mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 13:48:06 +00:00
Code Issues Releases Wiki Activity

postfix-3.5.0-RC1

Browse Source
This commit is contained in:
Wietse Venema 2020-03-08 00:00:00 -05:00 committed by Viktor Dukhovni
parent 7747625a8c
commit 2b650375df
38 changed files with 578 additions and 1526 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
postfix/HISTORY
View File

@ -12281,7 +12281,7 @@ Apologies for any names omitted.
20060606
Safety: mail receiving daemons (smtpd, qmqpd) now pass
actual client name/addres/helo attributes in addition to
actual client name/address/helo attributes in addition to
the attributes used for logging (xforward). This prevents
Milter applications from treating qmqpd mail as if it
originated locally, and prevents incorrect Milter decisions
@ -13424,7 +13424,7 @@ Apologies for any names omitted.
20070414
Cleanup: expire cached results from addres rewriting, address
Cleanup: expire cached results from address rewriting, address
resolution, and from transport map lookups. Results expire
after 30 seconds; short enough that it doesn't freak out
people who run the same test repeatedly, and long enough
@ -18499,7 +18499,7 @@ Apologies for any names omitted.
endpoint label; better reuse of SASL-authenticated connections
over UNIX-domains sockets, however unlikely these may be;
a first step towards refinement of connection cache lookup
by IP addres for plaintext or SASL-unauthenticated connections.
by IP address for plaintext or SASL-unauthenticated connections.
Files: smtp/smtp.h smtp/smtp_connect.c, smtp/smtp_reuse.c,
smtp/smtp_key.c, smtp/smtp_tls_sess.s.
@ -24353,7 +24353,7 @@ Apologies for any names omitted.
Safety: vstring_set_payload_size() now checks that the
payload has not overwritten the safety terminator at the
end of the VSTRING buffer. File: util/vstream.c.
end of the VSTRING buffer. File: util/vstring.c.
20190813
@ -24636,3 +24636,20 @@ Apologies for any names omitted.
macros were evaluated before the Postfix-to-Milter connection
had been negotiated. Problem reported by David Bürgin.
Files: milter/milter.h, milter/milter.c, milter/milter8.c
20200308
Cleanup: spellchecks, attributions. Files: HISTORY,
auxiliary/name-addr-test/gethostbyaddr.c,
auxiliary/name-addr-test/getnameinfo.c, proto/postconf.proto,
global/haproxy_srvr.c, global/mail_version.h, global/map_search.c,
global/map_search.h, postsuper/postsuper.c, smtp/smtp.c,
smtp/smtp_misc.c, smtpd/smtpd.c, smtpd/smtpd_check.c,
smtpd/smtpd_expand.h, tls/tls_client.c, tls/tls_server.c,
tlsproxy/tlsproxy.c, trivial-rewrite/trivial-rewrite.h,
util/byte_mask.c, util/vstream_tweak.c.
Cleanup: bitrot in tests. File: cleanup/cleanup_milter.c.
Cleanup: harmless memory leak in postconf. File:
postconf/postconf_master.c.

2
postfix/Makefile.in
View File

@ -1,3 +1,5 @@
# To test with valgrind:
# make -i tests VALGRIND="valgrind --tool=memcheck --log-file=/some/where.%p"
SHELL = /bin/sh
WARN = -Wmissing-prototypes -Wformat -Wno-comment
OPTS = 'WARN=$(WARN)'

