postfix-3.2-20161224

postfix/HISTORY

@@ -22645,3 +22645,34 @@ Apologies for any names omitted.
 	new-server-cert" is invoked, and main.cf specifies a
 	non-existent keyfile. Viktor Dukhovni.  File:
 	conf/postfix-tls-script.
+
+20161205
+
+	Cleanup: log the sender address when rejecting a too large
+	message size in a "MAIL FROM:<sender> SIZE=nnn" command.
+	File: smtpd/smtpd.c.
+
+20161206
+
+	Bugfix (introduced: Postfix 3.0): when receiving a MAIL
+	FROM...SMTPUTF8 command while smtpd_delay_reject=no, enable
+	SMTPUTF8 support before processing smtpd_sender_restrictions.
+	Problem reported by Viktor Dukhovni. File: smtpd/smtpd.c.
+
+	Bugfix (introduced: Postfix 3.0): when receiving a
+	VRFY...SMTPUTF8 command, enable SMTPUTF8 support while
+	processing smtpd_recipient_restrictions. File: smtpd/smtpd.c.
+
+20161220
+
+	Bugfix (introduced: Postfix 2.1.0): the Postfix SMTP daemon
+	did not query sender_canonical_maps when rejecting unknown
+	senders with "smtpd_reject_unlisted_recipient = yes" or
+	with reject_unlisted_sender.  Stephen R. van den Berg (Mr.
+	procmail). Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
+
+20161223
+
+	Bugfix (introduced: Postfix 3.2 snapshots): the makedefs
+	script produced a garbled CCARGS setting when no suitable
+	ICU library was found. File: makedefs.

postfix/INSTALL

@@ -357,7 +357,7 @@ inconsistent results with different versions of the make(1) command.
     postfix-files will automatically include files under the directory postfix-
     files.d. Thanks to this, you can install or deinstall a database plugin
     package without having to edit postfix-files or dynamicmaps.cf. Instead,
-    you give that plugin its own configuration files dynamicmaps.cf.d and
+    you give that plugin its own configuration files under dynamicmaps.cf.d and
     postfix-files.d, and you add or remove those configuration files along with
     the database plugin dynamically-linked object.
 

postfix/Makefile

@@ -1,7 +1,8 @@
 # Usage: 
-#	make makefiles [CC=compiler] [OPT=compiler-flags] [DEBUG=debug-flags]
+#	make makefiles [name=value]...
 #
-# The defaults are: CC=gcc, OPT=-O, and DEBUG=-g. Examples:
+# See makedefs for a descripton of available options.
+# Examples:
 #
 #	make makefiles
 #	make makefiles CC="purify cc"

postfix/README_FILES/ADDRESS_REWRITING_README

@@ -698,7 +698,7 @@ is used for deliveries to commands or files in "root"-owned aliases.
 
 LLooccaall ppeerr--uusseerr ..ffoorrwwaarrdd ffiilleess
 
-With delivery via the local(8) deliver agent, users can control their own mail
+With delivery via the local(8) delivery agent, users can control their own mail
 delivery by specifying destinations in a file called .forward in their home
 directories. The syntax of these files is the same as with the local aliases(5)
 file, except that the left-hand side of the alias (lookup key and colon) are

postfix/README_FILES/INSTALL

@@ -357,7 +357,7 @@ inconsistent results with different versions of the make(1) command.
     postfix-files will automatically include files under the directory postfix-
     files.d. Thanks to this, you can install or deinstall a database plugin
     package without having to edit postfix-files or dynamicmaps.cf. Instead,
-    you give that plugin its own configuration files dynamicmaps.cf.d and
+    you give that plugin its own configuration files under dynamicmaps.cf.d and
     postfix-files.d, and you add or remove those configuration files along with
     the database plugin dynamically-linked object.
 

postfix/WISHLIST

@@ -9,15 +9,9 @@ Wish list:
 	In the bounce daemon, set util_utf8_enable if returning an
 	SMTPUTF8 message.
 
-	In the smtpd daemon, log the sender when rejecting SIZE.
-
 	Adopt John Fawcett's stored-procedure support, and look
 	at Joel Linn's follow-up dated 22 Nov 2016 01:35:03 +0100.
 
