mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 01:49:47 +00:00
Code Issues Releases Wiki Activity

postfix-3.9-20240218

Browse Source
This commit is contained in:
Wietse Z Venema 2024-02-18 00:00:00 -05:00 committed by Viktor Dukhovni
parent 6b33b3553d
commit 03382b275a
21 changed files with 399 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
postfix/.indent.pro vendored
View File

@ -249,6 +249,7 @@
-TNVTABLE_INFO
-TOPTIONS
-TPCF_DBMS_INFO
-TPCF_DEPR_PARAM_INFO
-TPCF_EVAL_CTX
-TPCF_MASTER_EDIT_REQ
-TPCF_MASTER_ENT

25
postfix/HISTORY
View File

@ -27895,3 +27895,28 @@ Apologies for any names omitted.
Cleanup: missing mongodb checks in the postconf command,
missing mongodb under "postconf -m" manpage entry. Files:
postconf/postconf.c, postconf/postconf_dbms.c.
20240218
Deprecation: the Postfix SMTP server logs a warning when
"permit_mx_backup" is used (support for restriction
"permit_mx_backup" will be removed from Postfix; instead,
use "relay_domains"). File: smtpd/smtpd_check.c.
Deprecation: the postconf command logs a warning when the
following parameters are specified in main.cf or master.cf:
xxx_use_tls, xxx_enforce_tls (use the corresponding
xxx_security_level setting instead); xxx_per_site (use the
corresponding xxx_policy_maps setting instead); disable_dns_lookups
(use smtp_dns_support_level instead); smtpd_tls_dh1024_param_file,
smtpd_tls_eecdh_grade (do not specify, leave at default).
Files: postconf/postconf.c, postconf/postconf_unused.c.
proto/postconf.proto.
Cleanup: add "postconf -q" option to avoid redundant warnings
about unused or deprecated parameter settings when upgrading
or installing Postfix. Such warnings are still logged with
the commands postfix start, start-fg, check, reload, or
status. Files: postconf/postconf.c, postconf/postconf_dbms.c,
postconf/postconf.h, conf/postfix-script, conf/post-install,
postfix-install.

28
postfix/conf/post-install
View File

@ -205,6 +205,10 @@
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# Wietse Venema
# porcupine.org
# Amawalk, NY 10501, USA
#--
umask 022
@ -291,7 +295,7 @@ test -d "$config_directory" || {
# XXX Solaris does not have "test -e".
instances=`test ! -f $def_config_directory/main.cf ||
$POSTCONF -c $def_config_directory -h multi_instance_directories |
$POSTCONF -qc $def_config_directory -h multi_instance_directories |
sed 's/,/ /'` || exit 1
update_shared_files=1
@ -360,7 +364,7 @@ test -f $config_directory/main.cf && {
case "$junk" in
"") eval unset $name;;
esac
eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1
eval : \${$name=\`$POSTCONF -qc $config_directory -h $name\`} || exit 1
done
}
@ -461,14 +465,14 @@ override=
for name in $MOST_PARAMETERS
do
eval junk=\"\$$name\"
test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || {
test "$junk" = "`$POSTCONF -qc $config_directory -h $name`" || {
override=1
break
}
done
test -n "$override" && {
$POSTCONF -c $config_directory -e \
$POSTCONF -qc $config_directory -e \
"daemon_directory = $daemon_directory" \
"command_directory = $command_directory" \
"queue_directory = $queue_directory" \
@ -679,13 +683,13 @@ EOF
# require now is that defer and deferred are hashed because those
# can contain lots of files.
found=`$POSTCONF -c $config_directory -h hash_queue_names`
found=`$POSTCONF -qc $config_directory -h hash_queue_names`
missing=
(echo "$found" | grep defer >/dev/null) || missing="$missing defer"
(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
test -n "$missing" && {
echo fixing main.cf hash_queue_names for missing $missing
$POSTCONF -c $config_directory -e hash_queue_names="$found$missing" ||
$POSTCONF -qc $config_directory -e hash_queue_names="$found$missing" ||
exit 1
}
@ -857,14 +861,14 @@ EOF
# when IPv6 support is not compiled in. See util/sys_defs.h.
test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || {
test -n "`$POSTCONF -qc $config_directory -n inet_protocols`" || {
cat <<EOF | ${FMT}
COMPATIBILITY: editing $config_directory/main.cf, setting
inet_protocols=ipv4. Specify inet_protocols explicitly if you
want to enable IPv6.
In a future release IPv6 will be enabled by default.
EOF
$POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
$POSTCONF -qc $config_directory inet_protocols=ipv4 || exit 1
}
# Disabled because unhelpful down-stream maintainers disable the safety net.
@ -875,7 +879,7 @@ EOF
# # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
# # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
# # POSTFIX BEFORE 2.10.
# test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
# test -n "`$POSTCONF -qc $config_directory -n smtpd_relay_restrictions`" || {
# cat <<EOF | ${FMT}
# COMPATIBILITY: editing $config_directory/main.cf, overriding
# smtpd_relay_restrictions to prevent inbound mail from
@ -883,7 +887,7 @@ EOF
# Specify an empty smtpd_relay_restrictions value to keep using
# smtpd_recipient_restrictions as before.
#EOF
# $POSTCONF -c $config_directory "smtpd_relay_restrictions = \
# $POSTCONF -qc $config_directory "smtpd_relay_restrictions = \
# permit_mynetworks permit_sasl_authenticated \
# defer_unauth_destination" || exit 1
# }
@ -903,8 +907,8 @@ EOF
test -n "$first_install_reminder" && {
ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
ALIASES=`$POSTCONF -qc $config_directory -h alias_database | sed 's/^[^:]*://'`
NEWALIASES_PATH=`$POSTCONF -qc $config_directory -h newaliases_path`
cat <<EOF | ${FMT}
Warning: you still need to edit myorigin/mydestination/mynetworks

