From: Wietse Venema Date: Mon, 26 Oct 2020 05:00:00 +0000 (-0500) Subject: postfix-3.6-20201026 X-Git-Tag: v3.6.0-RC1~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5671f91c4de26241a0cb9215ed91bb6bf9e230f6;p=thirdparty%2Fpostfix.git postfix-3.6-20201026 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 2986dbb26..62eca85a5 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -25236,8 +25236,9 @@ Apologies for any names omitted. Feature: local_login_sender_maps to lock down the envelope sender addresses that the postdrop command will accept. The - default is backwards compatible. Files: postdrop/postdrop.c, - global/mail_params.h, global/local_sender_login_match.[hc], + default is backwards compatible. Developed with input from + Demi M. Obenour. Files: postdrop/postdrop.c, global/mail_params.h, + global/local_sender_login_match.[hc], global/local_sender_login_match.in, global/local_sender_login_match.ref, global/quote_822_local.c, global/quote_822_local.in, global/quote_822_local.ref, @@ -25245,3 +25246,9 @@ Apologies for any names omitted. Bugfix (introduced: Postfix 2.3): static maps did not free their casefolding buffer. File: util/dict_static.c. + +20201026 + + Cleanup: changed the postdrop numerical UID prefix from "#" + to "uid:", and tweaked some local_login_sender_maps + documentatin. Files: proto/postconf.proto, postdrop/postdrop.c. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index dc6e9bb56..8b902330e 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -25,6 +25,43 @@ more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. +Major changes with snapshot 20201025 +==================================== + +Fine-grained control over the envelope sender address for submission +with the Postfix sendmail (or postdrop) commands. + +The local_login_sender_maps parameter (default: static:*) specifies +a list of lookup tables that are searched by the UNIX login name, and +that return a list of allowed envelope sender patterns separated by +space or comma. The default is backwards-compatible: every user may +specify any sender envelope address. + +When no UNIX login name is available, the Postfix postdrop command +will prepend "uid:" to the numerical UID and use that instead. + +This feature ignores address extensions in the user-specified +envelope sender address. + +Besides the special pattern "*" which allows any sender address, +there are "<>" which matches an empty sender address, and the +"@domain" wilcard pattern. More information about those can be found +in the postconf(5) manpage. + +Example: + +/etc/postfix/main.cf: + # Allow root and postfix full control, anyone else can only + # send mail as themselves. Use "uid:" followed by the numerical + # UID when the UID has no entry in the UNIX password file. + local_login_sender_maps = + inline:{ { root = *}, { postfix = * } }, + pcre:/etc/postfix/login_senders + +/etc/postfix/login_senders: + # Allow both the bare username and the user@domain forms. + /(.+)/ $1 $1@example.com + Major changes with snapshot 20201003 ==================================== diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 1fa04137e..95c418fe7 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -5867,29 +5867,30 @@ system.

and that return a list of allowed envelope sender patterns separated by space or comma. These sender patterns are enforced by the Postfix postdrop(1) command. The default is backwards-compatible: -every user may specify any envelope information.

+every user may specify any sender envelope address.

-

When no UNIX login name is available, the postdrop command will -prepend '#' to the numerical UID and use that instead.

+

When no UNIX login name is available, the postdrop(1) command will +prepend "uid:" to the numerical UID and use that instead.

-

Before checking a sender address against local_login_sender_maps, -Postfix will strip an address extension based on the current -recipient_delimiter value. +

This feature ignores address extensions in the user-specified +envelope sender address.

The following sender patterns are special; these cannot be used as part of a longer pattern.

-
+
-
*
This pattern allows everything.
+
*
This pattern allows any envelope sender address. +
-
<>
This pattern allows the null sender -address. It is configured with the +
<>
This pattern allows the empty +envelope sender address. See the empty_address_local_login_sender_maps_lookup_key configuration parameter.
-
@domain
This pattern allows a sender -address when the '@' and domain part match.
+
@domain
This pattern allows an +envelope sender address when the '@' and domain part +match.
@@ -5898,8 +5899,8 @@ address when the '@' and domain part match. 
 /etc/postfix/main.cf:
     # Allow root and postfix full control, anyone else can only
-    # send mail as themselves. Use # followed by the numerical UID
-    # when the UID has no entry in the UNIX password file.
+    # send mail as themselves. Use "uid:" followed by the numerical
+    # UID when the UID has no entry in the UNIX password file.
     local_login_sender_maps =
         inline:{ { root = *}, { postfix = * } },
         pcre:/etc/postfix/login_senders
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 6ef9b413b..93525b472 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -3547,29 +3547,29 @@ A list of lookup tables that are searched by the UNIX login name,
 and that return a list of allowed envelope sender patterns separated
 by space or comma. These sender patterns are enforced by the Postfix
 \fBpostdrop\fR(1) command. The default is backwards\-compatible:
-every user may specify any envelope information.
+every user may specify any sender envelope address.
 .PP
-When no UNIX login name is available, the postdrop command will
-prepend '#' to the numerical UID and use that instead.
+When no UNIX login name is available, the \fBpostdrop\fR(1) command will
+prepend "\fBuid:\fR" to the numerical UID and use that instead.
 .PP
-Before checking a sender address against local_login_sender_maps,
-Postfix will strip an address extension based on the current
-recipient_delimiter value.
+This feature ignores address extensions in the user\-specified
+envelope sender address.
 .PP
 The following sender patterns are special; these cannot be used
 as part of a longer pattern.
 .IP "\fB * \fR
-This pattern allows everything.
+This pattern allows any envelope sender address.
 .br
 .IP "\fB <> \fR"
-This pattern allows the null sender
-address. It is configured with the
+This pattern allows the empty
+envelope sender address. See the
 empty_address_local_login_sender_maps_lookup_key configuration
 parameter.
 .br
-.IP "\fB @\fIdomain\fR\fR"
-This pattern allows a sender
-address when the '@' and \fIdomain\fR part match.
+.IP "\fB @\fR\fIdomain\fR"
+This pattern allows an
+envelope sender address when the '\fB@\fR' and \fIdomain\fR part
+match.
 .br
 .br
 .PP
@@ -3580,8 +3580,8 @@ Examples:
 .ft C
 /etc/postfix/main.cf:
     # Allow root and postfix full control, anyone else can only
-    # send mail as themselves. Use # followed by the numerical UID
-    # when the UID has no entry in the UNIX password file.
+    # send mail as themselves. Use "uid:" followed by the numerical
+    # UID when the UID has no entry in the UNIX password file.
     local_login_sender_maps =
         inline:{ { root = *}, { postfix = * } },
         pcre:/etc/postfix/login_senders
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 62c0abb8f..c3a93430b 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -17906,29 +17906,30 @@ value to disable the feature. 

