From 22d6e3a8abaf174f79b4f2b4a0085ef3442d3ca1 Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Wed, 26 Dec 2018 00:00:00 -0500
Subject: [PATCH] postfix-3.4-20181226

---
 postfix/HISTORY                             | 26 +++++++++++++++++++++
 postfix/README_FILES/POSTSCREEN_README      | 16 +++++++++----
 postfix/html/POSTSCREEN_README.html         | 17 ++++++++++----
 postfix/html/postconf.5.html                | 13 +++++++----
 postfix/man/man5/postconf.5                 | 11 +++++----
 postfix/proto/POSTSCREEN_README.html        | 17 ++++++++++----
 postfix/proto/postconf.proto                | 13 +++++++----
 postfix/src/global/mail_version.h           |  2 +-
 postfix/src/postscreen/postscreen.h         |  5 ++++
 postfix/src/postscreen/postscreen_state.c   | 13 +++++++----
 postfix/src/posttls-finger/posttls-finger.c |  2 +-
 postfix/src/util/dict_file.c                | 16 ++++++-------
 12 files changed, 109 insertions(+), 42 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index d2ac8112a..3b5d3fdfd 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -23890,3 +23890,29 @@ Apologies for any names omitted.
 	default_rbl_reply, command_execution_directory, luser_relay,
 	smtpd_reject_footer. These have their own documented $name
 	substitution mechanism. File: proto/postconf.proto.
+
+20181202
+
+	Bugfix: posttls-finger reported an error for UNIX-domain
+	connections, even if they did not fail. Found by Coverity.
+	File: posttls-finger/posttls-finger.c.
+
+20181208
+
+	Documentation: add even more redundancy to the rate-delay
+	description. File: proto/postconf.proto.
+
+20181210
+
+	Cleanup: code deduplication. File: util/dict_file.c.
+
+20181226
+
+	Cleanup: code deduplication and better encapsulation with
+	PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros.
+	Files: postscreen/postscreen.h, postscreen/postscreen_state.c.
+
+	Documentation: POSTSCREEN_README did not describe the
+	postscreen_post_queue_limit, and attributed the wrong reject
+	message to the postscreen_pre_queue_limit. Problem reported
+	by Michael Orlitzky. File: proto/POSTSCREEN_README.html.
diff --git a/postfix/README_FILES/POSTSCREEN_README b/postfix/README_FILES/POSTSCREEN_README
index 0931ba3ce..78da5dd88 100644
--- a/postfix/README_FILES/POSTSCREEN_README
+++ b/postfix/README_FILES/POSTSCREEN_README
@@ -508,15 +508,21 @@ limit, as specified with the line_length_limit parameter. The session is
 terminated immediately. The "aafftteerr command" portion is logged with Postfix 2.10
 and later.
 
-When an SMTP client makes too many connections at the same time, or when all
-postscreen(8) ports are busy, postscreen(8) rejects the connection with a 421
-status code and logs:
+When an SMTP client makes too many connections at the same time, postscreen(8)
+rejects the connection with a 421 status code and logs:
 
     NNOOQQUUEEUUEE:: rreejjeecctt:: CCOONNNNEECCTT ffrroomm [address]:port:: ttoooo mmaannyy ccoonnnneeccttiioonnss
+
+The postscreen_client_connection_count_limit parameter controls this limit.
+
+When an SMTP client connects after postscreen(8) has reached a connection count
+limit, postscreen(8) rejects the connection with a 421 status code and logs:
+
+    NNOOQQUUEEUUEE:: rreejjeecctt:: CCOONNNNEECCTT ffrroomm [address]:port:: aallll ssccrreeeenniinngg ppoorrttss bbuussyy
     NNOOQQUUEEUUEE:: rreejjeecctt:: CCOONNNNEECCTT ffrroomm [address]:port:: aallll sseerrvveerr ppoorrttss bbuussyy
 
-The postscreen_client_connection_count_limit and postscreen_pre_queue_limit
-parameters control these limits.
+The postscreen_pre_queue_limit and postscreen_post_queue_limit parameters
+control these limits.
 
