diff --git a/postfix/HISTORY b/postfix/HISTORY index d2b4339be..c22ea59cf 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -6632,8 +6632,79 @@ Apologies for any names omitted. experienced by Pavol Luptak. Files: pickup/pickup.c, cleanup/cleanup_extracted.c. +20020705 + + Safety: log a warning when a domain is listed in mydestination + and (virtual_maps or virtual_mailbox_maps). This configuration + error causes the Postfix SMTP server to reject recipients + when the local_recipient_maps feature is enabled. File: + smtpd/smtpd_check.c. + +200207011 + + Portability: in the master daemon, the default now is to + enable the signal handler code that writes a byte into a + pipe, instead of the signal handler code that sets a global + flag and hopes that select() will somehow wake up. File: + master/master_sig.c. This is needed for some IRIX and + UnixWare versions, but it should also produce a robust + result on all other supported systems. + + Performance: the default SMTP connection establishment + timeout is now 30 seconds, instead of the system default + which can be atrociously large. + +20020712 + + When DNS lookup fails while delivering mail, report not + only the domain name but also the DNS record type. This + should clue in people who ask why Postfix can't find a + domain while nslookup can. File: dns/dns_lookup.c. + +20020713 + + Bugfix: undo change made at 20020610 that causes the trivial + resolver client to loop when an address consists entirely + of @ and . characters. File: trivial-rewrite/resolve.c. + + Cleanup: Postfix no longer strips multiple '.' at the end + of a domain name. One '.' is silently tolerated. Files: + trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c, + global/resolve_local.c. This policy is too distributed. + +20020715 + + Feature: @domain.tld catch-all map entries for the virtual + mail delivery agent. Files: global/virtual8_maps_find.c, + virtual/mailbox.c, smtpd/smtpd_check.c. + + Feature: the virtual mail delivery agent now accepts address + extensions (user+foo@domain.tld), ignores them when looking + up users in its tables, but displays them in Delivered-To: + message headers. File: global/virtual8_maps_find.c. + +20020716 + + Feature: domain names in a masquerade_domains list can now + be prefixed with !, in order to disable masquerading for + that domain name and for its subdomains. File: + cleanup/cleanup_masquerade.c. + +20020717 + + Bugfix: Mac OS X niscript (Netinfo) update by Gerben Wierda. + File: auxiliary/MacOSX/niscript. + + Feature: The SMTP server reject_unknown_whatever restrictions + now also attempt to look up AAAA (IPV6 address) records. + Jun-ichiro itojun Hagino, IIJ labs. Files: smtpd/smtpd_check.c, + dns/dns_lookup.c. + Open problems: + Medium: should permit_mx_backup defer delivery if DNS + has some error of some kind? + Medium: old maildrop files are no longer readable by the pickup service. Log a message that suggests a fix. diff --git a/postfix/INSTALL b/postfix/INSTALL index 05f45601f..b495c125a 100644 --- a/postfix/INSTALL +++ b/postfix/INSTALL @@ -162,7 +162,7 @@ In any case, if the command % make produces compiler error messages, it may be time to examine the -FAQ document (see htlm/faq.html). +FAQ document (see html/faq.html). 5 - Porting to on an unsupported system ======================================= diff --git a/postfix/README_FILES/INSTALL b/postfix/README_FILES/INSTALL index b0e551e2a..b495c125a 100644 --- a/postfix/README_FILES/INSTALL +++ b/postfix/README_FILES/INSTALL @@ -162,7 +162,7 @@ In any case, if the command % make produces compiler error messages, it may be time to examine the -FAQ document (see htlm/faq.html). +FAQ document (see html/faq.html). 5 - Porting to on an unsupported system ======================================= @@ -474,7 +474,7 @@ the Postfix queue directories (/var/spool/postfix). This provides a significant barrier against intrusion. The barrier is not impenetrable, but every little bit helps. -With the exception of the Postfix local delivery and `pipe' daemons, +With the exception of the Postfix daemons that deliver mail locally, every Postfix daemon can run chrooted. Sites with high security requirements should consider to chroot diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index de06bb28b..ee4f042ad 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -136,6 +136,9 @@ In order to authenticate against the UNIX password database, try: pwcheck_method: pwcheck The pwcheck daemon is contained in the cyrus-sasl source tarball. +IMPORTANT: postfix processes need to have group read+execute +permission for the /var/pwcheck directory, otherwise authentication +attempts will fail. Alternately, in SASL 1.5.27 and later (including 2.1.1), try: diff --git a/postfix/README_FILES/VIRTUAL_README b/postfix/README_FILES/VIRTUAL_README index 821919026..6ad5fe7bd 100644 --- a/postfix/README_FILES/VIRTUAL_README +++ b/postfix/README_FILES/VIRTUAL_README @@ -68,6 +68,11 @@ virtual_mailbox_maps directory is unconditionally prepended to this path. If the recipient is not found the mail is bounced. + In a lookup table, specify a left-hand side of @domain.tld to + match any user in the specified domain that does not have a + specific user@domain.tld entry. While searching a lookup table, + an address extension (user+foo@domain.tld) is ignored. + If a recipient is not found the mail is returned to the sender. For security reasons, regexp maps are not allowed here, because @@ -87,6 +92,11 @@ virtual_uid_maps Recipients are looked up in this map to determine the UID (owner privileges) to be used when writing to the target mailbox. + In a lookup table, specify a left-hand side of @domain.tld to + match any user in the specified domain that does not have a + specific user@domain.tld entry. While searching a lookup table, + an address extension (user+foo@domain.tld) is ignored. + For security reasons, regexp maps are not allowed here, because their $1 etc. substitutions would open a security hole. @@ -101,6 +111,11 @@ virtual_gid_maps Recipients are looked up in this map to determine the GID (group privileges) to be used when writing to the target mailbox. + In a lookup table, specify a left-hand side of @domain.tld to + match any user in the specified domain that does not have a + specific user@domain.tld entry. While searching a lookup table, + an address extension (user+foo@domain.tld) is ignored. + For security reasons, regexp maps are not allowed here, because their $1 etc. substitutions would open a security hole. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index bf097f5eb..ef0baea09 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -12,6 +12,38 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. +Incompatible changes with Postfix snapshot 1.1.11-20020717 +========================================================== + +The default timeout for establishing an SMTP connection has been +reduced to 30 seconds, because many systems have an atrociously +large default timeout value. + +The Postfix SMTP client now logs a warning when the same domain is +listed in main.cf:mydestination as well as a Postfix-style virtual +map. Such a mis-configuration may cause mail for users to be rejected +with "user unknown". + +Postfix no longer strips multiple '.' characters from the end of +an email address or domain name. Only one '.' is tolerated. + +The SMTP server reject_unknown_{sender,recipient}_domain etc. +restrictions now also attempt to look up AAAA (IPV6 address) records. + +Major changes with Postfix snapshot 1.1.11-20020717 +=================================================== + +The masquerade_domains feature now supports exceptions. Prepend +a ! character to a domain name in order to not strip its subdomain +structure. More information in conf/sample-rewrite.cf. + +The Postfix virtual delivery agent supports catch-all entries +(@domain.tld) in lookup tables. These match