21
postfix/conf/postfix-script
View File

@ -28,6 +28,10 @@
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# Wietse Venema
# porcupine.org
# Amawalk, NY 10501, USA
#--
# Avoid POSIX death due to SIGHUP when some parent process exits.
@ -92,7 +96,7 @@ def_config_directory=`$command_directory/postconf -dh config_directory` || {
# If this is a secondary instance, don't touch shared files.
instances=`test ! -f $def_config_directory/main.cf ||
$command_directory/postconf -c $def_config_directory \
$command_directory/postconf -qc $def_config_directory \
-h multi_instance_directories | sed 's/,/ /'` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
@ -216,6 +220,9 @@ abort)
reload)
# Warn once for deprecated parameters.
$command_directory/postconf >/dev/null
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
@ -244,6 +251,9 @@ check)
status)
# Warn once for deprecated parameters.
$command_directory/postconf >/dev/null
$daemon_directory/master -t 2>/dev/null && {
$INFO the Postfix mail system is not running
exit 1
@ -268,12 +278,12 @@ check-fatal)
exit 1
}
maillog_file=`$command_directory/postconf -h maillog_file` || {
maillog_file=`$command_directory/postconf -qh maillog_file` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
test -n "$maillog_file" && {
$command_directory/postconf -M postlog/unix-dgram 2>/dev/null \
$command_directory/postconf -qM postlog/unix-dgram 2>/dev/null \
| grep . >/dev/null || {
$FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'"
exit 1
@ -291,6 +301,9 @@ check-fatal)
check-warn)
# This command is NOT part of the public interface.
# Warn once for deprecated parameters.
$command_directory/postconf >/dev/null
# Check Postfix root-owned directory owner/permissions.
find $queue_directory/. $queue_directory/pid \
@ -413,7 +426,7 @@ logrotate)
for name in maillog_file maillog_file_compressor \
maillog_file_rotate_suffix
do
value="`$command_directory/postconf -h $name`"
value="`$command_directory/postconf -qh $name`"
case "$value" in
"") $FATAL "empty '$name' parameter value - logfile rotation failed"
exit 1;;

2
postfix/html/DATABASE_README.html
View File

@ -352,7 +352,7 @@ See <a href="lmdb_table.5.html">lmdb_table(5)</a> for details. </dd>
<dt> <b>mongodb</b> (read-only) </dt>
<dd> MongoDB database client. Configuration details are given in
mongodb_table(5), with examples in <a href="MONGODB_README.html">MONGODB_README</a>. </dd>
<a href="mongodb_table.5.html">mongodb_table(5)</a>, with examples in <a href="MONGODB_README.html">MONGODB_README</a>. </dd>
<dt> <b>mysql</b> (read-only) </dt>

12
postfix/html/postconf.1.html
View File

@ -13,7 +13,7 @@ POSTCONF(1) POSTCONF(1)
<b>SYNOPSIS</b>
<b>Managing <a href="postconf.5.html">main.cf</a>:</b>
<b>postconf</b> [<b>-dfhHnopvx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-C</b> <i>class,...</i>] [<i>parameter ...</i>]
<b>postconf</b> [<b>-dfhHnopqvx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-C</b> <i>class,...</i>] [<i>parameter ...</i>]
<b>postconf</b> [<b>-epv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>parameter</i><b>=</b><i>value ...</i>
@ -23,7 +23,7 @@ POSTCONF(1) POSTCONF(1)
<b>Managing <a href="master.5.html">master.cf</a> service entries:</b>
<b>postconf -M</b> [<b>-fovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>] <i>...</i>]
<b>postconf -M</b> [<b>-foqvx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>] <i>...</i>]
<b>postconf -M</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>=</b><i>value ...</i>
@ -33,13 +33,13 @@ POSTCONF(1) POSTCONF(1)
<b>Managing <a href="master.5.html">master.cf</a> service fields:</b>
<b>postconf -F</b> [<b>-fhHovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>field</i>]] <i>...</i>]
<b>postconf -F</b> [<b>-fhHoqvx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>field</i>]] <i>...</i>]
<b>postconf -F</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>field</i><b>=</b><i>value ...</i>
<b>Managing <a href="master.5.html">master.cf</a> service parameters:</b>
<b>postconf -P</b> [<b>-fhHovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>parameter</i>]] <i>...</i>]
<b>postconf -P</b> [<b>-fhHoqvx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>parameter</i>]] <i>...</i>]
<b>postconf -P</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>parameter</i><b>=</b><i>value ...</i>
@ -439,6 +439,10 @@ POSTCONF(1) POSTCONF(1)
This feature is available with Postfix 2.11 and later.
<b>-q</b> Do not log warnings for deprecated or unused parameters.
This feature is available with Postfix 3.9 and later.
<b>-t</b> [<i>template</i><b>_</b><i>file</i>]
Display the templates for text that appears at the beginning of
delivery status notification (DSN) messages, without expanding

34
postfix/html/postconf.5.html
View File

@ -4956,6 +4956,9 @@ configuration parameter. See there for details. </p>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> configuration
parameter. See there for details. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#lmtp_tls_security_level">lmtp_tls_security_level</a> instead. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -5804,6 +5807,9 @@ configuration parameter. See there for details. </p>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> configuration
parameter. See there for details. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#lmtp_tls_policy_maps">lmtp_tls_policy_maps</a> instead. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -5936,6 +5942,9 @@ parameter. See there for details. </p>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> configuration
parameter. See there for details. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#lmtp_tls_security_level">lmtp_tls_security_level</a> instead. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -15841,6 +15850,9 @@ server. This option is therefore off by default. </p>
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
@ -19298,6 +19310,9 @@ but do not require that clients use TLS encryption. </p>
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
@ -20722,6 +20737,9 @@ to configure tlsproxy client keys and certificates is via the
See <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> for further details. Use
<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
@ -20793,6 +20811,9 @@ value. </p>
usage policy by next-hop destination and by remote TLS server
hostname. See <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> for further details. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> instead. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
@ -20854,6 +20875,9 @@ was previously called <a href="postconf.5.html#tlsproxy_client_level">tlsproxy_c
support. See <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> for further details. Use
<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
@ -20866,6 +20890,9 @@ support. See <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> for further
require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> for
further details. Use <a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
@ -20998,6 +21025,8 @@ private DSA key. DSA is obsolete and should not be used. See
should use with non-export EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
for further details. </p>
<p> This feature is deprecated as of Postfix 3.9. Do not specify. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
@ -21070,6 +21099,8 @@ the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files
elliptic-curve Diffie-Hellman (EECDH) key exchange. See
<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> for further details. </p>
<p> This feature is deprecated as of Postfix 3.9. Do not specify. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
@ -21234,6 +21265,9 @@ shared by all three services, namely <a href="postconf.5.html#smtpd_tls_session_
but do not require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>
for further details. Use <a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
<a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p>
<p> This feature is available in Postfix 2.8 and later. </p>

