diff --git a/postfix/HISTORY b/postfix/HISTORY
index 4b849abcd..8e2859e66 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -4789,3 +4789,22 @@ Apologies for any names omitted.
McNamara. See VIRTUAL_README for detailed examples.
Update: merged a re-vamped nqmgr by Patrik Rak.
+
+20010129
+
+ Tweak: several little nqmgr tweaks by Patrik Rak. Files:
+ global/mail_params.h, nqmgr/qmgr_job.c.
+
+ Bugfix: the virtual delivery agent did not save maps_find()
+ results timely. J?rgen Thomsen, postfix.jth.net. File:
+ virtual/mailbox.c.
+
+ Security: disallow regexp tables in the virtual delivery
+ agent. The $1 etc. substitution mechanism gives too much
+ power to the sender. File: virtual/mailbox.c.
+
+ Cleanup: clarified documentation and boundary cases in the
+ random_sleep() routine.
+
+ Bugfix: the MISSING_USLEEP feature was used backwards.
+ Patrik Rak. File: util/random_sleep.c.
diff --git a/postfix/LMTP_README b/postfix/LMTP_README
index 60c7d07d3..dcca681eb 100644
--- a/postfix/LMTP_README
+++ b/postfix/LMTP_README
@@ -16,8 +16,9 @@ the user database among the front end and back end systems.
Postfix LMTP support is based on a modified version of the Postfix
SMTP client. The initial version was by Philip A. Prindeville of
Mirapoint, Inc., USA. This code was modified further by Amos Gouaux
-of University of Texas at Dallas, Richardson, USA. Wietse Venema
-reduced the code to its present shape.
+of University of Texas at Dallas, Richardson, USA, who also revised
+much of the documentation. Wietse Venema reduced the code to its
+present shape.
Overview
@@ -53,33 +54,41 @@ Using main.cf configuration
This is the simplest LMTP configuration.
-1. LMTP over UNIX-domain sockets.
+1. Delivery mechanisms
+
+ Postfix supports three mechanisms to deliver mail over LMTP.
+ Each method can use UNIX-domain or TCP sockets as described in
+ a later section.
+
+ mailbox_transport = lmtp:unix:/path/name (UNIX-domain socket)
+ mailbox_transport = lmtp:hostname:port (TCP socket)
+
+ The Postfix local delivery agent expands aliases and .forward
+ files, and delegates mailbox delivery to the LMTP server.
+
+ local_transport = lmtp:unix:/path/name (UNIX-domain socket)
+ local_transport = lmtp:hostname:port (TCP socket)
+
+ Mail that resolves as local is directly given to the LMTP
+ server. The mail is not processed by the Postfix local
+ delivery agent; therefore aliases and .forward files are
+ not expanded.
+
+ fallback_transport = lmtp:unix:/path/name (UNIX-domain socket)
+ fallback_transport = lmtp:hostname:port (TCP socket)
+
+ The Postfix local delivery agent expands aliases and .forward
+ files, and delivers to /var[/spool]/mail/$user for users
+ that have a UNIX account. Mail for other local users is
+ delegated to the LMTP server.
+
+2. LMTP over UNIX-domain sockets.
The UNIX-domain socket is specified as a name in the local file
system. This "/path/name" should be the socket created by the
LMTP server on the local machine. See the specific examples
later in this document.
- The settings local_transport, mailbox_transport, and
- fallback_transport support the following connections:
-
- mailbox_transport = lmtp:unix:/path/name
-
- The Postfix local delivery agent expands aliases and .forward
- files, and delegates mailbox delivery to the LMTP server.
-
- local_transport = lmtp:unix:/path/name
-
- Mail that resolves as local is directly given to the LMTP server.
- The mail is not processed by the Postfix local delivery agent;
- therefore aliases and .forward files are not expanded.
-
- fallback_transport = lmtp:unix:/path/name
-
- The Postfix local delivery agent expands aliases and .forward files,
- and delivers to /var/mail/$user for users that have a UNIX account.
- Mail for other local users is delegated to the LMTP server.
-
NOTE:
If you run the lmtp client chrooted, the interpretation of
@@ -90,22 +99,12 @@ This is the simplest LMTP configuration.
