mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 18:07:41 +00:00
Code Issues Releases Wiki Activity

postfix-2.9-20110615

Browse Source
This commit is contained in:
Wietse Venema 2011-06-15 00:00:00 -05:00 committed by Viktor Dukhovni
parent a4af8bc9fd
commit 199bdc18e1
18 changed files with 124 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
postfix/HISTORY
View File

@ -16828,3 +16828,16 @@ Apologies for any names omitted.
Cleanup: removed the PSC_STATE_FLAG_CACHE_EXPIRED flag. Cleanup: removed the PSC_STATE_FLAG_CACHE_EXPIRED flag.
Nothing uses this anymore. Files: postscreen/postscreen.h, Nothing uses this anymore. Files: postscreen/postscreen.h,
postscreen/postscreen_state.c, postscreen/postscreen_tests.c. postscreen/postscreen_state.c, postscreen/postscreen_tests.c.
20110614
Linux kernel version 3 support. Linus Torvalds has reset
the counters for reasons not related to changes in code.
Files: makedefs, util/sys_defs.h.
20110615
Workaround: some Spamhaus RHSBL rejects lookups with "No
IP queries" even if the name has an alphanumerical prefix.
We play safe, and skip both RHSBL and RHSWL queries for
names ending in a numerical suffix. File: smtpd/smtpd_check.c.

2
postfix/README_FILES/MULTI_INSTANCE_README
View File

@ -327,7 +327,7 @@ This uses the postmulti(1) command to invoke postconf(1) in the context
(MAIL_CONFIG=/etc/postfix-out) of the output instance. (MAIL_CONFIG=/etc/postfix-out) of the output instance.
* Lines 1-2: With "authorized_submit_users = root", the superuser can test * Lines 1-2: With "authorized_submit_users = root", the superuser can test
the postix-out instance with "postmulti -i postfix-out -x sendmail -bv the postfix-out instance with "postmulti -i postfix-out -x sendmail -bv
recipient...", but otherwise local submission remains disabled. recipient...", but otherwise local submission remains disabled.
* Lines 1-2: With "master_service_disable =", the "inet" listeners are re- * Lines 1-2: With "master_service_disable =", the "inet" listeners are re-

24
postfix/WISHLIST
View File

@ -17,6 +17,29 @@ Wish list:
reload" support for master(8) features that currently don't reload" support for master(8) features that currently don't
support this. support this.
Sub-second time resolution. The first benefit is to make
per-destination rate delays more usable. Other applications
will come up once the support exists. The straightforward
approach is to represent all time intervals in milliseconds,
and to update all code that makes system calls with a time
argument (as well as the compiled-in upper and lower time
parameter bounds, which are currently in seconds).
Unfortunately, that limits he maximum time interval to less
than 25 days on 32-bit systems, and is likely to break
compatibility (for starters, it cannot even deal with the
compiled-in 100d upper bound on the queue file lifetime).
A second option is to have a "compatibility" time base
switch between milliseconds and seconds; this means extra
changes to all code that makes system calls with a time
argument, and the way that the compiled-in upper and lower
bounds are specified. Some of this can be encapsulated in
macros like time_to_sec(t), time_to_msec(t) and sec_to_time(t).
Finally, it is relatively easy to replace the events(3)
interface to use "double" for the time delay arguments, but
it is a major pain to convert all main.cf time parameters
into doubles (converting only some leads to a documentation
nightmare).
postscreen: wait for DNS completion after early HANGUP postscreen: wait for DNS completion after early HANGUP
and log DNSBL. and log DNSBL.
@ -34,7 +57,6 @@ Wish list:
whitelisting database before the primary MX connection is whitelisting database before the primary MX connection is
closed, because a client may still make a mistake. closed, because a client may still make a mistake.
Don't forget Apple's code donation for fetching mail from Don't forget Apple's code donation for fetching mail from
IMAP server. IMAP server.

