mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 01:49:47 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20241027

Browse Source
This commit is contained in:
Wietse Z Venema 2024-10-27 00:00:00 -05:00 committed by Viktor Dukhovni
parent a559c5da49
commit 33701748e1
10 changed files with 173 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
postfix/HISTORY
View File

@ -28447,3 +28447,23 @@ Apologies for any names omitted.
is allowed). The dbname setting is now optional if the hosts
setting specifies only URIs. Files: util/valid_uri_scheme.[hc],
proto/pgsql_table.
202141026
Documentation: updated the pgsql_table manpage that the
"user" and "password" settings are also ignored when a
"hosts" setting specifies an URI. File: proto/pgsql_table.
Documentation: updated text for how to handle retries with a
load balancer. Files: proto/pgsql_table, proto/mysql_table.
20241027
Bugfix (defect introduced: Postfix 2.3, date 20051222):
file descriptor leak after failure to connect to a Dovecot
auth server. The impact is limited because there are limits
on the number of retries (one), on the number of errors per
SMTP session (smtpd_hard_error_limit), on the number
of sessions per SMTP server process (max_use), and on the
number file handles per process (managed with sysctl).
File: xsasl/xsasl_dovecot_server.c.

16
postfix/html/mysql_table.5.html
View File

@ -61,11 +61,11 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
TCP you have to specify
hosts = 127.0.0.1
NOTE: if "hosts" specifies one load balancer and no alternative
servers, specify the load balancer multiple times in the "hosts"
line. Without the duplicate info, the Postfix MySQL client would
not reconnect immediately to the same load balancer after a
MySQL server failure.
NOTE: if the <b>hosts</b> setting specifies one load balancer and no
alternative servers, specify the load balancer multiple times.
Without the duplicate info, the Postfix MySQL client would not
reconnect immediately to the same load balancer after a request
failure.
<b>user</b>
@ -96,6 +96,12 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
The number of seconds that a database connection will be skipped
after an error.
NOTE: if the <b>hosts</b> setting specifies one load balancer and no
alternative servers, specify the load balancer multiple times.
Without the duplicate info, the Postfix MySQL client would not
reconnect immediately to the same load balancer after a request
failure.
This feature is available in Postfix 3.9 and later.
<b>query</b> The SQL query template used to search the database, where <b>%s</b> is

