From: Wietse Venema Date: Sun, 3 Apr 2022 05:00:00 +0000 (-0500) Subject: postfix-3.8-20220403 X-Git-Tag: v3.8.0-RC1~29 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=42cb5deee006eeb4f2c07c8a85bf1cf21914bc7f;p=thirdparty%2Fpostfix.git postfix-3.8-20220403 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 61b4c8521..4447ce573 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -26311,7 +26311,7 @@ Apologies for any names omitted. Documentation: updated comment text. File: util/hash_fnv.c. -29220312 +20220312 Cleanup: when a main.cf like file may have changed while it was read, forget the settings before re-reading the file. @@ -26328,3 +26328,17 @@ Apologies for any names omitted. Documentation: how to stop recursion in virtual_alias_maps. File: proto/virtual. + +20220330 + + Documentation: updated the postlogd(8) daemon manpage, + adding that the Postfix >= 3.7 postlog(1) command can run + with setgid permissions. File: postlogd/postlogd.c. + +20220403 + + Cleanup: milter_hader_checks maps are now opened before the + cleanup server enters the chroot jail. Files: cleanup/cleanup.h, + cleanup/cleanup_init.c, cleanup/cleanup_milter.c, + global/header_body_checks.c, global/header_body_checks.h, + global/maps.c, global/maps.h, smtp/smtp.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index c6672507e..b60afff26 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -10,10 +10,6 @@ Wish list: expectations when different reply patterns have different weights. We need a compatibility_level feature to correct this. - In the cleanup daemon, open the milter*header_checks greedily, - before the chroot() call. This code is implemented and needs - to be tested. - In the pgsql: client, make the client encoding configurable with a sensible default (UTF8). This code is implemented and needs to be tested. diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 98d8879ce..6748e635a 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -478,10 +478,7 @@ SMTP(8) SMTP(8) TLS_README document. smtp_tls_security_level (empty) - The default SMTP TLS security level for the Postfix SMTP client; - when a non-empty value is specified, this overrides the obsolete - parameters smtp_use_tls, smtp_enforce_tls, and - smtp_tls_enforce_peername. + The default SMTP TLS security level for the Postfix SMTP client. smtp_sasl_tls_security_options ($smtp_sasl_security_options) The SASL authentication security options that the Postfix SMTP @@ -657,8 +654,8 @@ SMTP(8) SMTP(8) Available in Postfix version 3.0 and later: smtp_tls_wrappermode (no) - Request that the Postfix SMTP client connects using the legacy - SMTPS protocol instead of using the STARTTLS command. + Request that the Postfix SMTP client connects using the SUBMIS- + SIONS/SMTPS protocol instead of using the STARTTLS command. Available in Postfix version 3.1 and later: @@ -854,7 +851,7 @@ SMTP(8) SMTP(8) smtputf8_enable (yes) Enable preliminary SMTPUTF8 support for the protocols described - in RFC 6531..6533. + in RFC 6531, RFC 6532, and RFC 6533. smtputf8_autodetect_classes (sendmail, verify) Detect that a message requires SMTPUTF8 support for the speci- diff --git a/postfix/html/postlogd.8.html b/postfix/html/postlogd.8.html index dbf827ca4..bd26cb85c 100644 --- a/postfix/html/postlogd.8.html +++ b/postfix/html/postlogd.8.html @@ -31,8 +31,8 @@ POSTLOGD(8) POSTLOGD(8) log_file (also, logging to stdout would interfere with the operation of some of these programs). These programs can log to postlogd(8) if they are run by the super-user, or if their executable file has set-gid per- - mission. Do not set this permission on programs other than postdrop(1) - and postqueue(1). + mission. Do not set this permission on programs other than