177
postfix/RELEASE_NOTES
View File

@ -1,12 +1,12 @@
This is the Postfix 3.5 (experimental) release.
This is the Postfix 3.5 (stable) release.
The stable Postfix release is called postfix-3.4.x where 3=major
release number, 4=minor release number, x=patchlevel. The stable
The stable Postfix release is called postfix-3.5.x where 3=major
release number, 5=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.5-yyyymmdd where yyyymmdd is the release date (yyyy=year,
postfix-3.6-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
@ -25,77 +25,30 @@ more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Major changes with snapshot 20200202
====================================
Major changes - multiple relayhost in SMTP
------------------------------------------
Support to force-expire email messages. This introduces new
postsuper(1) command-line options to request expiration, and
additional information in mailq(1) or postqueue(1) output.
[Feature 20200111] SMTP (and LMTP) client support for a list of
nexthop destinations separated by comma or whitespace. These will
destinations be tried in the specified order.
The forced-to-expire status is stored in a queue file attribute.
An expired message is returned to the sender when the queue manager
attempts to deliver that message (note that Postfix will never
deliver messages in the hold queue).
The list form can be specified in relayhost, transport_maps,
default_transport, and sender_dependent_default_transport_maps.
The postsuper(1) -e and -f options both set the forced-to-expire
queue file attribute. The difference is that -f will also release
a message if it is in the hold queue. With -e, such a message would
not be returned to the sender until it is released with -f or -H.
Examples:
/etc/postfix/main.cf:
relayhost = foo.example, bar.example
default_transport = smtp:foo.example, bar.example.
In the mailq(1) or postqueue(1) -p output, a forced-to-expire message
is indicated with # after the queue name. In postqueue(1) JSON
output, there is a new per-message field "forced_expire" (with
value true or false) that shows the forced-to-expire status.
NOTE: this is an SMTP and LMTP client feature. It does not work for
other Postfix delivery agents.
Incompatible changes with snapshot 20191109
===========================================
Major changes - certificate access
----------------------------------
Postfix daemon processes now log the from= and to= addresses in
external (quoted) form in non-debug logging (info, warning, etc.).
This means that when an address localpart contains spaces or other
special characters, the localpart will be quoted, for example:
from=<"name with spaces"@example.com>
Older Postfix versions would log the internal (unquoted) form:
from=<name with spaces@example.com>
The external and internal forms are identical for the vast majority
of email addresses that contain no spaces or other special characters
in the localpart.
Specify "info_log_address_format = internal" for backwards
compatibility.
The logging in external form is consistent with the address form
that Postfix 3.2 and later prefer for table lookups. It is therefore
the more useful form for non-debug logging.
Major changes with snapshot 20190615
====================================
This release introduces a workaround for implementations that hang
Postfix while shutting down a TLS session, until Postfix times out.
With "tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for a remote TLS peer to respond to a TLS 'close'
request. This behavior is recommended with TLSv1.0 and later. Specify
"tls_fast_shutdown_enable = no" to get historical Postfix behavior.
Dovecot usability: the SMTP+LMTP delivery agent can now prepend
Delivered-To, X-Original-To and Return-Path headers, just like the
pipe(8) delivery agent. This uses the same "flags=DOR" command-line
flags in master.cf. See the smtp(8) manpage for details.
This obsoletes the "lmtp_assume_final = yes" setting, and replaces
it with "flags=...X...", for consistency with pipe(8).
Major changes with snapshot 20190517
====================================
Search order support for check_ccert_access. Search order support
for other tables is in design (canonical_maps, virtual_alias_maps,
transport_maps, etc.).
[Feature 20190517] Search order support for check_ccert_access.
Search order support for other tables is in design (canonical_maps,
virtual_alias_maps, transport_maps, etc.).
The following check_ccert_access setting uses the built-in search
order: it first looks up the client certificate fingerprint, then
@ -123,10 +76,84 @@ The check_ccert_access search order also supports the subject_cn and
issuer_cn properties. Support is planned for rfc822name and
smtputf8mailbox.
Incompatibility with snapshot 20190427
======================================
Major changes - dovecot usability
---------------------------------
Postfix now normalizes IP addresses received with XCLIENT, XFORWARD,
or with the HaProxy protocol, for consistency with direct connections
to Postfix. This may change the appearance of logging, and the way
that check_client_access will match subnets of an IPv6 address.
[Feature 20190615] The SMTP+LMTP delivery agent can now prepend
Delivered-To, X-Original-To and Return-Path headers, just like the
pipe(8) and local(8) delivery agents.
This uses the "flags=DORX" command-line flags in master.cf. See the
smtp(8) manpage for details.
This obsoletes the "lmtp_assume_final = yes" setting, and replaces
it with "flags=...X...", for consistency with the pipe(8) delivery
agent.
Major changes - forced expiration
---------------------------------
[Feature 20200202] Support to force-expire email messages. This
introduces new postsuper(1) command-line options to request expiration,
and additional information in mailq(1) or postqueue(1) output.
The forced-to-expire status is stored in a queue file attribute.
An expired message is returned to the sender when the queue manager
attempts to deliver that message (note that Postfix will never
deliver messages in the hold queue).
The postsuper(1) -e and -f options both set the forced-to-expire
queue file attribute. The difference is that -f will also release
a message if it is in the hold queue. With -e, such a message would
not be returned to the sender until it is released with -f or -H.
In the mailq(1) or postqueue(1) -p output, a forced-to-expire message
is indicated with # after the queue name. In postqueue(1) JSON
output, there is a new per-message field "forced_expire" (with value
true or false) that shows the forced-to-expire status.
Major changes - haproxy2 protocol
---------------------------------
[Feature 20200112] Support for the haproxy v2 protocol. The Postfix
implementation supports TCP over IPv4 and IPv6, as well as non-proxied
connections; the latter are typically used for heartbeat tests.
The haproxy v2 protocol introduces no additional Postfix configuration.
The Postfix smtpd(8) and postscreen(8) daemons accept both v1 and
v2 protocol versions.
Major changes - logging
-----------------------
[Incompat 20191109] Postfix daemon processes now log the from= and
to= addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart contains
spaces or other special characters, the localpart will be quoted,
for example:
from=<"name with spaces"@example.com>
Older Postfix versions would log the internal (unquoted) form:
from=<name with spaces@example.com>
The external and internal forms are identical for the vast majority
of email addresses that contain no spaces or other special characters
in the localpart.
Specify "info_log_address_format = internal" for backwards
compatibility.
The logging in external form is consistent with the address form
that Postfix 3.2 and later prefer for table lookups. It is therefore
the more useful form for non-debug logging.
Major changes - IP address normalization
----------------------------------------
[Incompat 20190427] Postfix now normalizes IP addresses received
with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency
with direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match subnets
of an IPv6 address.