With LMTP delivery to the local machine there is no good
reason to run the Postfix LMTP client chrooted.
-2. LMTP over TCP sockets.
+3. LMTP over TCP sockets.
Currently the default TCP port number for this type of connection
is 24, but this can be customized in the "/etc/services" file.
Specific examples are given later in this document.
- The settings local_transport, mailbox_transport, and
- fallback_transport support the following connections:
-
- mailbox_transport = lmtp:hostname:port
- local_transport = lmtp:hostname:port
- fallback_transport = lmtp:hostname:port
-
- See the previous section for a discussion of the differences
- between these three delivery methods.
-
NOTE:
With connections over TCP sockets, later Cyrus implementations
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 15df24720..5e9306ac4 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -27,8 +27,8 @@ agent can deliver mail for any number of domains. See the file
VIRTUAL_README for detailed examples. This code is still new. Once
it stops changing it will become part of the non-beta release.
-Many "valid_hostname" warnings were either eliminated, and the rest
-was replaced by something more informative.
+Many "valid_hostname" warnings were eliminated, and the rest was
+replaced by something more informative.
SASL support (RFC 2554) for the LMTP delivery agent. This is required
by recent Cyrus implementations when delivering mail over TCP
diff --git a/postfix/VIRTUAL_README b/postfix/VIRTUAL_README
index fae2097a6..00db8dd23 100644
--- a/postfix/VIRTUAL_README
+++ b/postfix/VIRTUAL_README
@@ -61,6 +61,8 @@ virtual_mailbox_maps
If a recipient is not found the mail is returned to the sender.
+ For security reasons, regexp maps are not allowed here.
+
The mail administrator is expected to create and chown recipient
mailbox files or maildir directories ahead of time.
@@ -75,11 +77,15 @@ virtual_uid_maps
Recipients are looked up in this map to determine the UID (owner
privileges) to be used when writing to the target mailbox.
+ For security reasons, regexp maps are not allowed here.
+
virtual_gid_maps
Recipients are looked up in this map to determine the GID (group
privileges) to be used when writing to the target mailbox.
+ For security reasons, regexp maps are not allowed here.
+
virtual_mailbox_lock
This setting is ignored in case of maildir delivery.
diff --git a/postfix/conf/sample-local.cf b/postfix/conf/sample-local.cf
index d7b7e0268..caa48d514 100644
--- a/postfix/conf/sample-local.cf
+++ b/postfix/conf/sample-local.cf
@@ -187,7 +187,7 @@ mailbox_transport =
fallback_transport =
#
-# RATE CONTROLS
+# RESOURCE CONTROLS
#
# The local_destination_concurrency_limit parameter limits the number
@@ -200,6 +200,13 @@ fallback_transport =
#
local_destination_concurrency_limit = 2
+# The mailbox_size_limit parameter controls the maximal size of a
+# mailbox or maildir file (in fact, it limits the size of any file
+# that is written to upon local delivery) The default is 20MBytes.
+# This limit must not be set smaller than the message size limit.
+#
+mailbox_size_limit = 20480000
+
# The local_destination_recipient_limit parameter limits the number
# of recipients per local message delivery. The default limit is
# taken from the default_destination_recipient_limit parameter.
diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html
index d9a39e785..1b0ba3c60 100644
--- a/postfix/html/local.8.html
+++ b/postfix/html/local.8.html
@@ -449,11 +449,11 @@ LOCAL(8) LOCAL(8)
ery. The default limit is taken from the
default_destination_recipient_limit parameter.
-Security controls
- allow_mail_to_commands
- Restrict the usage of mail delivery to external
- command.
+ mailbox_size_limit
+ Limit the size of a mailbox etc. file (any file
+ that is written to upon delivery).
+Security controls
@@ -467,29 +467,33 @@ LOCAL(8) LOCAL(8)
LOCAL(8) LOCAL(8)
- allow_mail_to_files
+ allow_mail_to_commands
Restrict the usage of mail delivery to external
+ command.