postdrop(1), + postqueue(1) and (Postfix >= 3.7) postlog(1). CONFIGURATION PARAMETERS Changes to main.cf are picked up automatically, as postlogd(8) pro- diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 98d8879ce..6748e635a 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -478,10 +478,7 @@ SMTP(8) SMTP(8) TLS_README document. smtp_tls_security_level (empty) - The default SMTP TLS security level for the Postfix SMTP client; - when a non-empty value is specified, this overrides the obsolete - parameters smtp_use_tls, smtp_enforce_tls, and - smtp_tls_enforce_peername. + The default SMTP TLS security level for the Postfix SMTP client. smtp_sasl_tls_security_options ($smtp_sasl_security_options) The SASL authentication security options that the Postfix SMTP @@ -657,8 +654,8 @@ SMTP(8) SMTP(8) Available in Postfix version 3.0 and later: smtp_tls_wrappermode (no) - Request that the Postfix SMTP client connects using the legacy - SMTPS protocol instead of using the STARTTLS command. + Request that the Postfix SMTP client connects using the SUBMIS- + SIONS/SMTPS protocol instead of using the STARTTLS command. Available in Postfix version 3.1 and later: @@ -854,7 +851,7 @@ SMTP(8) SMTP(8) smtputf8_enable (yes) Enable preliminary SMTPUTF8 support for the protocols described - in RFC 6531..6533. + in RFC 6531, RFC 6532, and RFC 6533. smtputf8_autodetect_classes (sendmail, verify) Detect that a message requires SMTPUTF8 support for the speci- diff --git a/postfix/man/man8/postlogd.8 b/postfix/man/man8/postlogd.8 index 19112f2bd..9168a3429 100644 --- a/postfix/man/man8/postlogd.8 +++ b/postfix/man/man8/postlogd.8 @@ -34,8 +34,8 @@ Other non\-daemon Postfix programs will never write directly to with the operation of some of these programs). These programs can log to \fBpostlogd\fR(8) if they are run by the super\-user, or if their executable file has set\-gid permission. Do not -set this permission on programs other than \fBpostdrop\fR(1) -and \fBpostqueue\fR(1). +set this permission on programs other than \fBpostdrop\fR(1), +\fBpostqueue\fR(1) and (Postfix >= 3.7) \fBpostlog\fR(1). .SH "CONFIGURATION PARAMETERS" .na .nf diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 477972540..eaa14495b 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -460,9 +460,7 @@ FROM command in SASL\-authenticated SMTP sessions. Detailed information about STARTTLS configuration may be found in the TLS_README document. .IP "\fBsmtp_tls_security_level (empty)\fR" -The default SMTP TLS security level for the Postfix SMTP client; -when a non\-empty value is specified, this overrides the obsolete -parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +The default SMTP TLS security level for the Postfix SMTP client. .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" The SASL authentication security options that the Postfix SMTP client uses for TLS encrypted SMTP sessions. @@ -595,7 +593,7 @@ The name of the \fBtlsmgr\fR(8) service entry in master.cf. Available in Postfix version 3.0 and later: .IP "\fBsmtp_tls_wrappermode (no)\fR" Request that the Postfix SMTP client connects using the -legacy SMTPS protocol instead of using the STARTTLS command. +SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command. .PP Available in Postfix version 3.1 and later: .IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR" @@ -760,7 +758,7 @@ transport. Preliminary SMTPUTF8 support is introduced with Postfix 3.0. .IP "\fBsmtputf8_enable (yes)\fR" Enable preliminary SMTPUTF8 support for the protocols described -in RFC 6531..6533. +in RFC 6531, RFC 6532, and RFC 6533. .