 and that return a list of allowed envelope sender patterns separated
 by space or comma. These sender patterns are enforced by the Postfix
 postdrop(1) command. The default is backwards-compatible:
-every user may specify any envelope information.  

+every user may specify any sender envelope address. 

 
-
 When no UNIX login name is available, the postdrop command will 
-prepend '#' to the numerical UID and use that instead. 

+
 When no UNIX login name is available, the postdrop(1) command will 
+prepend "uid:" to the numerical UID and use that instead. 

 
-
 Before checking a sender address against local_login_sender_maps,
-Postfix will strip an address extension based on the current
-recipient_delimiter value.
+
 This feature ignores address extensions in the user-specified
+envelope sender address. 

 
 
 The following sender patterns are special; these cannot be used
 as part of a longer pattern. 

 
-

+

 
-
  *  
 This pattern allows everything. 

+
  *  
 This pattern allows any envelope sender address.
+

 
-
  <>  
 
 This pattern allows the null sender
-address. It is configured with the
+
  <>  
 
 This pattern allows the empty
+envelope sender address. See the
 empty_address_local_login_sender_maps_lookup_key configuration
 parameter. 

 
-
  @domain 
 
 This pattern allows a sender
-address when the '@' and domain part match. 

+
  @domain 
 
 This pattern allows an
+envelope sender address when the '@' and domain part
+match. 

 
 

 
@@ -17937,8 +17938,8 @@ address when the '@' and domain part match. 
 
 /etc/postfix/main.cf:
     # Allow root and postfix full control, anyone else can only
-    # send mail as themselves. Use # followed by the numerical UID
-    # when the UID has no entry in the UNIX password file.
+    # send mail as themselves. Use "uid:" followed by the numerical
+    # UID when the UID has no entry in the UNIX password file.
     local_login_sender_maps = 
 	inline:{ { root = *}, { postfix = * } },
 	pcre:/etc/postfix/login_senders
diff --git a/postfix/src/global/login_sender_match.c b/postfix/src/global/login_sender_match.c
index 58f66c599..ded638d9b 100644
--- a/postfix/src/global/login_sender_match.c
+++ b/postfix/src/global/login_sender_match.c
@@ -296,6 +296,14 @@ int     main(int argc, char **argv)
 	    "inline:{root=*}, fail:sorry",
 	    "+-", "<>", "*", "root", "whatever", LSM_STAT_FOUND
 	},
+	{"unknown uid:number",
+	    "inline:{root=*, {uid:12345 = foo,foo@example.com}, bar=<>}",
+	    "+-", "<>", "*", "uid:54321", "foo", LSM_STAT_NOTFOUND
+	},
+	{"known uid:number",
+	    "inline:{root=*, {uid:12345 = foo,foo@example.com}, bar=<>}",
+	    "+-", "<>", "*", "uid:12345", "foo", LSM_STAT_FOUND
+	},
     };
     struct testcase *tp;
     int     act_return;
diff --git a/postfix/src/global/login_sender_match.ref b/postfix/src/global/login_sender_match.ref
index 35b488bb2..8dbb262f6 100644
--- a/postfix/src/global/login_sender_match.ref
+++ b/postfix/src/global/login_sender_match.ref
@@ -23,3 +23,7 @@ unknown: warning: fail:sorry lookup error for "baz"
 unknown: PASS test 10
 unknown: RUN test case 11 no error
 unknown: PASS test 11
+unknown: RUN test case 12 unknown uid:number
+unknown: PASS test 12
+unknown: RUN test case 13 known uid:number
+unknown: PASS test 13
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 8269e7ce7..588e5237c 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20201025"
+#define MAIL_RELEASE_DATE	"20201026"
 #define MAIL_VERSION_NUMBER	"3.6"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c
index f8b588c33..0ebd92a9b 100644
--- a/postfix/src/postdrop/postdrop.c
+++ b/postfix/src/postdrop/postdrop.c
@@ -271,7 +271,7 @@ static int check_login_sender_acl(uid_t uid, VSTRING *sender_buf,
 	user_name = user_info->pw_name;
     } else {
 	user_name_buf = vstring_alloc(10);
-	vstring_sprintf(user_name_buf, "#%ld", (long) uid);
+	vstring_sprintf(user_name_buf, "uid:%ld", (long) uid);
 	user_name = vstring_str(user_name_buf);
     }