From: Wietse Z Venema Date: Mon, 2 Sep 2024 05:00:00 +0000 (-0500) Subject: postfix-3.10-20240902 X-Git-Tag: v3.10.0~30 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e6eb5ba2b6f0f6b159d95ad8670da650c7aa2c5a;p=thirdparty%2Fpostfix.git postfix-3.10-20240902 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 6d457cc90..4be10b660 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -28163,3 +28163,40 @@ Apologies for any names omitted. fragment of a multi-fragment TXT record. This would become an issue when looking up policy records with strings longer than 255 bytes. File: dns/dns_lookup.c. + +20240731 + + Documentation: automatic BCC recipients are subject to + address canonicalization (missing domain), canonical_maps, + masquerade_domains, and virtual_alias_maps. Files: + proto/postconf.proto. + + Documentation: 'redirect' recipients are subject to address + canonicalization (add missing domain), but not subject to + canonical_maps, masquerade_domains, and virtual_alias_maps. + Files: proto/access, proto/header_checks. + +20240807 + + Documentation: update the *sender_login_* descriptions + with guidance to enforce that the From: header address + matches the envelope sender (MAIL FROM) address. File: + proto/postconf.proto. + +20240808 + + Typofix in comment. File: global/normalize_mailhost_addr.c. + +20240831 + + Bugfix: require that stable releases have a three-number + mail_version value. Found by Michael Orlitzky. File: + mantools/check-snapshot-nonprod. + +20240902 + + Documentation: update the local_login_sender_maps description + with guidance to enforce that the From: header address + matches the envelope sender (MAIL FROM) address. File: + proto/postconf.proto. + diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 9578d25bf..92296ad80 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -16,6 +16,9 @@ Wish list: using FIFOs anymore, and trigger servers could use a proper (attribute, value) protocol. + SEND_ATTR_FUNC should send the name of the object being sent, + so that SCAN_ATTR_FUNC can check it. + Send XFORWARD attributes in the SMTPD policy delegation protocol. diff --git a/postfix/conf/access b/postfix/conf/access index 6da2db2f1..00ab742c3 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -349,95 +349,101 @@ # recipient(s). When multiple REDIRECT actions fire, # only the last one takes effect. # -# Note: this action overrides the FILTER action, and -# currently overrides all recipients of the message. +# Note 1: this action overrides the FILTER action, +# and currently overrides all recipients of the mes- +# sage. +# +# Note 2: a REDIRECT address is subject to canonical- +# ization (add missing domain) but NOT subject to +# canonical, masquerade, bcc, or virtual alias map- +# ping. # # This feature is available in Postfix 2.1 and later. # # INFO optional text... # Log an informational record with the optional text, -# together with client information and if available, -# with helo, sender, recipient and protocol informa- +# together with client information and if available, +# with helo, sender, recipient and protocol informa- # tion. # # This feature is available in Postfix 3.0 and later. # # WARN optional text... # Log a warning with the optional text, together with -# client information and if available, with helo, +# client information and if available, with helo, # sender, recipient and protocol information. # # This feature is available in Postfix 2.1 and later. # # ENHANCED STATUS CODES -# Postfix version 2.3 and later support enhanced status -# codes as defined in RFC 3463. When an enhanced status -# code is specified in an access table, it is subject to -# modification. The following transformations are needed -# when the same access table is used for client, helo, -# sender, or recipient access restrictions; they happen +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When an enhanced status +# code is specified in an access table, it is subject to +# modification. The following transformations are needed +# when the same access table is used for client, helo, +# sender, or recipient access restrictions; they happen # regardless of whether Postfix replies to a MAIL FROM, RCPT # TO or other SMTP command. # -# o When a sender address matches a REJECT action, the -# Postfix SMTP server will transform a recipient DSN -# status (e.g., 4.1.1-4.1.6) into the corresponding +# o When a sender address matches a REJECT action, the +# Postfix SMTP server will transform a recipient DSN +# status (e.g., 4.1.1-4.1.6) into the corresponding # sender DSN status, and vice versa. # -# o When non-address information matches a REJECT -# action (such as the HELO command argument or the -# client hostname/address), the Postfix SMTP server -# will transform a sender or recipient DSN status -# into a generic non-address DSN status (e.g., +# o When non-address information matches a REJECT +# action (such as the HELO command argument or the +# client hostname/address), the Postfix SMTP server +# will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., # 4.0.0). # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire string being looked up. Depending on the appli- -# cation, that string is an entire client hostname, an +# cation, that string is an entire client hostname, an # entire client IP address, or an entire mail address. Thus, # no parent domain or parent network search is done, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user@ and domain constituent parts, nor is user+foo broken # up into user and foo. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Actions are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.4. # -# Each lookup operation uses the entire query string once. -# Depending on the application, that string is an entire +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire # client hostname, an entire client IP address, or an entire -# mail address. Thus, no parent domain or parent network -# search is done, user@domain mail addresses are not broken -# up into their user@ and domain constituent parts, nor is +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is # user+foo broken up into user and foo. # # Actions are the same as with indexed file lookups. # # EXAMPLE -# The following example uses an indexed file, so that the -# order of table entries does not matter. The example per- -# mits access by the client at address 1.2.3.4 but rejects -# all other clients in 1.2.3.0/24. Instead of hash lookup -# tables, some systems use dbm. Use the command "postconf -# -m" to find out what lookup tables Postfix supports on +# The following example uses an indexed file, so that the +# order of table entries does not matter. The example per- +# mits access by the client at address 1.2.3.4 but rejects +# all other clients in 1.2.3.0/24. Instead of hash lookup +# tables, some systems use dbm. Use the command "postconf +# -m" to find out what lookup tables Postfix supports on # your system. # # /etc/postfix/main.cf: @@ -448,11 +454,11 @@ # 1.2.3 REJECT # 1.2.3.4 OK # -# Execute the command "postmap /etc/postfix/access" after +# Execute the command "postmap /etc/postfix/access" after # editing the file. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # SEE ALSO # postmap(1), Postfix lookup table manager @@ -461,13 +467,13 @@ # transport(5), transport:nexthop syntax # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # SMTPD_ACCESS_README, built-in SMTP server access control # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index db295d022..61e4da6b6 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -346,10 +346,15 @@ # message is queued, it will be sent to the specified # address instead of the intended recipient(s). # -# Note: this action overrides the FILTER action, and -# affects all recipients of the message. If multiple -# REDIRECT actions fire, only the last one is exe- -# cuted. +# Note 1: this action overrides the FILTER action, +# and affects all recipients of the message. If mul- +# tiple REDIRECT actions fire, only the last one is +# executed. +# +# Note 2: a REDIRECT address is subject to canonical- +# ization (add missing domain) but NOT subject to +# canonical, masquerade, bcc, or virtual alias map- +# ping. # # This feature is available in Postfix 2.1 and later. # @@ -357,34 +362,34 @@ # checks. # # REPLACE text... -# Replace the current line with the specified text, +# Replace the current line with the specified text, # and inspect the next input line. # # This feature is available in Postfix 2.2 and later. -# The description below applies to Postfix 2.2.2 and +# The description below applies to Postfix 2.2.2 and # later. # # Notes: # -# o When replacing a message header line, the -# replacement text must begin with a valid +# o When replacing a message header line, the +# replacement text must begin with a valid # header label. # -# o The replaced text remains part of the input -# stream. Unlike the result from the PREPEND -# action, a replaced message header may be -# subject to address rewriting and may affect -# the way that Postfix adds missing message +# o The replaced text remains part of the input +# stream. Unlike the result from the PREPEND +# action, a replaced message header may be +# subject to address rewriting and may affect +# the way that Postfix adds missing message # headers. # # REJECT optional text... -# Reject the entire message. Do not inspect the -# remainder of the input message. Reply with -# optional text... when the optional text is speci- +# Reject the entire message. Do not inspect the +# remainder of the input message. Reply with +# optional text... when the optional text is speci- # fied, otherwise reply with a generic error message. # -# Note: this action disables further header or -# body_checks inspection of the current message and +# Note: this action disables further header or +# body_checks inspection of the current message and # affects all recipients. # # Postfix version 2.3 and later support enhanced sta- @@ -398,80 +403,80 @@ # STRIP optional text... # Log a "strip:" record with the optional text... (or # log a generic text), delete the input line from the -# input, and inspect the next input line. See IGNORE +# input, and inspect the next input line. See IGNORE # for a silent alternative. # # This feature is available in Postfix 3.2 and later. # # WARN optional text... -# Log a "warning:" record with the optional text... +# Log a "warning:" record with the optional text... # (or log a generic text), and inspect the next input -# line. This action is useful for debugging and for -# testing a pattern before applying more drastic +# line. This action is useful for debugging and for +# testing a pattern before applying more drastic # actions. # # BUGS # Empty lines never