-	Adopt Russell Yanofsky's patch to account for
-	sender_dependent_transport_maps (e.g. if it resolves to the
-	error: delivery agent, then it should be rejected).
-
 	Why does postqueue show UTC time, even if TZ is set in
 	the import_environment setting? Because postqueue is set-gid?
 

postfix/html/ADDRESS_REWRITING_README.html

@@ -1052,7 +1052,7 @@ deliveries to commands or files in "root"-owned aliases. </p>
 
 <h3> <a name="forward"> Local per-user .forward files </a> </h3>
 
-<p> With delivery via the <a href="local.8.html">local(8)</a> deliver agent, users can control
+<p> With delivery via the <a href="local.8.html">local(8)</a> delivery agent, users can control
 their own mail delivery by specifying destinations in a file called
 .forward in their home directories. The syntax of these files is
 the same as with the local <a href="aliases.5.html">aliases(5)</a> file, except that the left-hand

postfix/html/INSTALL.html

@@ -566,7 +566,7 @@ configuration file postfix-files will automatically include files
 under the directory postfix-files.d.  Thanks to this, you can install
 or deinstall a database plugin package without having to edit
 postfix-files or dynamicmaps.cf. Instead, you give that plugin its
-own configuration files dynamicmaps.cf.d and postfix-files.d, and
+own configuration files under dynamicmaps.cf.d and postfix-files.d, and
 you add or remove those configuration files along with the database
 plugin dynamically-linked object.  </p>
 

postfix/html/smtpd.8.html

@@ -697,6 +697,10 @@ SMTPD(8)                                                              SMTPD(8)
               Optional address mapping lookup tables for envelope  and  header
               recipient addresses.
 
+       <b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> (empty)</b>
+              Optional  address  mapping lookup tables for envelope and header
+              sender addresses.
+
        Parameters concerning known/unknown local recipients:
 
        <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>

postfix/makedefs

@@ -862,7 +862,7 @@ CCARGS="$CCARGS -DSNAPSHOT"
 
 # Non-production: needs thorough testing, or major changes are still
 # needed before the code stabilizes.
-#CCARGS="$CCARGS -DNONPROD"
+CCARGS="$CCARGS -DNONPROD"
 
 # Workaround: prepend Postfix include files before other include files.
 CCARGS="-I. -I../../include $CCARGS"

postfix/man/man8/smtpd.8

@@ -632,6 +632,9 @@ envelopes.
 .IP "\fBrecipient_canonical_maps (empty)\fR"
 Optional address mapping lookup tables for envelope and header
 recipient addresses.
+.IP "\fBsender_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+sender addresses.
 .PP
 Parameters concerning known/unknown local recipients:
 .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"

postfix/proto/ADDRESS_REWRITING_README.html

@@ -1052,7 +1052,7 @@ deliveries to commands or files in "root"-owned aliases. </p>
 
 <h3> <a name="forward"> Local per-user .forward files </a> </h3>
 
-<p> With delivery via the local(8) deliver agent, users can control
+<p> With delivery via the local(8) delivery agent, users can control
 their own mail delivery by specifying destinations in a file called
 .forward in their home directories. The syntax of these files is
 the same as with the local aliases(5) file, except that the left-hand

postfix/proto/INSTALL.html

@@ -566,7 +566,7 @@ configuration file postfix-files will automatically include files
 under the directory postfix-files.d.  Thanks to this, you can install
 or deinstall a database plugin package without having to edit
 postfix-files or dynamicmaps.cf. Instead, you give that plugin its
-own configuration files dynamicmaps.cf.d and postfix-files.d, and
+own configuration files under dynamicmaps.cf.d and postfix-files.d, and
 you add or remove those configuration files along with the database
 plugin dynamically-linked object.  </p>
 

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20161204"
+#define MAIL_RELEASE_DATE	"20161224"
 #define MAIL_VERSION_NUMBER	"3.2"
 
 #ifdef SNAPSHOT

postfix/src/smtpd/Makefile.in

@@ -72,7 +72,7 @@ tidy:	clean
 
 broken-tests: smtpd_check_test smtpd_check_test2 
 
-tests:	smtpd_acl_test smtpd_exp_test \
+tests:	smtpd_acl_test smtpd_addr_valid_test smtpd_exp_test \
 	smtpd_token_test smtpd_check_test4 smtpd_check_dsn_test \
 	smtpd_check_backup_test smtpd_dnswl_test smtpd_error_test \
 	smtpd_server_test smtpd_nullmx_test smtpd_dns_filter_test
@@ -107,6 +107,11 @@ smtpd_acl_test: smtpd_check smtpd_acl.in smtpd_acl.ref smtpd_check_access
 	diff smtpd_acl.ref smtpd_check.tmp
 	rm -f smtpd_check.tmp smtpd_check_access.*
 