12
postfix/man/man1/postconf.1
View File

@ -12,7 +12,7 @@ Postfix configuration utility
.ti -4
\fBManaging main.cf:\fR
\fBpostconf\fR [\fB\-dfhHnopvx\fR] [\fB\-c \fIconfig_dir\fR]
\fBpostconf\fR [\fB\-dfhHnopqvx\fR] [\fB\-c \fIconfig_dir\fR]
[\fB\-C \fIclass,...\fR] [\fIparameter ...\fR]
\fBpostconf\fR [\fB\-epv\fR] [\fB\-c \fIconfig_dir\fR]
@ -27,7 +27,7 @@ Postfix configuration utility
.ti -4
\fBManaging master.cf service entries:\fR
\fBpostconf\fR \fB\-M\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR]
\fBpostconf\fR \fB\-M\fR [\fB\-foqvx\fR] [\fB\-c \fIconfig_dir\fR]
[\fIservice\fR[\fB/\fItype\fR]\fI ...\fR]
\fBpostconf\fR \fB\-M\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR]
@ -42,7 +42,7 @@ Postfix configuration utility
.ti -4
\fBManaging master.cf service fields:\fR
\fBpostconf\fR \fB\-F\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR]
\fBpostconf\fR \fB\-F\fR [\fB\-fhHoqvx\fR] [\fB\-c \fIconfig_dir\fR]
[\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR]
\fBpostconf\fR \fB\-F\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR]
@ -51,7 +51,7 @@ Postfix configuration utility
.ti -4
\fBManaging master.cf service parameters:\fR
\fBpostconf\fR \fB\-P\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR]
\fBpostconf\fR \fB\-P\fR [\fB\-fhHoqvx\fR] [\fB\-c \fIconfig_dir\fR]
[\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR]
\fBpostconf\fR \fB\-P\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR]
@ -463,6 +463,10 @@ service type fields that are omitted will be handled as "*"
wildcard fields.
This feature is available with Postfix 2.11 and later.
.IP \fB\-q\fR
Do not log warnings for deprecated or unused parameters.
This feature is available with Postfix 3.9 and later.
.IP "\fB\-t\fR [\fItemplate_file\fR]"
Display the templates for text that appears at the beginning
of delivery status notification (DSN) messages, without

34
postfix/man/man5/postconf.5
View File

@ -3144,6 +3144,9 @@ This feature is available in Postfix 2.11 and later.
The LMTP\-specific version of the smtp_enforce_tls configuration
parameter. See there for details.
.PP
This feature is deprecated as of Postfix 3.9. Specify
lmtp_tls_security_level instead.
.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_fallback_relay (default: empty)
Optional list of relay hosts for LMTP destinations that can't be
@ -3555,6 +3558,9 @@ This feature is available in Postfix 2.3 and later.
The LMTP\-specific version of the smtp_tls_per_site configuration
parameter. See there for details.
.PP
This feature is deprecated as of Postfix 3.9. Specify
lmtp_tls_policy_maps instead.
.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_tls_policy_maps (default: empty)
The LMTP\-specific version of the smtp_tls_policy_maps
@ -3615,6 +3621,9 @@ This feature is available in Postfix 3.0 and later.
The LMTP\-specific version of the smtp_use_tls configuration
parameter. See there for details.
.PP
This feature is deprecated as of Postfix 3.9. Specify
lmtp_tls_security_level instead.
.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_xforward_timeout (default: 300s)
The Postfix LMTP client time limit for sending the XFORWARD command,
@ -10960,6 +10969,9 @@ Note 2: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior.
.PP
This feature is deprecated as of Postfix 3.9. Specify
smtpd_tls_security_level instead.
.PP
This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead.
.SH smtpd_error_sleep_time (default: 1s)
@ -13802,6 +13814,9 @@ Note: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior.
.PP
This feature is deprecated as of Postfix 3.9. Specify
smtpd_tls_security_level instead.
.PP
This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead.
.SH smtputf8_autodetect_classes (default: sendmail, verify)
@ -14875,6 +14890,9 @@ Enforcement mode: require that SMTP servers use TLS encryption.
See smtp_enforce_tls for further details. Use
tlsproxy_client_security_level instead.
.PP
This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_client_security_level instead.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_fingerprint_digest (default: $smtp_tls_fingerprint_digest)
The message digest algorithm used to construct remote TLS server
@ -14910,6 +14928,9 @@ Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
usage policy by next\-hop destination and by remote TLS server
hostname. See smtp_tls_per_site for further details.
.PP
This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_client_policy_maps instead.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_policy (default: $smtp_tls_policy_maps)
Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
@ -14941,12 +14962,18 @@ Opportunistic mode: use TLS when a remote server announces TLS
support. See smtp_use_tls for further details. Use
tlsproxy_client_security_level instead.
.PP
This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_client_security_level instead.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_enforce_tls (default: $smtpd_enforce_tls)
Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
require that clients use TLS encryption. See smtpd_enforce_tls for
further details. Use tlsproxy_tls_security_level instead.
.PP
This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_tls_security_level instead.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_service_name (default: tlsproxy)
The name of the \fBtlsproxy\fR(8) service entry in master.cf. This
@ -15013,6 +15040,8 @@ File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
should use with non\-export EDH ciphers. See smtpd_tls_dh1024_param_file
for further details.
.PP
This feature is deprecated as of Postfix 3.9. Do not specify.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_dh512_param_file (default: $smtpd_tls_dh512_param_file)
File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
@ -15055,6 +15084,8 @@ The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral
elliptic\-curve Diffie\-Hellman (EECDH) key exchange. See
smtpd_tls_eecdh_grade for further details.
.PP
This feature is deprecated as of Postfix 3.9. Do not specify.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_enable_rpk (default: $smtpd_tls_enable_rpk)
Request that remote SMTP clients send an RFC7250 raw public key
@ -15140,6 +15171,9 @@ Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. See smtpd_use_tls
for further details. Use tlsproxy_tls_security_level instead.
.PP
This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_tls_security_level instead.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_watchdog_timeout (default: 10s)
How much time a \fBtlsproxy\fR(8) process may take to process local