users that do not +have a specific user@domain.tld entry. The virtual delivery agent +now ignores address extensions (user+foo@domain.tld) when searching +its lookup tables, but displays the extensions in Delivered-To: +message headers. + Incompatible changes with Postfix snapshot 1.1.11-20020610 ========================================================== diff --git a/postfix/auxiliary/MacOSX/niscript b/postfix/auxiliary/MacOSX/niscript old mode 100755 new mode 100644 index 1c7fb888b..8031e380e --- a/postfix/auxiliary/MacOSX/niscript +++ b/postfix/auxiliary/MacOSX/niscript @@ -8,6 +8,12 @@ # system where groups and/or users have been added, this script checks # if the users/groups are there and if not creates them with free id's. +# 17 Jul 2002 GW: Fixed two bugs +# 1. Typo in createuser would always have uid 88 for postfix +# 2. Add to netinfo domain . instead of / so that it also works on systems +# where the / domain is actually network-wide (not very useful to add +# a postfix user to all systems in that netinfo domain...) + print <<_WARNING This script massages your netinfo database. This can severely break @@ -76,7 +82,7 @@ warn "\n"; sub creategroup { my $name = shift; - open( NIDUMP, "nidump group /|") or die "Cannot run nidump\n"; + open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n"; my @groups=; close( NIDUMP); @@ -91,10 +97,10 @@ sub creategroup } die "Cannot find free gid\n" if $tryno == 65536; warn "Will create $name as gid $tryno\n"; - system "niutil -create / /groups/$name"; - system "niutil -createprop / /groups/$name name $name"; - system "niutil -createprop / /groups/$name gid $tryno"; - system "niutil -createprop / /groups/$name passwd '*'"; + system "niutil -create . /groups/$name"; + system "niutil -createprop . /groups/$name name $name"; + system "niutil -createprop . /groups/$name gid $tryno"; + system "niutil -createprop . /groups/$name passwd '*'"; return $tryno; } @@ -102,12 +108,12 @@ sub addusertogroup { my $user = shift; my $group = shift; - system "niutil -appendprop / /groups/$group users $user"; + system "niutil -appendprop . /groups/$group users $user"; } sub readgroups { - open( NIDUMP, "nidump group /|") or die "Cannot run nidump\n"; + open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n"; my @groups=; close( NIDUMP); return @groups; @@ -116,7 +122,7 @@ sub readgroups sub readusers { my @passwd; - open( NIDUMP, "nidump passwd /|") or die "Cannot run nidump\n"; + open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n"; @passwd=; close( NIDUMP); return @passwd; @@ -130,8 +136,8 @@ sub createuser my $home = shift; my $gid = shift; - open( NIDUMP, "nidump passwd /|") or die "Cannot run nidump\n"; - my @passwd=; + open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n"; + my @passwds=; close( NIDUMP); my $tryno; @@ -145,14 +151,14 @@ sub createuser } die "Cannot find free uid\n" if $tryno == 65536; warn "Will create $name as uid $tryno\n"; - system "niutil -create / /users/$name"; - system "niutil -createprop / /users/$name realname $realname"; - system "niutil -createprop / /users/$name shell $shell"; - system "niutil -createprop / /users/$name uid $tryno"; - system "niutil -createprop / /users/$name gid $gid"; - system "niutil -createprop / /users/$name home $home"; - system "niutil -createprop / /users/$name _shadow_passwd"; - system "niutil -createprop / /users/$name passwd '*'"; + system "niutil -create . /users/$name"; + system "niutil -createprop . /users/$name realname $realname"; + system "niutil -createprop . /users/$name shell $shell"; + system "niutil -createprop . /users/$name uid $tryno"; + system "niutil -createprop . /users/$name gid $gid"; + system "niutil -createprop . /users/$name home $home"; + system "niutil -createprop . /users/$name _shadow_passwd"; + system "niutil -createprop . /users/$name passwd '*'"; return $tryno; } diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index 76c79866a..29416c489 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -84,6 +84,10 @@ mail_owner = postfix # a domain-wide alias database that aliases each user to # user@that.users.mailhost. # +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# #myorigin = $myhostname #myorigin = $mydomain @@ -385,8 +389,8 @@ mail_owner = postfix #fallback_transport = # The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown local recipients -# is bounced. +# for unknown recipients. By default, mail for unknown@$mydestination +# and unknown@[$inet_interfaces] is returned as undeliverable. # # The following expansions are done on luser_relay: $user (recipient # username), $shell (recipient shell), $home (recipient home directory), diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index d7ae64c33..936c60801 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -92,8 +92,9 @@ lmtp unix - - n - - lmtp # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# Cyrus 2.1.5 (Amos Gouaux) cyrus unix - n n - - pipe - user=cyrus argv=/cyrus/bin/deliver -e -r ${recipient} -m ${extension} ${user} + user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe diff --git a/postfix/conf/sample-local.cf b/postfix/conf/sample-local.cf index 5e61971bb..84f19d223 100644 --- a/postfix/conf/sample-local.cf +++ b/postfix/conf/sample-local.cf @@ -119,8 +119,8 @@ default_privs = nobody home_mailbox = # The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown local recipients -# is bounced. +# for unknown recipients. By default, mail for unknown@$mydestination +# and unknown@[$inet_interfaces] is returned as undeliverable. # # The following expansions are done on luser_relay: $user (recipient # username), $shell (recipient shell), $home (recipient home directory), diff --git a/postfix/conf/sample-rewrite.cf b/postfix/conf/sample-rewrite.cf index c4d5e1ea1..e34d99b17 100644 --- a/postfix/conf/sample-rewrite.cf +++ b/postfix/conf/sample-rewrite.cf @@ -40,8 +40,24 @@ empty_address_recipient = MAILER-DAEMON # masquerade_classes = envelope_sender, header_sender, header_recipient -# The masquerade_domains parameter gives an optional list of domains -# that must have their subdomain structure stripped off. +# The masquerade_domains parameter specifies an optional list of +# domains that must have their subdomain structure stripped off. +# +# The list is processed left to right, and processing stops at the +# first match. Thus, +# +# masquerade_domains = foo.example.com example.com +# +# strips any.thing.foo.example.com to foo.example.com, but strips +# any.thing.else.example.com to example.com. +# +# A domain name prefixed with ! means do not masquerade this domain +# or its subdomains. Thus, +# +# masquerade_domains = !foo.example.com example.com +# +# does not change any.thing.foo.example.com and foo.example.com, +# but strips any.thing.else.example.com to example.com. # # By default, address masquerading is disabled. # diff --git a/postfix/conf/sample-smtp.cf b/postfix/conf/sample-smtp.cf index ad5a3a880..d0664cd0f 100644 --- a/postfix/conf/sample-smtp.cf +++ b/postfix/conf/sample-smtp.cf @@ -168,13 +168,14 @@ smtp_destination_recipient_limit = $default_destination_recipient_limit # # When no connection can be made within the deadline, the SMTP client # tries the next address on the mail exchanger list. Specify 0 to -# disable the timeout. +# disable the timeout (i.e. use whatever timeout is implemented by +# the operating system). # # Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). # The default time unit is s (seconds). # -#smtp_connect_timeout = 30s -smtp_connect_timeout = 0s +#smtp_connect_timeout = 0s +smtp_connect_timeout = 30s # The smtp_helo_timeout parameter specifies the SMTP client timeout # for receiving the SMTP greeting banner. diff --git a/postfix/html/basic.html b/postfix/html/basic.html index 8116e1f62..9081e79e3 100644 --- a/postfix/html/basic.html +++ b/postfix/html/basic.html @@ -94,6 +94,12 @@ domain of the machine name.