1046
postfix/WISHLIST
View File

File diff suppressed because it is too large Load Diff

2
postfix/auxiliary/name-addr-test/gethostbyaddr.c
View File

@ -25,7 +25,7 @@ char **argv;
long addr;
if (argc != 2) {
fprintf(stderr, "usage: %s i.p.addres\n", argv[0]);
fprintf(stderr, "usage: %s i.p.address\n", argv[0]);
exit(1);
}
addr = inet_addr(argv[1]);

2
postfix/auxiliary/name-addr-test/getnameinfo.c
View File

@ -36,7 +36,7 @@ int main(int argc, char **argv)
#define NO_SERVICE ((char *) 0)
if (argc != 2) {
fprintf(stderr, "usage: %s ipaddres\n", argv[0]);
fprintf(stderr, "usage: %s ipaddress\n", argv[0]);
exit(1);
}

4
postfix/html/lmtp.8.html
View File

@ -653,8 +653,8 @@ SMTP(8) SMTP(8)
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with

2
postfix/html/postconf.5.html
View File

@ -18596,7 +18596,7 @@ encouraged to not change this setting. </p>
<DT><b><a name="tls_fast_shutdown_enable">tls_fast_shutdown_enable</a>
(default: yes)</b></DT><DD>
<p> A workaround for implementations that hang Postfix while shuting
<p> A workaround for implementations that hang Postfix while shutting
down a TLS session, until Postfix times out. With this enabled,
Postfix will not wait for the remote TLS peer to respond to a TLS
'close' notification. This behavior is recommended for TLSv1.0 and

2
postfix/html/postsuper.1.html
View File

@ -90,7 +90,7 @@ POSTSUPER(1) POSTSUPER(1)
<b>o</b> The <b>-e</b> and <b>-f</b> options both request forced expiration. The
difference is that <b>-f</b> will also release a message if it
is in the <a href="QSHAPE_README.html#hold_queue">hold queue</a>. With <b>-e</b>, such a message would not
is in the <b>hold</b> queue. With <b>-e</b>, such a message would not
be returned to the sender until it is released with <b>-f</b> or
<b>-H</b>.

4
postfix/html/smtp.8.html
View File

@ -653,8 +653,8 @@ SMTP(8) SMTP(8)
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with

489
postfix/html/smtpd.8.html
View File

File diff suppressed because it is too large Load Diff

4
postfix/html/tlsproxy.8.html
View File

@ -147,8 +147,8 @@ TLSPROXY(8) TLSPROXY(8)
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
A workaround for implementations that hang Postfix while shuting
down a TLS session, until Postfix times out.
A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
<b>STARTTLS SERVER CONTROLS</b>
These settings are clones of Postfix SMTP server settings. They allow

2
postfix/makedefs
View File

@ -878,7 +878,7 @@ case "$CC" in
esac
# Snapshot only.
CCARGS="$CCARGS -DSNAPSHOT"
#CCARGS="$CCARGS -DSNAPSHOT"
# Non-production: needs thorough testing, or major changes are still
# needed before the code stabilizes.