+smtpd_addr_valid_test: smtpd_check smtpd_addr_valid.in smtpd_addr_valid.ref
+	$(SHLIB_ENV) ./smtpd_check <smtpd_addr_valid.in >smtpd_check.tmp 2>&1
+	diff smtpd_addr_valid.ref smtpd_check.tmp
+	rm -f smtpd_check.tmp
+
 # This requires that the DNS server can query porcupine.org.
 
 smtpd_exp_test: smtpd_check smtpd_exp.in smtpd_exp.ref

postfix/src/smtpd/smtpd.c

@@ -588,6 +588,9 @@
 /* .IP "\fBrecipient_canonical_maps (empty)\fR"
 /*	Optional address mapping lookup tables for envelope and header
 /*	recipient addresses.
+/* .IP "\fBsender_canonical_maps (empty)\fR"
+/*	Optional address mapping lookup tables for envelope and header
+/*	sender addresses.
 /* .PP
 /*	Parameters concerning known/unknown local recipients:
 /* .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
@@ -1250,6 +1253,7 @@ char   *var_rest_classes;
 int     var_strict_rfc821_env;
 bool    var_disable_vrfy_cmd;
 char   *var_canonical_maps;
+char   *var_send_canon_maps;
 char   *var_rcpt_canon_maps;
 char   *var_virt_alias_maps;
 char   *var_virt_mailbox_maps;
@@ -2355,7 +2359,6 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
     char   *verp_delims = 0;
     int     rate;
     int     dsn_envid = 0;
-    int     smtputf8 = 0;
 
     state->flags &= ~SMTPD_FLAG_SMTPUTF8;
     state->encoding = 0;
@@ -2422,13 +2425,15 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	for (narg = 3; narg < argc; narg++) {
 	    arg = argv[narg].strval;
 	    if (strcasecmp(arg, "SMTPUTF8") == 0) {	/* RFC 6531 */
-		smtputf8 = 1;
+		/* Fix 20161206: allow UTF8 in smtpd_sender_restrictions. */
+		state->flags |= SMTPD_FLAG_SMTPUTF8;
 		break;
 	    }
 	}
     }
     if (extract_addr(state, argv + 2, PERMIT_EMPTY_ADDR,
-		     var_strict_rfc821_env, smtputf8) != 0) {
+		     var_strict_rfc821_env,
+		     state->flags & SMTPD_FLAG_SMTPUTF8) != 0) {
 	state->error_mask |= MAIL_ERROR_PROTOCOL;
 	smtpd_chat_reply(state, "501 5.1.7 Bad sender address syntax");
 	return (-1);
@@ -2513,7 +2518,11 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	    return (-1);
 	}
     }
-    if ((err = smtpd_check_size(state, state->msg_size)) != 0) {
+    /* Fix 20161205: show the envelope sender in reject logging. */
+    PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf));
+    err = smtpd_check_size(state, state->msg_size);
+    POP_STRING(saved_sender, state->sender);
+    if (err != 0) {
 	smtpd_chat_reply(state, "%s", err);
 	return (-1);
     }
@@ -2627,8 +2636,6 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	state->verp_delims = mystrdup(verp_delims);
     if (dsn_envid)
 	state->dsn_envid = mystrdup(STR(state->dsn_buf));
-    if (smtputf8)
-	state->flags |= SMTPD_FLAG_SMTPUTF8;
     if (USE_SMTPD_PROXY(state))
 	state->proxy_mail = mystrdup(STR(state->buffer));
     if (var_smtpd_delay_open == 0 && mail_open_stream(state) < 0) {
@@ -3604,6 +3611,7 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
     const char *err = 0;
     int     rate;
     int     smtputf8 = 0;
+    int     saved_flags;
 
     /*
      * The SMTP standard (RFC 821) disallows unquoted special characters in
@@ -3690,11 +3698,18 @@ static int vrfy_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 	}
     }
     /* Use state->addr_buf, with the unquoted result from extract_addr() */
-    if (SMTPD_STAND_ALONE(state) == 0
-	&& (err = smtpd_check_rcpt(state, STR(state->addr_buf))) != 0) {
+    if (SMTPD_STAND_ALONE(state) == 0) {
+	/* Fix 20161206: allow UTF8 in smtpd_recipient_restrictions. */
+	saved_flags = state->flags;
+	if (smtputf8)
+	    state->flags |= SMTPD_FLAG_SMTPUTF8;
+	err = smtpd_check_rcpt(state, STR(state->addr_buf));
+	state->flags = saved_flags;
+	if (err != 0) {
 	    smtpd_chat_reply(state, "%s", err);
 	    return (-1);
 	}
+    }
 