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" Detect that a message requires SMTPUTF8 support for the specified mail origin classes. diff --git a/postfix/src/cleanup/cleanup.h b/postfix/src/cleanup/cleanup.h index 43de26f37..9c557119f 100644 --- a/postfix/src/cleanup/cleanup.h +++ b/postfix/src/cleanup/cleanup.h @@ -170,6 +170,7 @@ extern VSTRING *cleanup_strip_chars; /* * Milters. */ +extern MAPS *cleanup_milt_head_checks; extern MILTERS *cleanup_milters; /* diff --git a/postfix/src/cleanup/cleanup_init.c b/postfix/src/cleanup/cleanup_init.c index 9ae728607..ffe40ba16 100644 --- a/postfix/src/cleanup/cleanup_init.c +++ b/postfix/src/cleanup/cleanup_init.c @@ -278,6 +278,7 @@ int cleanup_ext_prop_mask; /* * Milter support. */ +MAPS *cleanup_milt_head_checks; MILTERS *cleanup_milters; /* @@ -411,6 +412,10 @@ void cleanup_pre_jail(char *unused_name, char **unused_argv) maps_create(VAR_RCPT_BCC_MAPS, var_rcpt_bcc_maps, DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX | DICT_FLAG_UTF8_REQUEST); + if (*var_milt_head_checks) + cleanup_milt_head_checks = + maps_create(VAR_MILT_HEAD_CHECKS, var_milt_head_checks, + DICT_FLAG_LOCK); if (*var_cleanup_milters) cleanup_milters = milter_create(var_cleanup_milters, var_milt_conn_time, diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index 05237deb7..6da61575c 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -506,10 +506,8 @@ static void cleanup_milter_hbc_add_meta_records(CLEANUP_STATE *state) static void cleanup_milter_header_checks_init(CLEANUP_STATE *state) { -#define NO_NESTED_HDR_NAME "" -#define NO_NESTED_HDR_VALUE "" -#define NO_MIME_HDR_NAME "" -#define NO_MIME_HDR_VALUE "" +#define NO_NESTED_HDR_MAPS ((MAPS *) 0) +#define NO_MIME_HDR_MAPS ((MAPS *) 0) static /* XXX not const */ HBC_CALL_BACKS call_backs = { cleanup_milter_hbc_log, @@ -518,9 +516,9 @@ static void cleanup_milter_header_checks_init(CLEANUP_STATE *state) }; state->milter_hbc_checks = - hbc_header_checks_create(VAR_MILT_HEAD_CHECKS, var_milt_head_checks, - NO_MIME_HDR_NAME, NO_MIME_HDR_VALUE, - NO_NESTED_HDR_NAME, NO_NESTED_HDR_VALUE, + hbc_header_checks_create(cleanup_milt_head_checks, + NO_MIME_HDR_MAPS, + NO_NESTED_HDR_MAPS, &call_backs); state->milter_hbc_reply = vstring_alloc(100); if (state->filter) @@ -2150,7 +2148,7 @@ void cleanup_milter_inspect(CLEANUP_STATE *state, MILTERS *milters) /* * Prologue: prepare for Milter header/body checks. */ - if (*var_milt_head_checks) + if (cleanup_milt_head_checks) cleanup_milter_header_checks_init(state); /* @@ -2164,7 +2162,7 @@ void cleanup_milter_inspect(CLEANUP_STATE *state, MILTERS *milters) /* * Epilogue: finalize Milter header/body checks. */ - if (*var_milt_head_checks) + if (cleanup_milt_head_checks) cleanup_milter_hbc_finish(state); if (msg_verbose) @@ -2321,6 +2319,7 @@ char *var_milt_daemon_name = "host.example.com"; char *var_milt_v = DEF_MILT_V; MILTERS *cleanup_milters = (MILTERS *) ((char *) sizeof(*cleanup_milters)); char *var_milt_head_checks = ""; +MAPS *cleanup_milt_head_checks; /* Dummies to satisfy unused external references. */ @@ -2587,6 +2586,8 @@ int main(int unused_argc, char **argv) cleanup_milter_hbc_finish(state); myfree(var_milt_head_checks); var_milt_head_checks = ""; + maps_free(cleanup_milt_head_checks); + cleanup_milt_head_checks = 0; } close_queue_file(state); } else if (state->milter_hbc_reply && LEN(state->milter_hbc_reply)) { @@ -2694,6 +2695,8 @@ int main(int unused_argc, char **argv) msg_warn("can't change header checks"); } else { var_milt_head_checks = mystrdup(argv->argv[1]); + cleanup_milt_head_checks = maps_create(VAR_MILT_HEAD_CHECKS, + var_milt_head_checks, DICT_FLAG_LOCK); cleanup_milter_header_checks_init(state); } } else if (strcmp(argv->argv[0], "sender_bcc_maps") == 0) { @@ -2726,8 +2729,10 @@ int main(int unused_argc, char **argv) msg_info("errs = %s", cleanup_strerror(state->errs)); } cleanup_state_free(state); - if (*var_milt_head_checks) + if (*var_milt_head_checks) myfree(var_milt_head_checks); + if (cleanup_milt_head_checks) + maps_free(cleanup_milt_head_checks); return (0); } diff --git a/postfix/src/global/header_body_checks.c b/postfix/src/global/header_body_checks.c index 0252dd192..74a4f6f95 100644 --- a/postfix/src/global/header_body_checks.c +++ b/postfix/src/global/header_body_checks.c @@ -19,23 +19,15 @@ /* } HBC_CALL_BACKS; /* /* HBC_CHECKS *hbc_header_checks_create( -/* header_checks_name, header_checks_value -/* mime_header_checks_name, mime_header_checks_value, -/* nested_header_checks_name, nested_header_checks_value, -/* call_backs) -/* const char *header_checks_name; -/* const char *header_checks_value; -/* const char *mime_header_checks_name; -/* const char *mime_header_checks_value; -/* const char *nested_header_checks_name; -/* const char *nested_header_checks_value; +/* header_checks_maps, mime_header_checks_maps, +/* nested_header_checks_maps, call_backs) +/* MAPS *header_checks_maps; +/* MAPS *mime_header_checks_maps; +/* MAPS *nested_header_checks_maps; /* HBC_CALL_BACKS *call_backs; /* -/* HBC_CHECKS *hbc_body_checks_create( -/* body_checks_name, body_checks_value, -/* call_backs) -/* const char *body_checks_name; -/* const char *body_checks_value; +/* HBC_CHECKS *hbc_body_checks_create(body_check_maps, call_backs) +/* MAPS *body_check_maps; /* HBC_CALL_BACKS *call_backs; /* /* char *hbc_header_checks(context, hbc, header_class, hdr_opts, header) @@ -71,11 +63,14 @@ /* /* hbc_header_checks_create() creates a context for header /* inspection. This function is typically called once during -/* program initialization. The result is a null pointer when -/* all _value arguments specify zero-length strings; in this +/* program initialization. The result is a null pointer when +/* all _maps arguments specify a null pointer; in this /* case, hbc_header_checks() and hbc_header_checks_free() must /* not be called. /* +/* Note: hbc_header_checks_create() does not take ownership +/* of its _maps arguments. +/* /* hbc_header_checks() inspects the specified logical header. /* The result is either the original header, HBC_CHECKS_STAT_IGNORE /* (meaning: discard the header), HBC_CHECKS_STAT_ERROR, or a @@ -194,27 +189,15 @@ char hbc_checks_error; const char hbc_checks_unknown; /* - * Header checks are stored as an array of HBC_MAP_INFO structures, one - * structure for each header class (MIME_HDR_PRIMARY, MIME_HDR_MULTIPART, or - * MIME_HDR_NESTED). + * Header checks are stored as an array of MAPS pointers, one for each + * header class (MIME_HDR_PRIMARY, MIME_HDR_MULTIPART, or MIME_HDR_NESTED). * - * Body checks are stored as one single HBC_MAP_INFO structure, because we make - * no distinction between body segments. + * Body checks are stored as a single MAPS pointer, because we make no + * distinction between body segments. */ #define HBC_HEADER_INDEX(class) ((class) - MIME_HDR_FIRST) #define HBC_BODY_INDEX (0) -#define HBC_INIT(hbc, index, name, value) do { \ - HBC_MAP_INFO *_mp = (hbc)->map_info + (index); \ - if (*(value) != 0) { \ - _mp->map_class = (name); \ - _mp->maps = maps_create((name), (value), DICT_FLAG_LOCK); \ - } else { \ - _mp->map_class = 0; \ - _mp->maps = 0; \ - } \ - } while (0) - /* How does the action routine know where we are? */ #define HBC_CTXT_HEADER "header" @@ -295,7 +278,7 @@ static char *hbc_action(void *context, HBC_CALL_BACKS *cb, if (STREQUAL(cmd, "IGNORE", cmd_len)) /* XXX Not logged for compatibility with cleanup(8). */ return (HBC_CHECKS_STAT_IGNORE); - + if (STREQUAL(cmd, "DUNNO", cmd_len) /* preferred */ ||STREQUAL(cmd, "OK", cmd_len)) /* compatibility */ return ((char *) line); @@ -312,7 +295,7 @@ char *hbc_header_checks(void *context, HBC_CHECKS *hbc, int header_class, { const char *myname = "hbc_header_checks"; const char *action; - HBC_MAP_INFO *mp; + MAPS *mp; if (msg_verbose) msg_info("%s: '%.30s'", myname, STR(header)); @@ -323,13 +306,13 @@ char *hbc_header_checks(void *context, HBC_CHECKS *hbc, int header_class, if (hdr_opts && (hdr_opts->flags & HDR_OPT_MIME)) header_class = MIME_HDR_MULTIPART; - mp = hbc->map_info + HBC_HEADER_INDEX(header_class); + mp = hbc->map_info[HBC_HEADER_INDEX(header_class)]; - if (mp->maps != 0 && (action = maps_find(mp->maps, STR(header), 0)) != 0) { + if (mp != 0 && (action = maps_find(mp, STR(header), 0)) != 0) { return (hbc_action(context, hbc->call_backs, - mp->map_class, HBC_CTXT_HEADER, action, + maps_title(mp), HBC_CTXT_HEADER, action, STR(header), LEN(header), offset)); - } else if (mp->maps && mp->maps->error) { + } else if (mp && mp->error) { return (HBC_CHECKS_STAT_ERROR); } else { return (STR(header)); @@ -343,18 +326,18 @@ char *hbc_body_checks(void *context, HBC_CHECKS *hbc, const char *line, { const char *myname = "hbc_body_checks"; const char *action; - HBC_MAP_INFO *mp; + MAPS *mp; if (msg_verbose) msg_info("%s: '%.30s'", myname, line); - mp = hbc->map_info; + mp = hbc->map_info[0]; - if ((action = maps_find(mp->maps, line, 0)) != 0) { + if ((action = maps_find(mp, line, 0)) != 0) { return (hbc_action(context, hbc->call_backs, - mp->map_class, HBC_CTXT_BODY, action, + maps_title(mp), HBC_CTXT_BODY, action, line, len, offset)); - } else if (mp->maps->error) { + } else if (mp->error) { return (HBC_CHECKS_STAT_ERROR); } else { return ((char *) line); @@ -363,12 +346,9 @@ char *hbc_body_checks(void *context, HBC_CHECKS *hbc, const char *line, /* hbc_header_checks_create - create header checking context */ -HBC_CHECKS *hbc_header_checks_create(const char *header_checks_name, - const char *header_checks_value, - const char *mime_header_checks_name, - const char *mime_header_checks_value, - const char *nested_header_checks_name, - const char *nested_header_checks_value, +HBC_CHECKS *hbc_header_checks_create(MAPS *header_checks_maps, + MAPS *mime_header_checks_maps, + MAPS *nested_header_checks_maps, HBC_CALL_BACKS *call_backs) { HBC_CHECKS *hbc; @@ -376,27 +356,26 @@ HBC_CHECKS *hbc_header_checks_create(const char *header_checks_name, /* * Optimize for the common case. */ - if (*header_checks_value == 0 && *mime_header_checks_value == 0 - && *nested_header_checks_value == 0) { + if (header_checks_maps == 0 && mime_header_checks_maps == 0 + && nested_header_checks_maps == 0) { return (0); } else { hbc = (HBC_CHECKS *) mymalloc(sizeof(*hbc) - + (MIME_HDR_LAST - MIME_HDR_FIRST) * sizeof(HBC_MAP_INFO)); + + (MIME_HDR_LAST - MIME_HDR_FIRST) * sizeof(hbc->map_info)); hbc->call_backs = call_backs; - HBC_INIT(hbc, HBC_HEADER_INDEX(MIME_HDR_PRIMARY), - header_checks_name, header_checks_value); - HBC_INIT(hbc, HBC_HEADER_INDEX(MIME_HDR_MULTIPART), - mime_header_checks_name, mime_header_checks_value); - HBC_INIT(hbc, HBC_HEADER_INDEX(MIME_HDR_NESTED), - nested_header_checks_name, nested_header_checks_value); + hbc->map_info[HBC_HEADER_INDEX(MIME_HDR_PRIMARY)] = + header_checks_maps; + hbc->map_info[HBC_HEADER_INDEX(MIME_HDR_MULTIPART)] = + mime_header_checks_maps; + hbc->map_info[HBC_HEADER_INDEX(MIME_HDR_NESTED)] = + nested_header_checks_maps; return (hbc); } } /* hbc_body_checks_create - create body checking context */ -HBC_CHECKS *hbc_body_checks_create(const char *body_checks_name, - const char *body_checks_value, +HBC_CHECKS *hbc_body_checks_create(MAPS *body_checks_maps, HBC_CALL_BACKS *call_backs) { HBC_CHECKS *hbc; @@ -404,12 +383,12 @@ HBC_CHECKS *hbc_body_checks_create(const