2
postfix/man/man1/postsuper.1
View File

@ -93,7 +93,7 @@ will never deliver messages in the \fBhold\fR queue).
.IP \(bu
The \fB\-e\fR and \fB\-f\fR options both request forced
expiration. The difference is that \fB\-f\fR will also release
a message if it is in the hold queue. With \fB\-e\fR, such
a message if it is in the \fBhold\fR queue. With \fB\-e\fR, such
a message would not be returned to the sender until it is
released with \fB\-f\fR or \fB\-H\fR.
.IP \(bu

2
postfix/man/man5/postconf.5
View File

@ -12994,7 +12994,7 @@ encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_fast_shutdown_enable (default: yes)
A workaround for implementations that hang Postfix while shuting
A workaround for implementations that hang Postfix while shutting
down a TLS session, until Postfix times out. With this enabled,
Postfix will not wait for the remote TLS peer to respond to a TLS
'close' notification. This behavior is recommended for TLSv1.0 and

2
postfix/man/man8/smtp.8
View File

@ -593,7 +593,7 @@ Name Indication (SNI) extension.
.PP
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
A workaround for implementations that hang Postfix while shuting
A workaround for implementations that hang Postfix while shutting
down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na

7
postfix/man/man8/smtpd.8
View File

@ -241,8 +241,9 @@ The mail filter protocol version and optional protocol extensions
for communication with a Milter application; prior to Postfix 2.6
the default protocol is 2.
.IP "\fBmilter_default_action (tempfail)\fR"
The default action when a Milter (mail filter) application is
unavailable or mis\-configured.
The default action when a Milter (mail filter) response is
unavailable (for example, bad Postfix configuration or Milter
failure).
.IP "\fBmilter_macro_daemon_name ($myhostname)\fR"
The {daemon_name} macro value for Milter (mail filter) applications.
.IP "\fBmilter_macro_v ($mail_name $mail_version)\fR"
@ -530,7 +531,7 @@ appropriate keys and certificate chains.
.PP
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
A workaround for implementations that hang Postfix while shuting
A workaround for implementations that hang Postfix while shutting
down a TLS session, until Postfix times out.
.PP
Available in Postfix 3.5 and later:

2
postfix/man/man8/tlsproxy.8
View File

@ -148,7 +148,7 @@ appropriate keys and certificate chains.
.PP
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
A workaround for implementations that hang Postfix while shuting
A workaround for implementations that hang Postfix while shutting
down a TLS session, until Postfix times out.
.SH "STARTTLS SERVER CONTROLS"
.na

23
postfix/mantools/spelldiff Executable file
View File

@ -0,0 +1,23 @@
#!/bin/sh
# Usage: spelldiff baseline files...
case $# in
0|1) echo Usage: $0 baseline files... 1>&2; exit 1;;
esac
baseline="$1"; shift
for f
do
if [ -f "${baseline}/${f}" ]
then
diff -U0 "${baseline}/${f}" "${f}" | sed -n '
/^+/{
s/.//
p
}'
else
cat "${f}"
fi
done

2
postfix/proto/postconf.proto
View File

@ -16263,7 +16263,7 @@ support is via the tls_ssl_options parameter. </p>
%PARAM tls_fast_shutdown_enable yes
<p> A workaround for implementations that hang Postfix while shuting
<p> A workaround for implementations that hang Postfix while shutting
down a TLS session, until Postfix times out. With this enabled,
Postfix will not wait for the remote TLS peer to respond to a TLS
'close' notification. This behavior is recommended for TLSv1.0 and

1
postfix/src/cleanup/cleanup_milter.c
View File

@ -2503,6 +2503,7 @@ int main(int unused_argc, char **argv)
var_line_limit = DEF_LINE_LIMIT;
var_header_limit = DEF_HEADER_LIMIT;
var_enable_orcpt = DEF_ENABLE_ORCPT;
var_info_log_addr_form = DEF_INFO_LOG_ADDR_FORM;
for (;;) {
ARGV *argv;

2
postfix/src/global/haproxy_srvr.c
View File

@ -485,7 +485,7 @@ const char *haproxy_srvr_parse(const char *str, ssize_t *str_len,
}
}
/* haproxy_srvr_receive - redceive and parse haproxy protocol handshake */
/* haproxy_srvr_receive - receive and parse haproxy protocol handshake */
int haproxy_srvr_receive(int fd, int *non_proxy,
MAI_HOSTADDR_STR *smtp_client_addr,

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20200203"
#define MAIL_VERSION_NUMBER "3.5"
#define MAIL_RELEASE_DATE "20200308"
#define MAIL_VERSION_NUMBER "3.5-RC1"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