 WWhheenn aallll tteessttss ssuucccceeeedd
 
diff --git a/postfix/html/POSTSCREEN_README.html b/postfix/html/POSTSCREEN_README.html
index d326fcf19..4405f1e3e 100644
--- a/postfix/html/POSTSCREEN_README.html
+++ b/postfix/html/POSTSCREEN_README.html
@@ -714,16 +714,25 @@ The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
 Postfix 2.10 and later. </p>
 
 <p> When an SMTP client makes too many connections at the same time,
-or when all <a href="postscreen.8.html">postscreen(8)</a> ports are busy, <a href="postscreen.8.html">postscreen(8)</a> rejects the
-connection with a 421 status code and logs: </p>
+<a href="postscreen.8.html">postscreen(8)</a> rejects the connection with a 421 status code and logs: </p>
 
 <pre>
     <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: too many connections</b>
+</pre>
+
+<p> The <a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> parameter controls this limit. </p>
+
+<p> When an SMTP client connects after <a href="postscreen.8.html">postscreen(8)</a> has reached a
+connection count limit, <a href="postscreen.8.html">postscreen(8)</a> rejects the connection with
+a 421 status code and logs: </p>
+
+<pre>
+    <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all screening ports busy</b>
     <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all server ports busy</b>
 </pre>
 
-<p> The <a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> and
-<a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> parameters control these limits.  </p>
+<p> The <a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> and <a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a>
+parameters control these limits.  </p>
 
 <h2> <a name="victory">When all tests succeed</a> </h2>
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 5f0ee856d..decaaa4ce 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -2276,8 +2276,10 @@ is the <a href="master.5.html">master.cf</a> name of the message delivery transp
 (default: 0s)</b></DT><DD>
 
 <p> The default amount of delay that is inserted between individual
-deliveries to the same destination. If non-zero, all deliveries to
-the same destination will happen one at a time. </p>
+message deliveries to the same destination and over the same message
+delivery transport. Specify a non-zero value to rate-limit those
+message deliveries to at most one per $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>.
+</p>
 
 <p> The resulting behavior depends on the value of the corresponding
 per-destination recipient limit.
@@ -2675,9 +2677,10 @@ Example:
 (default: 0s)</b></DT><DD>
 
 <p> The default amount of delay that is inserted between individual
-deliveries over the same message delivery transport, regardless of
-destination. If non-zero, all deliveries over the same message
-delivery transport will happen one at a time. </p>
+message deliveries over the same message delivery transport,
+regardless of destination. Specify a non-zero value to rate-limit
+those message deliveries to at most one per $<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>.
+</p>
 
 <p>Use <a href="postconf.5.html#transport_transport_rate_delay"><i>transport</i>_transport_rate_delay</a> to specify a
 transport-specific override, where the initial <i>transport</i> is
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index fb0f6ed19..b55a9a9e7 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1451,8 +1451,9 @@ is the master.cf name of the message delivery transport.
 This feature is available in Postfix 2.5 and later.
 .SH default_destination_rate_delay (default: 0s)
 The default amount of delay that is inserted between individual
-deliveries to the same destination. If non\-zero, all deliveries to
-the same destination will happen one at a time.
+message deliveries to the same destination and over the same message
+delivery transport. Specify a non\-zero value to rate\-limit those
+message deliveries to at most one per $default_destination_rate_delay.
 .PP
 The resulting behavior depends on the value of the corresponding
 per\-destination recipient limit.
@@ -1710,9 +1711,9 @@ default_transport = uucp:relayhostname
 .ft R
 .SH default_transport_rate_delay (default: 0s)
 The default amount of delay that is inserted between individual
-deliveries over the same message delivery transport, regardless of
-destination. If non\-zero, all deliveries over the same message
-delivery transport will happen one at a time.
+message deliveries over the same message delivery transport,
+regardless of destination. Specify a non\-zero value to rate\-limit
+those message deliveries to at most one per $default_transport_rate_delay.
 .PP
 Use \fItransport\fR_transport_rate_delay to specify a
 transport\-specific override, where the initial \fItransport\fR is
diff --git a/postfix/proto/POSTSCREEN_README.html b/postfix/proto/POSTSCREEN_README.html
index 072022c67..66f8f8770 100644
--- a/postfix/proto/POSTSCREEN_README.html
+++ b/postfix/proto/POSTSCREEN_README.html
@@ -714,16 +714,25 @@ The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
 Postfix 2.10 and later. </p>
 