8
postfix/postfix-install
View File

@ -193,6 +193,10 @@
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# Wietse Venema
# porcupine.org
# Amawalk, NY 10501, USA
#--
# Initialize.
@ -521,7 +525,7 @@ test -f $CONFIG_DIRECTORY/main.cf && {
case "$junk" in
"") eval unset $name;;
esac
eval : \${$name=\`bin/postconf -c $CONFIG_DIRECTORY -hx $name\`} ||
eval : \${$name=\`bin/postconf -qc $CONFIG_DIRECTORY -hx $name\`} ||
exit 1
done
}
@ -862,7 +866,7 @@ do
esac
done
bin/postconf -c $CONFIG_DIRECTORY -e \
bin/postconf -qc $CONFIG_DIRECTORY -e \
"daemon_directory = $daemon_directory" \
"data_directory = $data_directory" \
"command_directory = $command_directory" \

34
postfix/proto/postconf.proto
View File

@ -9833,6 +9833,9 @@ but do not require that clients use TLS encryption. </p>
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
smtpd_tls_security_level instead. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
@ -9849,6 +9852,9 @@ server. This option is therefore off by default. </p>
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
smtpd_tls_security_level instead. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
@ -10989,6 +10995,9 @@ configuration parameter. See there for details. </p>
<p> The LMTP-specific version of the smtp_tls_per_site configuration
parameter. See there for details. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
lmtp_tls_policy_maps instead. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM lmtp_generic_maps
@ -11094,6 +11103,9 @@ configuration parameter. See there for details. </p>
<p> The LMTP-specific version of the smtp_use_tls configuration
parameter. See there for details. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
lmtp_tls_security_level instead. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM lmtp_enforce_tls no
@ -11101,6 +11113,9 @@ parameter. See there for details. </p>
<p> The LMTP-specific version of the smtp_enforce_tls configuration
parameter. See there for details. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
lmtp_tls_security_level instead. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM lmtp_tls_security_level
@ -15731,6 +15746,9 @@ for details. </p>
require that clients use TLS encryption. See smtpd_enforce_tls for
further details. Use tlsproxy_tls_security_level instead. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_tls_security_level instead. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM tlsproxy_tls_CAfile $smtpd_tls_CAfile
@ -15805,6 +15823,8 @@ smtpd_tls_dcert_file for further details. </p>
should use with non-export EDH ciphers. See smtpd_tls_dh1024_param_file
for further details. </p>
<p> This feature is deprecated as of Postfix 3.9. Do not specify. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM tlsproxy_tls_dh512_param_file $smtpd_tls_dh512_param_file
@ -15857,6 +15877,8 @@ the "tlsproxy_tls_chain_files" parameter. </p>
elliptic-curve Diffie-Hellman (EECDH) key exchange. See
smtpd_tls_eecdh_grade for further details. </p>
<p> This feature is deprecated as of Postfix 3.9. Do not specify. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM tlsproxy_tls_exclude_ciphers $smtpd_tls_exclude_ciphers
@ -15961,6 +15983,9 @@ shared by all three services, namely smtpd_tls_session_cache_timeout. </p>
but do not require that clients use TLS encryption. See smtpd_use_tls
for further details. Use tlsproxy_tls_security_level instead. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_tls_security_level instead. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM smtpd_reject_footer
@ -17764,6 +17789,9 @@ was previously called tlsproxy_client_level. </p>
usage policy by next-hop destination and by remote TLS server
hostname. See smtp_tls_per_site for further details. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_client_policy_maps instead. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM tlsproxy_client_policy $smtp_tls_policy_maps
@ -17790,6 +17818,9 @@ was previously called tlsproxy_client_policy. </p>
support. See smtp_use_tls for further details. Use
tlsproxy_client_security_level instead. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_client_security_level instead. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM tlsproxy_client_enforce_tls $smtp_enforce_tls
@ -17798,6 +17829,9 @@ tlsproxy_client_security_level instead. </p>
See smtp_enforce_tls for further details. Use
tlsproxy_client_security_level instead. </p>
<p> This feature is deprecated as of Postfix 3.9. Specify
tlsproxy_client_security_level instead. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM smtpd_tls_chain_files

7
postfix/proto/stop.double-history
View File

@ -108,4 +108,11 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
postlogd postlogd c
qmgr qmgr c qmqpd qmqpd c trivial rewrite trivial rewrite c
strategies File smtp smtp c
postconf postconf c postconf postconf_dbms c postconf postconf h
postconf postconf c postconf postconf_unused c
postfix start start fg check reload status Files
Files postconf postconf c postconf postconf_unused c
the commands postfix start start fg check reload or
status Files postconf postconf c postconf postconf_dbms c
postconf postconf h conf postfix script conf post install
postconf postconf c postconf postconf_dbms c