157
postfix/html/pgsql_table.5.html
View File

@ -61,15 +61,15 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
matically closed after being idle for about 1 minute, and are
re-opened as necessary. See <b>idle_interval</b> for details.
NOTE: if <b>hosts</b> specifies a PostgreSQL connection URI, the Post-
greSQL client library will ignore the <b>dbname</b> setting for that
connection.
NOTE: if the <b>hosts</b> setting specifies a PostgreSQL connection
URI, the Postfix PostgreSQL client will ignore the <b>dbname</b>, <b>user</b>,
and <b>password</b> settings for that connection.
NOTE: if <b>hosts</b> specifies one load balancer and no alternative
servers, specify the load balancer multiple times in the <b>hosts</b>
line. Without the duplicate info, the Postfix PostgreSQL client
would not reconnect immediately to the same load balancer after
a PostgreSQL server failure.
NOTE: if the <b>hosts</b> setting specifies one load balancer and no
alternative servers, specify the load balancer multiple times.
Without the duplicate info, the Postfix PostgreSQL client would
not reconnect immediately to the same load balancer after a
request failure.
<b>user</b>
@ -79,28 +79,31 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
user = someone
password = some_password
The <b>user</b> and <b>password</b> settings are ignored for <b>hosts</b> connections
that are specified as an URI.
<b>dbname</b> The database name on the servers. Example:
dbname = customer_database
The <b>dbname</b> setting is ignored for <b>hosts</b> connections that are
The <b>dbname</b> setting is ignored for <b>hosts</b> connections that are
specified as an URI.
The <b>dbname</b> setting is required with Postfix 3.10 and later, when
<b>hosts</b> specifies any non-URI connection; it is always required
<b>hosts</b> specifies any non-URI connection; it is always required
with earlier Postfix versions.
<b>encoding</b>
The encoding used by the database client. The default setting
The encoding used by the database client. The default setting
is:
encoding = UTF8
Historically, the database client was hard coded to use LATIN1
Historically, the database client was hard coded to use LATIN1
in an attempt to disable multibyte character support.
This feature is available in Postfix 3.8 and later.
<b>idle_interval (default: 60)</b>
The number of seconds after which an idle database connection
The number of seconds after which an idle database connection
will be closed.
This feature is available in Postfix 3.9 and later.
@ -109,10 +112,16 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
The number of seconds that a database connection will be skipped
after an error.
NOTE: if the <b>hosts</b> setting specifies one load balancer and no
alternative servers, specify the load balancer multiple times.
Without the duplicate info, the Postfix PostgreSQL client would
not reconnect immediately to the same load balancer after a
request failure.
This feature is available in Postfix 3.9 and later.
<b>query</b> The SQL query template used to search the database, where <b>%s</b> is
a substitute for the address Postfix is trying to resolve, e.g.
<b>query</b> The SQL query template used to search the database, where <b>%s</b> is
a substitute for the address Postfix is trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
This parameter supports the following '%' expansions:
@ -120,48 +129,48 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<b>%%</b> This is replaced by a literal '%' character. (Postfix 2.2
and later)
<b>%s</b> This is replaced by the input key. SQL quoting is used
to make sure that the input key does not add unexpected
<b>%s</b> This is replaced by the input key. SQL quoting is used
to make sure that the input key does not add unexpected
metacharacters.
<b>%u</b> When the input key is an address of the form user@domain,
<b>%u</b> is replaced by the SQL quoted local part of the
address. Otherwise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the query is sup-
<b>%u</b> is replaced by the SQL quoted local part of the
address. Otherwise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the query is sup-
pressed and returns no results.
<b>%d</b> When the input key is an address of the form user@domain,
<b>%d</b> is replaced by the SQL quoted domain part of the
address. Otherwise, the query is suppressed and returns
<b>%d</b> is replaced by the SQL quoted domain part of the
address. Otherwise, the query is suppressed and returns
no results.
<b>%[SUD]</b> The upper-case equivalents of the above expansions behave
in the <b>query</b> parameter identically to their lower-case
counter-parts. With the <b>result_format</b> parameter (see
below), they expand the input key rather than the result
in the <b>query</b> parameter identically to their lower-case
counter-parts. With the <b>result_format</b> parameter (see
below), they expand the input key rather than the result
value.
The above %S, %U and %D expansions are available with
The above %S, %U and %D expansions are available with
Postfix 2.2 and later
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
sponding most significant component of the input key's
domain. If the input key is <i>user@mail.example.com</i>, then
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
sponding most significant component of the input key's
domain. If the input key is <i>user@mail.example.com</i>, then
%1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough domain components
to satisfy all the specified patterns, the query is sup-
is unqualified or does not have enough domain components
to satisfy all the specified patterns, the query is sup-
pressed and returns no results.
The above %1, ... %9 expansions are available with Post-
The above %1, ... %9 expansions are available with Post-
fix 2.2 and later
The <b>domain</b> parameter described below limits the input keys to
addresses in matching domains. When the <b>domain</b> parameter is
The <b>domain</b> parameter described below limits the input keys to
addresses in matching domains. When the <b>domain</b> parameter is
non-empty, SQL queries for unqualified addresses or addresses in
non-matching domains are suppressed and return no results.
The precedence of this parameter has changed with Postfix 2.2,
in prior releases the precedence was, from highest to lowest,
The precedence of this parameter has changed with Postfix 2.2,
in prior releases the precedence was, from highest to lowest,
<b>select_function</b>, <b>query</b>, <b>select_field</b>, ...
With Postfix 2.2 the <b>query</b> parameter has highest precedence, see
@ -171,42 +180,42 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<b>result_format (default: %s</b>)
Format template applied to result attributes. Most commonly used
to append (or prepend) text to the result. This parameter sup-
to append (or prepend) text to the result. This parameter sup-
ports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the value of the result attribute.
