postfix-3.4-20180217

postfix/HISTORY

@@ -23324,3 +23324,9 @@ Apologies for any names omitted.
 	to take the software under the license of their choice.
 	Those who are more comfortable with the IPL can continue
 	with that license. File: LICENSE.
+
+20180217
+
+	Cleanup: added missing *_maps parameters to the default
+	proxy_read_maps setting. Files: global/mail_params.h,
+	mantools/missing-proxy-read-maps.

postfix/README_FILES/FORWARD_SECRECY_README

@@ -195,8 +195,8 @@ Linux). If the remote SMTP server supports cipher suites with forward secrecy
 between the server and client will resist decryption even if the server's long-
 term authentication keys are later compromised.
 
-Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The
+Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list
-list of candidate curves can be changed via the "tls_eecdh_auto_curves"
+of candidate curves can be changed via the "tls_eecdh_auto_curves"
 configuration parameter, which can be used to select a prioritized list of
 supported curves (most preferred first) on both the Postfix SMTP server and
 SMTP client. The default list is suitable for most users.

postfix/RELEASE_NOTES-3.3

@@ -1,13 +1,13 @@
 This is the Postfix 3.3 (stable) release.
 
 The stable Postfix release is called postfix-3.3.x where 3=major
-release number, 3=minor release number, x=patchlevel.  The stable
+release number, 3=minor release number, x=patchlevel. The stable
 release never changes except for patches that address bugs or
 emergencies. Patches change the patchlevel and the release date.
 
 New features are developed in snapshot releases. These are called
 postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year,
-mm=month, dd=day).  Patches are never issued for snapshot releases;
+mm=month, dd=day). Patches are never issued for snapshot releases;
 instead, a new snapshot is released.
 
 The mail_release_date configuration parameter (format: yyyymmdd)
@@ -30,30 +30,37 @@ Major changes - compatibility safety net
 
 [20180106] With compatibility_level < 1, the Postfix SMTP server
 now warns for mail that would be blocked by the Postfix 2.10
-smtpd_relay_restrictions feature. This extends the safety net for
+smtpd_relay_restrictions feature, without blocking that mail. This
-sites that upgrade from earlier Postfix versions (questions on the
+extends the compatibility safety net for sites that upgrade from
-postfix-users list show a steady trickle). See COMPATIBILITY_README
+earlier Postfix versions (questions on the postfix-users list show
-for details.
+there is a steady trickle). See COMPATIBILITY_README for details.
 
 Major changes - configuration
 -----------------------------
 
-[20170617] The postconf command warns about unknown parameter names
+[20170617] The postconf command now warns about unknown parameter
-in a Postfix database configuration file, specified as an absolute
+names in a Postfix database configuration file. As with other unknown
-pathname.
+parameter names, these warnings can help to find typos early.
 
 [20180113] New read-only service_name parameter that contains the
-master.cf service name. This parameter is set only in daemon
+master.cf service name of a Postfix daemon process (it that is empty
-processes. This allows, for example, setting the syslog_name in
+in a non-daemon process). This can make Postfix SMTP server logging
-master.cf with "-o syslog_name=postfix/$service_name" for the
+logging distinct by setting the syslog_name in master.cf with "-o
-"submission", "smtps", and "relay" services.
+syslog_name=postfix/$service_name" for the "submission" and "smtps"
+services, and can make Postfix SMTP client distinct by setting "-o
+syslog_name=postfix/$service_name" for the "relay" service.
 
 Major changes - container support
 ---------------------------------
 
 [20171218] Preliminary support to run Postfix in the foreground,
-with "postfix start-fg". This requires that multi-instance support
+with "postfix start-fg". This requires that Postfix multi-instance
-is disabled.
+support is disabled. To receive Postfix syslog information on the
+container's host, mount the host's /dev/log socket inside the
+container (example: "docker run -v /dev/log:/dev/log ..."), and
+specify a distinct Postfix "syslog_name" prefix that identifies the
+logging from the Postfix instance. Postfix does not log systemd
+events.
 