2
postfix/html/MULTI_INSTANCE_README.html
View File

@ -420,7 +420,7 @@ context (MAIL_CONFIG=/etc/postfix-out) of the output instance. </p>
<ul> <ul>
<li> <p> Lines 1-2: With "<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = root", the <li> <p> Lines 1-2: With "<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = root", the
superuser can test the postix-out instance with "postmulti -i superuser can test the postfix-out instance with "postmulti -i
postfix-out -x sendmail -bv recipient...", but otherwise local postfix-out -x sendmail -bv recipient...", but otherwise local
submission remains disabled. </p> submission remains disabled. </p>

4
postfix/html/TLS_README.html
View File

@ -865,9 +865,9 @@ cipher from a list supplied by the server. </p>
<p> By default, the OpenSSL server selects the client's most preferred <p> By default, the OpenSSL server selects the client's most preferred
cipher that the server supports. With SSLv3 and later, the server cipher that the server supports. With SSLv3 and later, the server
may choose its own most preferred cipher that is supported (offered) may choose its own most preferred cipher that is supported (offered)
by the client. Setting "<a href="postconf.5.html#tls_preempts_cipherlist">tls_preempt_cipherlist</a> = yes" enables server by the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server
cipher preferences. The default OpenSSL behaviour applies with cipher preferences. The default OpenSSL behaviour applies with
"<a href="postconf.5.html#tls_preempts_cipherlist">tls_preempt_cipherlist</a> = no". </p> "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = no". </p>
<p> While server cipher selection may in some cases lead to a more secure <p> While server cipher selection may in some cases lead to a more secure
or performant cipher choice, there is some risk of interoperability or performant cipher choice, there is some risk of interoperability

2
postfix/html/postconf.5.html
View File

@ -15404,7 +15404,7 @@ instead of the client's cipher preference order. </p>
<p> By default, the OpenSSL server selects the client's most preferred <p> By default, the OpenSSL server selects the client's most preferred
cipher that the server supports. With SSLv3 and later, the server may cipher that the server supports. With SSLv3 and later, the server may
choose its own most preferred cipher that is supported (offered) by choose its own most preferred cipher that is supported (offered) by
the client. Setting "<a href="postconf.5.html#tls_preempts_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher
preferences. </p> preferences. </p>
<p> While server cipher selection may in some cases lead to a more secure <p> While server cipher selection may in some cases lead to a more secure

6
postfix/html/smtpd.8.html
View File

@ -158,7 +158,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b> <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time
limit, from a time limit per read or write system limit, from a time limit per read or write system
call, to a time limit to send or receive a complete call, to a time limit to read or write a complete
record (an SMTP command line, SMTP response line, record (an SMTP command line, SMTP response line,
SMTP message content line, or TLS protocol mes- SMTP message content line, or TLS protocol mes-
sage). sage).
@ -568,7 +568,7 @@ SMTPD(8) SMTPD(8)
Available in Postfix version 2.8 and later: Available in Postfix version 2.8 and later:
<b><a href="postconf.5.html#tls_preempts_cipherlist">tls_preempt_cipherlist</a> (no)</b> <b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
With SSLv3 and later, use the server's cipher pref- With SSLv3 and later, use the server's cipher pref-
erence order instead of the client's cipher prefer- erence order instead of the client's cipher prefer-
ence order. ence order.
@ -857,7 +857,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b> <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time
limit, from a time limit per read or write system limit, from a time limit per read or write system
call, to a time limit to send or receive a complete call, to a time limit to read or write a complete
record (an SMTP command line, SMTP response line, record (an SMTP command line, SMTP response line,
SMTP message content line, or TLS protocol mes- SMTP message content line, or TLS protocol mes-
sage). sage).

27
postfix/makedefs
View File

@ -340,6 +340,33 @@ EOF
fi;; fi;;
esac esac
;; ;;
Linux.3*) SYSTYPE=LINUX3
if [ -f /usr/include/db.h ]
then
: we are all set
elif [ -f /usr/include/db/db.h ]
then
CCARGS="$CCARGS -I/usr/include/db"
else
# On a properly installed system, Postfix builds
# by including <db.h> and by linking with -ldb
echo "No <db.h> include file found." 1>&2
echo "Install the appropriate db*-devel package first." 1>&2
echo "See the RELEASE_NOTES file for more information." 1>&2
exit 1
fi
SYSLIBS="-ldb"
for name in nsl resolv
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
do
test -e $lib/lib$name.a -o -e $lib/lib$name.so && {
SYSLIBS="$SYSLIBS -l$name"
break
}
done
done
;;
GNU.0*|GNU/kFreeBSD.[567]*) GNU.0*|GNU/kFreeBSD.[567]*)
SYSTYPE=GNU0 SYSTYPE=GNU0
# Postfix no longer needs DB 1.85 compatibility # Postfix no longer needs DB 1.85 compatibility

