mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-02 15:15:24 +00:00
Code Issues Releases Wiki Activity

postfix-2.0.16-20031203

Browse Source
This commit is contained in:
Wietse Venema
2003-12-03 00:00:00 -05:00
committed by Viktor Dukhovni
parent ac04ae46d6
commit 41308545c8
8 changed files with 123 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
postfix/HISTORY
View File

@@ -8783,7 +8783,8 @@ Apologies for any names omitted.
Feature: XCLIENT support to override the SMTP server's Feature: XCLIENT support to override the SMTP server's
client information for logging and/or access control. This client information for logging and/or access control. This
replaces the short-lived XADDR and XLOGINFO extensions. replaces the short-lived XADDR and XLOGINFO extensions.
Remotely based on code by Victor Duchovni. Files: Remotely based on code by Victor Duchovni. See FILTER_README
and SMTPD_PROXY_README for usage details. Files:
smtpd/{smtpd,smtpd_check,smtpd_proxy,smtpd_xclient}.c smtpd/{smtpd,smtpd_check,smtpd_proxy,smtpd_xclient}.c
smtp/smtp_smtp_proto.c, *qmgr/qmgr_message.c, smtp/smtp_smtp_proto.c, *qmgr/qmgr_message.c,
global/deliver_request.c. global/deliver_request.c.
@@ -8795,6 +8796,14 @@ Apologies for any names omitted.
post-install script gives the user a reminder. Files: post-install script gives the user a reminder. Files:
conf/postfix-files, conf/post-install. conf/postfix-files, conf/post-install.
20031203
Support for SMTPD access map actions (FILTER, REDIRECT,
HOLD or DISCARD) that are delegated to the cleanup server,
but can trigger before the first valid recipient address
is accepted (and thus, before a cleanup server connection
is available). Files: smtpd/{smtpd,smtpd_state,smtpd_check}.c.
Open problems: Open problems:
High: when virtual aliasing is turned off after content High: when virtual aliasing is turned off after content

31
postfix/RELEASE_NOTES
View File

@@ -22,11 +22,42 @@ snapshot release). Patches change the patchlevel and the release
date. Snapshots change only the release date, unless they include date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release. the same bugfixes as a patch release.
Incompatible changes with Postfix snapshot 2.0.16-20031203
==========================================================
Many SMTPD reject logfile entries now show NOQUEUE instead of a
queue ID. This is because Postfix no longer creates queue file
before the SMTP server has received a valid recipient.
The experimental XADDR and XLOGINFO extensions to SMTP are now
replaced by XCLIENT.
Major changes with Postfix snapshot 2.0.16-20031203
===================================================
The XCLIENT extension to SMTP replaces the short-lived XADDR and
XLOGINFO extensions. Details are given in the XCLIENT_README file.
XCLIENT supports the following features:
- SMTPD access rule testing. Send "xclient override client_name=xxx
client_addr=yyy" in SMTP sessions and pretend that you are sending
mail as the specified client.
- Remote client information forwarding through a content filter to
improve logging by down-stream mail software. Send "xclient forward
client_name=xxx client_addr=yyy client_proto=aaa client_helo=bbb"
to specify the original client information that should be logged
and stored with the next MAIL FROM transaction.
Incompatible changes with Postfix snapshot 2.0.16-20031111 Incompatible changes with Postfix snapshot 2.0.16-20031111
========================================================== ==========================================================
The demo greylist policy server is now case insensitive. The demo greylist policy server is now case insensitive.
The demo greylist policy server now uses BTREE files which greatly
improves stability.
Major changes with Postfix snapshot 2.0.16-20031111 Major changes with Postfix snapshot 2.0.16-20031111
=================================================== ===================================================

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the * Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release. * release date only, unless they include the same bugfix as a patch release.
*/ */
#define MAIL_RELEASE_DATE "20031202" #define MAIL_RELEASE_DATE "20031203"
#define VAR_MAIL_VERSION "mail_version" #define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.16-" MAIL_RELEASE_DATE #define DEF_MAIL_VERSION "2.0.16-" MAIL_RELEASE_DATE