<b>%s</b> This is replaced by the value of the result attribute.
When result is empty it is skipped.
<b>%u</b> When the result attribute value is an address of the form
user@domain, <b>%u</b> is replaced by the local part of the
address. When the result has an empty localpart it is
user@domain, <b>%u</b> is replaced by the local part of the
address. When the result has an empty localpart it is
skipped.
<b>%d</b> When a result attribute value is an address of the form
user@domain, <b>%d</b> is replaced by the domain part of the
attribute value. When the result is unqualified it is
<b>%d</b> When a result attribute value is an address of the form
user@domain, <b>%d</b> is replaced by the domain part of the
attribute value. When the result is unqualified it is
skipped.
<b>%[SUD1-9]</b>
The upper-case and decimal digit expansions interpolate
the parts of the input key rather than the result. Their
behavior is identical to that described with <b>query</b>, and
in fact because the input key is known in advance,
queries whose key does not contain all the information
specified in the result template are suppressed and
The upper-case and decimal digit expansions interpolate
the parts of the input key rather than the result. Their
behavior is identical to that described with <b>query</b>, and
in fact because the input key is known in advance,
queries whose key does not contain all the information
specified in the result template are suppressed and
return no results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
applying the result format, multiple values are concatenated as
applying the result format, multiple values are concatenated as
comma separated strings. The expansion_limit and parameter
explained below allows one to restrict the number of values in
explained below allows one to restrict the number of values in
the result, which is especially useful for maps that must return
at most one value.
The default value <b>%s</b> specifies that each result value should be
The default value <b>%s</b> specifies that each result value should be
used as is.
This parameter is available with Postfix 2.2 and later.
@ -214,15 +223,15 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
This is a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
This is a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
databases. When specified, only fully qualified search keys with
a *non-empty* localpart and a matching domain are eligible for
a *non-empty* localpart and a matching domain are eligible for
lookup: 'user' lookups, bare domain lookups and "@domain"
lookups are not performed. This can significantly reduce the
lookups are not performed. This can significantly reduce the
query load on the PostgreSQL server.
domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
It is best not to use SQL to store the domains eligible for SQL
It is best not to use SQL to store the domains eligible for SQL
lookups.
This parameter is available with Postfix 2.2 and later.
@ -231,28 +240,28 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
the input keys are always unqualified.
<b>expansion_limit (default: 0)</b>
A limit on the total number of result elements returned (as a
A limit on the total number of result elements returned (as a
comma separated list) by a lookup against the map. A setting of
zero disables the limit. Lookups fail with a temporary error if
the limit is exceeded. Setting the limit to 1 ensures that
zero disables the limit. Lookups fail with a temporary error if
the limit is exceeded. Setting the limit to 1 ensures that
lookups do not return multiple values.
<b>OBSOLETE MAIN.CF PARAMETERS</b>
For compatibility with other Postfix lookup tables, PostgreSQL parame-
ters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as
For compatibility with other Postfix lookup tables, PostgreSQL parame-
ters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as
PostgreSQL source a name that doesn't begin with a slash or a dot. The
PostgreSQL parameters will then be accessible as the name you've given
PostgreSQL parameters will then be accessible as the name you've given
the source in its definition, an underscore, and the name of the param-
eter. For example, if the map is specified as "<a href="pgsql_table.5.html">pgsql</a>:<i>pgsqlname</i>", the
eter. For example, if the map is specified as "<a href="pgsql_table.5.html">pgsql</a>:<i>pgsqlname</i>", the
parameter "hosts" would be defined in <a href="postconf.5.html">main.cf</a> as "<i>pgsqlname</i>_hosts".
Note: with this form, the passwords for the PostgreSQL sources are
Note: with this form, the passwords for the PostgreSQL sources are
written in <a href="postconf.5.html">main.cf</a>, which is normally world-readable. Support for this
form will be removed in a future Postfix version.
<b><a name="obsolete_query_interfaces">OBSOLETE QUERY INTERFACES</a></b>
This section describes query interfaces that are deprecated as of Post-
fix 2.2. Please migrate to the new <b>query</b> interface as the old inter-
fix 2.2. Please migrate to the new <b>query</b> interface as the old inter-
faces are slated to be phased out.
<b>select_function</b>
@ -262,14 +271,14 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
This is equivalent to:
query = SELECT my_lookup_user_alias('%s')
This parameter overrides the legacy table-related fields
(described below). With Postfix versions prior to 2.2, it also
overrides the <b>query</b> parameter. Starting with Postfix 2.2, the
<b>query</b> parameter has highest precedence, and the <b>select_function</b>
This parameter overrides the legacy table-related fields
(described below). With Postfix versions prior to 2.2, it also
overrides the <b>query</b> parameter. Starting with Postfix 2.2, the
<b>query</b> parameter has highest precedence, and the <b>select_function</b>
parameter is deprecated.
The following parameters (with lower precedence than the <b>select_func-</b>
<b>tion</b> interface described above) can be used to build the SQL select
The following parameters (with lower precedence than the <b>select_func-</b>
<b>tion</b> interface described above) can be used to build the SQL select
statement as follows:
SELECT [<b>select_field</b>]
@ -277,13 +286,13 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
The specifier %s is replaced with each lookup by the lookup key and is
escaped so if it contains single quotes or other odd characters, it
The specifier %s is replaced with each lookup by the lookup key and is
escaped so if it contains single quotes or other odd characters, it
will not cause a parse error, or worse, a security problem.
Starting with Postfix 2.2, this interface is obsoleted by the more gen-
eral <b>query</b> interface described above. If higher precedence the <b>query</b> or
<b>select_function</b> parameters described above are defined, the parameters
<b>select_function</b> parameters described above are defined, the parameters
described here are ignored.
<b>select_field</b>