2
postfix/mantools/postlink
View File

@ -683,7 +683,7 @@ while (<>) {
s;\btls_null_cipherlist\b;<a href="postconf.5.html#tls_null_cipherlist">$&</a>;g; s;\btls_null_cipherlist\b;<a href="postconf.5.html#tls_null_cipherlist">$&</a>;g;
s;\btls_eecdh_strong_curve\b;<a href="postconf.5.html#tls_eecdh_strong_curve">$&</a>;g; s;\btls_eecdh_strong_curve\b;<a href="postconf.5.html#tls_eecdh_strong_curve">$&</a>;g;
s;\btls_eecdh_ultra_curve\b;<a href="postconf.5.html#tls_eecdh_ultra_curve">$&</a>;g; s;\btls_eecdh_ultra_curve\b;<a href="postconf.5.html#tls_eecdh_ultra_curve">$&</a>;g;
s;\btls_preempt_cipherlist\b;<a href="postconf.5.html#tls_preempts_cipherlist">$&</a>;g; s;\btls_preempt_cipherlist\b;<a href="postconf.5.html#tls_preempt_cipherlist">$&</a>;g;
s;\btls_disable_workarounds\b;<a href="postconf.5.html#tls_disable_workarounds">$&</a>;g; s;\btls_disable_workarounds\b;<a href="postconf.5.html#tls_disable_workarounds">$&</a>;g;
s;\btls_append_default_CA\b;<a href="postconf.5.html#tls_append_default_CA">$&</a>;g; s;\btls_append_default_CA\b;<a href="postconf.5.html#tls_append_default_CA">$&</a>;g;

2
postfix/proto/MULTI_INSTANCE_README.html
View File

@ -420,7 +420,7 @@ context (MAIL_CONFIG=/etc/postfix-out) of the output instance. </p>
<ul> <ul>
<li> <p> Lines 1-2: With "authorized_submit_users = root", the <li> <p> Lines 1-2: With "authorized_submit_users = root", the
superuser can test the postix-out instance with "postmulti -i superuser can test the postfix-out instance with "postmulti -i
postfix-out -x sendmail -bv recipient...", but otherwise local postfix-out -x sendmail -bv recipient...", but otherwise local
submission remains disabled. </p> submission remains disabled. </p>

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20110605" #define MAIL_RELEASE_DATE "20110615"
#define MAIL_VERSION_NUMBER "2.9" #define MAIL_VERSION_NUMBER "2.9"
#ifdef SNAPSHOT #ifdef SNAPSHOT

2
postfix/src/smtpd/Makefile.in
View File

@ -38,7 +38,7 @@ update: ../../libexec/$(PROG)
cp $(PROG) ../../libexec cp $(PROG) ../../libexec
SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o smtpd_xforward.o smtpd_dsn_fix.o \ SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o smtpd_xforward.o smtpd_dsn_fix.o \
smtpd_resolve.o smtpd_resolve.o smtpd_expand.o
smtpd_token: smtpd_token.c $(LIBS) smtpd_token: smtpd_token.c $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)

16
postfix/src/smtpd/smtpd_check.c
View File

@ -3192,6 +3192,7 @@ static const SMTPD_RBL_STATE *find_dnsxl_domain(SMTPD_STATE *state,
const char *domain; const char *domain;
const char *reply_addr; const char *reply_addr;
const char *byte_codes; const char *byte_codes;
const char *suffix;
/* /*
* Extract the domain, tack on the RBL domain name and query the DNS for * Extract the domain, tack on the RBL domain name and query the DNS for
@ -3203,7 +3204,16 @@ static const SMTPD_RBL_STATE *find_dnsxl_domain(SMTPD_STATE *state,
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
} else } else
domain = what; domain = what;
if (domain[0] == 0)
/*
* XXX Some Spamhaus RHSBL rejects lookups with "No IP queries" even if
* the name has an alphanumerical prefix. We play safe, and skip both
* RHSBL and RHSWL queries for names ending in a numerical suffix.
*/
if (domain[0] == 0 || valid_hostname(domain, DONT_GRIPE) == 0)
return (SMTPD_CHECK_DUNNO);
suffix = strrchr(domain, '.');
if (alldig(suffix == 0 ? domain : suffix + 1))
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
query = vstring_alloc(100); query = vstring_alloc(100);
@ -3834,8 +3844,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
name); name);
else { else {
cpp += 1; cpp += 1;
if (state->helo_name if (state->helo_name)
&& valid_hostname(state->helo_name, DONT_GRIPE))
status = reject_rbl_domain(state, *cpp, state->helo_name, status = reject_rbl_domain(state, *cpp, state->helo_name,
SMTPD_NAME_HELO); SMTPD_NAME_HELO);
} }
@ -5239,6 +5248,7 @@ int main(int argc, char **argv)
string_init(); string_init();
int_init(); int_init();
smtpd_check_init(); smtpd_check_init();
smtpd_expand_init();
smtpd_state_init(&state, VSTREAM_IN, "smtpd"); smtpd_state_init(&state, VSTREAM_IN, "smtpd");
state.queue_id = "<queue id>"; state.queue_id = "<queue id>";