8
postfix/src/global/map_search.c
View File

@ -38,7 +38,7 @@
/* .IP search_actions
/* The mapping from search action string form to numeric form.
/* The numbers must be in the range [1..126] (inclusive). The
/* value 0 is reserved for the MAP_SEARCH.serch_order terminator,
/* value 0 is reserved for the MAP_SEARCH.search_order terminator,
/* and the value MAP_SEARCH_CODE_UNKNOWN is reserved for the
/* 'not found' result. The argument is copied (the pointer
/* value, not the table).
@ -49,7 +49,7 @@
/* DIAGNOSTICS
/* map_search_create() returns a null pointer when a map_spec
/* is a) malformed, b) specifies an unexpected attribute name,
/* c) the search attrubite contains an unknown name. Thus,
/* c) the search attribute contains an unknown name. Thus,
/* map_search_create() will never return a search_order that
/* contains the value MAP_SEARCH_CODE_UNKNOWN.
/*
@ -282,9 +282,9 @@ static const char *string_or_null(const char *s)
return (s ? s : "(null)");
}
static char *escape_order(VSTRING *buf, const char *seach_order)
static char *escape_order(VSTRING *buf, const char *search_order)
{
return (STR(escape(buf, seach_order, strlen(seach_order))));
return (STR(escape(buf, search_order, strlen(search_order))));
}
int main(int argc, char **argv)

4
postfix/src/global/map_search.h
View File

@ -19,11 +19,11 @@
* The map_search module maintains one lookup table with MAP_SEARCH results,
* indexed by the unparsed form of a map specification. The conversion from
* unparsed form to MAP_SEARCH result is controlled by a NAME_CODE mapping,
* Since one lokoup table can support only one mapping per unparsed name,
* Since one lookup table can support only one mapping per unparsed name,
* every MAP_SEARCH result in the lookup table must be built using the same
* NAME_CODE table.
*
* Alternative 1: no lookup table. Allow the user to specicy the NAME_CODE
* Alternative 1: no lookup table. Allow the user to specify the NAME_CODE
* mapping in the map_search_create() request (in addition to the unparsed
* form), and let the MAP_SEARCH user store each MAP_SEARCH pointer. But
* that would clumsify code that wants to use MAP_SEARCH functionality.

4
postfix/src/postconf/postconf_master.c
View File

@ -355,9 +355,9 @@ void pcf_free_master_entry(PCF_MASTER_ENT *masterp)
if (masterp->valid_names)
htable_free(masterp->valid_names, myfree);
if (masterp->ro_params)
dict_free(masterp->ro_params);
dict_close(masterp->ro_params);
if (masterp->all_params)
dict_free(masterp->all_params);
dict_close(masterp->all_params);
myfree((void *) masterp);
}

6
postfix/src/postsuper/postsuper.c
View File

@ -87,7 +87,7 @@
/* .IP \(bu
/* The \fB-e\fR and \fB-f\fR options both request forced
/* expiration. The difference is that \fB-f\fR will also release
/* a message if it is in the hold queue. With \fB-e\fR, such
/* a message if it is in the \fBhold\fR queue. With \fB-e\fR, such
/* a message would not be returned to the sender until it is
/* released with \fB-f\fR or \fB-H\fR.
/* .IP \(bu
@ -1135,8 +1135,8 @@ static void super(const char **queues, int action)
/*
* Many of the following actions may move queue files. To avoid
* loss of of email due to file name collisions. we should do
* such actions only when the queue file names are known to match
* loss of email due to file name collisions. we should do such
* actions only when the queue file names are known to match
* their inode number. Even with non-repeating queue IDs a name
* collision may happen when different queues are merged.
*/

2
postfix/src/smtp/smtp.c
View File

@ -559,7 +559,7 @@
/* .PP
/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
/* A workaround for implementations that hang Postfix while shuting
/* A workaround for implementations that hang Postfix while shutting
/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad

2
postfix/src/smtp/smtp_misc.c
View File

@ -28,7 +28,7 @@
/*
/* smtp_quote_821_address() is a wrapper around quote_821_local(),
/* except for the empty address or with "smtp_quote_rfc821_envelope
/* = no"; in those cases the addres is copied literally.
/* = no"; in those cases the address is copied literally.
/* DIAGNOSTICS
/* Fatal: out of memory.
/* LICENSE

9
postfix/src/smtpd/smtpd.c
View File

@ -215,8 +215,9 @@
/* for communication with a Milter application; prior to Postfix 2.6
/* the default protocol is 2.
/* .IP "\fBmilter_default_action (tempfail)\fR"
/* The default action when a Milter (mail filter) application is
/* unavailable or mis-configured.
/* The default action when a Milter (mail filter) response is
/* unavailable (for example, bad Postfix configuration or Milter
/* failure).
/* .IP "\fBmilter_macro_daemon_name ($myhostname)\fR"
/* The {daemon_name} macro value for Milter (mail filter) applications.
/* .IP "\fBmilter_macro_v ($mail_name $mail_version)\fR"
@ -496,7 +497,7 @@
/* .PP
/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
/* A workaround for implementations that hang Postfix while shuting
/* A workaround for implementations that hang Postfix while shutting
/* down a TLS session, until Postfix times out.
/* .PP
/* Available in Postfix 3.5 and later:
@ -5843,7 +5844,7 @@ static char *smtpd_format_cmd_stats(VSTRING *buf)
*
* Fix 20190621: the command counter resetting code was moved from the SMTP
* protocol handler to this place, because the protocol handler was never
* called after HaProxy handhake error, causing stale numbers to be
* called after HaProxy handshake error, causing stale numbers to be
* logged.
*/
for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {

2
postfix/src/smtpd/smtpd_check.c
View File

@ -3229,7 +3229,7 @@ static int check_ccert_access(SMTPD_STATE *state, const char *acl_spec,
}
} else {
if (msg_verbose)
msg_info("%s: no client certfificate", myname);
msg_info("%s: no client certificate", myname);
}
#endif
return (result);

5
postfix/src/smtpd/smtpd_expand.h
View File

@ -32,4 +32,9 @@ int smtpd_expand(SMTPD_STATE *, VSTRING *, const char *, int);
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
/*--*/

10
postfix/src/tls/tls_client.c
View File

@ -1043,11 +1043,13 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
tls_free_context(TLScontext);
return (0);
}
/*
* The saved value is not presently used client-side, but could later
* be logged if acked by the server (requires new client-side callback
* to detect the ack). For now this just maintains symmetry with the
* server code, where do record the received SNI for logging.
* be logged if acked by the server (requires new client-side
* callback to detect the ack). For now this just maintains symmetry
* with the server code, where do record the received SNI for
* logging.
*/
TLScontext->peer_sni = mystrdup(sni);
if (log_mask & TLS_LOG_DEBUG)
@ -1105,7 +1107,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
* Start TLS negotiations. This process is a black box that invokes our
* call-backs for certificate verification.
*
* Error handling: If the SSL handhake fails, we print out an error message
* Error handling: If the SSL handshake fails, we print out an error message
* and remove all TLS state concerning this session.
*/
sts = tls_bio_connect(vstream_fileno(props->stream), props->timeout,

2
postfix/src/tls/tls_server.c
View File

@ -869,7 +869,7 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props)
* Start TLS negotiations. This process is a black box that invokes our
* call-backs for session caching and certificate verification.
*
* Error handling: If the SSL handhake fails, we print out an error message
* Error handling: If the SSL handshake fails, we print out an error message
* and remove all TLS state concerning this session.
*/
sts = tls_bio_accept(vstream_fileno(props->stream), props->timeout,