+For the sake of consistency between sender and recipient addresses, +myorigin also specifies the default domain name that is +appended to an unqualified recipient address. + +

+

Examples: diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index 34cd1f5b0..8f96b4cef 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -106,16 +106,17 @@ POSTALIAS(1) POSTALIAS(1) of database your Postfix installation can support. When no file_type is specified, the software uses - the database type specified via the database_type - configuration parameter. The default value for - this parameter depends on the host environment. + the database type specified via the + default_database_type configuration parameter. The + default value for this parameter depends on the + host environment. file_name - The name of the alias database source file when + The name of the alias database source file when rebuilding a database. DIAGNOSTICS - Problems are logged to the standard error stream. No out- + Problems are logged to the standard error stream. No out- put means no problems were detected. Duplicate entries are skipped and are flagged with a warning. @@ -131,20 +132,20 @@ POSTALIAS(1) POSTALIAS(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. See the Postfix main.cf file for syntax + The following main.cf parameters are especially relevant + to this program. See the Postfix main.cf file for syntax details and for default values. - database_type - Default alias database type. On many UNIX systems, + efault_Bdatabase_type + Default alias database type. On many UNIX systems, the default type is either dbm or hash. berkeley_db_create_buffer_size - Amount of buffer memory to be used when creating a + Amount of buffer memory to be used when creating a Berkeley DB hash or btree lookup table. berkeley_db_read_buffer_size - Amount of buffer memory to be used when reading a + Amount of buffer memory to be used when reading a Berkeley DB hash or btree lookup table. STANDARDS @@ -155,7 +156,7 @@ POSTALIAS(1) POSTALIAS(1) sendmail(1) mail posting and compatibility interface. LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index b72767b00..e589047c1 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -127,8 +127,8 @@ POSTMAP(1) POSTMAP(1) of database your Postfix installation can support. When no file_type is specified, the software uses - the database type specified via the database_type - configuration parameter. + the database type specified via the + default_database_type configuration parameter. file_name The name of the lookup table source file when @@ -151,7 +151,7 @@ POSTMAP(1) POSTMAP(1) Enable verbose logging for debugging purposes. CONFIGURATION PARAMETERS - database_type + default_database_type Default output database type. On many UNIX sys- tems, the default database type is either hash or dbm. diff --git a/postfix/html/rewrite.html b/postfix/html/rewrite.html index 0d87a8a5a..3d8b94ddd 100644 --- a/postfix/html/rewrite.html +++ b/postfix/html/rewrite.html @@ -233,20 +233,33 @@ comes from the gateway itself, instead of from individual machines.

Address masquerading is disabled by default. To enable, edit the -masquerade_domains parameter in the main.cf -file and specify one or more domain names separated by whitespace -or commas. For example: +masquerade_domains parameter in the main.cf file and +specify one or more domain names separated by whitespace or commas. +The list is processed left to right, and processing stops at the +first match. Thus, -

+
-
masquerade_domains = $mydomain +masquerade_domains = foo.example.com example.com -
+ + +strips any.thing.foo.example.com to foo.example.com, but strips +any.thing.else.example.com to example.com.

-In this example, addresses of the form user@host.$mydomain -would be rewritten to user@$mydomain. +A domain name prefixed with ! means do not masquerade this domain +or its subdomains. Thus, + +

+ +masquerade_domains = !foo.example.com example.com + +
+ +does not change any.thing.foo.example.com and foo.example.com, +but strips any.thing.else.example.com to example.com.

diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index 3ace513a4..8b0033dc6 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -42,9 +42,9 @@ SENDMAIL(1) SENDMAIL(1) program processes the file(s) specified with the alias_database configuration parameter. If no alias database type is specified, the program uses - the type specified with the database_type configu- - ration parameter. This mode of operation is imple- - mented by running the postalias(1) command. + the type specified with the default_database_type + configuration parameter. This mode of operation is + implemented by running the postalias(1) command. Note: it may take a minute or so before an alias database update becomes visible. Use the postfix @@ -244,7 +244,7 @@ SENDMAIL(1) SENDMAIL(1) The amount of original message context that is sent along with a non-delivery notification. - database_type + default_database_type Default alias etc. database type. On many UNIX sys- tems the default type is either dbm or hash. diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html index a3f3571b5..66b84f2c1 100644 --- a/postfix/html/virtual.8.html +++ b/postfix/html/virtual.8.html @@ -1,5 +1,4 @@ 

-
 VIRTUAL(8)                                             VIRTUAL(8)
 
 NAME
@@ -70,7 +69,7 @@ VIRTUAL(8)                                             VIRTUAL(8)
 
        The virtual_minimum_uid parameter imposes a lower bound on
        numerical user ID values that may be specified in any vir-
-       tual_owner_maps or virtual_uid_maps.
+       tual_uid_maps.
 
 SECURITY
        The virtual delivery agent is not security sensitive, pro-
@@ -123,6 +122,14 @@ VIRTUAL(8)                                             VIRTUAL(8)
               delivery  is  carried  out,  otherwise  the path is
               assumed to specify a UNIX-style mailbox file.
 
+              While searching a lookup table, an  address  exten-
+              sion (user+foo@domain.tld) is ignored.
+
+              In  a  lookup  table,  specify  a left-hand side of
+              @domain.tld to match  any  user  in  the  specified
+              domain    that    does    not   have   a   specific
+              user@domain.tld entry.
+
               Note that virtual_mailbox_base  is  unconditionally
               prepended to this path.
 
@@ -138,11 +145,27 @@ VIRTUAL(8)                                             VIRTUAL(8)
               the user ID to be used when writing to  the  target
               mailbox.
 
+              While  searching  a lookup table, an address exten-
+              sion (user+foo@domain.tld) is ignored.
+
+              In a lookup table,  specify  a  left-hand  side  of
+              @domain.tld  to  match  any  user  in the specified
+              domain   that   does   not    have    a    specific
+              user@domain.tld entry.
+
        virtual_gid_maps (regexp maps disallowed)
               Recipients are looked up in these maps to determine
               the group ID to be used when writing to the  target
               mailbox.
 
+              While  searching  a lookup table, an address exten-
+              sion (user+foo@domain.tld) is ignored.
+
+              In a lookup table,  specify  a  left-hand  side  of
+              @domain.tld  to  match  any  user  in the specified
+              domain   that   does   not    have    a    specific
+              user@domain.tld entry.
+
 Locking controls
        virtual_mailbox_lock
               How  to  lock  UNIX-style mailboxes: one or more of
@@ -223,6 +246,5 @@ VIRTUAL(8)                                             VIRTUAL(8)
        Level 3, 213 Miller St
        North Sydney 2060, NSW, Australia
 