 Major changes - database support
 ---------------------------------
@@ -80,32 +87,32 @@ Major changes - invisible changes
 ---------------------------------
 
 [20170617] Additional paranoia in the VSTRING implementation: a
-null byte after the end of vstring buffers so that C-style string
+null byte after the end of vstring buffers (this is a safety net
-operations won't scribble past the end; earlier detection of bad
+so that C-style string operations won't scribble past the end);
-length and precision format string specifiers (this just improves
+earlier detection of bad length and precision format string specifiers
-error handling, as format strings cannot be specified externally).
+(these are the result of programming error, as Postfix format strings
+cannot be specified externally).
 
 Major changes - milter support
 ------------------------------
 
-[20170221] The Postfix Milter client no longer encloses single-letter
-macro names inside {}, even though this form is supported since
-Sendmail version 8.7.
-
 [20171223] Milter applications can now send RET and ENVID parameters
 in SMFIR_CHGFROM (change envelope sender) requests.
 
 Major changes - mixed IPv6/IPv4 support
 ---------------------------------------
 
-[20170505] Workaround for mail delivery problems with destinations
+[20170505] Workaround for mail delivery problems when 1) both Postfix
-that announce primarily IPv6 MX addresses but that are unreachable
+IPv6 and IPv4 support are enabled, 2) some destination announces
-over IPv6, when the smtp_address_limit eliminates most or all IPv4
+more primary IPv6 MX addresses than primary IPv4 MX addresses, 3)
-addresses. This includes the case that Postfix IPv6 support is
+the destination is unreachable over IPv6, and 4) Postfix runs into
-turned on, but the local machine has no IPv6 connectivity.
+the smtp_mx_address_limit before it can try to deliver over IPv4.
 
-The Postfix SMTP client will now attempt to schedule similar numbers
+When both Postfix IPv6 and IPv4 support are enabled, the Postfix
-of IPv4 and IPv6 addresses. Specify "smtp_balance_mx_inet_protocols
+SMTP client will now relax MX preferences so that it can schedule
+similar numbers of IPv4 and IPv6 destination addresses. This ensures
+that an IPv6 connectivity problem will not prevent mail from being
+delivered over IPv4 (and vice versa). Specify "smtp_balance_inet_protocols
 = no" to disable this workaround.
 
 Major changes - xclient

postfix/WISHLIST

@@ -2,12 +2,11 @@ Wish list:
 
 	Things to do before the stable release:
 
-	Spell-check, double-word check, and HTML validator check.
+	Spell-check, double-word check, HTML validator check,
+	mantools/missing-proxy-read-maps check.
 
 	Disable -DSNAPSHOT and -DNONPROD in makedefs.
 
-	Add $smtpd_sender_login_maps to proxy_read_maps.
-
 	After I/O error, store errno in VSTREAM object before errno
 	may be overwritten.
 

postfix/html/FORWARD_SECRECY_README.html

@@ -270,7 +270,7 @@ traffic between the server and client will resist decryption even
 if the server's long-term authentication keys are <i>later</i>
 compromised.  </p>
 
-<p> Postfix &ge; 3.2 supports the curve negotitation API of OpenSSL
+<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
 &ge; 1.0.2.  The list of candidate curves can be changed via the
 "<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used
 to select a prioritized list of supported curves (most preferred

postfix/html/postconf.5.html

@@ -3228,12 +3228,10 @@ address.  </dd>
 <p> Note: with Postfix &le; 3.2 the "setting <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>
 = <b>no</b>" breaks address verification for addresses that are
 aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
 address; instead, it can store the result only under the rewritten
 address).  </p>
 
