From: Wietse Venema Date: Fri, 3 Oct 2008 05:00:00 +0000 (-0500) Subject: postfix-2.6-20081003 X-Git-Tag: v2.6.0-RC1~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=853d6c4eab05f28bebc66c6f228a372bb15fbbe8;p=thirdparty%2Fpostfix.git postfix-2.6-20081003 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index e306ca0e0..df86a0a7c 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14657,12 +14657,18 @@ Apologies for any names omitted. persistent EAGAIN error on a writable file descriptor. File: util/write_buf.c. -20081002 +20081003 Bugfix (introduced Postfix 2.1): the introduction of XFORWARD - support resulted in inaccurate logging and (delivery agent) - $name expansion. Specifically, Postfix no longer properly - distinguished between local submissions and submissions - from clients with unknown hostname etc. attributes. Files: - smtpd/smtpd.c, qmqpd/qmqpd.c, smtp/smtp_proto.c, - cleanup/cleanup_envelope.c. + support introduced cosmetic errors in the logging of client + attributes and in local(8)/pipe(8) $name expansion. Postfix + did not propagate that a message originated as a local + submission, and it sometimes failed to distinguish between + local submissions and submissions from clients with unknown + hostname etc. attributes. This also involves a minor change + to the XFORWARD protocol. Files: smtpd/smtpd.c, qmqpd/qmqpd.c, + smtp/smtp_proto.c, cleanup/cleanup_envelope.c, proto/XFORWARD.html. + + Feature: a DUNNO lookup result in per_sender_relayhost_maps + stops the search without replacing the next-hop destination. + File: trivial-rewrite/resolve.c. diff --git a/postfix/README_FILES/XFORWARD_README b/postfix/README_FILES/XFORWARD_README index d75f4aed5..40c5cb200 100644 --- a/postfix/README_FILES/XFORWARD_README +++ b/postfix/README_FILES/XFORWARD_README @@ -96,17 +96,16 @@ implementations should be prepared to receive unencoded information. XXFFOORRWWAARRDD SSeerrvveerr ooppeerraattiioonn Upon receipt of an initial XFORWARD command, the SMTP server initializes all -XFORWARD attributes to [UNAVAILABLE]. With each XFORWARD command, the server -overwrites attributes with the specified attribute values, and erases -attributes whose value is specified as [UNAVAILABLE]. Attributes that are not -specified in an XFORWARD command retain their current value. +XFORWARD attributes to [UNAVAILABLE]. With each valid XFORWARD command, the +server overwrites attributes with the specified values, and erases attributes +whose value is specified as [UNAVAILABLE]. -An ADDR attribute value of [UNAVAILABLE] indicates that the next MAIL FROM -transaction is a forwarded local submission. In this case the SMTP server -should ignore other client attributes. This behavior is available with Postfix -version 2.6. +When both the NAME and ADDR attributes have a value of [UNAVAILABLE], the next +MAIL FROM transaction corresponds to a local submission. In this case the SMTP +server must ignore the PORT and PROTO attributes. This behavior is available +with Postfix version 2.6. -At the end of the next MAIL FROM transaction (i.e. RSET or DOT), all XFORWARD +At the end of each MAIL FROM transaction (i.e. RSET or DOT), all XFORWARD attributes are reset to the real client information, and the SMTP server is ready to receive another initial XFORWARD command. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index a2e153f53..19c4d689c 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -11,9 +11,19 @@ instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. -Incompatibility with snapshot 20081002 +Incompatibility with snapshot 20081003 ====================================== +This release fixes cosmetic bugs in the way that Postfix propagates +the origin of email messages through SMTP-based content filters. +This changes the results of $name expansions by the local(8) and +pipe(8) delivery agents. With a local submission, the $client_hostname +etc. attributes now correctly expand into the empty string, instead +of information about the host that runs the content filter; and +with a remote submission from a client with an unknown hostname, +the $client_hostname attribute now correctly expands into "unknown" +instead of the empty string. + There is a minor change in the way that XFORWARD attributes are stored in queue files. These attributes are used to propagate remote client information through an SMTP-based content filter. If you @@ -25,7 +35,7 @@ you still have new local submissions in the mail queue, the older Postfix cleanup server may log "spurious null attribute value" warnings when it processes queue files from the newer Postfix version. The older cleanup server will ignore the null-valued -attributes, and no harm will be done. +attributes. Thus, no harm will be done. Incompatibility with snapshot 20080814 ====================================== diff --git a/postfix/html/XFORWARD_README.html b/postfix/html/XFORWARD_README.html index 100e8d38b..90f408a9a 100644 --- a/postfix/html/XFORWARD_README.html +++ b/postfix/html/XFORWARD_README.html @@ -144,17 +144,17 @@ unencoded information.