+
+ allow_mail_to_files
+ Restrict the usage of mail delivery to external
file.
command_expansion_filter
- What characters are allowed to appear in $name
- expansions of mailbox_command. Illegal characters
+ What characters are allowed to appear in $name
+ expansions of mailbox_command. Illegal characters
are replaced by underscores.
default_privs
- Default rights for delivery to external file or
+ Default rights for delivery to external file or
command.
forward_expansion_filter
- What characters are allowed to appear in $name
- expansions of forward_path. Illegal characters are
+ What characters are allowed to appear in $name
+ expansions of forward_path. Illegal characters are
replaced by underscores.
HISTORY
- The Delivered-To: header appears in the qmail system by
+ The Delivered-To: header appears in the qmail system by
Daniel Bernstein.
- The maildir structure appears in the qmail system by
+ The maildir structure appears in the qmail system by
Daniel Bernstein.
SEE ALSO
@@ -500,7 +504,7 @@ LOCAL(8) LOCAL(8)
qmgr(8) queue manager
LICENSE
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
@@ -520,10 +524,6 @@ LOCAL(8) LOCAL(8)
-
-
-
-
8
diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html
index 8fd6bbb3f..43ee3df0b 100644
--- a/postfix/html/virtual.8.html
+++ b/postfix/html/virtual.8.html
@@ -142,7 +142,7 @@ VIRTUAL(8) VIRTUAL(8)
boxes. While it could be set to "/", this setting
isn't recommended.
- virtual_mailbox_maps
+ virtual_mailbox_maps (regexp maps disallowed)
Recipients are looked up in these maps to determine
the path to their mailbox or maildir. If the
returned path ends in a slash ("/"), maildir-style
@@ -159,12 +159,12 @@ VIRTUAL(8) VIRTUAL(8)
this will be rejected, and the message will be
deferred.
- virtual_uid_maps
+ virtual_uid_maps (regexp maps disallowed)
Recipients are looked up in these maps to determine
the user ID to be used when writing to the target
mailbox.
- virtual_gid_maps
+ virtual_gid_maps (regexp maps disallowed)
Recipients are looked up in these maps to determine
the group ID to be used when writing to the target
mailbox.
diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8
index b0795386d..3d10429a6 100644
--- a/postfix/man/man8/local.8
+++ b/postfix/man/man8/local.8
@@ -375,6 +375,9 @@ The default limit is taken from the
Limit the number of recipients per message delivery.
The default limit is taken from the
\fBdefault_destination_recipient_limit\fR parameter.
+.IP \fBmailbox_size_limit\fR
+Limit the size of a mailbox etc. file (any file that is
+written to upon delivery).
.SH "Security controls"
.ad
.fi
diff --git a/postfix/man/man8/virtual.8 b/postfix/man/man8/virtual.8
index 6e007bc0d..994bd71dc 100644
--- a/postfix/man/man8/virtual.8
+++ b/postfix/man/man8/virtual.8
@@ -131,7 +131,7 @@ Specifies a path that is prepended to all mailbox or maildir paths.
This is a safety measure to ensure that an out of control map in
\fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
While it could be set to "/", this setting isn't recommended.
-.IP \fBvirtual_mailbox_maps\fR
+.IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)"
Recipients are looked up in these maps to determine the path to
their mailbox or maildir. If the returned path ends in a slash
("/"), maildir-style delivery is carried out, otherwise the
@@ -144,10 +144,10 @@ Specifies a minimum uid that will be accepted as a return from
a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
Returned values less than this will be rejected, and the message
will be deferred.
-.IP \fBvirtual_uid_maps\fR
+.IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
Recipients are looked up in these maps to determine the user ID to be
used when writing to the target mailbox.
-.IP \fBvirtual_gid_maps\fR
+.IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
Recipients are looked up in these maps to determine the group ID to be
used when writing to the target mailbox.