2
postfix/src/smtpd/Makefile.in
View File

@@ -30,7 +30,7 @@ update: ../../libexec/$(PROG)
../../libexec/$(PROG): $(PROG) ../../libexec/$(PROG): $(PROG)
cp $(PROG) ../../libexec cp $(PROG) ../../libexec
SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o SMTPD_CHECK_OBJ = smtpd_state.o smtpd_peer.o smtpd_xclient.o
smtpd_token: smtpd_token.c $(LIBS) smtpd_token: smtpd_token.c $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)

33
postfix/src/smtpd/smtpd.c
View File

@@ -1072,9 +1072,6 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
/* /*
* Check the queue file space, if applicable. * Check the queue file space, if applicable.
*/ */
#define USE_SMTPD_PROXY(state) \
(SMTPD_STAND_ALONE(state) == 0 && *var_smtpd_proxy_filt)
if (!USE_SMTPD_PROXY(state)) { if (!USE_SMTPD_PROXY(state)) {
if ((err = smtpd_check_size(state, state->msg_size)) != 0) { if ((err = smtpd_check_size(state, state->msg_size)) != 0) {
smtpd_chat_reply(state, "%s", err); smtpd_chat_reply(state, "%s", err);
@@ -1122,6 +1119,19 @@ static void mail_reset(SMTPD_STATE *state)
myfree(state->verp_delims); myfree(state->verp_delims);
state->verp_delims = 0; state->verp_delims = 0;
} }
if (state->proxy_mail) {
myfree(state->proxy_mail);
state->proxy_mail = 0;
}
if (state->saved_filter) {
myfree(state->saved_filter);
state->saved_filter = 0;
}
if (state->saved_redirect) {
myfree(state->saved_redirect);
state->saved_redirect = 0;
}
state->saved_flags = 0;
#ifdef USE_SASL_AUTH #ifdef USE_SASL_AUTH
if (var_smtpd_sasl_enable) if (var_smtpd_sasl_enable)
smtpd_sasl_mail_reset(state); smtpd_sasl_mail_reset(state);
@@ -1136,10 +1146,6 @@ static void mail_reset(SMTPD_STATE *state)
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_NONE, "QUIT"); (void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_NONE, "QUIT");
smtpd_proxy_close(state); smtpd_proxy_close(state);
} }
if (state->proxy_mail) {
myfree(state->proxy_mail);
state->proxy_mail = 0;
}
if (state->xclient.used) if (state->xclient.used)
smtpd_xclient_reset(state); smtpd_xclient_reset(state);
} }
@@ -1309,6 +1315,10 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
} }
/* /*
* Flush out any access table actions that are delegated to the cleanup
* server, and that may trigger before we accept the first valid
* recipient.
*
* Terminate the message envelope segment. Start the message content * Terminate the message envelope segment. Start the message content
* segment, and prepend our own Received: header. If there is only one * segment, and prepend our own Received: header. If there is only one
* recipient, list the recipient address. * recipient, list the recipient address.
@@ -1316,8 +1326,15 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
* Suppress our own Received: header in the unlikely case that we are an * Suppress our own Received: header in the unlikely case that we are an
* intermediate proxy. * intermediate proxy.
*/ */
if (state->cleanup) if (state->cleanup) {
if (state->saved_filter)
rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", state->saved_filter);
if (state->saved_redirect)
rec_fprintf(state->cleanup, REC_TYPE_RDR, "%s", state->saved_redirect);
if (state->saved_flags)
rec_fprintf(state->cleanup, REC_TYPE_FLGS, "%d", state->saved_flags);
rec_fputs(state->cleanup, REC_TYPE_MESG, ""); rec_fputs(state->cleanup, REC_TYPE_MESG, "");
}
if (!state->proxy || state->xclient.used == 0) { if (!state->proxy || state->xclient.used == 0) {
out_fprintf(out_stream, REC_TYPE_NORM, out_fprintf(out_stream, REC_TYPE_NORM,
"Received: from %s (%s [%s])", "Received: from %s (%s [%s])",