Upon receipt of an initial XFORWARD command, the SMTP server initializes all XFORWARD attributes to [UNAVAILABLE]. With each -XFORWARD command, the server overwrites attributes with the specified -attribute values, and erases attributes whose value is specified -as [UNAVAILABLE]. Attributes that are not specified in an XFORWARD -command retain their current value.

+valid XFORWARD command, the server overwrites attributes with the +specified values, and erases attributes whose value is specified +as [UNAVAILABLE].

-

An ADDR attribute value of [UNAVAILABLE] indicates that the -next MAIL FROM transaction is a forwarded local submission. In -this case the SMTP server should ignore other client attributes. -This behavior is available with Postfix version 2.6.

+

When both the NAME and ADDR attributes have a value of +[UNAVAILABLE], the next MAIL FROM transaction corresponds to a local +submission. In this case the SMTP server must ignore the PORT and +PROTO attributes. This behavior is available with Postfix version +2.6.

-

At the end of the next MAIL FROM transaction (i.e. RSET or DOT), +

At the end of each MAIL FROM transaction (i.e. RSET or DOT), all XFORWARD attributes are reset to the real client information, and the SMTP server is ready to receive another initial XFORWARD command.

diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 1f59f68d5..5b2039f1b 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -7303,7 +7303,9 @@ Example:

A sender-dependent override for the global relayhost parameter setting. The tables are searched by the envelope sender address and -@domain. This information is overruled with relay_transport, +@domain. A lookup result of DUNNO terminates the search without +overriding the global relayhost parameter setting. This information +is overruled with relay_transport, default_transport and with the transport(5) table.

For safety reasons, this feature does not allow $number diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 1f47ddb8a..e61646f80 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -4113,7 +4113,9 @@ sender_canonical_maps = hash:/etc/postfix/sender_canonical .SH sender_dependent_relayhost_maps (default: empty) A sender-dependent override for the global relayhost parameter setting. The tables are searched by the envelope sender address and -@domain. This information is overruled with relay_transport, +@domain. A lookup result of DUNNO terminates the search without +overriding the global relayhost parameter setting. This information +is overruled with relay_transport, default_transport and with the \fBtransport\fR(5) table. .PP For safety reasons, this feature does not allow $number diff --git a/postfix/proto/XFORWARD_README.html b/postfix/proto/XFORWARD_README.html index da08b80a4..a99fb13f1 100644 --- a/postfix/proto/XFORWARD_README.html +++ b/postfix/proto/XFORWARD_README.html @@ -144,17 +144,17 @@ unencoded information.

Upon receipt of an initial XFORWARD command, the SMTP server initializes all XFORWARD attributes to [UNAVAILABLE]. With each -XFORWARD command, the server overwrites attributes with the specified -attribute values, and erases attributes whose value is specified -as [UNAVAILABLE]. Attributes that are not specified in an XFORWARD -command retain their current value.

+valid XFORWARD command, the server overwrites attributes with the +specified values, and erases attributes whose value is specified +as [UNAVAILABLE].

-

An ADDR attribute value of [UNAVAILABLE] indicates that the -next MAIL FROM transaction is a forwarded local submission. In -this case the SMTP server should ignore other client attributes. -This behavior is available with Postfix version 2.6.

+

When both the NAME and ADDR attributes have a value of +[UNAVAILABLE], the next MAIL FROM transaction corresponds to a local +submission. In this case the SMTP server must ignore the PORT and +PROTO attributes. This behavior is available with Postfix version +2.6.

-

At the end of the next MAIL FROM transaction (i.e. RSET or DOT), +

At the end of each MAIL FROM transaction (i.e. RSET or DOT), all XFORWARD attributes are reset to the real client information, and the SMTP server is ready to receive another initial XFORWARD command.

diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index c453b095a..8ac9def8e 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -9339,7 +9339,9 @@ is placed into the Postfix configuration directory.