226
postfix/src/tlsproxy/tlsproxy.c
View File

@ -132,7 +132,7 @@
/* .PP
/* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
/* A workaround for implementations that hang Postfix while shuting
/* A workaround for implementations that hang Postfix while shutting
/* down a TLS session, until Postfix times out.
/* STARTTLS SERVER CONTROLS
/* .ad
@ -774,122 +774,128 @@ static void tlsp_strategy(TLSP_STATE *state)
*/
if ((state->flags & TLSP_FLAG_NO_MORE_CIPHERTEXT_IO) == 0) {
/*
* Do not enable plain-text I/O before completing the TLS handshake.
* Otherwise the remote peer can prepend plaintext to the optional
* TLS_SESS_STATE object.
*/
if (state->flags & TLSP_FLAG_DO_HANDSHAKE) {
state->timeout = state->handshake_timeout;
if (state->is_server_role)
ssl_stat = SSL_accept(tls_context->con);
else
ssl_stat = SSL_connect(tls_context->con);
if (ssl_stat != 1) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
tlsp_eval_tls_error(state, handshake_err);
/* At this point, state could be a dangling pointer. */
/*
* Do not enable plain-text I/O before completing the TLS handshake.
* Otherwise the remote peer can prepend plaintext to the optional
* TLS_SESS_STATE object.
*/
if (state->flags & TLSP_FLAG_DO_HANDSHAKE) {
state->timeout = state->handshake_timeout;
if (state->is_server_role)
ssl_stat = SSL_accept(tls_context->con);
else
ssl_stat = SSL_connect(tls_context->con);
if (ssl_stat != 1) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
tlsp_eval_tls_error(state, handshake_err);
/* At this point, state could be a dangling pointer. */
return;
}
state->flags &= ~TLSP_FLAG_DO_HANDSHAKE;
state->timeout = state->session_timeout;
if (tlsp_post_handshake(state) != TLSP_STAT_OK) {
/* At this point, state is a dangling pointer. */
return;
}
}
/*
* Shutdown and self-destruct after NBBIO error. This automagically
* cleans up all pending read/write and timeout event requests.
* Before shutting down TLS, we stop all plain-text I/O events but
* keep the NBBIO error flags.
*/
plaintext_buf = state->plaintext_buf;
if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
nbbio_disable_readwrite(state->plaintext_buf);
if (!SSL_in_init(tls_context->con)
&& (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
tlsp_eval_tls_error(state, handshake_err);
/* At this point, state could be a dangling pointer. */
return;
}
tlsp_state_free(state);
return;
}
state->flags &= ~TLSP_FLAG_DO_HANDSHAKE;
state->timeout = state->session_timeout;
if (tlsp_post_handshake(state) != TLSP_STAT_OK) {
/*
* Try to move data from the plaintext input buffer to the TLS
* engine.
*
* XXX We're supposed to repeat the exact same SSL_write() call
* arguments after an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
* result. Rumor has it that this is because each SSL_write() call
* reads from the buffer incrementally, and returns > 0 only after
* the final byte is processed. Rumor also has it that setting
* SSL_MODE_ENABLE_PARTIAL_WRITE and
* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER voids this requirement, and
* that repeating the request with an increased request size is OK.
* Unfortunately all this is not or poorly documented, and one has to
* rely on statements from OpenSSL developers in public mailing
* archives.
*/
ssl_write_err = SSL_ERROR_NONE;
while (NBBIO_READ_PEND(plaintext_buf) > 0) {
ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf),
NBBIO_READ_PEND(plaintext_buf));
ssl_write_err = SSL_get_error(tls_context->con, ssl_stat);
if (ssl_write_err != SSL_ERROR_NONE)
break;
/* Allow the plaintext pseudothread to read more data. */
NBBIO_READ_PEND(plaintext_buf) -= ssl_stat;
if (NBBIO_READ_PEND(plaintext_buf) > 0)
memmove(NBBIO_READ_BUF(plaintext_buf),
NBBIO_READ_BUF(plaintext_buf) + ssl_stat,
NBBIO_READ_PEND(plaintext_buf));
}
/*
* Try to move data from the TLS engine to the plaintext output
* buffer. Note: data may arrive as a side effect of calling
* SSL_write(), therefore we call SSL_read() after calling
* SSL_write().
*
* XXX We're supposed to repeat the exact same SSL_read() call arguments
* after an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE result. This
* supposedly means that our plaintext writer must not memmove() the
* plaintext output buffer until after the SSL_read() call succeeds.
* For now I'll ignore this, because 1) SSL_read() is documented to
* return the bytes available, instead of returning > 0 only after
* the entire buffer is processed like SSL_write() does; and 2) there
* is no "read" equivalent of the SSL_R_BAD_WRITE_RETRY,
* SSL_MODE_ENABLE_PARTIAL_WRITE or
* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER features.
*/
ssl_read_err = SSL_ERROR_NONE;
while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
ssl_stat = SSL_read(tls_context->con,
NBBIO_WRITE_BUF(plaintext_buf)
+ NBBIO_WRITE_PEND(state->plaintext_buf),
NBBIO_BUFSIZE(plaintext_buf)
- NBBIO_WRITE_PEND(state->plaintext_buf));
ssl_read_err = SSL_get_error(tls_context->con, ssl_stat);
if (ssl_read_err != SSL_ERROR_NONE)
break;
NBBIO_WRITE_PEND(plaintext_buf) += ssl_stat;
}
/*
* Try to enable/disable ciphertext read/write events. If SSL_write()
* was satisfied, see if SSL_read() wants to do some work. In case of
* an unrecoverable error, this automagically destroys the session
* state after cleaning up all pending read/write and timeout event
* requests.
*/
if (tlsp_eval_tls_error(state, ssl_write_err != SSL_ERROR_NONE ?
ssl_write_err : ssl_read_err) < 0)
/* At this point, state is a dangling pointer. */
return;
}
}
/*
* Shutdown and self-destruct after NBBIO error. This automagically
* cleans up all pending read/write and timeout event requests. Before
* shutting down TLS, we stop all plain-text I/O events but keep the
* NBBIO error flags.
*/
plaintext_buf = state->plaintext_buf;
if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
nbbio_disable_readwrite(state->plaintext_buf);
if (!SSL_in_init(tls_context->con)
&& (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
tlsp_eval_tls_error(state, handshake_err);
/* At this point, state could be a dangling pointer. */
return;
}
tlsp_state_free(state);
return;
}
/*
* Try to move data from the plaintext input buffer to the TLS engine.
*
* XXX We're supposed to repeat the exact same SSL_write() call arguments
* after an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE result. Rumor has
* it that this is because each SSL_write() call reads from the buffer
* incrementally, and returns > 0 only after the final byte is processed.
* Rumor also has it that setting SSL_MODE_ENABLE_PARTIAL_WRITE and
* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER voids this requirement, and that
* repeating the request with an increased request size is OK.
* Unfortunately all this is not or poorly documented, and one has to
* rely on statements from OpenSSL developers in public mailing archives.
*/
ssl_write_err = SSL_ERROR_NONE;
while (NBBIO_READ_PEND(plaintext_buf) > 0) {
ssl_stat = SSL_write(tls_context->con, NBBIO_READ_BUF(plaintext_buf),
NBBIO_READ_PEND(plaintext_buf));
ssl_write_err = SSL_get_error(tls_context->con, ssl_stat);
if (ssl_write_err != SSL_ERROR_NONE)
break;
/* Allow the plaintext pseudothread to read more data. */
NBBIO_READ_PEND(plaintext_buf) -= ssl_stat;
if (NBBIO_READ_PEND(plaintext_buf) > 0)
memmove(NBBIO_READ_BUF(plaintext_buf),
NBBIO_READ_BUF(plaintext_buf) + ssl_stat,
NBBIO_READ_PEND(plaintext_buf));
}
/*
* Try to move data from the TLS engine to the plaintext output buffer.
* Note: data may arrive as a side effect of calling SSL_write(),
* therefore we call SSL_read() after calling SSL_write().
*
* XXX We're supposed to repeat the exact same SSL_read() call arguments
* after an SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE result. This
* supposedly means that our plaintext writer must not memmove() the
* plaintext output buffer until after the SSL_read() call succeeds. For
* now I'll ignore this, because 1) SSL_read() is documented to return
* the bytes available, instead of returning > 0 only after the entire
* buffer is processed like SSL_write() does; and 2) there is no "read"
* equivalent of the SSL_R_BAD_WRITE_RETRY, SSL_MODE_ENABLE_PARTIAL_WRITE
* or SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER features.
*/
ssl_read_err = SSL_ERROR_NONE;
while (NBBIO_WRITE_PEND(state->plaintext_buf) < NBBIO_BUFSIZE(plaintext_buf)) {
ssl_stat = SSL_read(tls_context->con,
NBBIO_WRITE_BUF(plaintext_buf)
+ NBBIO_WRITE_PEND(state->plaintext_buf),
NBBIO_BUFSIZE(plaintext_buf)
- NBBIO_WRITE_PEND(state->plaintext_buf));
ssl_read_err = SSL_get_error(tls_context->con, ssl_stat);
if (ssl_read_err != SSL_ERROR_NONE)
break;
NBBIO_WRITE_PEND(plaintext_buf) += ssl_stat;
}
/*
* Try to enable/disable ciphertext read/write events. If SSL_write() was
* satisfied, see if SSL_read() wants to do some work. In case of an
* unrecoverable error, this automagically destroys the session state
* after cleaning up all pending read/write and timeout event requests.
*/
if (tlsp_eval_tls_error(state, ssl_write_err != SSL_ERROR_NONE ?
ssl_write_err : ssl_read_err) < 0)
/* At this point, state is a dangling pointer. */
return;
}
/*
* Destroy state when the ciphertext I/O was permanently disbled and we
* Destroy state when the ciphertext I/O was permanently disabled and we
* can no longer trickle out plaintext.
*/
else {