char *body_checks_name, /* * Optimize for the common case. */ - if (*body_checks_value == 0) { + if (body_checks_maps == 0) { return (0); } else { hbc = (HBC_CHECKS *) mymalloc(sizeof(*hbc)); hbc->call_backs = call_backs; - HBC_INIT(hbc, HBC_BODY_INDEX, body_checks_name, body_checks_value); + hbc->map_info[HBC_BODY_INDEX] = body_checks_maps; return (hbc); } } @@ -418,11 +397,6 @@ HBC_CHECKS *hbc_body_checks_create(const char *body_checks_name, void _hbc_checks_free(HBC_CHECKS *hbc, ssize_t len) { - HBC_MAP_INFO *mp; - - for (mp = hbc->map_info; mp < hbc->map_info + len; mp++) - if (mp->maps) - maps_free(mp->maps); myfree((void *) hbc); } @@ -603,13 +577,18 @@ int main(int argc, char **argv) body_out, body_end, err_print, (void *) &context); + +#define MAPS_OR_NULL(name, value) \ + (*(value) ? maps_create((name), (value), DICT_FLAG_LOCK) : (MAPS *) 0) + context.header_checks = - hbc_header_checks_create("header_checks", argv[1], - "mime_header_checks", argv[2], - "nested_header_checks", argv[3], + hbc_header_checks_create(MAPS_OR_NULL("header_checks", argv[1]), + MAPS_OR_NULL("mime_header_checks", argv[2]), + MAPS_OR_NULL("nested_header_checks", argv[3]), call_backs); context.body_checks = - hbc_body_checks_create("body_checks", argv[4], call_backs); + hbc_body_checks_create(MAPS_OR_NULL("body_checks", argv[4]), + call_backs); context.buf = vstring_alloc(100); context.fp = VSTREAM_OUT; context.queueid = "test-queueID"; diff --git a/postfix/src/global/header_body_checks.h b/postfix/src/global/header_body_checks.h index 7a2718e05..abdfcc75e 100644 --- a/postfix/src/global/header_body_checks.h +++ b/postfix/src/global/header_body_checks.h @@ -28,11 +28,6 @@ /* * External interface. */ -typedef struct { - const char *map_class; /* parameter name */ - MAPS *maps; /* map handle */ -} HBC_MAP_INFO; - typedef struct { void (*logger) (void *, const char *, const char *, const char *, const char *); void (*prepend) (void *, int, const char *, ssize_t, off_t); @@ -41,19 +36,16 @@ typedef struct { typedef struct { HBC_CALL_BACKS *call_backs; - HBC_MAP_INFO map_info[1]; /* actually, a bunch */ + MAPS *map_info[1]; /* actually, a bunch; NOT owned */ } HBC_CHECKS; #define HBC_CHECKS_STAT_IGNORE ((char *) 0) #define HBC_CHECKS_STAT_ERROR (&hbc_checks_error) #define HBC_CHECKS_STAT_UNKNOWN (&hbc_checks_unknown) -extern HBC_CHECKS *hbc_header_checks_create(const char *, const char *, - const char *, const char *, - const char *, const char *, +extern HBC_CHECKS *hbc_header_checks_create(MAPS *, MAPS *, MAPS *, HBC_CALL_BACKS *); -extern HBC_CHECKS *hbc_body_checks_create(const char *, const char *, - HBC_CALL_BACKS *); +extern HBC_CHECKS *hbc_body_checks_create(MAPS *, HBC_CALL_BACKS *); extern char *hbc_header_checks(void *, HBC_CHECKS *, int, const HEADER_OPTS *, VSTRING *, off_t); extern char *hbc_body_checks(void *, HBC_CHECKS *, const char *, ssize_t, off_t); diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b27d33690..dc3a36f2d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20220325" +#define MAIL_RELEASE_DATE "20220403" #define MAIL_VERSION_NUMBER "3.8" #ifdef SNAPSHOT diff --git a/postfix/src/global/maps.c b/postfix/src/global/maps.c index 7c84e9aa0..599d724f2 100644 --- a/postfix/src/global/maps.c +++ b/postfix/src/global/maps.c @@ -21,6 +21,9 @@ /* const char *key; /* int flags; /* +/* const char *maps_title(maps) +/* MAPS *maps; +/* /* MAPS *maps_free(maps) /* MAPS *maps; /* DESCRIPTION @@ -48,6 +51,9 @@ /* the base64 lookup result. This requires that the maps are /* opened with DICT_FLAG_SRC_RHS_IS_FILE. /* +/* maps_title() returns a pointer to a copy of the title +/* specified with maps_create(). +/* /* maps_free() releases storage claimed by maps_create() /* and