match, because some map types mis-behave -# when given a zero-length search string. This limitation -# may be removed for regular expression tables in a future +# when given a zero-length search string. This limitation +# may be removed for regular expression tables in a future # release. # -# Many people overlook the main limitations of header and +# Many people overlook the main limitations of header and # body_checks rules. # -# o These rules operate on one logical message header +# o These rules operate on one logical message header # or one body line at a time. A decision made for one # line is not carried over to the next line. # -# o If text in the message body is encoded (RFC 2045) +# o If text in the message body is encoded (RFC 2045) # then the rules need to be specified for the encoded # form. # -# o Likewise, when message headers are encoded (RFC -# 2047) then the rules need to be specified for the +# o Likewise, when message headers are encoded (RFC +# 2047) then the rules need to be specified for the # encoded form. # -# Message headers added by the cleanup(8) daemon itself are +# Message headers added by the cleanup(8) daemon itself are # excluded from inspection. Examples of such message headers # are From:, To:, Message-ID:, Date:. # -# Message headers deleted by the cleanup(8) daemon will be +# Message headers deleted by the cleanup(8) daemon will be # examined before they are deleted. Examples are: Bcc:, Con- # tent-Length:, Return-Path:. # # CONFIGURATION PARAMETERS # body_checks (empty) -# Optional lookup tables for content inspection as +# Optional lookup tables for content inspection as # specified in the body_checks(5) manual page. # # body_checks_size_limit (51200) # How much text in a message body segment (or attach- -# ment, if you prefer to use that term) is subjected +# ment, if you prefer to use that term) is subjected # to body_checks inspection. # # header_checks (empty) -# Optional lookup tables for content inspection of -# primary non-MIME message headers, as specified in +# Optional lookup tables for content inspection of +# primary non-MIME message headers, as specified in # the header_checks(5) manual page. # # mime_header_checks ($header_checks) -# Optional lookup tables for content inspection of -# MIME related message headers, as described in the +# Optional lookup tables for content inspection of +# MIME related message headers, as described in the # header_checks(5) manual page. # # nested_header_checks ($header_checks) -# Optional lookup tables for content inspection of -# non-MIME message headers in attached messages, as +# Optional lookup tables for content inspection of +# non-MIME message headers in attached messages, as # described in the header_checks(5) manual page. # # disable_mime_input_processing (no) # Turn off MIME processing while receiving mail. # # EXAMPLES -# Header pattern to block attachments with bad file name -# extensions. For convenience, the PCRE /x flag is speci- -# fied, so that there is no need to collapse the pattern -# into a single line of text. The purpose of the +# Header pattern to block attachments with bad file name +# extensions. For convenience, the PCRE /x flag is speci- +# fied, so that there is no need to collapse the pattern +# into a single line of text. The purpose of the # [[:xdigit:]] sub-expressions is to recognize Windows CLSID # strings. # @@ -510,7 +515,7 @@ # RFC 2047, message header encoding for non-ASCII text # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # CONTENT_INSPECTION_README, Postfix content inspection overview @@ -518,7 +523,7 @@ # BACKSCATTER_README, blocking returned forged mail # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html index 427eacf74..4d9cc2b0a 100644 --- a/postfix/html/access.5.html +++ b/postfix/html/access.5.html @@ -320,9 +320,13 @@ ACCESS(5) ACCESS(5) address instead of the intended recipient(s). When multiple RE- DIRECT actions fire, only the last one takes effect. - Note: this action overrides the FILTER action, and currently + Note 1: this action overrides the FILTER action, and currently overrides all recipients of the message. + Note 2: a REDIRECT address is subject to canonicalization (add + missing domain) but NOT subject to canonical, masquerade, bcc, + or virtual alias mapping. + This feature is available in Postfix 2.1 and later. INFO optional text... diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html index c1c8b17cc..579437f5e 100644 --- a/postfix/html/header_checks.5.html +++ b/postfix/html/header_checks.5.html @@ -312,10 +312,14 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) will be sent to the specified address instead of the intended recipient(s). - Note: this action overrides the FILTER action, and affects all + Note 1: this action overrides the FILTER action, and affects all recipients of the message. If multiple REDIRECT actions fire, only the last one is executed. + Note 2: a REDIRECT address is subject to canonicalization (add + missing domain) but NOT subject to canonical, masquerade, bcc, + or virtual alias mapping. + This feature is available in Postfix 2.1 and later. This feature is not supported with smtp header/body checks. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 76a383c5f..57b9b1390 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -885,6 +885,10 @@ To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.