-</ul>
-
 <p> This feature is available in Postfix 2.1 and later. Postfix
 version 2.0 behaves as if this parameter is always set to <b>yes</b>.
 Postfix versions before 2.0 have no support for the original recipient
@@ -16102,7 +16100,7 @@ code when an address probe failed due to a temporary problem
 specifies the action after address probe failure due to a temporary
 problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>).  <br> This feature breaks for
 aliased addresses with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix
-&le; 3.2).  <br> This feature is avaiable in Postfix 2.1 and later.
+&le; 3.2).  <br> This feature is available in Postfix 2.1 and later.
 </dd>
 
 </dl>

postfix/man/man5/postconf.5

@@ -2031,10 +2031,9 @@ address.
 Note: with Postfix <= 3.2 the "setting enable_original_recipient
 = \fBno\fR" breaks address verification for addresses that are
 aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
 address; instead, it can store the result only under the rewritten
 address).
-.br
 .PP
 This feature is available in Postfix 2.1 and later. Postfix
 version 2.0 behaves as if this parameter is always set to \fByes\fR.
@@ -10927,7 +10926,7 @@ This feature breaks for
 aliased addresses with "enable_original_recipient = no" (Postfix
 <= 3.2).
 .br
-This feature is avaiable in Postfix 2.1 and later.
+This feature is available in Postfix 2.1 and later.
 .br
 .br
 .PP

postfix/mantools/missing-proxy-read-maps

@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+
+# Compares the list of parameter names that end in _maps in
+# proxy_read_maps, against the list of all parameter names that end
+# in _maps, and outputs the missing mail_params.h lines.
+
+$command = "bin/postconf -dh proxy_read_maps | tr ' ' '\12'";
+open(PROXY_READ_MAPS, "$command|")
+	|| die "can't execute $command: !$\n";
+while (<PROXY_READ_MAPS>) {
+    chomp;
+    next unless /\$(.+_maps)$/;
+    $proxy_read_maps{$1} = 1;
+}
+close(PROXY_READ_MAPS) || die "close $command: $!\n";
+
+$mail_params_h = "src/global/mail_params.h";
+open(MAIL_PARAMS, "<$mail_params_h")
+    || die "Open $mail_params_h";
+while ($line = <MAIL_PARAMS>) {
+    chomp;
+    if ($line =~ /^#define\s+(\S+)\s+"(\S+)"/) {
+	$mail_params{$2} = $1;
+    } elsif ($line =~/^#define\s+(\S+)\s+"address_verify_" VAR_SND_DEF_XPORT_MAPS/) {
+	$mail_params{"address_verify_sender_dependent_default_transport_maps"} = $1;
+    }
+}
+close(MAIL_PARAMS) || die "close $mail_params_h: !$\n";
+
+$command = "bin/postconf -H";
+open(ALL_PARAM_NAMES, "$command|")
+         || die "can't execute $command: !$\n";  
+while ($param_name = <ALL_PARAM_NAMES>) { 
+    chomp($param_name);
+    next unless ($param_name =~ /_maps$/);
+    next if ($param_name =~ /^(proxy_read|proxy_write)_maps$/);
+    next if defined($proxy_read_maps{$param_name});
+    die "unknown parameter: $param_name\n"
+	unless defined($mail_params{$param_name});
+    print "\t\t\t\t\" \$\" $mail_params{$param_name} \\\n";
+}

postfix/proto/FORWARD_SECRECY_README.html

@@ -270,7 +270,7 @@ traffic between the server and client will resist decryption even
 if the server's long-term authentication keys are <i>later</i>
 compromised.  </p>
 
-<p> Postfix &ge; 3.2 supports the curve negotitation API of OpenSSL
+<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
 &ge; 1.0.2.  The list of candidate curves can be changed via the
 "tls_eecdh_auto_curves" configuration parameter, which can be used
 to select a prioritized list of supported curves (most preferred

postfix/proto/postconf.proto

@@ -1427,12 +1427,10 @@ address.  </dd>
 <p> Note: with Postfix &le; 3.2 the "setting enable_original_recipient
 = <b>no</b>" breaks address verification for addresses that are
 aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
 address; instead, it can store the result only under the rewritten
 address).  </p>
 