4
postfix/proto/stop.spell-cc
View File

@ -1835,3 +1835,7 @@ Dextrous
Mongo
SUD
qtype
depr
dfhHnopqvx
fhHoqvx
foqvx

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20240216"
#define MAIL_RELEASE_DATE "20240218"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT

23
postfix/src/postconf/Makefile.in
View File

@ -56,7 +56,7 @@ tests: test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 \
test42 test43 test44 test45 test46 test47 test48 test49 test50 test51 \
test52 test53 test54 test55 test56 test57 test58 test59 test60 test61 \
test62 test63 test64 test65 test66 test67 test68 test69 test70 test71 \
test72 test73 test74 test75
test72 test73 test74 test75 test76
root_tests:
@ -1044,6 +1044,27 @@ test75: $(PROG) test75.ref
diff test75.ref test75.tmp
rm -f main.cf master.cf test75.tmp
# Warn about unused, deprecated, or deleted parameters.
test76: $(PROG) test76.ref
rm -f main.cf master.cf
touch main.cf master.cf
$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -c. \
config_directory=. \
deleted-test-only=whatever \
disable_dns_lookups=no \
lmtp_use_tls=no \
smtpd_tls_dh1024_param_file=auto >test76.tmp 2>&1
touch -t 197601010000 main.cf
echo foo unix - n n - 0 other >> master.cf
echo ' -o alias_maps=foo' >> master.cf
echo ' -o smtp_enforce_tls=yes' >> master.cf
touch -t 197601010000 master.cf
$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -nc. >>test76.tmp 2>&1
diff test76.ref test76.tmp
$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -qnc. >/dev/null 2>test76.tmp
diff /dev/null test76.tmp
rm -f main.cf master.cf test76.tmp
printfck: $(OBJS) $(PROG)
rm -rf printfck
mkdir printfck

35
postfix/src/postconf/postconf.c
View File

@ -8,7 +8,7 @@
/* .ti -4
/* \fBManaging main.cf:\fR
/*
/* \fBpostconf\fR [\fB-dfhHnopvx\fR] [\fB-c \fIconfig_dir\fR]
/* \fBpostconf\fR [\fB-dfhHnopqvx\fR] [\fB-c \fIconfig_dir\fR]
/* [\fB-C \fIclass,...\fR] [\fIparameter ...\fR]
/*
/* \fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconfig_dir\fR]
@ -23,7 +23,7 @@
/* .ti -4
/* \fBManaging master.cf service entries:\fR
/*
/* \fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
/* \fBpostconf\fR \fB-M\fR [\fB-foqvx\fR] [\fB-c \fIconfig_dir\fR]
/* [\fIservice\fR[\fB/\fItype\fR]\fI ...\fR]
/*
/* \fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
@ -38,7 +38,7 @@
/* .ti -4
/* \fBManaging master.cf service fields:\fR
/*
/* \fBpostconf\fR \fB-F\fR [\fB-fhHovx\fR] [\fB-c \fIconfig_dir\fR]
/* \fBpostconf\fR \fB-F\fR [\fB-fhHoqvx\fR] [\fB-c \fIconfig_dir\fR]
/* [\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR]
/*
/* \fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
@ -47,7 +47,7 @@
/* .ti -4
/* \fBManaging master.cf service parameters:\fR
/*
/* \fBpostconf\fR \fB-P\fR [\fB-fhHovx\fR] [\fB-c \fIconfig_dir\fR]
/* \fBpostconf\fR \fB-P\fR [\fB-fhHoqvx\fR] [\fB-c \fIconfig_dir\fR]
/* [\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR]
/*
/* \fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
@ -457,6 +457,10 @@
/* wildcard fields.
/*
/* This feature is available with Postfix 2.11 and later.
/* .IP \fB-q\fR
/* Do not log warnings for deprecated or unused parameters.
/*
/* This feature is available with Postfix 3.9 and later.
/* .IP "\fB-t\fR [\fItemplate_file\fR]"
/* Display the templates for text that appears at the beginning
/* of delivery status notification (DSN) messages, without
@ -784,6 +788,8 @@ static void pcf_check_compat_options(int optval)
const int (*op)[2];
int excess;
optval &= ~PCF_DEF_MODE;
for (op = pcf_compat_options; op[0][0] != 0; op++) {
if ((optval & *op[0]) != 0
&& (excess = (optval & ~((*op)[0] | (*op)[1]))) != 0)
@ -849,7 +855,7 @@ int main(int argc, char **argv)
/*
* Parse JCL.
*/
while ((ch = GETOPT(argc, argv, "aAbc:C:deEfFhHlmMno:pPtT:vxX#")) > 0) {
while ((ch = GETOPT(argc, argv, "aAbc:C:deEfFhHlmMno:pPqtT:vxX#")) > 0) {
switch (ch) {
case 'a':
pcf_cmd_mode |= PCF_SHOW_SASL_SERV;
@ -917,6 +923,9 @@ int main(int argc, char **argv)
case 'P':
pcf_cmd_mode |= PCF_MASTER_PARAM;
break;
case 'q':
pcf_cmd_mode &= ~(PCF_WARN_UNUSED_DEPRECATED);
break;
case 't':
pcf_cmd_mode |= PCF_DUMP_DSN_TEMPL;
if (ext_argv)
@ -1033,7 +1042,7 @@ int main(int argc, char **argv)
pcf_set_parameters(override_params->argv);
pcf_register_builtin_parameters(basename(argv[0]), getpid());
pcf_register_service_parameters();
pcf_register_user_parameters();
pcf_register_user_parameters(pcf_cmd_mode);
if (pcf_cmd_mode & PCF_MASTER_FLD)
pcf_show_master_fields(VSTREAM_OUT, pcf_cmd_mode, argc - optind,
argv + optind);
@ -1043,7 +1052,8 @@ int main(int argc, char **argv)
else
pcf_show_master_entries(VSTREAM_OUT, pcf_cmd_mode, argc - optind,
argv + optind);
pcf_flag_unused_master_parameters();
if (pcf_cmd_mode & PCF_WARN_UNUSED_DEPRECATED)
pcf_flag_unused_master_parameters();
}
/*
@ -1095,7 +1105,7 @@ int main(int argc, char **argv)
pcf_read_master(PCF_WARN_ON_OPEN_ERROR);
pcf_register_service_parameters();
if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0)
pcf_register_user_parameters();
pcf_register_user_parameters(pcf_cmd_mode);
/*
* Show the requested values.
@ -1104,11 +1114,12 @@ int main(int argc, char **argv)
argv + optind);
/*
* Flag unused parameters. This makes no sense with "postconf -d",
* because that ignores all the user-specified parameters and
* user-specified macro expansions in main.cf.
* Flag unused or deprecated parameters. This makes no sense with
* "postconf -d", because that ignores all the user-specified
* parameters and user-specified macro expansions in main.cf.
*/
if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0) {
if ((pcf_cmd_mode & PCF_SHOW_DEFS) == 0
&& (pcf_cmd_mode & PCF_WARN_UNUSED_DEPRECATED) != 0) {
pcf_flag_unused_main_parameters();
pcf_flag_unused_master_parameters();
}

