From 02fa92e7b7102d7170220aa33fa1f242ff4c00a9 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Mon, 24 Oct 2011 00:00:00 -0500 Subject: [PATCH] postfix-2.9-20111024 --- postfix/HISTORY | 16 ++++++++++++++ postfix/README_FILES/TUNING_README | 5 +++++ postfix/WISHLIST | 35 ++++++++++++++++++++++++++++++ postfix/html/DEBUG_README.html | 2 +- postfix/html/TUNING_README.html | 7 ++++++ postfix/html/mailq.1.html | 2 ++ postfix/html/newaliases.1.html | 2 ++ postfix/html/postconf.5.html | 3 +-- postfix/html/sendmail.1.html | 2 ++ postfix/man/man1/sendmail.1 | 1 + postfix/man/man5/postconf.5 | 3 +-- postfix/proto/DEBUG_README.html | 2 +- postfix/proto/TUNING_README.html | 7 ++++++ postfix/proto/postconf.proto | 3 +-- postfix/src/cleanup/cleanup.c | 11 ++++++++-- postfix/src/global/mail_version.h | 2 +- postfix/src/global/mime_state.c | 4 +++- postfix/src/milter/milter.c | 6 +++++ postfix/src/sendmail/sendmail.c | 4 +++- postfix/src/smtpd/smtpd.h | 1 + 20 files changed, 105 insertions(+), 13 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index d58dfe581..6e0561a75 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17004,3 +17004,19 @@ Apologies for any names omitted. all input lines ending in only if the first input line ends in ). Files: sendmail/sendmail.c, global/mail_params.h, proto/postconf.proto. + +20111017 + + Cleanup: refined the heuristic that automagically transforms + legacy "sendmail -V" VERP requests into contemporary "sendmail + -XV" syntax. File: sendmail/sendmail.c. + + Cleanup: when the cleanup daemon goes into discard mode, + don't get stuck when it runs onto milter file descriptor + information. File: cleanup/cleanup.c. + +20111020 + + EAI Future-proofing: don't apply strict_mime_encoding_domain + checks to unknown message subtypes such as message/global*. + File: global/mime_state.c. diff --git a/postfix/README_FILES/TUNING_README b/postfix/README_FILES/TUNING_README index e7d80706c..b704fb2d2 100644 --- a/postfix/README_FILES/TUNING_README +++ b/postfix/README_FILES/TUNING_README @@ -360,6 +360,11 @@ This process is governed by a bunch of little parameters. this parameter limits the size of the short-term, in-memory list of "dead" destinations. Destinations that don't fit the list are not added. + transport_destination_concurrency_failed_cohort_limit + Controls when a destination is considered "dead". This parameter is + critical with a non-zero transport_destination_rate_delay, with a + reduced transport_destination_concurrency_limit, or with a reduced + initial_destination_concurrency. IMPORTANT: If you increase the frequency of deferred mail delivery attempts, or if you flush the deferred mail queue frequently, then you may find that Postfix diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 6e5dc38fd..4157fa955 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -17,6 +17,41 @@ Wish list: that require performance for low-security operations such as sharing the postscreen cache. + What is the feasibility of adding an mta_name (personality) + attribute that is propagated via queue files and delivery + agent requests? It would default to myhostname. + + Major performance improvement opportunity (that is until + everyone runs Postfix queues on SSDs). Investigate the + viability of a daemon that produces incoming and postdrop + queue files on request (in reality it would maintain a + limited queue of "spare" files). Central queue file allocation + reduces the I/O performance disadvantage that qmgr has when + 100 smtpd processes are receiving mail, or when lots of + mail is submitted with the sendmail command line. When an + smtpd process accepts MAIL FROM, a cleanup daemon requests + a queue file and receives a queue ID + file handle from the + queue file daemon. If the queue file daemon is down, the + cleanup daemon creates the file itself like it does now; + this can be hidden in the mail_stream library module. If + the mail transaction is aborted, then the cleanup daemon + gives the queue file back to the queue file daemon's "spare" + file pool, saving most of the overhead of creating and + deleting a queue file (the file would still need to be + renamed at the start of the next mail transaction). If the + cleanup daemon is unable to give a file back, then it can + delete the file like it does now; this can be hidden in the + mail_stream library module. The whole thing can be + transparently added to Postfix by adding calls to a + queue-file-service client to the mail_queue_enter() and + mail_queue_remove() library routines. Other advantages: + 1) negligible performance hit when queue file allocation + happens earlier, so that logging and milters have a queue + ID for the whole transaction not just the first valid + recipient; 2) by not removing every queue files we get most + of the performance gain of a queue based on append/truncate + instead of the much more expensive create/delete. + Investigate viability of Sendmail socket maps (the moral equivalent of tcp_table(5)), and dns maps. diff --git a/postfix/html/DEBUG_README.html b/postfix/html/DEBUG_README.html index 48dea6687..708290b0a 100644 --- a/postfix/html/DEBUG_README.html +++ b/postfix/html/DEBUG_README.html @@ -315,7 +315,7 @@ so that it invokes the call tracer of your choice, for example: /etc/postfix/main.cf: debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; - (truss -p $process_id 2>&1 | logger -p mail.info) & sleep 5 + (truss -p $process_id 2>&1 | logger -p mail.info) & sleep 5 diff --git a/postfix/html/TUNING_README.html b/postfix/html/TUNING_README.html index 2da1fbbc9..343e424e1 100644 --- a/postfix/html/TUNING_README.html +++ b/postfix/html/TUNING_README.html @@ -509,6 +509,13 @@ this parameter limits the size of the short-term, in-memory list of "dead" destinations. Destinations that don't fit the list are not added. +
transport_destination_concurrency_failed_cohort_limit +
Controls when a destination is considered "dead". This +parameter is critical with a non-zero +transport_destination_rate_delay, with a reduced +transport_destination_concurrency_limit, or with +a reduced initial_destination_concurrency.
+ diff --git a/postfix/html/mailq.1.html b/postfix/html/mailq.1.html index b33a05965..9cec093fd 100644 --- a/postfix/html/mailq.1.html +++ b/postfix/html/mailq.1.html @@ -322,6 +322,8 @@ SENDMAIL(1) SENDMAIL(1) ples. COMPATIBILITY CONTROLS + Available with Postfix 2.9 and later: + sendmail_fix_line_endings (always) Controls how the Postfix sendmail command converts email message line endings from <CR><LF> into UNIX diff --git a/postfix/html/newaliases.1.html b/postfix/html/newaliases.1.html index b33a05965..9cec093fd 100644 --- a/postfix/html/newaliases.1.html +++ b/postfix/html/newaliases.1.html @@ -322,6 +322,8 @@ SENDMAIL(1) SENDMAIL(1) ples. COMPATIBILITY CONTROLS + Available with Postfix 2.9 and later: + sendmail_fix_line_endings (always) Controls how the Postfix sendmail command converts email message line endings from <CR><LF> into UNIX diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 5cc674218..45d1e652c 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -12531,8 +12531,7 @@ restriction lists" for a discussion of evaluation context and time.