-                                                                1
-
+                                                       VIRTUAL(8)
diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1 index f1d90c1d2..e7594fe49 100644 --- a/postfix/man/man1/postalias.1 +++ b/postfix/man/man1/postalias.1 @@ -96,7 +96,8 @@ Use the command \fBpostconf -m\fR to find out what types of database your Postfix installation can support. When no \fIfile_type\fR is specified, the software uses the database -type specified via the \fBdatabase_type\fR configuration parameter. +type specified via the \fBdefault_database_type\fR configuration +parameter. The default value for this parameter depends on the host environment. .RE .IP \fIfile_name\fR @@ -128,7 +129,7 @@ Enable verbose logging for debugging purposes. The following \fBmain.cf\fR parameters are especially relevant to this program. See the Postfix \fBmain.cf\fR file for syntax details and for default values. -.IP \fBdatabase_type\fR +.IP \fdefault_Bdatabase_type\fR Default alias database type. On many UNIX systems, the default type is either \fBdbm\fR or \fBhash\fR. .IP \fBberkeley_db_create_buffer_size\fR diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index e80dc00be..9c6400b19 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -117,7 +117,8 @@ Use the command \fBpostconf -m\fR to find out what types of database your Postfix installation can support. When no \fIfile_type\fR is specified, the software uses the database -type specified via the \fBdatabase_type\fR configuration parameter. +type specified via the \fBdefault_database_type\fR configuration +parameter. .RE .IP \fIfile_name\fR The name of the lookup table source file when rebuilding a database. @@ -145,7 +146,7 @@ Enable verbose logging for debugging purposes. .nf .ad .fi -.IP \fBdatabase_type\fR +.IP \fBdefault_database_type\fR Default output database type. On many UNIX systems, the default database type is either \fBhash\fR or \fBdbm\fR. diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index d493c8a4d..5ada1f489 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -42,7 +42,7 @@ Initialize the alias database. If no input file is specified (with the \fB-oA\fR option, see below), the program processes the file(s) specified with the \fBalias_database\fR configuration parameter. If no alias database type is specified, the program uses the type -specified with the \fBdatabase_type\fR configuration parameter. +specified with the \fBdefault_database_type\fR configuration parameter. This mode of operation is implemented by running the \fBpostalias\fR(1) command. .sp @@ -217,7 +217,7 @@ for this parameter is system-specific. .IP \fBbounce_size_limit\fR The amount of original message context that is sent along with a non-delivery notification. -.IP \fBdatabase_type\fR +.IP \fBdefault_database_type\fR Default alias etc. database type. On many UNIX systems the default type is either \fBdbm\fR or \fBhash\fR. .IP \fBdebugger_command\fR diff --git a/postfix/man/man8/virtual.8 b/postfix/man/man8/virtual.8 index b76c1a752..b8103cadc 100644 --- a/postfix/man/man8/virtual.8 +++ b/postfix/man/man8/virtual.8 @@ -82,7 +82,7 @@ a string with the numerical user and group ID, respectively. The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on numerical user ID values that may be specified in any -\fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR. +\fBvirtual_uid_maps\fR. .SH SECURITY .na .nf @@ -139,6 +139,13 @@ their mailbox or maildir. If the returned path ends in a slash ("/"), maildir-style delivery is carried out, otherwise the path is assumed to specify a UNIX-style mailbox file. +While searching a lookup table, an address extension +(\fIuser+foo@domain.tld\fR) is ignored. + +In a lookup table, specify a left-hand side of \fI@domain.tld\fR +to match any user in the specified domain that does not have a +specific \fIuser@domain.tld\fR entry. + Note that \fBvirtual_mailbox_base\fR is unconditionally prepended to this path. .IP \fBvirtual_minimum_uid\fR @@ -149,9 +156,23 @@ will be deferred. .IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)" Recipients are looked up in these maps to determine the user ID to be used when writing to the target mailbox. + +While searching a lookup table, an address extension +(\fIuser+foo@domain.tld\fR) is ignored. + +In a lookup table, specify a left-hand side of \fI@domain.tld\fR +to match any user in the specified domain that does not have a +specific \fIuser@domain.tld\fR entry. .IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)" Recipients are looked up in these maps to determine the group ID to be used when writing to the target mailbox. + +While searching a lookup table, an address extension +(\fIuser+foo@domain.tld\fR) is ignored. + +In a lookup table, specify a left-hand side of \fI@domain.tld\fR +to match any user in the specified domain that does not have a +specific \fIuser@domain.tld\fR entry. .SH "Locking controls" .ad .fi diff --git a/postfix/src/cleanup/Makefile.in b/postfix/src/cleanup/Makefile.in index dee564212..8872993dc 100644 --- a/postfix/src/cleanup/Makefile.in +++ b/postfix/src/cleanup/Makefile.in @@ -14,7 +14,7 @@ WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \ -Wunused DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) CFLAGS = $(DEBUG) $(OPT) $(DEFS) -TESTPROG= +TESTPROG= cleanup_masquerade PROG = cleanup INC_DIR = ../../include LIBS = ../../lib/libmaster.a ../../lib/libglobal.a ../../lib/libutil.a @@ -53,6 +53,26 @@ clean: tidy: clean +cleanup_masquerade: cleanup_masquerade.o + mv cleanup_masquerade.o junk + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS) + mv junk cleanup_masquerade.o + +tests: cleanup_masquerade_test + +cleanup_masquerade_test: cleanup_masquerade cleanup_masq.ref + rm -f cleanup_masq.tmp + ./cleanup_masquerade '' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp + ./cleanup_masquerade 'xxx' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp + ./cleanup_masquerade 'yyy' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp + ./cleanup_masquerade '' !a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp + ./cleanup_masquerade '' a.b.c,b.c xxx@a.b.c >>cleanup_masq.tmp + ./cleanup_masquerade '' !a.b.c,b.c xxx@a.b.c >>cleanup_masq.tmp + ./cleanup_masquerade '' a.b.c,b.c xxx@aaa.b.c >>cleanup_masq.tmp + ./cleanup_masquerade '' a.b.c,b.c xxx@b.c >>cleanup_masq.tmp + diff cleanup_masq.ref cleanup_masq.tmp + rm -f cleanup_masq.tmp + depend: $(MAKES) (sed '1,/^# do not edit/!d' Makefile.in; \ set -e; for i in [a-z][a-z0-9]*.c; do \ diff --git a/postfix/src/cleanup/cleanup_masq.ref b/postfix/src/cleanup/cleanup_masq.ref new file mode 100644 index 000000000..98dde745c --- /dev/null +++ b/postfix/src/cleanup/cleanup_masq.ref @@ -0,0 +1,40 @@ +---------- +exceptions: +masq_list: a.b.c,b.c +address: xxx@aa.a.b.c +result: xxx@a.b.c +---------- +exceptions: xxx +masq_list: a.b.c,b.c +address: xxx@aa.a.b.c +result: xxx@aa.a.b.c +---------- +exceptions: yyy +masq_list: a.b.c,b.c +address: xxx@aa.a.b.c +result: xxx@a.b.c +---------- +exceptions: +masq_list: !a.b.c,b.c +address: xxx@aa.a.b.c +result: xxx@aa.a.b.c +---------- +exceptions: +masq_list: a.b.c,b.c +address: xxx@a.b.c +result: xxx@a.b.c +---------- +exceptions: +masq_list: !a.b.c,b.c +address: xxx@a.b.c +result: xxx@a.b.c +---------- +exceptions: +masq_list: a.b.c,b.c +address: xxx@aaa.b.c +result: xxx@b.c +---------- +exceptions: +masq_list: a.b.c,b.c +address: xxx@b.c +result: xxx@b.c diff --git a/postfix/src/cleanup/cleanup_masquerade.c b/postfix/src/cleanup/cleanup_masquerade.c index b742e25ca..0220e4080 100644 --- a/postfix/src/cleanup/cleanup_masquerade.c +++ b/postfix/src/cleanup/cleanup_masquerade.c @@ -82,8 +82,10 @@ void cleanup_masquerade_external(VSTRING *addr, ARGV *masq_domains) char *domain; int domain_len; char **masqp; + char *masq; int masq_len; char *parent; + int truncate; /* Stuff for excluded names. */ static HTABLE *masq_except_table = 0; @@ -127,18 +129,24 @@ void cleanup_masquerade_external(VSTRING *addr, ARGV *masq_domains) * the domain in the address and terminate. If the domain matches a * masquerade domain, leave it alone. Order of specification matters. */ - for (masqp = masq_domains->argv; *masqp; masqp++) { - masq_len = strlen(*masqp); + for (masqp = masq_domains->argv; (masq = *masqp) != 0; masqp++) { + for (truncate = 1; *masq == '!'; masq++) + truncate = !truncate; + masq_len = strlen(masq); + if (masq_len == 0) + continue; if (masq_len == domain_len) { - if (strcasecmp(*masqp, domain) == 0) + if (strcasecmp(masq, domain) == 0) break; } else if (masq_len < domain_len) { parent = domain + domain_len - masq_len; - if (parent[-1] == '.' && strcasecmp(*masqp, parent) == 0) { - if (msg_verbose) - msg_info("masquerade: %s -> %s", domain, *masqp); - vstring_truncate(addr, domain - STR(addr)); - vstring_strcat(addr, *masqp); + if (parent[-1] == '.' && strcasecmp(masq, parent) == 0) { + if (truncate) { + if (msg_verbose) + msg_info("masquerade: %s -> %s", domain, masq); + vstring_truncate(addr, domain - STR(addr)); + vstring_strcat(addr, masq); + } break; } } @@ -171,3 +179,47 @@ void cleanup_masquerade_internal(VSTRING *addr, ARGV *masq_domains) vstring_free(temp); } + + /* + * Code for stand-alone testing. Instead of using main.cf, specify the strip + * list and the candidate domain on the command line. Specify null arguments + * for data that should be empty. + */ +#ifdef TEST + +#include + +char *var_masq_exceptions; + +int main(int argc, char **argv) +{ + VSTRING *addr; + ARGV *masq_domains; + + if (argc != 4) + msg_fatal("usage: %s exceptions masquerade_list address", argv[0]); + + var_masq_exceptions = argv[1]; + masq_domains = argv_split(argv[2], " ,\t\r\n"); + addr = vstring_alloc(1); + if (strchr(argv[3], '@') == 0) + msg_fatal("address must be in user@domain form"); + vstring_strcpy(addr, argv[3]); + + vstream_printf("----------\n"); + vstream_printf("exceptions: %s\n", argv[1]); + vstream_printf("masq_list: %s\n", argv[2]); + vstream_printf("address: %s\n", argv[3]); + + cleanup_masquerade_external(addr, masq_domains); + + vstream_printf("result: %s\n", STR(addr)); + vstream_fflush(VSTREAM_OUT); + + vstring_free(addr); + argv_free(masq_domains); + + return (0); +} + +#endif diff --git a/postfix/src/dns/dns_lookup.c b/postfix/src/dns/dns_lookup.c index f08923fc0..68a161417 100644 --- a/postfix/src/dns/dns_lookup.c +++ b/postfix/src/dns/dns_lookup.c @@ -132,6 +132,7 @@ typedef struct DNS_REPLY { } DNS_REPLY; #define INET_ADDR_LEN 4 /* XXX */ +#define INET6_ADDR_LEN 16 /* XXX */ /* dns_query - query name server and pre-parse the reply */ @@ -168,8 +169,8 @@ static int dns_query(const char *name, int type, int flags, len = res_search((char *) name, C_IN, type, reply->buf, sizeof(reply->buf)); if (len < 0) { if (why) - vstring_sprintf(why, "Name service error for %s: %s", - name, dns_strerror(h_errno)); + vstring_sprintf(why, "Name service error for name=%s type=%s: %s", + name, dns_strtype(type), dns_strerror(h_errno)); if (msg_verbose) msg_info("dns_query: %s (%s): %s", name, dns_strtype(type), dns_strerror(h_errno)); @@ -337,6 +338,19 @@ static DNS_RR *dns_get_rr(DNS_REPLY *reply, unsigned char *pos, memcpy(temp, pos, fixed->length); data_len = fixed->length; break; +#ifdef T_AAAA + case T_AAAA: + if (fixed->length != INET6_ADDR_LEN) { + msg_warn("extract_answer: bad address length: %d", fixed->length); + return (0); + } + if (fixed->length > sizeof(temp)) + msg_panic("dns_get_rr: length %d > DNS_NAME_LEN", + fixed->length); + memcpy(temp, pos, fixed->length); + data_len = fixed->length; + break; +#endif case T_TXT: data_len = MIN2(pos[0] + 1, MIN2(fixed->length + 1, sizeof(temp))); for (src = pos + 1, dst = (unsigned char *) (temp); diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index bd0134e92..536e31319 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -20,7 +20,7 @@ SRCS = been_here.c bounce.c canon_addr.c cleanup_strerror.c clnt_stream.c \ tok822_resolve.c tok822_rewrite.c tok822_tree.c xtext.c bounce_log.c \ flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \ verp_sender.c match_parent_style.c mime_state.c header_token.c \ - strip_addr.c + strip_addr.c virtual8_maps_find.c OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \ debug_peer.o debug_process.o defer.o deliver_completed.o \ deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \ @@ -42,7 +42,7 @@ OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \ tok822_resolve.o tok822_rewrite.o tok822_tree.o xtext.o bounce_log.o \ flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \ verp_sender.o match_parent_style.o mime_state.o header_token.o \ - strip_addr.o + strip_addr.o virtual8_maps_find.o HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \ config.h debug_peer.h debug_process.h defer.h deliver_completed.h \ deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \ @@ -60,7 +60,7 @@ HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \ sys_exits.h timed_ipc.h tok822.h xtext.h bounce_log.h flush_clnt.h \ mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \ match_parent_style.h quote_flags.h mime_state.h header_token.h \ - lex_822.h strip_addr.h + lex_822.h strip_addr.h virtual8.h TESTSRC = rec2stream.c stream2rec.c recdump.c WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ @@ -1154,6 +1154,18 @@ verp_sender.o: ../../include/vstring.h verp_sender.o: ../../include/vbuf.h verp_sender.o: mail_params.h verp_sender.o: verp_sender.h +virtual8_maps_find.o: virtual8_maps_find.c +virtual8_maps_find.o: ../../include/sys_defs.h +virtual8_maps_find.o: ../../include/msg.h +virtual8_maps_find.o: ../../include/mymalloc.h +virtual8_maps_find.o: maps.h +virtual8_maps_find.o: ../../include/dict.h +virtual8_maps_find.o: ../../include/vstream.h +virtual8_maps_find.o: ../../include/vbuf.h +virtual8_maps_find.o: ../../include/argv.h +virtual8_maps_find.o: mail_params.h +virtual8_maps_find.o: strip_addr.h +virtual8_maps_find.o: virtual8.h xtext.o: xtext.c xtext.o: ../../include/sys_defs.h xtext.o: ../../include/vstream.h diff --git a/postfix/src/global/lex_822.h b/postfix/src/global/lex_822.h index 32253faa5..f462b9825 100644 --- a/postfix/src/global/lex_822.h +++ b/postfix/src/global/lex_822.h @@ -1,5 +1,5 @@ -#ifndef _SPACE_822_H_INCLUDED_ -#define _SPACE_822_H_INCLUDED_ +#ifndef _LEX_822_H_INCLUDED_ +#define _LEX_822_H_INCLUDED_ /*++ /* NAME diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 9fd905ac6..3c2347061 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -671,7 +671,7 @@ extern int var_hash_queue_depth; extern char *var_bestmx_transp; #define VAR_SMTP_CONN_TMOUT "smtp_connect_timeout" -#define DEF_SMTP_CONN_TMOUT "0s" +#define DEF_SMTP_CONN_TMOUT "30s" extern int var_smtp_conn_tmout; #define VAR_SMTP_HELO_TMOUT "smtp_helo_timeout" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index c3a43af0c..e9bdf9882 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20020613" +#define MAIL_RELEASE_DATE "20020717" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION "1.1.11-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/resolve_clnt.c b/postfix/src/global/resolve_clnt.c index 7f1ccbbca..c8e6ccca9 100644 --- a/postfix/src/global/resolve_clnt.c +++ b/postfix/src/global/resolve_clnt.c @@ -264,7 +264,9 @@ int main(int argc, char **argv) while (vstring_fgets_nonl(buffer, VSTREAM_IN)) { resolve(STR(buffer), &reply); } + vstring_free(buffer); } + resolve_clnt_free(&reply); } #endif diff --git a/postfix/src/global/resolve_local.c b/postfix/src/global/resolve_local.c index 22f2234d9..0f2d318b2 100644 --- a/postfix/src/global/resolve_local.c +++ b/postfix/src/global/resolve_local.c @@ -88,13 +88,19 @@ int resolve_local(const char *addr) resolve_local_init(); /* - * Strip one trailing dot. + * Strip one trailing dot but not dot-dot. + * + * XXX This should not be distributed all over the code. Problem is, + * addresses can enter the system via multiple paths: networks, local + * forward/alias/include files, even as the result of address rewriting. */ len = strlen(saved_addr); if (len == 0) RETURN(0); if (saved_addr[len - 1] == '.') saved_addr[--len] = 0; + if (len == 0 || saved_addr[len - 1] == '.') + RETURN(0); /* * Compare the destination against the list of destinations that we diff --git a/postfix/src/global/virtual8.h b/postfix/src/global/virtual8.h new file mode 100644 index 000000000..81ccb7aa3 --- /dev/null +++ b/postfix/src/global/virtual8.h @@ -0,0 +1,35 @@ +#ifndef _VIRTUAL8_H_INCLUDED_ +#define _VIRTUAL8_H_INCLUDED_ + +/*++ +/* NAME +/* virtual8 3h +/* SUMMARY +/* virtual delivery agent compatibility +/* SYNOPSIS +/* #include +/* DESCRIPTION +/* .nf + + /* + * Global library. + */ +#include + + /* + * External interface. + */ +extern const char *virtual8_maps_find(MAPS *, const char *); + +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +#endif diff --git a/postfix/src/global/virtual8_maps_find.c b/postfix/src/global/virtual8_maps_find.c new file mode 100644 index 000000000..9df97b5e5 --- /dev/null +++ b/postfix/src/global/virtual8_maps_find.c @@ -0,0 +1,94 @@ +/*++ +/* NAME +/* virtual8_maps_find 3 +/* SUMMARY +/* virtual delivery agent map lookups +/* SYNOPSIS +/* #include +/* +/* const char *virtual8_maps_find(maps, recipient) +/* MAPS *maps; +/* const char *recipient; +/* DESCRIPTION +/* virtual8_maps_find() does user lookups for the virtual delivery +/* agent. The code is made available as a library routine so that +/* other programs can perform compatible queries. +/* +/* A zero result means that the named user was not found. +/* +/* Arguments: +/* .IP maps +/* List of pre-opened lookup tables. +/* .IP recipient +/* Recipient address. An optional address extension is ignored. +/* DIAGNOSTICS +/* The dict_errno variable is non-zero in case of problems. +/* BUGS +/* This code is a temporary solution that implements a hard-coded +/* lookup strategy. In a future version of Postfix, the lookup +/* strategy should become configurable. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include +#include + +/* Utility library. */ + +#include +#include + +/* Global library. */ + +#include +#include +#include +#include + +/* Application-specific. */ + +/* virtual8_maps_find - lookup for virtual delivery agent */ + +const char *virtual8_maps_find(MAPS *maps, const char *recipient) +{ + const char *ratsign; + const char *result; + char *bare; + + /* + * Look up the address minus the optional extension. This is done first, + * to avoid hammering the database with extended address lookups, and to + * have straightforward semantics (extensions are always ignored). + */ + if (*var_rcpt_delim + && (bare = strip_addr(recipient, (char **) 0, *var_rcpt_delim)) != 0) { + result = maps_find(maps, bare, DICT_FLAG_FIXED); + myfree(bare); + if (result != 0 || dict_errno != 0) + return (result); + } + + /* + * Look up the full address. + */ + result = maps_find(maps, recipient, DICT_FLAG_FIXED); + if (result != 0 || dict_errno != 0) + return (result); + + /* + * Look up the @domain catch-all. + */ + if ((ratsign = strrchr(recipient, '@')) == 0) + return (0); + return (maps_find(maps, ratsign, DICT_FLAG_FIXED)); +} diff --git a/postfix/src/master/Makefile.in b/postfix/src/master/Makefile.in index 811d264e3..13026b82c 100644 --- a/postfix/src/master/Makefile.in +++ b/postfix/src/master/Makefile.in @@ -174,6 +174,8 @@ master_sig.o: ../../include/sys_defs.h master_sig.o: ../../include/msg.h master_sig.o: ../../include/posix_signals.h master_sig.o: master.h +master_sig.o: ../../include/iostuff.h +master_sig.o: ../../include/events.h master_spawn.o: master_spawn.c master_spawn.o: ../../include/sys_defs.h master_spawn.o: ../../include/msg.h diff --git a/postfix/src/master/master_sig.c b/postfix/src/master/master_sig.c index 509a4a54d..4475e43b1 100644 --- a/postfix/src/master/master_sig.c +++ b/postfix/src/master/master_sig.c @@ -54,12 +54,17 @@ #include #endif +#ifndef USE_SIG_RETURN +#define USE_SIG_PIPE +#endif + /* Local stuff. */ #ifdef USE_SIG_PIPE #include #include #include +#include int master_sig_pipe[2]; @@ -114,7 +119,7 @@ static void master_sigchld(int sig, int code, struct sigcontext * scp) /* master_sigchld - force wakeup from select() */ -static void master_sigchld(int sig) +static void master_sigchld(int unused_sig) { if (write(SIG_PIPE_WRITE_FD, "", 1) != 1) msg_warn("write to SIG_PIPE_WRITE_FD failed: %m"); diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index fdde2aafb..ab377d55d 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -90,7 +90,8 @@ /* your Postfix installation can support. /* /* When no \fIfile_type\fR is specified, the software uses the database -/* type specified via the \fBdatabase_type\fR configuration parameter. +/* type specified via the \fBdefault_database_type\fR configuration +/* parameter. /* The default value for this parameter depends on the host environment. /* .RE /* .IP \fIfile_name\fR @@ -116,7 +117,7 @@ /* The following \fBmain.cf\fR parameters are especially relevant to /* this program. See the Postfix \fBmain.cf\fR file for syntax details /* and for default values. -/* .IP \fBdatabase_type\fR +/* .IP \fdefault_Bdatabase_type\fR /* Default alias database type. On many UNIX systems, the default type /* is either \fBdbm\fR or \fBhash\fR. /* .IP \fBberkeley_db_create_buffer_size\fR diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index 