     /*
      * XXX 2821 new feature: Section 3.5.1 requires that the VRFY response is
@@ -5846,6 +5861,7 @@ int     main(int argc, char **argv)
 	VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
 	VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0,
 	VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
+	VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0,
 	VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0,
 	VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
 	VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,

postfix/src/smtpd/smtpd_addr_valid.in

@@ -0,0 +1,35 @@
+#
+# Initialize
+#
+smtpd_delay_reject 0
+mynetworks 127.0.0.0/8,168.100.189.0/28
+local_recipient_maps inline:{foo_canon=whatever,bar_canon=whatever}
+mydestination example.com
+myorigin example.com
+
+sender_canonical_maps inline:{foo@example.com=foo_canon@example.com}
+recipient_canonical_maps inline:{bar@example.com=bar_canon@example.com}
+
+sender_restrictions reject_unlisted_sender
+# Expect accept
+mail bar_canon@example.com
+# Expect accept
+mail bar@example.com
+# Expect accept
+mail foo_canon@example.com
+# Expect accept
+mail foo@example.com
+# Expect reject
+mail baz@example.com
+
+recipient_restrictions reject_unlisted_recipient
+# Expect accept
+rcpt bar_canon@example.com
+# Expect accept
+rcpt bar@example.com
+# Expect accept
+rcpt foo_canon@example.com
+# Expect reject
+rcpt foo@example.com
+# Expect reject
+mail baz@example.com

postfix/src/smtpd/smtpd_addr_valid.ref

@@ -0,0 +1,57 @@
+>>> #
+>>> # Initialize
+>>> #
+>>> smtpd_delay_reject 0
+OK
+>>> mynetworks 127.0.0.0/8,168.100.189.0/28
+OK
+>>> local_recipient_maps inline:{foo_canon=whatever,bar_canon=whatever}
+OK
+>>> mydestination example.com
+OK
+>>> myorigin example.com
+OK
+>>> 
+>>> sender_canonical_maps inline:{foo@example.com=foo_canon@example.com}
+OK
+>>> recipient_canonical_maps inline:{bar@example.com=bar_canon@example.com}
+OK
+>>> 
+>>> sender_restrictions reject_unlisted_sender
+OK
+>>> # Expect accept
+>>> mail bar_canon@example.com
+OK
+>>> # Expect accept
+>>> mail bar@example.com
+OK
+>>> # Expect accept
+>>> mail foo_canon@example.com
+OK
+>>> # Expect accept
+>>> mail foo@example.com
+OK
+>>> # Expect reject
+>>> mail baz@example.com
+./smtpd_check: <queue id>: reject: MAIL from localhost[127.0.0.1]: 550 5.1.0 <baz@example.com>: Sender address rejected: User unknown in local recipient table; from=<baz@example.com> proto=SMTP
+550 5.1.0 <baz@example.com>: Sender address rejected: User unknown in local recipient table
+>>> 
+>>> recipient_restrictions reject_unlisted_recipient
+OK
+>>> # Expect accept
+>>> rcpt bar_canon@example.com
+OK
+>>> # Expect accept
+>>> rcpt bar@example.com
+OK
+>>> # Expect accept
+>>> rcpt foo_canon@example.com
+OK
+>>> # Expect reject
+>>> rcpt foo@example.com
+./smtpd_check: <queue id>: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <foo@example.com>: Recipient address rejected: User unknown in local recipient table; from=<baz@example.com> to=<foo@example.com> proto=SMTP
+550 5.1.1 <foo@example.com>: Recipient address rejected: User unknown in local recipient table
+>>> # Expect reject
+>>> mail baz@example.com
+./smtpd_check: <queue id>: reject: MAIL from localhost[127.0.0.1]: 550 5.1.0 <baz@example.com>: Sender address rejected: User unknown in local recipient table; from=<baz@example.com> proto=SMTP
+550 5.1.0 <baz@example.com>: Sender address rejected: User unknown in local recipient table