38
postfix/src/smtpd/smtpd_check.ref
View File

@ -82,7 +82,7 @@ OK
>>> helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname >>> helo_restrictions permit_naked_ip_address,reject_invalid_hostname,reject_unknown_hostname
OK OK
>>> helo 123.123.123.123 >>> helo 123.123.123.123
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
OK OK
>>> # >>> #
>>> # Test the sender restrictions >>> # Test the sender restrictions
@ -317,73 +317,73 @@ OK
>>> helo_restrictions permit_naked_ip_address,reject_non_fqdn_hostname >>> helo_restrictions permit_naked_ip_address,reject_non_fqdn_hostname
OK OK
>>> helo [1.2.3.4] >>> helo [1.2.3.4]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
OK OK
>>> helo [321.255.255.255] >>> helo [321.255.255.255]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[321.255.255.255]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[321.255.255.255]> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[321.255.255.255]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[321.255.255.255]>
501 5.5.2 <[321.255.255.255]>: Helo command rejected: invalid ip address 501 5.5.2 <[321.255.255.255]>: Helo command rejected: invalid ip address
>>> helo [0.255.255.255] >>> helo [0.255.255.255]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[0.255.255.255]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[0.255.255.255]> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[0.255.255.255]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[0.255.255.255]>
501 5.5.2 <[0.255.255.255]>: Helo command rejected: invalid ip address 501 5.5.2 <[0.255.255.255]>: Helo command rejected: invalid ip address
>>> helo [1.2.3.321] >>> helo [1.2.3.321]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.321]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.321]> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.321]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.321]>
501 5.5.2 <[1.2.3.321]>: Helo command rejected: invalid ip address 501 5.5.2 <[1.2.3.321]>: Helo command rejected: invalid ip address
>>> helo [1.2.3] >>> helo [1.2.3]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3]> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3]>
501 5.5.2 <[1.2.3]>: Helo command rejected: invalid ip address 501 5.5.2 <[1.2.3]>: Helo command rejected: invalid ip address
>>> helo [1.2.3.4.5] >>> helo [1.2.3.4.5]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.4.5]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.4.5]> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.4.5]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.4.5]>
501 5.5.2 <[1.2.3.4.5]>: Helo command rejected: invalid ip address 501 5.5.2 <[1.2.3.4.5]>: Helo command rejected: invalid ip address
>>> helo [1..2.3.4] >>> helo [1..2.3.4]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1..2.3.4]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1..2.3.4]> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1..2.3.4]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1..2.3.4]>
501 5.5.2 <[1..2.3.4]>: Helo command rejected: invalid ip address 501 5.5.2 <[1..2.3.4]>: Helo command rejected: invalid ip address
>>> helo [.1.2.3.4] >>> helo [.1.2.3.4]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[.1.2.3.4]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[.1.2.3.4]> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[.1.2.3.4]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[.1.2.3.4]>
501 5.5.2 <[.1.2.3.4]>: Helo command rejected: invalid ip address 501 5.5.2 <[.1.2.3.4]>: Helo command rejected: invalid ip address
>>> helo [1.2.3.4.5.] >>> helo [1.2.3.4.5.]
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.4.5.]> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<[1.2.3.4.5.]>
501 5.5.2 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address 501 5.5.2 <[1.2.3.4.5.]>: Helo command rejected: invalid ip address
>>> helo 1.2.3.4 >>> helo 1.2.3.4
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
OK OK
>>> helo 321.255.255.255 >>> helo 321.255.255.255
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <321.255.255.255>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<321.255.255.255> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <321.255.255.255>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<321.255.255.255>
501 5.5.2 <321.255.255.255>: Helo command rejected: invalid ip address 501 5.5.2 <321.255.255.255>: Helo command rejected: invalid ip address
>>> helo 0.255.255.255 >>> helo 0.255.255.255
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <0.255.255.255>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<0.255.255.255> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <0.255.255.255>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<0.255.255.255>
501 5.5.2 <0.255.255.255>: Helo command rejected: invalid ip address 501 5.5.2 <0.255.255.255>: Helo command rejected: invalid ip address
>>> helo 1.2.3.321 >>> helo 1.2.3.321
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.321>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.321> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.321>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.321>
501 5.5.2 <1.2.3.321>: Helo command rejected: invalid ip address 501 5.5.2 <1.2.3.321>: Helo command rejected: invalid ip address
>>> helo 1.2.3 >>> helo 1.2.3
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3>
501 5.5.2 <1.2.3>: Helo command rejected: invalid ip address 501 5.5.2 <1.2.3>: Helo command rejected: invalid ip address
>>> helo 1.2.3.4.5 >>> helo 1.2.3.4.5
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.4.5>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.4.5> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.4.5>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.4.5>
501 5.5.2 <1.2.3.4.5>: Helo command rejected: invalid ip address 501 5.5.2 <1.2.3.4.5>: Helo command rejected: invalid ip address
>>> helo 1..2.3.4 >>> helo 1..2.3.4
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1..2.3.4>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1..2.3.4> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1..2.3.4>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1..2.3.4>
501 5.5.2 <1..2.3.4>: Helo command rejected: invalid ip address 501 5.5.2 <1..2.3.4>: Helo command rejected: invalid ip address
>>> helo .1.2.3.4 >>> helo .1.2.3.4
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <.1.2.3.4>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<.1.2.3.4> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <.1.2.3.4>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<.1.2.3.4>
501 5.5.2 <.1.2.3.4>: Helo command rejected: invalid ip address 501 5.5.2 <.1.2.3.4>: Helo command rejected: invalid ip address
>>> helo 1.2.3.4.5. >>> helo 1.2.3.4.5.
./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks instead ./smtpd_check: warning: restriction permit_naked_ip_address is deprecated. Use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.4.5.>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.4.5.> ./smtpd_check: <queue id>: reject: HELO from foo[131.155.210.17]: 501 5.5.2 <1.2.3.4.5.>: Helo command rejected: invalid ip address; from=<foo> proto=SMTP helo=<1.2.3.4.5.>
501 5.5.2 <1.2.3.4.5.>: Helo command rejected: invalid ip address 501 5.5.2 <1.2.3.4.5.>: Helo command rejected: invalid ip address
>>> # >>> #