42df67e3d..0d7ad8400 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -111,7 +111,8 @@ /* your Postfix installation can support. /* /* When no \fIfile_type\fR is specified, the software uses the database -/* type specified via the \fBdatabase_type\fR configuration parameter. +/* type specified via the \fBdefault_database_type\fR configuration +/* parameter. /* .RE /* .IP \fIfile_name\fR /* The name of the lookup table source file when rebuilding a database. @@ -133,7 +134,7 @@ /* CONFIGURATION PARAMETERS /* .ad /* .fi -/* .IP \fBdatabase_type\fR +/* .IP \fBdefault_database_type\fR /* Default output database type. /* On many UNIX systems, the default database type is either \fBhash\fR /* or \fBdbm\fR. diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index 138f38be1..899e45cba 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -36,7 +36,7 @@ /* the \fB-oA\fR option, see below), the program processes the file(s) /* specified with the \fBalias_database\fR configuration parameter. /* If no alias database type is specified, the program uses the type -/* specified with the \fBdatabase_type\fR configuration parameter. +/* specified with the \fBdefault_database_type\fR configuration parameter. /* This mode of operation is implemented by running the \fBpostalias\fR(1) /* command. /* .sp @@ -201,7 +201,7 @@ /* .IP \fBbounce_size_limit\fR /* The amount of original message context that is sent along /* with a non-delivery notification. -/* .IP \fBdatabase_type\fR +/* .IP \fBdefault_database_type\fR /* Default alias etc. database type. On many UNIX systems the /* default type is either \fBdbm\fR or \fBhash\fR. /* .IP \fBdebugger_command\fR diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index cf704592b..27ed4fb76 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -291,6 +291,7 @@ #include #include #include +#include /* Application-specific. */ @@ -721,6 +722,20 @@ static const char *check_maps_find(SMTPD_STATE *state, const char *reply_name, return (result); } +/* checkv8_maps_find - reject with temporary failure if dict lookup fails */ + +static const char *checkv8_maps_find(SMTPD_STATE *state, const char *reply_name, + MAPS *maps, const char *key) +{ + const char *result; + + dict_errno = 0; + if ((result = virtual8_maps_find(maps, key)) == 0 + && dict_errno == DICT_ERR_RETRY) + reject_dict_retry(state, reply_name); + return (result); +} + /* check_mail_addr_find - reject with temporary failure if dict lookup fails */ static const char *check_mail_addr_find(SMTPD_STATE *state, @@ -744,8 +759,17 @@ static int resolve_final(SMTPD_STATE *state, const char *reply_name, { /* If matches $mydestination or $inet_interfaces. */ - if (resolve_local(domain)) + if (resolve_local(domain)) { + if (*var_virtual_maps + && check_maps_find(state, reply_name, virtual_maps, domain, 0)) + msg_warn("list domain %s in only one of $%s and $%s", + domain, VAR_MYDEST, VAR_VIRTUAL_MAPS); + if (*var_virt_mailbox_maps + && checkv8_maps_find(state, reply_name, virt_mailbox_maps, domain)) + msg_warn("list domain %s in only one of $%s and $%s", + domain, VAR_MYDEST, VAR_VIRT_MAILBOX_MAPS); return (1); + } /* If Postfix-style virtual domain. */ if (*var_virtual_maps @@ -754,7 +778,7 @@ static int resolve_final(SMTPD_STATE *state, const char *reply_name, /* If virtual mailbox domain. */ if (*var_virt_mailbox_maps - && check_maps_find(state, reply_name, virt_mailbox_maps, domain, 0)) + && checkv8_maps_find(state, reply_name, virt_mailbox_maps, domain)) return (1); return (0); @@ -801,6 +825,10 @@ static char *dup_if_truncate(char *name) /* * Truncate hostnames ending in dot but not dot-dot. + * + * XXX This should not be distributed all over the code. Problem is, + * addresses can enter the system via multiple paths: networks, local + * forward/alias/include files, even as the result of address rewriting. */ if ((len = strlen(name)) > 1 && name[len - 1] == '.' @@ -920,7 +948,7 @@ static int reject_non_fqdn_hostname(SMTPD_STATE *state, char *name, return (stat); } -/* reject_unknown_hostname - fail if name has no A or MX record */ +/* reject_unknown_hostname - fail if name has no A, AAAA or MX record */ static int reject_unknown_hostname(SMTPD_STATE *state, char *name, char *reply_name, char *reply_class) @@ -931,8 +959,14 @@ static int reject_unknown_hostname(SMTPD_STATE *state, char *name, if (msg_verbose) msg_info("%s: %s", myname, name); +#ifdef T_AAAA +#define RR_ADDR_TYPES T_A, T_AAAA +#else +#define RR_ADDR_TYPES T_A +#endif + dns_status = dns_lookup_types(name, 0, (DNS_RR **) 0, (VSTRING *) 0, - (VSTRING *) 0, T_A, T_MX, 0); + (VSTRING *) 0, RR_ADDR_TYPES, T_MX, 0); if (dns_status != DNS_OK) return (smtpd_check_reject(state, MAIL_ERROR_POLICY, "%d <%s>: %s rejected: Host not found", @@ -942,7 +976,7 @@ static int reject_unknown_hostname(SMTPD_STATE *state, char *name, return (SMTPD_CHECK_DUNNO); } -/* reject_unknown_mailhost - fail if name has no A or MX record */ +/* reject_unknown_mailhost - fail if name has no A, AAAA or MX record */ static int reject_unknown_mailhost(SMTPD_STATE *state, const char *name, const char *reply_name, const char *reply_class) @@ -954,7 +988,7 @@ static int reject_unknown_mailhost(SMTPD_STATE *state, const char *name, msg_info("%s: %s", myname, name); dns_status = dns_lookup_types(name, 0, (DNS_RR **) 0, (VSTRING *) 0, - (VSTRING *) 0, T_A, T_MX, 0); + (VSTRING *) 0, RR_ADDR_TYPES, T_MX, 0); if (dns_status != DNS_OK) return (smtpd_check_reject(state, MAIL_ERROR_POLICY, "%d <%s>: %s rejected: Domain not found", @@ -2462,6 +2496,9 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient) #define NOMATCH(map, rcpt) \ (check_mail_addr_find(state, recipient, map, rcpt, (char **) 0) == 0) +#define NOMATCHV8(map, rcpt) \ + (checkv8_maps_find(state, recipient, map, rcpt) == 0) + /* * Reject mail to unknown addresses in Postfix-style virtual domains. */ @@ -2470,7 +2507,7 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient) if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient)) && NOMATCH(canonical_maps, CONST_STR(reply->recipient)) && NOMATCH(relocated_maps, CONST_STR(reply->recipient)) - && NOMATCH(virt_mailbox_maps, CONST_STR(reply->recipient)) + && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient)) && NOMATCH(virtual_maps, CONST_STR(reply->recipient))) { (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE, "%d <%s>: User unknown", 550, recipient); @@ -2486,7 +2523,7 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient) if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient)) && NOMATCH(canonical_maps, CONST_STR(reply->recipient)) && NOMATCH(relocated_maps, CONST_STR(reply->recipient)) - && NOMATCH(virt_mailbox_maps, CONST_STR(reply->recipient)) + && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient)) && NOMATCH(virtual_maps, CONST_STR(reply->recipient))) { (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE, "%d <%s>: User unknown", 550, recipient); @@ -2503,7 +2540,7 