7
postfix/src/postconf/postconf.h
View File

@ -46,8 +46,9 @@
#define PCF_MASTER_PARAM (1<<19) /* manage master.cf -o name=value */
#define PCF_HIDE_VALUE (1<<20) /* hide main.cf/master.cf =value */
#define PCF_SHOW_TLS (1<<21) /* TLS support introspection */
#define PCF_WARN_UNUSED_DEPRECATED (1<<22) /* As the name says */
#define PCF_DEF_MODE 0
#define PCF_DEF_MODE (PCF_WARN_UNUSED_DEPRECATED)
/*
* Structure for one "valid parameter" (built-in, service-defined or valid
@ -274,12 +275,12 @@ typedef struct {
/*
* postconf_user.c.
*/
extern void pcf_register_user_parameters(void);
extern void pcf_register_user_parameters(int);
/*
* postconf_dbms.c
*/
extern void pcf_register_dbms_parameters(const char *,
extern void pcf_register_dbms_parameters(int, const char *,
const char *(*) (const char *, int, PCF_MASTER_ENT *),
PCF_MASTER_ENT *);

40
postfix/src/postconf/postconf_dbms.c
View File

@ -6,8 +6,9 @@
/* SYNOPSIS
/* #include <postconf.h>
/*
/* void pcf_register_dbms_parameters(param_value, flag_parameter,
/* void pcf_register_dbms_parameters(mode, param_value, flag_parameter,
/* local_scope)
/* int mode;
/* const char *param_value;
/* const char *(flag_parameter) (const char *, int, PCF_MASTER_ENT *);
/* PCF_MASTER_ENT *local_scope;
@ -17,6 +18,9 @@
/* the database name to a database-defined suffix.
/*
/* Arguments:
/* .IP mode
/* If PCF_WARN_UNUSED_DEPRECATED is set, warn about unused
/* database settings.
/* .IP param_value
/* A parameter value to be searched for "type:table" strings.
/* When a database type is found that supports legacy-style
@ -172,7 +176,8 @@ static const PCF_DBMS_INFO pcf_dbms_info[] = {
/* pcf_check_dbms_client - look for unused names in client configuration */
static void pcf_check_dbms_client(const PCF_DBMS_INFO *dp, const char *cf_file)
static void pcf_check_dbms_client(int mode, const PCF_DBMS_INFO *dp,
const char *cf_file)
{
DICT *dict;
VSTREAM *fp;
@ -226,19 +231,21 @@ static void pcf_check_dbms_client(const PCF_DBMS_INFO *dp, const char *cf_file)
* code, because a database client parameter namespace is unlike the
* parameter namespaces in main.cf or master.cf.
*/
for (cpp = dp->db_suffixes; *cpp; cpp++)
(void) dict_del(dict, *cpp);
for (dir = DICT_SEQ_FUN_FIRST;
dict->sequence(dict, dir, &name, &value) == DICT_STAT_SUCCESS;
dir = DICT_SEQ_FUN_NEXT)
msg_warn("%s: unused parameter: %s=%s", dict_spec, name, value);
if (mode & PCF_WARN_UNUSED_DEPRECATED) {
for (cpp = dp->db_suffixes; *cpp; cpp++)
(void) dict_del(dict, *cpp);
for (dir = DICT_SEQ_FUN_FIRST;
dict->sequence(dict, dir, &name, &value) == DICT_STAT_SUCCESS;
dir = DICT_SEQ_FUN_NEXT)
msg_warn("%s: unused parameter: %s=%s", dict_spec, name, value);
}
}
myfree(dict_spec);
}
/* pcf_register_dbms_helper - parse one possible database type:name */
static void pcf_register_dbms_helper(char *str_value,
static void pcf_register_dbms_helper(int mode, char *str_value,
const char *(flag_parameter) (const char *, int, PCF_MASTER_ENT *),
PCF_MASTER_ENT *local_scope,
int recurse)
@ -267,8 +274,8 @@ static void pcf_register_dbms_helper(char *str_value,
myfree(err);
}
if (recurse)
pcf_register_dbms_helper(db_type, flag_parameter, local_scope,
recurse);
pcf_register_dbms_helper(mode, db_type, flag_parameter,
local_scope, recurse);
continue;
}
@ -296,7 +303,7 @@ static void pcf_register_dbms_helper(char *str_value,
for (dp = pcf_dbms_info; dp->db_type != 0; dp++) {
if (strcmp(db_type, dp->db_type) == 0) {
if (dp->db_class == PCF_DBMS_CLASS_CLIENT)
pcf_check_dbms_client(dp, prefix);
pcf_check_dbms_client(mode, dp, prefix);
break;
}
}
@ -330,8 +337,8 @@ static void pcf_register_dbms_helper(char *str_value,
break;
}
}
pcf_register_dbms_helper(prefix, flag_parameter, local_scope,
next_recurse);
pcf_register_dbms_helper(mode, prefix, flag_parameter,
local_scope, next_recurse);
continue;
} else {
for (dp = pcf_dbms_info; dp->db_type != 0; dp++) {
@ -356,7 +363,7 @@ static void pcf_register_dbms_helper(char *str_value,
/* pcf_register_dbms_parameters - look for database_type:prefix_name */
void pcf_register_dbms_parameters(const char *param_value,
void pcf_register_dbms_parameters(int mode, const char *param_value,
const char *(flag_parameter) (const char *, int, PCF_MASTER_ENT *),
PCF_MASTER_ENT *local_scope)
{
@ -372,7 +379,8 @@ void pcf_register_dbms_parameters(const char *param_value,
buffer = vstring_alloc(100);
bufp = pcf_expand_parameter_value(buffer, PCF_SHOW_EVAL, param_value,
local_scope);
pcf_register_dbms_helper(bufp, flag_parameter, local_scope, PCF_DBMS_RECURSE);
pcf_register_dbms_helper(mode, bufp, flag_parameter, local_scope,
PCF_DBMS_RECURSE);
}
#endif

