_add(argv, name, value, (char *) 0);
/* .IP "\fBdaemon_directory (see 'postconf -d' output)\fR"
/* The directory with Postfix support programs and daemon programs.
/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
-/* The list of environment parameters that a Postfix process will
-/* import from a non-Postfix parent process.
+/* The list of environment parameters that a privileged Postfix
+/* process will import from a non-Postfix parent process, or name=value
+/* environment overrides.
/* .IP "\fBmulti_instance_directories (empty)\fR"
/* An optional list of non-default Postfix configuration directories;
/* these directories belong to additional Postfix instances that share
milter_free(state->milters);
state->milters = 0;
}
+ smtpd_input_transp_mask =
+ input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
}
dict_static_test dict_inline_test midna_domain_test casefold_test \
dict_utf8_test strcasecmp_utf8_test vbuf_print_test dict_regexp_test \
dict_union_test dict_pipe_test miss_endif_cidr_test \
- miss_endif_pcre_test miss_endif_regexp_test split_qnameval_test
+ miss_endif_pcre_test miss_endif_regexp_test split_qnameval_test \
+ vstring_test
root_tests:
diff dict_pipe_test.ref dict_pipe_test.tmp
rm -f dict_pipe_test.tmp
+vstring_test: dict_open vstring vstring_test.ref
+ $(SHLIB_ENV) ./vstring one two three >vstring_test.tmp 2>&1
+ diff vstring_test.ref vstring_test.tmp
+ rm -f vstring_test.tmp
+
depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \
*
* The length overflow tests here and in vstring_alloc() should protect us
* against all length overflow problems within vstring library routines.
+ *
+ * Safety net: add a gratuitous null terminator so that C-style string
+ * operations won't scribble past the end.
*/
if ((bp->flags & VSTRING_FLAG_EXACT) == 0 && bp->len > incr)
incr = bp->len;
- if (bp->len > SSIZE_T_MAX - incr)
+ if (bp->len > SSIZE_T_MAX - incr - 1)
msg_fatal("vstring_extend: length overflow");
new_len = bp->len + incr;
- bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len);
+ bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1);
+ bp->data[new_len] = 0;
bp->len = new_len;
bp->ptr = bp->data + used;
bp->cnt = bp->len - used;
{
VSTRING *vp;
- if (len < 1)
+ /*
+ * Safety net: add a gratuitous null terminator so that C-style string
+ * operations won't scribble past the end.
+ */
+ if (len < 1 || len > SSIZE_T_MAX - 1)
msg_panic("vstring_alloc: bad length %ld", (long) len);
vp = (VSTRING *) mymalloc(sizeof(*vp));
vp->vbuf.flags = 0;
vp->vbuf.len = 0;
- vp->vbuf.data = (unsigned char *) mymalloc(len);
+ vp->vbuf.data = (unsigned char *) mymalloc(len + 1);
+ vp->vbuf.data[len] = 0;
vp->vbuf.len = len;
VSTRING_RESET(vp);
vp->vbuf.data[0] = 0;
int main(int argc, char **argv)
{
VSTRING *vp = vstring_alloc(1);
+ int n;
+
+ /*
+ * Report the location of the gratuitous null terminator.
+ */
+ for (n = 1; n <= 5; n++) {
+ VSTRING_ADDCH(vp, 'x');
+ printf("payload/buffer size %d/%ld, strlen() %ld\n",
+ n, (long) (vp)->vbuf.len, (long) strlen(vstring_str(vp)));
+ }
+ VSTRING_RESET(vp);
while (argc-- > 0) {
vstring_strcat(vp, *argv++);
vstring_strcat(vp, ".");
#define VSTRING_LEN(vp) ((ssize_t) ((vp)->vbuf.ptr - (vp)->vbuf.data))
#define vstring_end(vp) ((char *) (vp)->vbuf.ptr)
#define VSTRING_TERMINATE(vp) do { \
- if ((vp)->vbuf.cnt <= 0) \
- VSTRING_SPACE((vp),1); \
*(vp)->vbuf.ptr = 0; \
} while (0)
#define VSTRING_RESET(vp) do { \
--- /dev/null
+payload/buffer size 1/1, strlen() 1
+payload/buffer size 2/2, strlen() 2
+payload/buffer size 3/4, strlen() 4
+payload/buffer size 4/4, strlen() 4
+payload/buffer size 5/8, strlen() 8
+argv concatenated: ./vstring.one.two.three.
projects / thirdparty / postfix.git / commitdiff