 <p> When an SMTP client makes too many connections at the same time,
-or when all postscreen(8) ports are busy, postscreen(8) rejects the
-connection with a 421 status code and logs: </p>
+postscreen(8) rejects the connection with a 421 status code and logs: </p>
 
 <pre>
     <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: too many connections</b>
+</pre>
+
+<p> The postscreen_client_connection_count_limit parameter controls this limit. </p>
+
+<p> When an SMTP client connects after postscreen(8) has reached a
+connection count limit, postscreen(8) rejects the connection with
+a 421 status code and logs: </p>
+
+<pre>
+    <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all screening ports busy</b>
     <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all server ports busy</b>
 </pre>
 
-<p> The postscreen_client_connection_count_limit and
-postscreen_pre_queue_limit parameters control these limits.  </p>
+<p> The postscreen_pre_queue_limit and postscreen_post_queue_limit
+parameters control these limits.  </p>
 
 <h2> <a name="victory">When all tests succeed</a> </h2>
 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 933e07107..7833e2a3a 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -13305,9 +13305,10 @@ this case: "_recipient_refill_delay").  </p>
 %PARAM default_transport_rate_delay 0s
 
 <p> The default amount of delay that is inserted between individual
-deliveries over the same message delivery transport, regardless of
-destination. If non-zero, all deliveries over the same message
-delivery transport will happen one at a time. </p>
+message deliveries over the same message delivery transport,
+regardless of destination. Specify a non-zero value to rate-limit
+those message deliveries to at most one per $default_transport_rate_delay.
+</p>
 
 <p>Use <i>transport</i>_transport_rate_delay to specify a
 transport-specific override, where the initial <i>transport</i> is
@@ -13341,8 +13342,10 @@ name is the master.cf name of the message delivery transport. </p>
 %PARAM default_destination_rate_delay 0s
 
 <p> The default amount of delay that is inserted between individual
-deliveries to the same destination. If non-zero, all deliveries to
-the same destination will happen one at a time. </p>
+message deliveries to the same destination and over the same message
+delivery transport. Specify a non-zero value to rate-limit those
+message deliveries to at most one per $default_destination_rate_delay.
+</p>
 
 <p> The resulting behavior depends on the value of the corresponding
 per-destination recipient limit.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index d7428cc07..f1165b348 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20181202"
+#define MAIL_RELEASE_DATE	"20181226"
 #define MAIL_VERSION_NUMBER	"3.4"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postscreen/postscreen.h b/postfix/src/postscreen/postscreen.h
index 4c7248f65..0f9d41817 100644
--- a/postfix/src/postscreen/postscreen.h
+++ b/postfix/src/postscreen/postscreen.h
@@ -456,6 +456,11 @@ extern HTABLE *psc_client_concurrency;	/* per-client concurrency */
 	(state)->smtp_server_fd = (fd); \
 	psc_post_queue_length++; \
     } while (0)
+#define PSC_DEL_SERVER_STATE(state) do { \
+	close((state)->smtp_server_fd); \
+	(state)->smtp_server_fd = (-1); \
+	psc_post_queue_length--; \
+    } while (0)
 #define PSC_DEL_CLIENT_STATE(state) do { \
 	event_server_disconnect((state)->smtp_client_stream); \
 	(state)->smtp_client_stream = 0; \
diff --git a/postfix/src/postscreen/postscreen_state.c b/postfix/src/postscreen/postscreen_state.c
index aced47d63..5f610e6a9 100644
--- a/postfix/src/postscreen/postscreen_state.c
+++ b/postfix/src/postscreen/postscreen_state.c
@@ -25,6 +25,9 @@
 /*	PSC_STATE *state;
 /*	int	server_fd;
 /*
+/*	void	PSC_DEL_SERVER_STATE(state)
+/*	PSC_STATE *state;
+/*
 /*	void	PSC_DEL_CLIENT_STATE(state)
 /*	PSC_STATE *state;
 /*
@@ -88,6 +91,10 @@
 /*	increments the global psc_post_queue_length file descriptor
 /*	counter.
 /*
+/*	PSC_DEL_SERVER_STATE() closes the specified session state
+/*	object's server file descriptor, and decrements the global
+/*	psc_post_queue_length file descriptor counter.
+/*
 /*	PSC_DEL_CLIENT_STATE() updates the specified session state
 /*	object, closes the client stream, and decrements the global
 /*	psc_check_queue_length file descriptor counter.
@@ -227,12 +234,10 @@ void    psc_free_session_state(PSC_STATE *state)
 	htable_delete(psc_client_concurrency, state->smtp_client_addr, myfree);
 