.SH "Locking controls"
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 4b095a774..05aac24bf 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -492,12 +492,12 @@ extern int var_stack_rcpt_limit;
*/
#define VAR_DELIVERY_SLOT_COST "default_delivery_slot_cost"
#define _DELIVERY_SLOT_COST "_delivery_slot_cost"
-#define DEF_DELIVERY_SLOT_COST 10
+#define DEF_DELIVERY_SLOT_COST 5
extern int var_delivery_slot_cost;
#define VAR_DELIVERY_SLOT_LOAN "default_delivery_slot_loan"
#define _DELIVERY_SLOT_LOAN "_delivery_slot_loan"
-#define DEF_DELIVERY_SLOT_LOAN 5
+#define DEF_DELIVERY_SLOT_LOAN 3
extern int var_delivery_slot_loan;
#define VAR_DELIVERY_SLOT_DISCOUNT "default_delivery_slot_discount"
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 2ae52c234..7f563b54e 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20010128"
+#define DEF_MAIL_VERSION "Snapshot-20010129"
extern char *var_mail_version;
/* LICENSE
diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c
index d31e084bf..6d6bd05d4 100644
--- a/postfix/src/local/local.c
+++ b/postfix/src/local/local.c
@@ -347,6 +347,9 @@
/* Limit the number of recipients per message delivery.
/* The default limit is taken from the
/* \fBdefault_destination_recipient_limit\fR parameter.
+/* .IP \fBmailbox_size_limit\fR
+/* Limit the size of a mailbox etc. file (any file that is
+/* written to upon delivery).
/* .SH "Security controls"
/* .ad
/* .fi
diff --git a/postfix/src/nqmgr/qmgr_job.c b/postfix/src/nqmgr/qmgr_job.c
index 7970fe8ee..d9354103a 100644
--- a/postfix/src/nqmgr/qmgr_job.c
+++ b/postfix/src/nqmgr/qmgr_job.c
@@ -477,7 +477,7 @@ static QMGR_JOB *qmgr_job_candidate(QMGR_JOB *current)
QMGR_TRANSPORT *transport = current->transport;
QMGR_JOB *job,
*best_job = 0;
- float score,
+ double score,
best_score = 0.0;
int max_slots,
max_needed_entries,
@@ -534,7 +534,7 @@ static QMGR_JOB *qmgr_job_candidate(QMGR_JOB *current)
max_needed_entries = max_total_entries - job->selected_entries;
delay = now - job->message->queued_time + 1;
if (max_needed_entries > 0 && max_needed_entries <= max_slots) {
- score = (float) delay / max_total_entries;
+ score = (double) delay / max_total_entries;
if (score > best_score) {
best_score = score;
best_job = job;
diff --git a/postfix/src/util/rand_sleep.c b/postfix/src/util/rand_sleep.c
index e3d4570f4..af6fdfcdc 100644
--- a/postfix/src/util/rand_sleep.c
+++ b/postfix/src/util/rand_sleep.c
@@ -10,15 +10,14 @@
/* unsigned delay;
/* unsigned variation;
/* DESCRIPTION
-/* rand_sleep() blocks the current process for a pseudo-random
-/* amount of time.
+/* rand_sleep() blocks the current process for an amount of time
+/* pseudo-randomly chosen from the interval (delay += variation/2).
/*
/* Arguments:
/* .IP delay
/* Time to sleep in microseconds.
/* .IP variation
-/* Sleep time variation in microseconds; must be smaller than
-/* the time to sleep.
+/* Variation in microseconds; must not be larger than delay.
/* DIAGNOSTICS
/* Panic: interface violation. All system call errors are fatal.
/* LICENSE
@@ -61,20 +60,20 @@ void rand_sleep(unsigned delay, unsigned variation)
*/
if (delay == 0)
msg_panic("%s: bad delay %d", myname, delay);
- if (variation >= delay)
+ if (variation > delay)
msg_panic("%s: bad variation %d", myname, variation);
/*
* Use the semi-crappy random number generator.
*/
if (my_pid == 0)
- srandom(my_pid = getpid() ^ time((time_t *) 0));
+ srandom(my_pid = (getpid() ^ time((time_t *) 0)));
usec = (delay - variation / 2) + variation * (double) random() / RAND_MAX;
#ifdef MISSING_USLEEP
+ doze(usec);
+#else
if (usleep(usec) < 0)
msg_fatal("usleep: %m");
-#else
- doze(usec);
#endif
}
diff --git a/postfix/src/virtual/mailbox.c b/postfix/src/virtual/mailbox.c
index 5f753fe08..68f8c4f52 100644
--- a/postfix/src/virtual/mailbox.c
+++ b/postfix/src/virtual/mailbox.c
@@ -168,7 +168,8 @@ int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp)
* Look up the mailbox location. Bounce if not found, defer in case of
* trouble.