10
postfix/src/smtpd/smtpd.h
View File

@@ -106,6 +106,9 @@ typedef struct SMTPD_STATE {
int defer_if_permit_helo; /* force permit into warning */ int defer_if_permit_helo; /* force permit into warning */
int defer_if_permit_sender; /* force permit into warning */ int defer_if_permit_sender; /* force permit into warning */
int discard; /* discard message */ int discard; /* discard message */
char *saved_filter; /* postponed filter action */
char *saved_redirect; /* postponed redirect action */
int saved_flags; /* postponed hold/discard */
VSTRING *expand_buf; /* scratch space for $name expansion */ VSTRING *expand_buf; /* scratch space for $name expansion */
VSTREAM *proxy; /* proxy handle */ VSTREAM *proxy; /* proxy handle */
VSTRING *proxy_buffer; /* proxy query/reply buffer */ VSTRING *proxy_buffer; /* proxy query/reply buffer */
@@ -131,6 +134,13 @@ extern void smtpd_state_reset(SMTPD_STATE *);
#define SMTPD_STAND_ALONE(state) \ #define SMTPD_STAND_ALONE(state) \
(state->client == VSTREAM_IN && getuid() != var_owner_uid) (state->client == VSTREAM_IN && getuid() != var_owner_uid)
/*
* If running as proxy front-end, disable actions that require communication
* with the cleanup server.
*/
#define USE_SMTPD_PROXY(state) \
(SMTPD_STAND_ALONE(state) == 0 && *var_smtpd_proxy_filt)
/* /*
* SMTPD peer information lookup. * SMTPD peer information lookup.
*/ */