     if (state->smtp_client_stream != 0) {
-	event_server_disconnect(state->smtp_client_stream);
-	psc_check_queue_length--;
+	PSC_DEL_CLIENT_STATE(state);
     }
     if (state->smtp_server_fd >= 0) {
-	close(state->smtp_server_fd);
-	psc_post_queue_length--;
+	PSC_DEL_SERVER_STATE(state);
     }
     if (state->send_buf != 0)
 	state->send_buf = vstring_free(state->send_buf);
diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c
index b669308e7..92ad87f9a 100644
--- a/postfix/src/posttls-finger/posttls-finger.c
+++ b/postfix/src/posttls-finger/posttls-finger.c
@@ -1536,7 +1536,7 @@ static int connect_dest(STATE *state)
      */
     if (state->smtp == 0) {
 	if (strncmp(dest, "unix:", 5) == 0) {
-	    connect_unix(state, dest + 5);
+	    state->stream = connect_unix(state, dest + 5);
 	    if (!state->stream)
 		msg_info("Failed to establish session to %s: %s",
 			 dest, vstring_str(state->why->reason));
diff --git a/postfix/src/util/dict_file.c b/postfix/src/util/dict_file.c
index 57a84dea3..e59842a31 100644
--- a/postfix/src/util/dict_file.c
+++ b/postfix/src/util/dict_file.c
@@ -95,40 +95,40 @@ VSTRING *dict_file_to_buf(DICT *dict, const char *pathnames)
     if (dict->file_buf == 0)
 	dict->file_buf = vstring_alloc(100);
 
-#define DICT_FILE_ERR_RETURN do { \
+#define DICT_FILE_RETURN(retval) do { \
 	argv_free(argv); \
 	if (fp) vstream_fclose(fp); \
-	return (0); \
+	return (retval); \
     } while (0);
 
     argv = argv_split(pathnames, CHARS_COMMA_SP);
     if (argv->argc == 0) {
 	vstring_sprintf(dict->file_buf, "empty pathname list: >>%s<<'",
 			pathnames);
-	DICT_FILE_ERR_RETURN;
+	DICT_FILE_RETURN(0);
     }
     VSTRING_RESET(dict->file_buf);
     for (cpp = argv->argv; *cpp; cpp++) {
 	if ((fp = vstream_fopen(*cpp, O_RDONLY, 0)) == 0
 	    || fstat(vstream_fileno(fp), &st) < 0) {
 	    vstring_sprintf(dict->file_buf, "open %s: %m", *cpp);
-	    DICT_FILE_ERR_RETURN;
+	    DICT_FILE_RETURN(0);
 	}
 	if (st.st_size > SSIZE_T_MAX - LEN(dict->file_buf)) {
 	    vstring_sprintf(dict->file_buf, "file too large: %s", pathnames);
-	    DICT_FILE_ERR_RETURN;
+	    DICT_FILE_RETURN(0);
 	}
 	if (vstream_fread_app(fp, dict->file_buf, st.st_size) != st.st_size) {
 	    vstring_sprintf(dict->file_buf, "read %s: %m", *cpp);
-	    DICT_FILE_ERR_RETURN;
+	    DICT_FILE_RETURN(0);
 	}
 	(void) vstream_fclose(fp);
+	fp = 0;
 	if (cpp[1] != 0)
 	    VSTRING_ADDCH(dict->file_buf, '\n');
     }
-    argv_free(argv);
     VSTRING_TERMINATE(dict->file_buf);
-    return (dict->file_buf);
+    DICT_FILE_RETURN(dict->file_buf);
 }
 
 /* dict_file_to_b64 - read files into a base64-encoded buffer */