From: Wietse Venema <wietse@porcupine.org>
Date: Mon, 5 Jun 2023 05:00:00 +0000 (-0500)
Subject: postfix-3.9-20230605
X-Git-Tag: v3.9.0~50
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0abb45ca0732fc039e0f43b66ed441d283eb2565;p=thirdparty%2Fpostfix.git

postfix-3.9-20230605
---

diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index d03060f7c..c41d91711 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -31,7 +31,7 @@ Incompatible changes with snapshot 20230603
 
 Security: the Postfix SMTP server by default disconnects remote
 SMTP clients that violate RFC 2920 (or 5321) command pipelining
-constraints. The server replies with "421 4.7.0 Error: SMTP protocol
+constraints. The server replies with "554 5.5.0 Error: SMTP protocol
 synchronization" and logs the unexpected remote SMTP client input.
 Specify "smtpd_reject_unauth_pipelining = no" to disable.
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 9535ef09b..eb23a25a0 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -15733,13 +15733,13 @@ This feature is available in Postfix 2.0 and later.
 (default: Postfix &ge; 3.9: yes)</b></DT><DD>
 
 <p> Disconnect remote SMTP clients that violate <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (or 5321)
-command pipelining constraints. The server replies with "421 4.7.0
+command pipelining constraints. The server replies with "554 5.5.0
 Error: SMTP protocol synchronization" and logs the unexpected remote
 SMTP client input. This feature is enabled by default with Postfix
 &ge; 3.9. Specify "<a href="postconf.5.html#smtpd_forbid_unauth_pipelining">smtpd_forbid_unauth_pipelining</a> = no" to disable.
 </p>
 
-<p> This feature is available in Postfix 3.9 &ge; 3.9, 3.8.1, 3.7.6,
+<p> This feature is available in Postfix &ge; 3.9, 3.8.1, 3.7.6,
 3.6.10, and 3.5.20. </p>
 
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index b7d58aeb5..6d47fd547 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -10826,12 +10826,12 @@ parameter $name expansion.
 This feature is available in Postfix 2.0 and later.
 .SH smtpd_forbid_unauth_pipelining (default: Postfix >= 3.9: yes)
 Disconnect remote SMTP clients that violate RFC 2920 (or 5321)
-command pipelining constraints. The server replies with "421 4.7.0
+command pipelining constraints. The server replies with "554 5.5.0
 Error: SMTP protocol synchronization" and logs the unexpected remote
 SMTP client input. This feature is enabled by default with Postfix
 >= 3.9. Specify "smtpd_forbid_unauth_pipelining = no" to disable.
 .PP
-This feature is available in Postfix 3.9 >= 3.9, 3.8.1, 3.7.6,
+This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6,
 3.6.10, and 3.5.20.
 .SH smtpd_forbidden_commands (default: CONNECT GET POST regexp:{{/^[^A\-Z]/ Bogus}})
 List of commands that cause the Postfix SMTP server to immediately
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 5de6a5a45..a4419c03a 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -18850,11 +18850,11 @@ MinProtocol = TLSv1
 %PARAM smtpd_forbid_unauth_pipelining Postfix &ge; 3.9: yes
 
 <p> Disconnect remote SMTP clients that violate RFC 2920 (or 5321)
-command pipelining constraints. The server replies with "421 4.7.0
+command pipelining constraints. The server replies with "554 5.5.0
 Error: SMTP protocol synchronization" and logs the unexpected remote
 SMTP client input. This feature is enabled by default with Postfix
 &ge; 3.9. Specify "smtpd_forbid_unauth_pipelining = no" to disable.
 </p>
 
-<p> This feature is available in Postfix 3.9 &ge; 3.9, 3.8.1, 3.7.6,
+<p> This feature is available in Postfix &ge; 3.9, 3.8.1, 3.7.6,
 3.6.10, and 3.5.20. </p>
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index bfd8dc175..0e47acfaa 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20230603"
+#define MAIL_RELEASE_DATE	"20230605"
 #define MAIL_VERSION_NUMBER	"3.9"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index c8feef7c0..06dd86d99 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -5632,7 +5632,7 @@ static void smtpd_proto(SMTPD_STATE *state)
 	    && smtpd_flag_ill_pipelining(state)
 	    && var_smtpd_forbid_unauth_pipe) {
 	    smtpd_chat_reply(state,
-			  "421 4.7.0 Error: SMTP protocol synchronization");
+			  "554 5.5.0 Error: SMTP protocol synchronization");
 	    break;
 	}
 
@@ -5875,7 +5875,7 @@ static void smtpd_proto(SMTPD_STATE *state)
 		&& smtpd_flag_ill_pipelining(state)
 		&& var_smtpd_forbid_unauth_pipe) {
 		smtpd_chat_reply(state,
-			  "421 4.7.0 Error: SMTP protocol synchronization");
+			  "554 5.5.0 Error: SMTP protocol synchronization");
 		break;
 	    }
 	    if (cmdp->action(state, argc, argv) != 0)