*/
- mailbox_res = maps_find(virtual_mailbox_maps, state.msg_attr.user, 0);
+ mailbox_res = maps_find(virtual_mailbox_maps, state.msg_attr.user,
+ DICT_FLAG_FIXED);
if (mailbox_res == 0) {
if (dict_errno == 0)
return (NO);
@@ -178,46 +179,47 @@ int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp)
virtual_mailbox_maps->title, state.msg_attr.user);
return (YES);
}
+ usr_attr.mailbox = concatenate(var_virt_mailbox_base, "/",
+ mailbox_res, (char *) 0);
+
+#define RETURN(res) { myfree(usr_attr.mailbox); return (res); }
/*
* Look up the mailbox owner rights. Defer in case of trouble.
*/
- if ((uid_res = maps_find(virtual_uid_maps, state.msg_attr.user, 0)) == 0) {
+ if ((uid_res = maps_find(virtual_uid_maps, state.msg_attr.user,
+ DICT_FLAG_FIXED)) == 0) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: uid not found in %s",
state.msg_attr.user, virtual_uid_maps->title);
- return (YES);
+ RETURN(YES);
}
if ((n = atol(uid_res)) < var_virt_minimum_uid) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: bad uid %s in %s",
state.msg_attr.user, uid_res, virtual_uid_maps->title);
- return (YES);
+ RETURN(YES);
}
usr_attr.uid = (uid_t) n;
/*
* Look up the mailbox group rights. Defer in case of trouble.
*/
- if ((gid_res = maps_find(virtual_gid_maps, state.msg_attr.user, 0)) == 0) {
+ if ((gid_res = maps_find(virtual_gid_maps, state.msg_attr.user,
+ DICT_FLAG_FIXED)) == 0) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: gid not found in %s",
state.msg_attr.user, virtual_gid_maps->title);
- return (YES);
+ RETURN(YES);
}
if ((n = atol(gid_res)) <= 0) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: bad gid %s in %s",
state.msg_attr.user, gid_res, virtual_gid_maps->title);
- return (YES);
+ RETURN(YES);
}
usr_attr.gid = (gid_t) n;
- /*
- * No early returns or we have a memory leak.
- */
- usr_attr.mailbox = concatenate(var_virt_mailbox_base, "/",
- mailbox_res, (char *) 0);
if (msg_verbose)
msg_info("%s[%d]: set user_attr: %s, uid = %d, gid = %d",
myname, state.level,
@@ -236,6 +238,5 @@ int deliver_mailbox(LOCAL_STATE state, USER_ATTR usr_attr, int *statusp)
/*
* Cleanup.
*/
- myfree(usr_attr.mailbox);
- return (YES);
+ RETURN(YES);
}
diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c
index 90fa45c30..8404ad1e2 100644
--- a/postfix/src/virtual/virtual.c
+++ b/postfix/src/virtual/virtual.c
@@ -107,7 +107,7 @@
/* This is a safety measure to ensure that an out of control map in
/* \fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
/* While it could be set to "/", this setting isn't recommended.
-/* .IP \fBvirtual_mailbox_maps\fR
+/* .IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)"
/* Recipients are looked up in these maps to determine the path to
/* their mailbox or maildir. If the returned path ends in a slash
/* ("/"), maildir-style delivery is carried out, otherwise the
@@ -120,10 +120,10 @@
/* a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
/* Returned values less than this will be rejected, and the message
/* will be deferred.
-/* .IP \fBvirtual_uid_maps\fR
+/* .IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
/* Recipients are looked up in these maps to determine the user ID to be
/* used when writing to the target mailbox.
-/* .IP \fBvirtual_gid_maps\fR
+/* .IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
/* Recipients are looked up in these maps to determine the group ID to be
/* used when writing to the target mailbox.
/* .SH "Locking controls"