A sender-dependent override for the global relayhost parameter setting. The tables are searched by the envelope sender address and -@domain. This information is overruled with relay_transport, +@domain. A lookup result of DUNNO terminates the search without +overriding the global relayhost parameter setting. This information +is overruled with relay_transport, default_transport and with the transport(5) table.

For safety reasons, this feature does not allow $number diff --git a/postfix/src/global/mail_proto.h b/postfix/src/global/mail_proto.h index 82a026ca8..251595214 100644 --- a/postfix/src/global/mail_proto.h +++ b/postfix/src/global/mail_proto.h @@ -201,7 +201,7 @@ extern char *mail_pathname(const char *, const char *); #define MAIL_ATTR_VAL_UNKNOWN "unknown" #define MAIL_ATTR_IS_EXIST(a) (*(a)) -#define MAIL_ATTR_IS_KNOWN(a) (*(a)) && strcmp((a), MAIL_ATTR_VAL_UNKNOWN) +#define MAIL_ATTR_IS_KNOWN(a) ((*(a)) && strcmp((a), MAIL_ATTR_VAL_UNKNOWN)) /* * XCLIENT/XFORWARD in SMTP. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 27e4c43de..83cc90ac8 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20081002" +#define MAIL_RELEASE_DATE "20081003" #define MAIL_VERSION_NUMBER "2.6" #ifdef SNAPSHOT diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index c4e012013..b3a7b15a1 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -626,15 +626,15 @@ static int qmgr_message_read(QMGR_MESSAGE *message) } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_ADDR) == 0) { if (have_log_client_attr == 0 && message->client_addr == 0) message->client_addr = mystrdup(value); + } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) { + if (have_log_client_attr == 0 && message->client_port == 0) + message->client_port = mystrdup(value); } else if (strcmp(name, MAIL_ATTR_ACT_PROTO_NAME) == 0) { if (have_log_client_attr == 0 && message->client_proto == 0) message->client_proto = mystrdup(value); } else if (strcmp(name, MAIL_ATTR_ACT_HELO_NAME) == 0) { if (have_log_client_attr == 0 && message->client_helo == 0) message->client_helo = mystrdup(value); - } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) { - if (have_log_client_attr == 0 && message->client_port == 0) - message->client_port = mystrdup(value); } /* Original client attributes. */ else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_NAME) == 0) { diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index 5fd73e924..24a981ed7 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -667,15 +667,15 @@ static int qmgr_message_read(QMGR_MESSAGE *message) } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_ADDR) == 0) { if (have_log_client_attr == 0 && message->client_addr == 0) message->client_addr = mystrdup(value); + } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) { + if (have_log_client_attr == 0 && message->client_port == 0) + message->client_port = mystrdup(value); } else if (strcmp(name, MAIL_ATTR_ACT_PROTO_NAME) == 0) { if (have_log_client_attr == 0 && message->client_proto == 0) message->client_proto = mystrdup(value); } else if (strcmp(name, MAIL_ATTR_ACT_HELO_NAME) == 0) { if (have_log_client_attr == 0 && message->client_helo == 0) message->client_helo = mystrdup(value); - } else if (strcmp(name, MAIL_ATTR_ACT_CLIENT_PORT) == 0) { - if (have_log_client_attr == 0 && message->client_port == 0) - message->client_port = mystrdup(value); } /* Original client attributes. */ else if (strcmp(name, MAIL_ATTR_LOG_CLIENT_NAME) == 0) { diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c index 0ee036cd0..a4d1a00a1 100644 --- a/postfix/src/qmqpd/qmqpd.c +++ b/postfix/src/qmqpd/qmqpd.c @@ -318,7 +318,19 @@ static void qmqpd_write_attributes(QMQPD_STATE *state) { /* - * Provenance attributes for Milter policy etc. + * Logging attribute for the Postfix 2.3+ cleanup server. + */ + rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", + MAIL_ATTR_LOG_ORIGIN, state->namaddr); + + /* + * For consistency with the smtpd Milter client, we need to provide the + * real client attributes to the cleanup Milter client. This does not + * matter much with qmqpd which speaks to trusted clients only, but we + * want to be sure that the cleanup input protocol is ready when a new + * type of network daemon is added to receive mail from the Internet. + * + * See also the comments in smtpd.c. */ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_ACT_CLIENT_NAME, state->name); diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index e00ef6454..26668620e 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -1931,7 +1931,15 @@ int smtp_xfer(SMTP_STATE *state) } /* - * Use the