Mandatory TLS: announce STARTTLS support to SMTP clients, and require that clients use TLS encryption. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP -server. This option is off by default and should be used only on -dedicated servers.

+server. This option is therefore off by default.

Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes".

diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index b33a05965..9cec093fd 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -322,6 +322,8 @@ SENDMAIL(1) SENDMAIL(1) ples. COMPATIBILITY CONTROLS + Available with Postfix 2.9 and later: + sendmail_fix_line_endings (always) Controls how the Postfix sendmail command converts email message line endings from <CR><LF> into UNIX diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index fba4317b9..96eb34548 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -279,6 +279,7 @@ The text below provides only a parameter summary. See .nf .ad .fi +Available with Postfix 2.9 and later: .IP "\fBsendmail_fix_line_endings (always)\fR" Controls how the Postfix sendmail command converts email message line endings from into UNIX format (). diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index a81c2b0e0..c2b6dee9e 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -7854,8 +7854,7 @@ See smtpd_data_restrictions for details and limitations. Mandatory TLS: announce STARTTLS support to SMTP clients, and require that clients use TLS encryption. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP -server. This option is off by default and should be used only on -dedicated servers. +server. This option is therefore off by default. .PP Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". .PP diff --git a/postfix/proto/DEBUG_README.html b/postfix/proto/DEBUG_README.html index 180849597..a65e42a1a 100644 --- a/postfix/proto/DEBUG_README.html +++ b/postfix/proto/DEBUG_README.html @@ -315,7 +315,7 @@ so that it invokes the call tracer of your choice, for example: /etc/postfix/main.cf: debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; - (truss -p $process_id 2>&1 | logger -p mail.info) & sleep 5 + (truss -p $process_id 2>&1 | logger -p mail.info) & sleep 5 diff --git a/postfix/proto/TUNING_README.html b/postfix/proto/TUNING_README.html index 09fc4bff2..5c7b5b39b 100644 --- a/postfix/proto/TUNING_README.html +++ b/postfix/proto/TUNING_README.html @@ -509,6 +509,13 @@ this parameter limits the size of the short-term, in-memory list of "dead" destinations. Destinations that don't fit the list are not added. +
transport_destination_concurrency_failed_cohort_limit +
Controls when a destination is considered "dead". This +parameter is critical with a non-zero +transport_destination_rate_delay, with a reduced +transport_destination_concurrency_limit, or with +a reduced initial_destination_concurrency.
+ diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index f1e25d383..e25f9c6b0 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -8888,8 +8888,7 @@ Postfix 2.3 and later use smtpd_tls_security_level instead.

