diff --git a/postfix/HISTORY b/postfix/HISTORY index b03bee8c7..0bcf34c93 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -12121,6 +12121,19 @@ Apologies for any names omitted. when reporting errors. Fix by Leandro Santi. Files: global/mime_state.c, cleanup/cleanup_message.c. +20060411 + + Bugfix: the SMTP server logged no warning when for some + reason the TLS engine was unavailable in wrappermode. Victor + Duchovni. File: smtpd/smtpd.c. + +20060417 + + Cleanup: when SMTP access table lookup fails, reply with + 4xx instead of aborting with a fatal run-time error. The + old behavior assumes local file access, and is inappropriate + with deployment of LDAP and SQL tables. File: smtpd/smtpd_check.c. + Wish list: Don't send xforward attributes to every site that announces diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 43f902d82..27b42a0d8 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -8790,6 +8790,8 @@ the name matches the client IP address. A client name is set to lookup is disabled. Turning off name lookup reduces delays due to DNS lookup and increases the maximal inbound delivery rate.

+

This feature is available in Postfix 2.3 and later.

+ diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 16f0323fd..f476d0564 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -5063,6 +5063,8 @@ the name matches the client IP address. A client name is set to "unknown" when it cannot be looked up or verified, or when name lookup is disabled. Turning off name lookup reduces delays due to DNS lookup and increases the maximal inbound delivery rate. +.PP +This feature is available in Postfix 2.3 and later. .SH smtpd_policy_service_max_idle (default: 300s) The time after which an idle SMTPD policy service connection is closed. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 4f5a2433e..6563096f1 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -8776,6 +8776,8 @@ the name matches the client IP address. A client name is set to lookup is disabled. Turning off name lookup reduces delays due to DNS lookup and increases the maximal inbound delivery rate.

+

This feature is available in Postfix 2.3 and later.

+ %PARAM delay_logging_resolution_limit 2

The maximal number of digits after the decimal point when logging diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 9069dcd46..f05b4952a 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20060405" +#define MAIL_RELEASE_DATE "20060418" #define MAIL_VERSION_NUMBER "2.3" #ifdef SNAPSHOT diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 86068af17..7bfec2a51 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -3333,6 +3333,13 @@ static void smtpd_proto(SMTPD_STATE *state, const char *service) */ #ifdef USE_TLS if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode) { + if (smtpd_tls_ctx == 0) { + msg_warn("Wrapper-mode request dropped from %s for service %s." + "TLS context initialization failed. For details see" + " earlier warnings in your logs.", + state->namaddr, state->service); + break; + } if (var_smtpd_cntls_limit > 0 && !xclient_allowed && anvil_clnt diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index f071b757e..b88923257 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -2258,8 +2258,13 @@ static int check_access(SMTPD_STATE *state, const char *table, const char *name, CHK_ACCESS_RETURN(check_table_result(state, table, value, name, reply_name, reply_class, def_acl), FOUND); - if (dict_errno != 0) - msg_fatal("%s: table lookup problem", table); + if (dict_errno != 0) { + msg_warn("%s: table lookup problem", table); + value = "450 4.3.0 Server configuration error"; + CHK_ACCESS_RETURN(check_table_result(state, table, value, name, + reply_name, reply_class, + def_acl), FOUND); + } } CHK_ACCESS_RETURN(SMTPD_CHECK_DUNNO, MISSED); } @@ -2299,8 +2304,13 @@ static int check_domain_access(SMTPD_STATE *state, const char *table, CHK_DOMAIN_RETURN(check_table_result(state, table, value, domain, reply_name, reply_class, def_acl), FOUND); - if (dict_errno != 0) - msg_fatal("%s: table lookup problem", table); + if (dict_errno != 0) { + msg_warn("%s: table lookup problem", table); + value = "450 4.3.0 Server configuration error"; + CHK_DOMAIN_RETURN(check_table_result(state, table, value, + domain, reply_name, reply_class, + def_acl), FOUND); + } } /* Don't apply subdomain magic to numerical hostnames. */ if (maybe_numerical @@ -2353,8 +2363,13 @@ static int check_addr_access(SMTPD_STATE *state, const char *table, CHK_ADDR_RETURN(check_table_result(state, table, value, address, reply_name, reply_class, def_acl), FOUND); - if (dict_errno != 0) - msg_fatal("%s: table lookup problem", table); + if (dict_errno != 0) { + msg_warn("%s: table lookup problem", table); + value = "450 4.3.0 Server configuration error"; + CHK_ADDR_RETURN(check_table_result(state, table, value, address, + reply_name, reply_class, + def_acl), FOUND); + } } flags = PARTIAL; } while (split_at_right(addr, delim)); diff --git a/postfix/src/util/vstream.c b/postfix/src/util/vstream.c index c5f2911af..86d6481f6 100644 --- a/postfix/src/util/vstream.c +++ b/postfix/src/util/vstream.c @@ -7,7 +7,7 @@ /* #include /* /* VSTREAM *vstream_fopen(path, flags, mode) -/* char *path; +/* const char *path; /* int flags; /* mode_t mode; /* @@ -22,11 +22,11 @@ /* VSTREAM *stream; /* /* VSTREAM *vstream_printf(format, ...) -/* char *format; +/* const char *format; /* /* VSTREAM *vstream_fprintf(stream, format, ...) /* VSTREAM *stream; -/* char *format; +/* const char *format; /* /* int VSTREAM_GETC(stream) /* VSTREAM *stream; @@ -44,7 +44,7 @@ /* int ch; /* /* int vstream_fputs(str, stream) -/* char *str; +/* const char *str; /* VSTREAM *stream; /* /* off_t vstream_ftell(stream) @@ -93,11 +93,11 @@ /* int vstream_clearerr(stream) /* VSTREAM *stream; /* -/* char *VSTREAM_PATH(stream) +/* const char *VSTREAM_PATH(stream) /* VSTREAM *stream; /* /* char *vstream_vfprintf(vp, format, ap) -/* char *format; +/* const char *format; /* va_list *ap; /* /* ssize_t vstream_peek(stream) diff --git a/postfix/src/util/vstream.h b/postfix/src/util/vstream.h index 7e71cc215..37c9efba9 100644 --- a/postfix/src/util/vstream.h +++ b/postfix/src/util/vstream.h @@ -99,7 +99,7 @@ extern int vstream_fdclose(VSTREAM *); #define vstream_feof(vp) vbuf_eof(&(vp)->buf) #define vstream_ftimeout(vp) vbuf_timeout(&(vp)->buf) #define vstream_clearerr(vp) vbuf_clearerr(&(vp)->buf) -#define VSTREAM_PATH(vp) ((vp)->path ? (vp)->path : "unknown_stream") +#define VSTREAM_PATH(vp) ((vp)->path ? (const char *) (vp)->path : "unknown_stream") #define vstream_ftime(vp) ((time_t) ((vp)->iotime.tv_sec)) #define vstream_ftimeval(vp) ((vp)->iotime) diff --git a/postfix/src/util/vstream_popen.c b/postfix/src/util/vstream_popen.c index d988d7e8b..094621826 100644 --- a/postfix/src/util/vstream_popen.c +++ b/postfix/src/util/vstream_popen.c @@ -38,6 +38,7 @@ /* list of name, value, name, value, ... elements. By default only the /* command search path is initialized to _PATH_DEFPATH. /* .IP "VSTREAM_POPEN_EXPORT (char **)" +/* This argument is passed to clean_env(). /* Null-terminated array of names of environment parameters /* that can be exported. By default, everything is exported. /* .IP "VSTREAM_POPEN_UID (uid_t)"