XFORWARD command to send local/remote submission information. + * Use XFORWARD to forward the origin of this email message across an + * SMTP-based content filter. Send client attribute information even in + * the case of local submissions, which have no client attributes. This + * fixes a minor problem that was introduced with Postfix 2.1: no client + * attribute information was sent in the case of local submissions, and + * therefore local submissions appeared to originate from the SMTP-based + * content filter. To make this work we introduced one change to the + * XFORWARD protocol: when both NAME and ADDR values are [UNAVAILABLE], + * this is a local submission. */ send_name_addr = var_smtp_send_xforward diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index de017cf8e..09e608ace 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -1754,41 +1754,63 @@ static int mail_open_stream(SMTPD_STATE *state) if (SMTPD_STAND_ALONE(state) == 0) { /* - * Forwarded client attributes. + * Forwarded client attributes. These propagate original client + * information through an SMTP-based content filter, to improve + * the logging from an after-filter MTA. They are also used in + * $name expansions by the local(8) and pipe(8) delivery agents. * * In the case of a forwarded remote submission, store original * client attributes in our own internal representation: either - * actual values or "unknown"; don't bother with storing - * non-existent HELO attributes. + * actual values or "unknown". This fixes a problem that was + * introduced with Postfix 2.1: "unknown" got treated the same + * way as "non-existent". As before, we don't store non-existent + * HELO attributes. * * In the case of a forwarded local submission, specify explicitly - * that the original client attributes are non-existent. + * that the original client attributes are non-existent. This + * fixes another problem that was introduced with Postfix 2.1: + * forwarded local submissions could not override the content + * filter's own client attributes, so the message would appear to + * originate from the content filter. To make this work we + * introduced one change to the XFORWARD protocol: when both NAME + * and ADDR values are [UNAVAILABLE], this is a local submission. */ if (state->xforward.flags & SMTPD_STATE_XFORWARD_CLIENT_MASK) { - if (MAIL_ATTR_IS_KNOWN(FORWARD_ADDR(state))) { + if (MAIL_ATTR_IS_KNOWN(FORWARD_NAME(state)) + || MAIL_ATTR_IS_KNOWN(FORWARD_ADDR(state))) { rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_LOG_CLIENT_NAME, FORWARD_NAME(state)); rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_LOG_CLIENT_ADDR, FORWARD_ADDR(state)); rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_LOG_CLIENT_PORT, FORWARD_PORT(state)); - rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", - MAIL_ATTR_LOG_ORIGIN, FORWARD_NAMADDR(state)); if (FORWARD_HELO(state)) rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_LOG_HELO_NAME, FORWARD_HELO(state)); rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_LOG_PROTO_NAME, FORWARD_PROTO(state)); } else { - /* Local submission. */ + /* Local submission. See also qmgr_message_read(). */ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_LOG_CLIENT_ADDR, MAIL_ATTR_VAL_NONEXIST); } } + /* + * Logging attribute for the Postfix 2.3+ cleanup server. + */ + rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", + MAIL_ATTR_LOG_ORIGIN, FORWARD_NAMADDR(state)); + /* * Attributes with actual client information. These are used by - * Milters in case mail is re-injected with "postsuper -R". + * the smtpd Milter client for policy decisions. Mail that is + * requeued with "postsuper -r" is not subject to processing by + * the cleanup Milter client, because a) it has already been + * filtered, and b) we don't have sufficient information to + * reproduce the exact same SMTP events and Sendmail macros that + * the smtpd Milter client received when the message originally + * arrived in Postfix. */ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", MAIL_ATTR_ACT_CLIENT_NAME, state->name); diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index 61f5bf7ea..454cd5ae5 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -511,7 +511,8 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr, && (relay = mail_addr_find(rp->snd_relay_info, *sender ? sender : var_null_relay_maps_key, (char **) 0)) != 0) - vstring_strcpy(nexthop, relay); + vstring_strcpy(nexthop, strcasecmp(relay, "DUNNO") == 0 ? + rcpt_domain : relay); else if (*RES_PARAM_VALUE(rp->relayhost)) vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost)); else