conveniently returns a null pointer. /* diff --git a/postfix/src/global/maps.h b/postfix/src/global/maps.h index 04ee6dc93..bf12845f9 100644 --- a/postfix/src/global/maps.h +++ b/postfix/src/global/maps.h @@ -28,6 +28,8 @@ typedef struct MAPS { extern MAPS *maps_create(const char *, const char *, int); extern const char *maps_find(MAPS *, const char *, int); extern const char *maps_file_find(MAPS *, const char *, int); + +#define maps_title(maps) ((const char *) ((maps)->title)) extern MAPS *maps_free(MAPS *); /* LICENSE diff --git a/postfix/src/postlogd/postlogd.c b/postfix/src/postlogd/postlogd.c index 4c6db6362..902cbe5d3 100644 --- a/postfix/src/postlogd/postlogd.c +++ b/postfix/src/postlogd/postlogd.c @@ -26,8 +26,8 @@ /* with the operation of some of these programs). These programs /* can log to \fBpostlogd\fR(8) if they are run by the super-user, /* or if their executable file has set-gid permission. Do not -/* set this permission on programs other than \fBpostdrop\fR(1) -/* and \fBpostqueue\fR(1). +/* set this permission on programs other than \fBpostdrop\fR(1), +/* \fBpostqueue\fR(1) and (Postfix >= 3.7) \fBpostlog\fR(1). /* CONFIGURATION PARAMETERS /* .ad /* .fi diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 0561d070c..798a53b32 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -426,9 +426,7 @@ /* Detailed information about STARTTLS configuration may be found /* in the TLS_README document. /* .IP "\fBsmtp_tls_security_level (empty)\fR" -/* The default SMTP TLS security level for the Postfix SMTP client; -/* when a non-empty value is specified, this overrides the obsolete -/* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +/* The default SMTP TLS security level for the Postfix SMTP client. /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" /* The SASL authentication security options that the Postfix SMTP /* client uses for TLS encrypted SMTP sessions. @@ -561,7 +559,7 @@ /* Available in Postfix version 3.0 and later: /* .IP "\fBsmtp_tls_wrappermode (no)\fR" /* Request that the Postfix SMTP client connects using the -/* legacy SMTPS protocol instead of using the STARTTLS command. +/* SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command. /* .PP /* Available in Postfix version 3.1 and later: /* .IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR" @@ -720,7 +718,7 @@ /* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. /* .IP "\fBsmtputf8_enable (yes)\fR" /* Enable preliminary SMTPUTF8 support for the protocols described -/* in RFC 6531..6533. +/* in RFC 6531, RFC 6532, and RFC 6533. /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" /* Detect that a message requires SMTPUTF8 support for the specified /* mail origin classes. @@ -1092,7 +1090,7 @@ int var_smtp_sasl_auth_cache_time; bool var_smtp_sasl_auth_soft_bounce; char *var_hfrom_format; -bool var_smtp_bind_addr_enforce; +bool var_smtp_bind_addr_enforce; /* * Global variables. @@ -1541,13 +1539,16 @@ static void pre_init(char *unused_name, char **unused_argv) /* * Header/body checks. */ +#define MAPS_OR_NULL(name, value) \ + (*(value) ? maps_create((name), (value), DICT_FLAG_LOCK) : (MAPS *) 0) + smtp_header_checks = hbc_header_checks_create( - VAR_LMTP_SMTP(HEAD_CHKS), var_smtp_head_chks, - VAR_LMTP_SMTP(MIME_CHKS), var_smtp_mime_chks, - VAR_LMTP_SMTP(NEST_CHKS), var_smtp_nest_chks, + MAPS_OR_NULL(VAR_LMTP_SMTP(HEAD_CHKS), var_smtp_head_chks), + MAPS_OR_NULL(VAR_LMTP_SMTP(MIME_CHKS), var_smtp_mime_chks), + MAPS_OR_NULL(VAR_LMTP_SMTP(NEST_CHKS), var_smtp_nest_chks), smtp_hbc_callbacks); smtp_body_checks = hbc_body_checks_create( - VAR_LMTP_SMTP(BODY_CHKS), var_smtp_body_chks, + MAPS_OR_NULL(VAR_LMTP_SMTP(BODY_CHKS), var_smtp_body_chks), smtp_hbc_callbacks); /*