postfix-2.3-20060207

postfix/HISTORY

@@ -11977,8 +11977,33 @@ Apologies for any names omitted.
 	reject mail when reject_plaintext_session is specified while
 	TLS isn't compiled in. File: smtpd/smtpd_check.c.
 
+20060204
+
+	Bugfix: disable content_inspection for "sendmail -bv"
+	probes.  File: *qmgr/qmgr_message.c.
+
+20060207
+
+	Robustness: place the "do we have TLS" guards within method
+	implementations, instead of putting them around method
+	invocations.  File: smtpd/smtpd_check.c.
+
+	Bugfix: duplicate the cleanup(8) DSN envelope ID syntax
+	check in smtpd(8), so that clients get better error replies.
+	File: smtpd/smtpd_check.c.
+
+	Bugfix: change 20060203 broke the reject_plaintext_session
+	feature.
+
+	The trivial-rewrite and proxymap multi-server processes now
+	terminate soon after all their clients disconnect, instead
+	of waiting for another 100 seconds. This allows the processes
+	to refresh more frequently on low-traffic systems.
+
 Wish list:
 
+	Fix XCLIENT/XFORWARD: send xtext and accept old non-xtext.
+
 	Make the map case folding/locking options configurable, if
 	not at run-time then at least at compile time so we get
 	consistent behavior across applications.
@@ -12017,10 +12042,6 @@ Wish list:
 	panics when a non-default maximal_queue_lifetime setting
 	includes no time unit.
 
-	In second-line servers such as proxymap and trivial-rewrite,
-	set the max_idle time limit to a relatively small value so
-	that processes will refresh more often.
-
 	After the 20051222 ISASCII paranoia, lowercase() lowercases
 	ASCII text only.
 
@@ -12144,6 +12165,9 @@ Wish list:
 	To be perfectly safe, no process other than the queue manager
 	should move a queue file from the active queue.
 
+	This could involve tagging a queue file, and use up another
+	permission bit.
+
 	Low: postsuper re-run after renaming files, but only a
 	limited number of times.
 
@@ -12155,9 +12179,6 @@ Wish list:
 	delivery agent which is error(8) in disguise, and which
 	calls defer_append() instead of bounce_append().
 
-	Low: postmap/postalias should not try to open a bogus file
-	when given an unsupported dictionary type.
-
 	Med: find a way to log the sender address when MAIL FROM
 	is rejected due to lack of disk space.
 

postfix/RELEASE_NOTES

@@ -17,6 +17,15 @@ Incompatibility with Postfix 2.1 and earlier
 If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
 before proceeding.
 
+Incompatibility with snapshot 20060207
+======================================
+
+The Postfix SMTP server no longer complains when TLS support is not
+compiled in, but permit_tls_clientcerts, permit_tls_all_clientcerts,
+or check_ccert_access are used. These features now are effectively
+ignored.  However, the reject_plaintext_session feature is not
+ignored and will reject mail.
+
 Incompatibility with snapshot 20060123
 ======================================
 

postfix/conf/post-install

@@ -473,6 +473,7 @@ test -n "$create" && {
 	test -n "$set_permission" && {
 	    chown $recursive $owner $path || exit 1
 	    test -z "$group" || chgrp $recursive $group $path || exit 1
+	    # Don't "chmod -R"; queue file status is encoded in mode bits.
 	    if [ "$type" = "d" -a -n "$recursive" ]
 	    then
 		find $path -type d -exec chmod $mode "{}" ";"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20060203"
+#define MAIL_RELEASE_DATE	"20060207"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #ifdef SNAPSHOT

postfix/src/oqmgr/qmgr_message.c

@@ -916,8 +916,14 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 
 	/*
 	 * Content filtering overrides the address resolver.
+	 * 
+	 * XXX Bypass content_filter inspection for user-generated probes
+	 * (sendmail -bv). MTA-generated probes never have the "please filter
+	 * me" bits turned on, but we handle them here anyway for the sake of
+	 * future proofing.
 	 */
-	else if (message->filter_xport) {
+	else if (message->filter_xport
+		 && (message->tflags & DEL_REQ_TRACE_ONLY_MASK) == 0) {
 	    reply.flags = 0;
 	    vstring_strcpy(reply.transport, message->filter_xport);
 	    if ((nexthop = split_at(STR(reply.transport), ':')) == 0

postfix/src/proxymap/proxymap.c

@@ -404,6 +404,12 @@ static void post_jail_init(char *unused_name, char **unused_argv)
 	    (void) htable_enter(proxy_read_maps, type_name, (char *) 0);
     }
     myfree(saved_filter);
+
+    /*
+     * This process is called by clients that already enforce the max_idle
+     * time, so we don't have to do it another time.
+     */
+    var_idle_limit = 1;
 }
 