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient) if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient)) && NOMATCH(canonical_maps, CONST_STR(reply->recipient)) && NOMATCH(relocated_maps, CONST_STR(reply->recipient)) - && NOMATCH(virt_mailbox_maps, CONST_STR(reply->recipient)) + && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient)) && NOMATCH(virtual_maps, CONST_STR(reply->recipient)) && NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) { (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE, diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index 88b79c971..b53d56563 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -124,9 +124,18 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, while (tree->head) { /* - * Strip trailing dot or @. + * Strip trailing dot at end of domain, but not dot-dot. This merely + * makes diagnostics more accurate by leaving bogus addresses alone. */ - if (tree->tail->type == '.' || tree->tail->type == '@') { + if (tree->tail->type == '.' + && tok822_rfind_type(tree->tail, '@') != 0 + && tree->tail->prev->type != '.') + tok822_free_tree(tok822_sub_keep_before(tree, tree->tail)); + + /* + * Strip trailing @. + */ + if (tree->tail->type == '@') { tok822_free_tree(tok822_sub_keep_before(tree, tree->tail)); continue; } @@ -193,7 +202,7 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop, if (saved_domain) { tok822_sub_append(tree, saved_domain); saved_domain = 0; - } else if (tree->head) { + } else { /* Aargh! Always! */ tok822_sub_append(tree, tok822_alloc('@', (char *) 0)); tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0)); } diff --git a/postfix/src/trivial-rewrite/rewrite.c b/postfix/src/trivial-rewrite/rewrite.c index 9ff6a12f0..d34a46482 100644 --- a/postfix/src/trivial-rewrite/rewrite.c +++ b/postfix/src/trivial-rewrite/rewrite.c @@ -169,9 +169,12 @@ void rewrite_tree(char *unused_ruleset, TOK822 *tree) } /* - * Strip trailing dot. + * Strip trailing dot at end of domain, but not dot-dot. This merely + * makes diagnostics more accurate by leaving bogus addresses alone. */ - if (tree->tail->type == '.') + if (tree->tail->type == '.' + && tok822_rfind_type(tree->tail, '@') != 0 + && tree->tail->prev->type != '.') tok822_free_tree(tok822_sub_keep_before(tree, tree->tail)); } diff --git a/postfix/src/util/sane_accept.c b/postfix/src/util/sane_accept.c index 9ae9f6e3f..d9ad683f2 100644 --- a/postfix/src/util/sane_accept.c +++ b/postfix/src/util/sane_accept.c @@ -90,7 +90,9 @@ int sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len) } for (count = 0; (err = accept_warn_errors[count]) != 0; count++) { if (errno == err) { +#if 0 msg_warn("accept: %m"); +#endif errno = EAGAIN; break; } diff --git a/postfix/src/virtual/Makefile.in b/postfix/src/virtual/Makefile.in index 415e21d87..1bec47276 100644 --- a/postfix/src/virtual/Makefile.in +++ b/postfix/src/virtual/Makefile.in @@ -85,12 +85,13 @@ mailbox.o: ../../include/defer.h mailbox.o: ../../include/bounce.h mailbox.o: ../../include/sent.h mailbox.o: ../../include/mail_params.h -mailbox.o: virtual.h -mailbox.o: ../../include/deliver_request.h -mailbox.o: ../../include/recipient_list.h +mailbox.o: ../../include/virtual8.h mailbox.o: ../../include/maps.h mailbox.o: ../../include/dict.h mailbox.o: ../../include/argv.h +mailbox.o: virtual.h +mailbox.o: ../../include/deliver_request.h +mailbox.o: ../../include/recipient_list.h mailbox.o: ../../include/mbox_conf.h maildir.o: maildir.c maildir.o: ../../include/sys_defs.h diff --git a/postfix/src/virtual/mailbox.c b/postfix/src/virtual/mailbox.c index 21782404b..d9e9491d8 100644 --- a/postfix/src/virtual/mailbox.c +++ b/postfix/src/virtual/mailbox.c @@ -60,6 +60,7 @@ #include #include #include +#include #ifndef EDQUOT #define EDQUOT EFBIG @@ -172,8 +173,7 @@ int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) * Look up the mailbox location. Bounce if not found, defer in case of * trouble. */ - mailbox_res = maps_find(virtual_mailbox_maps, state.msg_attr.user, - DICT_FLAG_FIXED); + mailbox_res = virtual8_maps_find(virtual_mailbox_maps, state.msg_attr.user); if (mailbox_res == 0) { if (dict_errno == 0) return (NO); @@ -191,8 +191,8 @@ int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) /* * Look up the mailbox owner rights. Defer in case of trouble. */ - if ((uid_res = maps_find(virtual_uid_maps, state.msg_attr.user, - DICT_FLAG_FIXED)) == 0) { + uid_res = virtual8_maps_find(virtual_uid_maps, state.msg_attr.user); + if (uid_res == 0) { *statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr), "recipient %s: uid not found in %s", state.msg_attr.user, virtual_uid_maps->title); @@ -209,8 +209,8 @@ int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) /* * Look up the mailbox group rights. Defer in case of trouble. */ - if ((gid_res = maps_find(virtual_gid_maps, state.msg_attr.user, - DICT_FLAG_FIXED)) == 0) { + gid_res = virtual8_maps_find(virtual_gid_maps, state.msg_attr.user); + if (gid_res == 0) { *statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr), "recipient %s: gid not found in %s", state.msg_attr.user, virtual_gid_maps->title); @@ -230,7 +230,7 @@ int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp) (unsigned) usr_attr.uid, (unsigned) usr_attr.gid); /* - * Deliver to mailbox or to external command. + * Deliver to mailbox or to maildir. */ #define LAST_CHAR(s) (s[strlen(s) - 1]) diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index 7968dcc28..9635f7efb 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -68,7 +68,7 @@ /* /* The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on /* numerical user ID values that may be specified in any -/* \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR. +/* \fBvirtual_uid_maps\fR. /* SECURITY /* .ad /* .fi @@ -115,6 +115,13 @@ /* ("/"), maildir-style delivery is carried out, otherwise the /* path is assumed to specify a UNIX-style mailbox file. /* +/* While searching a lookup table, an address extension +/* (\fIuser+foo@domain.tld\fR) is ignored. +/* +/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR +/* to match any user in the specified domain that does not have a +/* specific \fIuser@domain.tld\fR entry. +/* /* Note that \fBvirtual_mailbox_base\fR is unconditionally prepended /* to this path. /* .IP \fBvirtual_minimum_uid\fR @@ -125,9 +132,23 @@ /* .IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)" /* Recipients are looked up in these maps to determine the user ID to be /* used when writing to the target mailbox. +/* +/* While searching a lookup table, an address extension +/* (\fIuser+foo@domain.tld\fR) is ignored. +/* +/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR +/* to match any user in the specified domain that does not have a +/* specific \fIuser@domain.tld\fR entry. /* .IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)" /* Recipients are looked up in these maps to determine the group ID to be /* used when writing to the target mailbox. +/* +/* While searching a lookup table, an address extension +/* (\fIuser+foo@domain.tld\fR) is ignored. +/* +/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR +/* to match any user in the specified domain that does not have a +/* specific \fIuser@domain.tld\fR entry. /* .SH "Locking controls" /* .ad /* .fi