+

Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps.

+ @@ -6209,6 +6213,11 @@ prepend "uid:" to the numerical UID and use that instead.

This feature ignores address extensions in the user-specified envelope sender address.

+

Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, specify an external filter such as a Milter, +with the non_smtpd_milters parameter. For example: +https://github.com/magcks/milterfrom.

+

The following sender patterns are special; these cannot be used as part of a longer pattern.

@@ -10001,6 +10010,10 @@ To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.

+

Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps.

+

Example:

@@ -10739,6 +10752,10 @@ To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.

+

Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps.

+

Example:

@@ -17763,10 +17780,17 @@ for authentication. The available types are listed with the (default: empty)

-Optional lookup table with the SASL login names that own the sender +Optional lookup table with the SASL login names that own the +envelope sender (MAIL FROM) addresses.

+

Note: to enforce that the From: header address +matches the envelope sender (MAIL FROM) address, use an external +filter such as a Milter, for the submission, submissions, or smtps +services. For example: https://github.com/magcks/milterfrom.

+
+

Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order @@ -17869,6 +17893,11 @@ or the SASL login name is not an owner for that address. This prevents an authenticated client from using a MAIL FROM address that they do not explicitly own.
+Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom. +
This feature is available in Postfix version 2.1 and later.

reject_known_sender_login_mismatch
@@ -17885,6 +17914,11 @@ This protects any MAIL FROM address that is listed in $smtpd_sender_login_maps, while still allowing a client to use any unlisted MAIL FROM address.
+Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom. +
This feature is available in Postfix version 2.11 and later.
reject_non_fqdn_sender
@@ -17926,6 +17960,11 @@ authenticated with SASL. With SASL enabled, this prevents an unauthenticated client from using any MAIL FROM address that is listed in $smtpd_sender_login_maps.
+Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom. +
This feature is available in Postfix version 2.1 and later.
reject_unknown_sender_domain
diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5 index e2eb6779e..efbde6204 100644 --- a/postfix/man/man5/access.5 +++ b/postfix/man/man5/access.5 @@ -329,9 +329,13 @@ After the message is queued, send the message to the specified address instead of the intended recipient(s). When multiple \fBREDIRECT\fR actions fire, only the last one takes effect. .sp -Note: this action overrides the FILTER action, and currently +Note 1: this action overrides the FILTER action, and currently overrides all recipients of the message. .sp +Note 2: a REDIRECT address is subject to canonicalization +(add missing domain) but NOT subject to canonical, masquerade, +bcc, or virtual alias mapping. +.sp This feature is available in Postfix 2.1 and later. .IP "\fBINFO \fIoptional text...\fR Log an informational record with the optional text, together diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5 index 92c1de95e..fc9b6503f 100644 --- a/postfix/man/man5/header_checks.5 +++ b/postfix/man/man5/header_checks.5 @@ -331,10 +331,14 @@ inspect the next input line. After the message is queued, it will be sent to the specified address instead of the intended recipient(s). .sp -Note: this action overrides the \fBFILTER\fR action, and affects +Note 1: this action overrides the \fBFILTER\fR action, and affects all recipients of the message. If multiple \fBREDIRECT\fR actions fire, only the last one is executed. .sp +Note 2: a REDIRECT address is subject to canonicalization +(add missing domain) but NOT subject to canonical, masquerade, +bcc, or virtual alias mapping. +.sp This feature is available in Postfix 2.1 and later. .sp This feature is not supported with smtp header/body checks. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index c487657d1..91beac06d 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -511,6 +511,10 @@ Note: automatic BCC recipients are produced only for new mail. To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself. +.PP +Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps. .SH anvil_rate_time_unit (default: 60s) The time unit over which client connection rates and other rates are calculated. @@ -3742,6 +3746,11 @@ prepend "\fBuid:\fR" to the numerical UID and use that instead. This feature ignores address extensions in the user\-specified envelope sender address. .PP +Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, specify an external filter such as a Milter, +with the non_smtpd_milters parameter. For example: +https://github.com/magcks/milterfrom. +.PP The following sender patterns are special; these cannot be used as part of a longer pattern. .IP "\fB * \fR @@ -6158,6 +6167,10 @@ To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself. .PP +Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps. +.PP Example: .PP .nf @@ -6671,6 +6684,10 @@ To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself. .PP +Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps. +.PP Example: .PP .nf @@ -12035,8 +12052,16 @@ for authentication. The available types are listed with the .PP This feature is available in Postfix 2.3 and later. .SH smtpd_sender_login_maps (default: empty) -Optional lookup table with the SASL login names that own the sender +Optional lookup table with the SASL login names that own the +envelope sender (MAIL FROM) addresses. +.sp +.in +4 +Note: to enforce that the From: header address +matches the envelope sender (MAIL FROM) address, use an external +filter such as a Milter, for the submission, submissions, or smtps +services. For example: https://github.com/magcks/milterfrom. +.in -4 .PP Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order @@ -12109,6 +12134,11 @@ or the SASL login name is not an owner for that address. This prevents an authenticated client from using a MAIL FROM address that they do not explicitly own. .br +Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom. +.br This feature is available in Postfix version 2.1 and later. .br .IP "\fBreject_known_sender_login_mismatch\fR" @@ -12124,6 +12154,11 @@ This protects any MAIL FROM address that is listed in $smtpd_sender_login_maps, while still allowing a client to use any unlisted MAIL FROM address. .br +Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom. +.br This feature is available in Postfix version 2.11 and later. .br .IP "\fBreject_non_fqdn_sender\fR" @@ -12165,6 +12200,11 @@ authenticated with SASL. With SASL enabled, this prevents an unauthenticated client from using any MAIL FROM address that is listed in $smtpd_sender_login_maps. .br +Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom. +.br This feature is available in Postfix version 2.1 and later. .br .IP "\fBreject_unknown_sender_domain\fR" diff --git a/postfix/mantools/check-snapshot-nonprod b/postfix/mantools/check-snapshot-nonprod index e18f6aa20..b3a038f9b 100755 --- a/postfix/mantools/check-snapshot-nonprod +++ b/postfix/mantools/check-snapshot-nonprod @@ -9,5 +9,8 @@ postfix-[0-9]*.[0-9]*.[0-9]*) echo "Error: stable release builds with -DSNAPSHOT" 1>&2, exit 1; } grep 'CCARGS.*-DNONPROD' conf/makedefs.out && { echo "Error: stable release builds with -DNONPROD" 1>&2, exit 1; } + mail_version=$(sh postfix-env.sh bin/postconf -h mail_version) || exit 1 + test "postfix-$mail_version" = "$version" || { + echo "Error: version '$mail_version' in src/global/mail_version.h does not match version in pathname '$(env - pwd)'" 1>&2; exit 1; } ;; esac diff --git a/postfix/proto/access b/postfix/proto/access index a3787a380..999e9682c 100644 --- a/postfix/proto/access +++ b/postfix/proto/access @@ -334,9 +334,13 @@ # address instead of the intended recipient(s). When multiple # \fBREDIRECT\fR actions fire, only the last one takes effect. # .sp -# Note: this action overrides the FILTER action, and currently +# Note 1: this action overrides the FILTER action, and currently # overrides all recipients of the message. # .sp +# Note 2: a REDIRECT address is subject to canonicalization +# (add missing domain) but NOT subject to canonical, masquerade, +# bcc, or virtual alias mapping. +# .sp # This feature is available in Postfix 2.1 and later. # .IP "\fBINFO \fIoptional text...\fR # Log an informational record with the optional text, together diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks index 9a6b55c8b..c2b988252 100644 --- a/postfix/proto/header_checks +++ b/postfix/proto/header_checks @@ -336,10 +336,14 @@ # it will be sent to the specified address instead of the # intended recipient(s). # .sp -# Note: this action overrides the \fBFILTER\fR action, and affects +# Note 1: this action overrides the \fBFILTER\fR action, and affects # all recipients of the message. If multiple \fBREDIRECT\fR actions # fire, only the last one is executed. # .sp +# Note 2: a REDIRECT address is subject to canonicalization +# (add missing domain) but NOT subject to canonical, masquerade, +# bcc, or virtual alias mapping. +# .sp # This feature is available in Postfix 2.1 and later. # .sp # This feature is not supported with smtp header/body checks. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 1f8bcfded..24b8295f2 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -674,6 +674,10 @@ To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.