114
postfix/src/postconf/postconf_unused.c
View File

@ -2,7 +2,7 @@
/* NAME
/* postconf_unused 3
/* SUMMARY
/* report unused parameters
/* report unused or deprecated parameters
/* SYNOPSIS
/* #include <postconf.h>
/*
@ -15,11 +15,11 @@
/* In other words, don't call these functions with "postconf
/* -d" which ignores user-defined main.cf settings.
/*
/* pcf_flag_unused_main_parameters() reports unused "name=value"
/* entries in main.cf.
/* pcf_flag_unused_main_parameters() reports unused or deprecated
/* "name=value" entries in main.cf.
/*
/* pcf_flag_unused_master_parameters() reports unused "-o
/* name=value" entries in master.cf.
/* pcf_flag_unused_master_parameters() reports unused or
/* deprecated "-o name=value" entries in master.cf.
/* DIAGNOSTICS
/* Problems are reported to the standard error stream.
/* LICENSE
@ -31,6 +31,10 @@
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* porcupine.org
/* Amawalk, NY 10501, USA
/*--*/
/* System library. */
@ -52,12 +56,66 @@
#include <postconf.h>
/*
* Deprecated parameter names and suggested alternatives. If we keep deleted
* parameter names in the table, a warning can still suggest alternatives.
* The downside of keeping deleted names in the table is that we may falsely
* warn about a user-defined parameter whose name matches that of a deleted
* parameter.
*/
typedef struct {
char *name;
char *alternative;
} PCF_DEPR_PARAM_INFO;
static const PCF_DEPR_PARAM_INFO pcf_depr_param_info[] = {
/*
* Parameters with deprecation warnings as of Postfix 3.9. The
* disable_dns_lookups parameter was documented as deprecated since
* Postfix 2.11 but nothing was logged.
*/
"disable_dns_lookups", "specify smtp_dns_support_level",
"lmtp_use_tls", "specify lmtp_tls_security_level",
"postscreen_use_tls", "specify postscreen_tls_security_level",
"smtp_use_tls", "specify smtp_tls_security_level",
"smtpd_use_tls", "specify smtpd_tls_security_level",
"tlsproxy_client_use_tls", "specify tlsproxy_client_security_level",
"tlsproxy_use_tls", "specify tlsproxy_tls_security_level",
"lmtp_enforce_tls", "lmtp_tls_security_level",
"postscreen_enforce_tls", "specify postscreen_tls_security_level",
"smtp_enforce_tls", "specify smtp_tls_security_level",
"smtpd_enforce_tls", "specify smtpd_tls_security_level",
"tlsproxy_client_enforce_tls", "specify tlsproxy_client_security_level",
"tlsproxy_enforce_tls", "specify tlsproxy_tls_security_level",
"lmtp_tls_per_site", "specify lmtp_tls_policy_maps",
"smtp_tls_per_site", "specify smtp_tls_policy_maps",
"tlsproxy_client_per_site", "specify tlsproxy_client_policy_maps",
"smtpd_tls_dh1024_param_file", "do not specify (leave at default)",
"smtpd_tls_eecdh_grade", "do not specify (leave at default)",
"deleted-test-only", "do not specify", /* For testing */
0,
};
static HTABLE *pcf_depr_param_table;
/* pcf_init_depr_params - initialize lookup table */
static void pcf_init_depr_params(void)
{
const PCF_DEPR_PARAM_INFO *dp;
pcf_depr_param_table = htable_create(30);
for (dp = pcf_depr_param_info; dp->name; dp++)
(void) htable_enter(pcf_depr_param_table, dp->name, (void *) dp);
}
/* pcf_flag_unused_parameters - warn about unused parameters */
static void pcf_flag_unused_parameters(DICT *dict, const char *conf_name,
PCF_MASTER_ENT *local_scope)
{
const char *myname = "pcf_flag_unused_parameters";
const PCF_DEPR_PARAM_INFO *dp;
const char *param_name;
const char *param_value;
int how;
@ -67,23 +125,55 @@ static void pcf_flag_unused_parameters(DICT *dict, const char *conf_name,
*/
if (pcf_param_table == 0)
msg_panic("%s: global parameter table is not initialized", myname);
/*
* Iterate over all entries, and flag parameter names that aren't used
* anywhere. Show the warning message at the end of the output.
*/
if (dict->sequence == 0)
msg_panic("%s: parameter dictionary %s has no iterator",
myname, conf_name);
/*
* One-time initialization.
*/
if (pcf_depr_param_table == 0)
pcf_init_depr_params();
/*
* Iterate over all entries, and flag parameter names that aren't used
* anywhere, or that are deprecated. Show the warning message(s) after
* the end of the stdout output.
*/
for (how = DICT_SEQ_FUN_FIRST;
dict->sequence(dict, how, &param_name, &param_value) == 0;
how = DICT_SEQ_FUN_NEXT) {
/*
* Flag a parameter that is not used (deleted name, or incorrect
* name).
*/
if (PCF_PARAM_TABLE_LOCATE(pcf_param_table, param_name) == 0
&& (local_scope == 0
|| PCF_PARAM_TABLE_LOCATE(local_scope->valid_names, param_name) == 0)) {
vstream_fflush(VSTREAM_OUT);
msg_warn("%s/%s: unused parameter: %s=%s",
var_config_dir, conf_name, param_name, param_value);
if ((dp = (const PCF_DEPR_PARAM_INFO *)
htable_find(pcf_depr_param_table, param_name)) != 0) {
msg_warn("%s/%s: support for parameter %s has been removed;"
" instead, %s", var_config_dir, conf_name,
param_name, dp->alternative);
} else {
msg_warn("%s/%s: unused parameter: %s=%s",
var_config_dir, conf_name, param_name, param_value);
}
}
/*
* Flag a parameter that is used but deprecated. Note that this may
* falsely complain about a user-defined parameter whose name matches
* that of a deleted parameter.
*/
else if ((dp = (const PCF_DEPR_PARAM_INFO *)
htable_find(pcf_depr_param_table, param_name)) != 0) {
vstream_fflush(VSTREAM_OUT);
msg_warn("%s/%s: support for parameter %s will be removed;"
" instead, %s", var_config_dir, conf_name,
param_name, dp->alternative);
}
}
}