Mandatory TLS: announce STARTTLS support to SMTP clients, and require that clients use TLS encryption. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP -server. This option is off by default and should be used only on -dedicated servers.

+server. This option is therefore off by default.

Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes".

diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index 0f8df6616..77916d07e 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -490,8 +490,15 @@ static void cleanup_service(VSTREAM *src, char *unused_service, char **argv) */ if (CLEANUP_OUT_OK(state) == 0 && type > 0) { while (type != REC_TYPE_END - && (type = rec_get(src, buf, 0)) > 0) - /* void */ ; + && (type = rec_get(src, buf, 0)) > 0) { + if (type == REC_TYPE_MILT_COUNT) { + int milter_count = atoi(vstring_str(buf)); + + /* Avoid deadlock. */ + if (milter_count >= 0) + cleanup_milter_receive(state, milter_count); + } + } } /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index a59d32504..ab6759329 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20111012" +#define MAIL_RELEASE_DATE "20111024" #define MAIL_VERSION_NUMBER "2.9" #ifdef SNAPSHOT diff --git a/postfix/src/global/mime_state.c b/postfix/src/global/mime_state.c index b807844e4..bac033d16 100644 --- a/postfix/src/global/mime_state.c +++ b/postfix/src/global/mime_state.c @@ -925,7 +925,9 @@ int mime_state_update(MIME_STATE *state, int rec_type, if (state->curr_domain != MIME_ENC_7BIT) REPORT_ERROR(state, MIME_ERR_ENCODING_DOMAIN, mime_state_enc_name(state->curr_encoding)); - } else { + } + /* EAI: message/global allows non-identity encoding. */ + else if (state->curr_stype == MIME_STYPE_RFC822) { if (state->curr_encoding != state->curr_domain) REPORT_ERROR(state, MIME_ERR_ENCODING_DOMAIN, mime_state_enc_name(state->curr_encoding)); diff --git a/postfix/src/milter/milter.c b/postfix/src/milter/milter.c index ee38b0f23..f4c64aff7 100644 --- a/postfix/src/milter/milter.c +++ b/postfix/src/milter/milter.c @@ -634,6 +634,9 @@ int milter_send(MILTERS *milters, VSTREAM *stream) count++; (void) rec_fprintf(stream, REC_TYPE_MILT_COUNT, "%d", count); + if (msg_verbose) + msg_info("send %d milters"); + /* * XXX Optimization: don't send or receive further information when there * aren't any active filters. @@ -679,6 +682,9 @@ MILTERS *milter_receive(VSTREAM *stream, int count) MILTER *tail = 0; MILTER *milter = 0; + if (msg_verbose) + msg_info("receive %d milters", count); + /* * XXX We must instantiate a MILTERS structure even when the sender has * no active filters, otherwise the cleanup server would try to use its diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index 99059633e..a1a5dd792 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -263,6 +263,7 @@ /* COMPATIBILITY CONTROLS /* .ad /* .fi +/* Available with Postfix 2.9 and later: /* .IP "\fBsendmail_fix_line_endings (always)\fR" /* Controls how the Postfix sendmail command converts email message /* line endings from into UNIX format (). @@ -1102,7 +1103,8 @@ int main(int argc, char **argv) optind++; continue; } - if (strcmp(argv[OPTIND], "-V") == 0) { + if (strcmp(argv[OPTIND], "-V") == 0 + && argv[OPTIND + 1] != 0 && strlen(argv[OPTIND + 1]) == 2) { msg_warn("option -V is deprecated with Postfix 2.3; " "specify -XV instead"); argv[OPTIND] = "-XV"; diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h index 93e42e3cc..73f15ffbe 100644 --- a/postfix/src/smtpd/smtpd.h +++ b/postfix/src/smtpd/smtpd.h @@ -183,6 +183,7 @@ typedef struct { #define SMTPD_FLAG_ILL_PIPELINING (1<<1) /* inappropriate pipelining */ #define SMTPD_FLAG_AUTH_USED (1<<2) /* don't reuse SASL state */ + /* Security: don't reset SMTPD_FLAG_AUTH_USED. */ #define SMTPD_MASK_MAIL_KEEP ~0 /* keep all after MAIL reset */ #define SMTPD_STATE_XFORWARD_INIT (1<<0) /* xforward preset done */