-</ul>
-
 <p> This feature is available in Postfix 2.1 and later. Postfix
 version 2.0 behaves as if this parameter is always set to <b>yes</b>.
 Postfix versions before 2.0 have no support for the original recipient
@@ -6612,7 +6610,7 @@ code when an address probe failed due to a temporary problem
 specifies the action after address probe failure due to a temporary
 problem (default: defer_if_permit).  <br> This feature breaks for
 aliased addresses with "enable_original_recipient = no" (Postfix
-&le; 3.2).  <br> This feature is avaiable in Postfix 2.1 and later.
+&le; 3.2).  <br> This feature is available in Postfix 2.1 and later.
 </dd>
 
 </dl>

postfix/src/global/mail_params.h

@@ -489,11 +489,11 @@ extern char *var_transport_maps;
 #define DEF_DEF_TRANSPORT	MAIL_SERVICE_SMTP
 extern char *var_def_transport;
 
-#define VAR_SND_DEF_XPORT_MAPS	"sender_dependent_" VAR_DEF_TRANSPORT "_maps"
+#define VAR_SND_DEF_XPORT_MAPS	"sender_dependent_default_transport_maps"
 #define DEF_SND_DEF_XPORT_MAPS	""
 extern char *var_snd_def_xport_maps;
 
-#define VAR_NULL_DEF_XPORT_MAPS_KEY	"empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
+#define VAR_NULL_DEF_XPORT_MAPS_KEY	"empty_address_default_transport_maps_lookup_key"
 #define DEF_NULL_DEF_XPORT_MAPS_KEY	"<>"
 extern char *var_null_def_xport_maps_key;
 
@@ -2389,7 +2389,29 @@ extern int var_local_rcpt_code;
 				" $" VAR_HELO_CHECKS \
 				" $" VAR_MAIL_CHECKS \
 				" $" VAR_RELAY_CHECKS \
-				" $" VAR_RCPT_CHECKS
+				" $" VAR_RCPT_CHECKS \
+				" $" VAR_VRFY_SND_DEF_XPORT_MAPS \
+				" $" VAR_VRFY_RELAY_MAPS \
+				" $" VAR_VRFY_XPORT_MAPS \
+				" $" VAR_FBCK_TRANSP_MAPS \
+				" $" VAR_LMTP_EHLO_DIS_MAPS \
+				" $" VAR_LMTP_PIX_BUG_MAPS \
+				" $" VAR_LMTP_SASL_PASSWD \
+				" $" VAR_LMTP_TLS_POLICY \
+				" $" VAR_MAILBOX_CMD_MAPS \
+				" $" VAR_MBOX_TRANSP_MAPS \
+				" $" VAR_PSC_EHLO_DIS_MAPS \
+				" $" VAR_RBL_REPLY_MAPS \
+				" $" VAR_SND_RELAY_MAPS \
+				" $" VAR_SMTP_EHLO_DIS_MAPS \
+				" $" VAR_SMTP_PIX_BUG_MAPS \
+				" $" VAR_SMTP_SASL_PASSWD \
+				" $" VAR_SMTP_TLS_POLICY \
+				" $" VAR_SMTPD_EHLO_DIS_MAPS \
+				" $" VAR_SMTPD_MILTER_MAPS \
+				" $" VAR_VIRT_GID_MAPS \
+				" $" VAR_VIRT_UID_MAPS \
+				" $" VAR_SND_DEF_XPORT_MAPS
 extern char *var_proxy_read_maps;
 
 #define VAR_PROXY_WRITE_MAPS	"proxy_write_maps"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20180203"
+#define MAIL_RELEASE_DATE	"20180217"
 #define MAIL_VERSION_NUMBER	"3.4"
 
 #ifdef SNAPSHOT