16
postfix/man/man5/mysql_table.5
View File

@ -77,11 +77,11 @@ localhost over TCP you have to specify
hosts = 127.0.0.1
.fi
NOTE: if "hosts" specifies one load balancer and no alternative
servers, specify the load balancer multiple times in the
"hosts" line. Without the duplicate info, the Postfix MySQL
client would not reconnect immediately to the same load
balancer after a MySQL server failure.
NOTE: if the \fBhosts\fR setting specifies one load balancer
and no alternative servers, specify the load balancer multiple
times. Without the duplicate info, the Postfix MySQL client
would not reconnect immediately to the same load balancer after
a request failure.
.IP "\fBuser\fR"
.IP "\fBpassword\fR"
The user name and password to log into the mysql server.
@ -112,6 +112,12 @@ This feature is available in Postfix 3.9 and later.
The number of seconds that a database connection will be
skipped after an error.
NOTE: if the \fBhosts\fR setting specifies one load balancer
and no alternative servers, specify the load balancer multiple
times. Without the duplicate info, the Postfix MySQL client
would not reconnect immediately to the same load balancer after
a request failure.
This feature is available in Postfix 3.9 and later.
.IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR

26
postfix/man/man5/pgsql_table.5
View File

@ -77,16 +77,15 @@ automatically closed after being idle for about 1 minute,
and are re\-opened as necessary. See \fBidle_interval\fR
for details.
NOTE: if \fBhosts\fR specifies a PostgreSQL connection URI,
the PostgreSQL client library will ignore the \fBdbname\fR
setting for that connection.
NOTE: if the \fBhosts\fR setting specifies a PostgreSQL connection
URI, the Postfix PostgreSQL client will ignore the \fBdbname\fR,
\fBuser\fR, and \fBpassword\fR settings for that connection.
NOTE: if \fBhosts\fR specifies one load balancer and no
alternative
servers, specify the load balancer multiple times in the
\fBhosts\fR line. Without the duplicate info, the Postfix
PostgreSQL client would not reconnect immediately to the
same load balancer after a PostgreSQL server failure.
NOTE: if the \fBhosts\fR setting specifies one load balancer
and no alternative servers, specify the load balancer multiple
times. Without the duplicate info, the Postfix PostgreSQL client
would not reconnect immediately to the same load balancer after
a request failure.
.IP "\fBuser\fR"
.IP "\fBpassword\fR"
The user name and password to log into the pgsql server.
@ -95,6 +94,9 @@ Example:
user = someone
password = some_password
.fi
.sp
The \fBuser\fR and \fBpassword\fR settings are ignored for
\fBhosts\fR connections that are specified as an URI.
.IP "\fBdbname\fR"
The database name on the servers. Example:
.nf
@ -127,6 +129,12 @@ This feature is available in Postfix 3.9 and later.
The number of seconds that a database connection will be
skipped after an error.
NOTE: if the \fBhosts\fR setting specifies one load balancer
and no alternative servers, specify the load balancer multiple
times. Without the duplicate info, the Postfix PostgreSQL client
would not reconnect immediately to the same load balancer after
a request failure.
This feature is available in Postfix 3.9 and later.
.IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR

16
postfix/proto/mysql_table
View File

@ -67,11 +67,11 @@
# hosts = 127.0.0.1
# .fi
#
# NOTE: if "hosts" specifies one load balancer and no alternative
# servers, specify the load balancer multiple times in the
# "hosts" line. Without the duplicate info, the Postfix MySQL
# client would not reconnect immediately to the same load
# balancer after a MySQL server failure.
# NOTE: if the \fBhosts\fR setting specifies one load balancer
# and no alternative servers, specify the load balancer multiple
# times. Without the duplicate info, the Postfix MySQL client
# would not reconnect immediately to the same load balancer after
# a request failure.
# .IP "\fBuser\fR"
# .IP "\fBpassword\fR"
# The user name and password to log into the mysql server.
@ -102,6 +102,12 @@
# The number of seconds that a database connection will be
# skipped after an error.
#
# NOTE: if the \fBhosts\fR setting specifies one load balancer
# and no alternative servers, specify the load balancer multiple
# times. Without the duplicate info, the Postfix MySQL client
# would not reconnect immediately to the same load balancer after
# a request failure.
#
# This feature is available in Postfix 3.9 and later.
# .IP "\fBquery\fR"
# The SQL query template used to search the database, where \fB%s\fR

26
postfix/proto/pgsql_table
View File

@ -67,16 +67,15 @@
# and are re-opened as necessary. See \fBidle_interval\fR
# for details.
#
# NOTE: if \fBhosts\fR specifies a PostgreSQL connection URI,
# the PostgreSQL client library will ignore the \fBdbname\fR
# setting for that connection.
# NOTE: if the \fBhosts\fR setting specifies a PostgreSQL connection
# URI, the Postfix PostgreSQL client will ignore the \fBdbname\fR,
# \fBuser\fR, and \fBpassword\fR settings for that connection.
#
# NOTE: if \fBhosts\fR specifies one load balancer and no
# alternative
# servers, specify the load balancer multiple times in the
# \fBhosts\fR line. Without the duplicate info, the Postfix
# PostgreSQL client would not reconnect immediately to the
# same load balancer after a PostgreSQL server failure.
# NOTE: if the \fBhosts\fR setting specifies one load balancer
# and no alternative servers, specify the load balancer multiple
# times. Without the duplicate info, the Postfix PostgreSQL client
# would not reconnect immediately to the same load balancer after
# a request failure.
# .IP "\fBuser\fR"
# .IP "\fBpassword\fR"
# The user name and password to log into the pgsql server.
@ -85,6 +84,9 @@
# user = someone
# password = some_password
# .fi
# .sp
# The \fBuser\fR and \fBpassword\fR settings are ignored for
# \fBhosts\fR connections that are specified as an URI.
# .IP "\fBdbname\fR"
# The database name on the servers. Example:
# .nf
@ -117,6 +119,12 @@
# The number of seconds that a database connection will be
# skipped after an error.
#
# NOTE: if the \fBhosts\fR setting specifies one load balancer
# and no alternative servers, specify the load balancer multiple
# times. Without the duplicate info, the Postfix PostgreSQL client
# would not reconnect immediately to the same load balancer after
# a request failure.
#
# This feature is available in Postfix 3.9 and later.
# .IP "\fBquery\fR"
# The SQL query template used to search the database, where \fB%s\fR

1
postfix/proto/stop
View File

@ -1653,3 +1653,4 @@ ipaddr
STS
hs
ccformat
xxsql

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20241025"
#define MAIL_RELEASE_DATE "20241027"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT

1
postfix/src/xsasl/xsasl_dovecot_server.c
View File

@ -297,6 +297,7 @@ static int xsasl_dovecot_server_connect(XSASL_DOVECOT_SERVER_IMPL *xp)
(unsigned int) getpid());
if (vstream_fflush(sasl_stream) == VSTREAM_EOF) {
msg_warn("SASL: Couldn't send handshake: %m");
(void) vstream_fclose(sasl_stream);
return (-1);
}
success = 0;