5
postfix/src/trivial-rewrite/trivial-rewrite.h
View File

@ -84,4 +84,9 @@ extern int resolve_class(const char *);
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
/*--*/

9
postfix/src/util/byte_mask.c
View File

@ -6,6 +6,13 @@
/* SYNOPSIS
/* #include <byte_mask.h>
/*
/* typedef struct {
/* .in +4
/* int byte_val;
/* int mask;
/* .in -4
/* } BYTE_MASK;
/*
/* int byte_mask(
/* const char *context,
/* const BYTE_MASK *table,
@ -38,7 +45,7 @@
/* bytes. The result is written to a static buffer that is
/* overwritten upon each call.
/*
/* byte_mask_opt() and str_name_mask_opt() are extended versions
/* byte_mask_opt() and str_byte_mask_opt() are extended versions
/* with additional fine control.
/*
/* Arguments:

2
postfix/src/util/vstream_tweak.c
View File

@ -130,7 +130,7 @@ int vstream_tweak_tcp(VSTREAM *fp)
* made before the first stream read or write operation. We don't want to
* reduce the buffer size.
*
* As of 20190820 we increase the mss size multipler from 2x to 4x, because
* As of 20190820 we increase the mss size multiplier from 2x to 4x, because
* some LINUX loopback TCP stacks report an MSS of 21845 which is 3x
* smaller than the MTU of 65536. Even with a VSTREAM buffer 2x the
* reported MSS size, performance would suck due to Nagle or delayed ACK