4
postfix/src/smtpd/smtpd_dnswl.in
View File

@ -54,3 +54,7 @@ client example.tld 168.100.189.2
rcpt rname@rdomain rcpt rname@rdomain
# Authorized destination - accept. # Authorized destination - accept.
rcpt wietse@porcupine.org rcpt wietse@porcupine.org
# Numeric TLD - dunno.
rcpt wietse@12345
rcpt wietse@12345.porcupine.org
rcpt wietse@porcupine.12345

9
postfix/src/smtpd/smtpd_dnswl.ref
View File

@ -83,3 +83,12 @@ OK
>>> # Authorized destination - accept. >>> # Authorized destination - accept.
>>> rcpt wietse@porcupine.org >>> rcpt wietse@porcupine.org
OK OK
>>> # Numeric TLD - dunno.
>>> rcpt wietse@12345
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.189.2]: 554 5.7.1 <wietse@12345>: Relay access denied; to=<wietse@12345> proto=SMTP helo=<foobar>
554 5.7.1 <wietse@12345>: Relay access denied
>>> rcpt wietse@12345.porcupine.org
OK
>>> rcpt wietse@porcupine.12345
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.189.2]: 554 5.7.1 <wietse@porcupine.12345>: Relay access denied; to=<wietse@porcupine.12345> proto=SMTP helo=<foobar>
554 5.7.1 <wietse@porcupine.12345>: Relay access denied

4
postfix/src/smtpd/smtpd_exp.ref
View File

@ -49,8 +49,8 @@ OK
>>> client foo 127.0.0.2 >>> client foo 127.0.0.2
OK OK
>>> rcpt rname@rdomain >>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org=127.0.0.2; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar> ./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org=127.0.0.2 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org
>>> client foo 127.0.0.1 >>> client foo 127.0.0.1
OK OK
>>> rcpt rname@rdomain >>> rcpt rname@rdomain

2
postfix/src/util/sys_defs.h
View File

@ -708,7 +708,7 @@ extern int initgroups(const char *, int);
/* /*
* LINUX. * LINUX.
*/ */
#ifdef LINUX2 #if defined(LINUX2) || defined(LINUX3)
#define SUPPORTED #define SUPPORTED
#include <sys/types.h> #include <sys/types.h>
#define UINT32_TYPE unsigned int #define UINT32_TYPE unsigned int