 /* pre_accept - see if tables have changed */

postfix/src/qmgr/qmgr_message.c

@@ -958,8 +958,14 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 
 	/*
 	 * Content filtering overrides the address resolver.
+	 * 
+	 * XXX Bypass content_filter inspection for user-generated probes
+	 * (sendmail -bv). MTA-generated probes never have the "please filter
+	 * me" bits turned on, but we handle them here anyway for the sake of
+	 * future proofing.
 	 */
-	else if (message->filter_xport) {
+	else if (message->filter_xport
+		 && (message->tflags & DEL_REQ_TRACE_ONLY_MASK) == 0) {
 	    reply.flags = 0;
 	    vstring_strcpy(reply.transport, message->filter_xport);
 	    if ((nexthop = split_at(STR(reply.transport), ':')) == 0

postfix/src/smtpd/smtpd.c

@@ -1656,7 +1656,9 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
 		smtpd_chat_reply(state, "501 5.7.1 DSN support is disabled");
 		return (-1);
 	    }
-	    if (dsn_envid || xtext_unquote(state->dsn_buf, arg + 6) == 0) {
+	    if (dsn_envid
+		|| xtext_unquote(state->dsn_buf, arg + 6) == 0
+		|| !allprint(STR(state->dsn_buf))) {
 		state->error_mask |= MAIL_ERROR_PROTOCOL;
 		smtpd_chat_reply(state, "501 5.5.4 Bad ENVID parameter syntax");
 		return (-1);

postfix/src/smtpd/smtpd_check.c

@@ -967,6 +967,7 @@ static int reject_plaintext_session(SMTPD_STATE *state)
 	return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
 				   var_plaintext_code, "4.7.1",
 				   "Session encryption is required"));
+    return (SMTPD_CHECK_DUNNO);
 }
 
 /* permit_inet_interfaces - succeed if client my own address */
@@ -1206,9 +1207,9 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient);
 
 /* permit_tls_clientcerts - OK/DUNNO for message relaying */
 
-#ifdef USE_TLS
 static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs)
 {
+#ifdef USE_TLS
     const char *found;
 
     if (!state->tls_context)
@@ -1231,11 +1232,10 @@ static int permit_tls_clientcerts(SMTPD_STATE *state, int permit_all_certs)
 	    msg_info("relay_clientcerts: No match for fingerprint '%s'",
 		     state->tls_context->peer_fingerprint);
     }
+#endif
     return (SMTPD_CHECK_DUNNO);
 }
 
-#endif
-
 /* check_relay_domains - OK/FAIL for message relaying */
 
 static int check_relay_domains(SMTPD_STATE *state, char *recipient,
@@ -2551,11 +2551,11 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
 
 /* check_ccert_access - access for TLS clients by certificate fingerprint */
 
-#ifdef USE_TLS
 
 static int check_ccert_access(SMTPD_STATE *state, const char *table,
 			              const char *def_acl)
 {
+#ifdef USE_TLS
     char   *myname = "check_ccert_access";
     int     found;
 
@@ -2583,11 +2583,10 @@ static int check_ccert_access(SMTPD_STATE *state, const char *table,
 			     state->tls_context->peer_CN,
 			     SMTPD_NAME_CCERT, def_acl));
     }
+#endif
     return (SMTPD_CHECK_DUNNO);
 }
 
-#endif
-
 /* check_mail_access - OK/FAIL based on mail address lookup */
 
 static int check_mail_access(SMTPD_STATE *state, const char *table,
@@ -3519,9 +3518,7 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 					       SMTPD_NAME_CLIENT);
 	    }
 	} else if (is_map_command(state, name, CHECK_CCERT_ACL, &cpp)) {
-#ifdef USE_TLS
 	    status = check_ccert_access(state, *cpp, def_acl);
-#endif
 	}
 
 	/*
@@ -3702,13 +3699,9 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 					  SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO);
 #endif
 	} else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) {
-#ifdef USE_TLS
 	    status = permit_tls_clientcerts(state, 1);
-#endif
 	} else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) {
-#ifdef USE_TLS
 	    status = permit_tls_clientcerts(state, 0);
-#endif
 	} else if (strcasecmp(name, REJECT_UNKNOWN_RCPTDOM) == 0) {
 	    if (state->recipient)
 		status = reject_unknown_address(state, state->recipient,
@@ -3868,13 +3861,9 @@ void    smtpd_check_rewrite(SMTPD_STATE *state)
 					  SMTPD_CHECK_DUNNO);
 #endif
 	} else if (strcasecmp(name, PERMIT_TLS_ALL_CLIENTCERTS) == 0) {
-#ifdef USE_TLS
 	    status = permit_tls_clientcerts(state, 1);
-#endif
 	} else if (strcasecmp(name, PERMIT_TLS_CLIENTCERTS) == 0) {
-#ifdef USE_TLS
 	    status = permit_tls_clientcerts(state, 0);
-#endif
 	} else {
 	    msg_warn("parameter %s: invalid request: %s",
 		     VAR_LOC_RWR_CLIENTS, name);

postfix/src/trivial-rewrite/trivial-rewrite.c

@@ -473,7 +473,7 @@ static void pre_accept(char *unused_name, char **unused_argv)
 
 #endif
 
-#ifdef CHECK_TABLE_STATS_PERIODICALLY
+#ifdef SNAPSHOT
 
 static void check_table_stats(int unused_event, char *unused_context)
 {
@@ -525,9 +525,15 @@ static void post_jail_init(char *unused_name, char **unused_argv)
 	transport_post_init(resolve_regular.transport_info);
     if (resolve_verify.transport_info)
 	transport_post_init(resolve_verify.transport_info);
-#ifdef CHECK_TABLE_STATS_PERIODICALLY
+#ifdef SNAPSHOT
     check_table_stats(0, (char *) 0);
 #endif
+
+    /*
+     * This process is called by clients that already enforce the max_idle
+     * time, so we don't have to do it another time.
+     */
+    var_idle_limit = 1;
 }
 
 /* main - pass control to the multi-threaded skeleton code */