16
postfix/src/postconf/postconf_user.c
View File

@ -6,7 +6,7 @@
/* SYNOPSIS
/* #include <postconf.h>
/*
/* void pcf_register_user_parameters()
/* void pcf_register_user_parameters(int mode)
/* DESCRIPTION
/* Postfix has multiple parameter name spaces: the global
/* main.cf parameter name space, and the local parameter name
@ -40,6 +40,10 @@
/* to instantiate legacy per-dbms parameters, and to examine
/* per-dbms configuration files. This is limited to the content
/* of global and local, built-in and per-service, parameters.
/*
/* Arguments:
/* .IP mode
/* Passed on to pcf_register_dbms_parameters().
/* DIAGNOSTICS
/* Problems are reported to the standard error stream.
/* LICENSE
@ -224,7 +228,7 @@ static const char *pcf_lookup_eval(const char *dict_name, const char *name)
/* pcf_scan_user_parameter_namespace - scan parameters in name space */
static void pcf_scan_user_parameter_namespace(const char *dict_name,
static void pcf_scan_user_parameter_namespace(int mode, const char *dict_name,
PCF_MASTER_ENT *local_scope)
{
const char *myname = "pcf_scan_user_parameter_namespace";
@ -308,7 +312,7 @@ static void pcf_scan_user_parameter_namespace(const char *dict_name,
*/
if (node != 0
&& (PCF_BUILTIN_PARAMETER(node) || PCF_SERVICE_PARAMETER(node)))
pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter,
pcf_register_dbms_parameters(mode, cparam_value, pcf_flag_user_parameter,
local_scope);
#endif
}
@ -345,7 +349,7 @@ static void pcf_scan_default_parameter_values(HTABLE *valid_params,
/* pcf_register_user_parameters - add parameters with user-defined names */
void pcf_register_user_parameters(void)
void pcf_register_user_parameters(int mode)
{
const char *myname = "pcf_register_user_parameters";
PCF_MASTER_ENT *masterp;
@ -403,7 +407,7 @@ void pcf_register_user_parameters(void)
*/
for (masterp = pcf_master_table; masterp->argv != 0; masterp++)
if (masterp->all_params != 0)
pcf_scan_user_parameter_namespace(masterp->name_space, masterp);
pcf_scan_user_parameter_namespace(mode, masterp->name_space, masterp);
/*
* Scan parameter values that are left at their defaults in the global
@ -418,5 +422,5 @@ void pcf_register_user_parameters(void)
/*
* Scan the explicit name=value entries in the global name space.
*/
pcf_scan_user_parameter_namespace(CONFIG_DICT, (PCF_MASTER_ENT *) 0);
pcf_scan_user_parameter_namespace(mode, CONFIG_DICT, (PCF_MASTER_ENT *) 0);
}

18
postfix/src/smtpd/smtpd_check.c
View File

@ -1672,6 +1672,9 @@ static int check_relay_domains(SMTPD_STATE *state, char *recipient,
{
const char *myname = "check_relay_domains";
/*
* Restriction check_relay_domains is deprecated as of Postfix 2.2.
*/
#if 1
static int once;
@ -2015,10 +2018,21 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
DNS_RR *middle;
DNS_RR *rest;
int dns_status;
static int once;
if (msg_verbose)
msg_info("%s: %s", myname, recipient);
/*
* Restriction permit_mx_backup is deprecated as of Postfix 3.9.
*/
if (once == 0) {
once = 1;
msg_warn("support for restriction \"%s\" will be removed from %s; "
"instead, use \"%s\"",
PERMIT_MX_BACKUP, var_mail_name, VAR_RELAY_DOMAINS);
}
/*
* Resolve the address.
*/
@ -3913,6 +3927,9 @@ static int reject_maps_rbl(SMTPD_STATE *state)
if (msg_verbose)
msg_info("%s: %s", myname, state->addr);
/*
* Restriction reject_maps_rbl is deprecated as of Postfix 2.1.
*/
if (warned == 0) {
warned++;
msg_warn("support for restriction \"%s\" will be removed from %s; "
@ -4509,6 +4526,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
state->helo_name, SMTPD_NAME_HELO);
}
} else if (strcasecmp(name, PERMIT_NAKED_IP_ADDR) == 0) {
/* permit_naked_ip_addr is deprecated as of Postfix 2.0. */
msg_warn("restriction %s is deprecated. Use %s or %s instead",
PERMIT_NAKED_IP_ADDR, PERMIT_MYNETWORKS, PERMIT_SASL_AUTH);
if (state->helo_name) {