postfix/src/smtpd/smtpd_check.c

@@ -286,6 +286,7 @@ static CTABLE *smtpd_rbl_byte_cache;
   * trivial-rewrite resolver.
   */
 static MAPS *local_rcpt_maps;
+static MAPS *send_canon_maps;
 static MAPS *rcpt_canon_maps;
 static MAPS *canonical_maps;
 static MAPS *virt_alias_maps;
@@ -746,6 +747,9 @@ void    smtpd_check_init(void)
     local_rcpt_maps = maps_create(VAR_LOCAL_RCPT_MAPS, var_local_rcpt_maps,
 				  DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
 				  | DICT_FLAG_UTF8_REQUEST);
+    send_canon_maps = maps_create(VAR_SEND_CANON_MAPS, var_send_canon_maps,
+				  DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
+				  | DICT_FLAG_UTF8_REQUEST);
     rcpt_canon_maps = maps_create(VAR_RCPT_CANON_MAPS, var_rcpt_canon_maps,
 				  DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
 				  | DICT_FLAG_UTF8_REQUEST);
@@ -5124,7 +5128,7 @@ static int check_rcpt_maps(SMTPD_STATE *state, const char *sender,
     DSN_SPLIT dp;
 
     if (msg_verbose)
-	msg_info(">>> CHECKING RECIPIENT MAPS <<<");
+	msg_info(">>> CHECKING %s VALIDATION MAPS <<<", reply_class);
 
     /*
      * Resolve the address.
@@ -5150,6 +5154,8 @@ static int check_rcpt_maps(SMTPD_STATE *state, const char *sender,
      * domains.
      */
     if (MATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
+	|| (strcmp(reply_class, SMTPD_NAME_SENDER) == 0
+	    && MATCH(send_canon_maps, CONST_STR(reply->recipient)))
 	|| MATCH(canonical_maps, CONST_STR(reply->recipient))
 	|| MATCH(virt_alias_maps, CONST_STR(reply->recipient)))
 	return (0);
@@ -5497,6 +5503,7 @@ char   *var_proxy_interfaces;
 char   *var_rcpt_delim;
 char   *var_rest_classes;
 char   *var_alias_maps;
+char   *var_send_canon_maps;
 char   *var_rcpt_canon_maps;
 char   *var_canonical_maps;
 char   *var_virt_alias_maps;
@@ -5547,6 +5554,7 @@ static const STRING_TABLE string_table[] = {
     VAR_RCPT_DELIM, DEF_RCPT_DELIM, &var_rcpt_delim,
     VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes,
     VAR_ALIAS_MAPS, DEF_ALIAS_MAPS, &var_alias_maps,
+    VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps,
     VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps,
     VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps,
     VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps,
@@ -5954,7 +5962,7 @@ int     main(int argc, char **argv)
 	    vstream_printf("exit %d\n", system(bp + 1));
 	    continue;
 	}
-	args = argv_split(bp, CHARS_SPACE);
+	args = argv_splitq(bp, CHARS_SPACE, CHARS_BRACE);
 
 	/*
 	 * Recognize the command.
@@ -6098,6 +6106,22 @@ int     main(int argc, char **argv)
 		resp = 0;
 		break;
 	    }
+	    if (strcasecmp(args->argv[0], VAR_SEND_CANON_MAPS) == 0) {
+		UPDATE_STRING(var_send_canon_maps, args->argv[1]);
+		UPDATE_MAPS(send_canon_maps, VAR_SEND_CANON_MAPS,
+			    var_send_canon_maps, DICT_FLAG_LOCK
+			    | DICT_FLAG_FOLD_FIX | DICT_FLAG_UTF8_REQUEST);
+		resp = 0;
+		break;
+	    }
+	    if (strcasecmp(args->argv[0], VAR_RCPT_CANON_MAPS) == 0) {
+		UPDATE_STRING(var_rcpt_canon_maps, args->argv[1]);
+		UPDATE_MAPS(rcpt_canon_maps, VAR_RCPT_CANON_MAPS,
+			    var_rcpt_canon_maps, DICT_FLAG_LOCK
+			    | DICT_FLAG_FOLD_FIX | DICT_FLAG_UTF8_REQUEST);
+		resp = 0;
+		break;
+	    }
 	    if (strcasecmp(args->argv[0], VAR_RBL_REPLY_MAPS) == 0) {
 		UPDATE_STRING(var_rbl_reply_maps, args->argv[1]);
 		UPDATE_MAPS(rbl_reply_maps, VAR_RBL_REPLY_MAPS,

postfix/src/util/mymalloc.h

@@ -8,8 +8,8 @@
 /*	memory management wrappers
 /* SYNOPSIS
 /*	#include "mymalloc.h"
- DESCRIPTION
- .nf
+/* DESCRIPTION
+/* .nf
 
  /*
   * External interface.