+

Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps.

+ %PARAM berkeley_db_create_buffer_size 16777216

@@ -3752,6 +3756,10 @@ To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.

+

Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps.

+

Example:

@@ -4124,6 +4132,10 @@ To avoid mailer loops, automatic BCC recipients are not generated after Postfix forwards mail internally, or after Postfix generates mail itself.

+

Note: automatic BCC recipients are subject to address +canonicalization (add missing domain), canonical_maps, masquerade_domains, +and virtual_alias_maps.

+

Example:

@@ -6717,10 +6729,17 @@ smtpd_sasl_security_options = noanonymous, noplaintext %PARAM smtpd_sender_login_maps

-Optional lookup table with the SASL login names that own the sender +Optional lookup table with the SASL login names that own the +envelope sender (MAIL FROM) addresses.

+

Note: to enforce that the From: header address +matches the envelope sender (MAIL FROM) address, use an external +filter such as a Milter, for the submission, submissions, or smtps +services. For example: https://github.com/magcks/milterfrom.

+
+

Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order @@ -6818,6 +6837,11 @@ or the SASL login name is not an owner for that address.
This prevents an authenticated client from using a MAIL FROM address that they do not explicitly own. +
+Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom.
This feature is available in Postfix version 2.1 and later. @@ -6834,6 +6858,11 @@ $smtpd_sender_login_maps. This protects any MAIL FROM address that is listed in $smtpd_sender_login_maps, while still allowing a client to use any unlisted MAIL FROM address. +
+Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom.
This feature is available in Postfix version 2.11 and later. @@ -6875,6 +6904,11 @@ authenticated with SASL.
With SASL enabled, this prevents an unauthenticated client from using any MAIL FROM address that is listed in $smtpd_sender_login_maps. +
+Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, use an external filter such as a Milter, +for the submission, submissions, or smtps services. For example: +https://github.com/magcks/milterfrom.
This feature is available in Postfix version 2.1 and later. @@ -18590,6 +18624,11 @@ prepend "uid:" to the numerical UID and use that instead.

This feature ignores address extensions in the user-specified envelope sender address.

+

Note: to enforce that the From: header address matches the envelope +sender (MAIL FROM) address, specify an external filter such as a Milter, +with the non_smtpd_milters parameter. For example: +https://github.com/magcks/milterfrom.

+

The following sender patterns are special; these cannot be used as part of a longer pattern.

diff --git a/postfix/proto/stop b/postfix/proto/stop index 88bf64609..ec9542f1c 100644 --- a/postfix/proto/stop +++ b/postfix/proto/stop @@ -1610,3 +1610,8 @@ Ajamian groff MariaDB Fuhrer +magcks +milterfrom +canonicalization +Orlitzky +Typofix diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index c1cc9ea80..fed3f2005 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20240724" +#define MAIL_RELEASE_DATE "20240902" #define MAIL_VERSION_NUMBER "3.10" #ifdef SNAPSHOT diff --git a/postfix/src/global/normalize_mailhost_addr.c b/postfix/src/global/normalize_mailhost_addr.c index ba0f7bd10..0502b5025 100644 --- a/postfix/src/global/normalize_mailhost_addr.c +++ b/postfix/src/global/normalize_mailhost_addr.c @@ -15,7 +15,7 @@ /* normalize_mailhost_addr() takes the RFC 2821 string /* representation of an IPv4 or IPv6 network address, and /* normalizes the "IPv6:" prefix and numeric form. An IPv6 or -/* IPv4 form is rejected if supposed for that protocol is +/* IPv4 form is rejected if support for that protocol is /* disabled or non-existent. If both IPv6 and IPv4 support are /* enabled, a V4-in-V6 address is replaced with the IPv4 form. /*