70
postfix/src/smtpd/smtpd_check.c
View File

@@ -451,6 +451,7 @@ static int check_rcpt_maps(SMTPD_STATE *state, const char *recipient);
*/ */
#define STR vstring_str #define STR vstring_str
#define CONST_STR(x) ((const char *) vstring_str(x)) #define CONST_STR(x) ((const char *) vstring_str(x))
#define UPDATE_STRING(ptr,val) { if (ptr) myfree(ptr); ptr = mystrdup(val); }
/* /*
* If some decision can't be made due to a temporary error, then change * If some decision can't be made due to a temporary error, then change
@@ -1737,31 +1738,46 @@ static int reject_unverified_address(SMTPD_STATE *state, const char *addr,
return (rqst_status); return (rqst_status);
} }
/* warn_skip_access_action - FILTER etc. action in unsupported context */ /* can_delegate_action - can we delegate this to the cleanup server */
static void warn_skip_access_action(const char *table, const char *action, #ifndef TEST
const char *reply_class)
static int can_delegate_action(SMTPD_STATE *state, const char *table,
const char *action, const char *reply_class)
{ {
/* /*
* Warn only about FILTER/HOLD/etc. access table actions that appear in * If we're not using the cleanup server, then there is no way that we
* restrictions where they will always be ignored. * can support actions such as FILTER or HOLD that are delegated to the
* cleanup server.
*/ */
if (strcmp(reply_class, SMTPD_NAME_CLIENT) == 0 if (USE_SMTPD_PROXY(state)) {
|| strcmp(reply_class, SMTPD_NAME_HELO) == 0 msg_warn("access table %s: with %s specified, action %s is unavailable",
|| strcmp(reply_class, SMTPD_NAME_SENDER) == 0) { table, VAR_SMTPD_PROXY_FILT, action);
if (var_smtpd_delay_reject == 0) return (0);
}
/*
* If delay_reject=no, then client and helo restrictions take effect
* immediately, outside any particular mail transaction context. For
* example, rejecting HELO does not affect subsequent mail deliveries.
* Thus, if delay_reject=no, client and helo actions such as FILTER or
* HOLD also should not affect subsequent mail deliveries. Hmm...
*/
if (var_smtpd_delay_reject == 0
&& (strcmp(reply_class, SMTPD_NAME_CLIENT) == 0
|| strcmp(reply_class, SMTPD_NAME_HELO) == 0)) {
msg_warn("access table %s: with %s=%s, " msg_warn("access table %s: with %s=%s, "
"action %s is always skipped in %s restrictions", "action %s is always skipped in %s restrictions",
table, VAR_SMTPD_DELAY_REJECT, CONFIG_BOOL_NO, table, VAR_SMTPD_DELAY_REJECT, CONFIG_BOOL_NO,
action, reply_class); action, reply_class);
} else { return (0);
msg_warn("access table %s: action %s is always "
"skipped in %s restrictions",
table, action, reply_class);
} }
return (1);
} }
#endif
/* check_table_result - translate table lookup result into pass/reject */ /* check_table_result - translate table lookup result into pass/reject */
static int check_table_result(SMTPD_STATE *state, const char *table, static int check_table_result(SMTPD_STATE *state, const char *table,
@@ -1814,10 +1830,8 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
*/ */
if (STREQUAL(value, "FILTER", cmd_len)) { if (STREQUAL(value, "FILTER", cmd_len)) {
#ifndef TEST #ifndef TEST
if (state->dest == 0) { if (can_delegate_action(state, table, "FILTER", reply_class) == 0)
warn_skip_access_action(table, "FILTER", reply_class);
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
}
#endif #endif
if (*cmd_text == 0) { if (*cmd_text == 0) {
msg_warn("access map %s entry \"%s\" has FILTER entry without value", msg_warn("access map %s entry \"%s\" has FILTER entry without value",
@@ -1832,7 +1846,7 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
reply_name, reply_class, cmd_text); reply_name, reply_class, cmd_text);
log_whatsup(state, "filter", STR(error_text)); log_whatsup(state, "filter", STR(error_text));
#ifndef TEST #ifndef TEST
rec_fprintf(state->dest->stream, REC_TYPE_FILT, "%s", cmd_text); UPDATE_STRING(state->saved_filter, cmd_text);
#endif #endif
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
} }
@@ -1844,17 +1858,14 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
*/ */
if (STREQUAL(value, "HOLD", cmd_len)) { if (STREQUAL(value, "HOLD", cmd_len)) {
#ifndef TEST #ifndef TEST
if (state->dest == 0) { if (can_delegate_action(state, table, "HOLD", reply_class) == 0)
warn_skip_access_action(table, "HOLD", reply_class);
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
}
#endif #endif
vstring_sprintf(error_text, "<%s>: %s %s", reply_name, reply_class, vstring_sprintf(error_text, "<%s>: %s %s", reply_name, reply_class,
*cmd_text ? cmd_text : "triggers HOLD action"); *cmd_text ? cmd_text : "triggers HOLD action");
log_whatsup(state, "hold", STR(error_text)); log_whatsup(state, "hold", STR(error_text));
#ifndef TEST #ifndef TEST
rec_fprintf(state->dest->stream, REC_TYPE_FLGS, "%d", state->saved_flags |= CLEANUP_FLAG_HOLD;
CLEANUP_FLAG_HOLD);
#endif #endif
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
} }
@@ -1864,17 +1875,14 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
*/ */
if (STREQUAL(value, "DISCARD", cmd_len)) { if (STREQUAL(value, "DISCARD", cmd_len)) {
#ifndef TEST #ifndef TEST
if (state->dest == 0) { if (can_delegate_action(state, table, "DISCARD", reply_class) == 0)
warn_skip_access_action(table, "DISCARD", reply_class);
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
}
#endif #endif
vstring_sprintf(error_text, "<%s>: %s %s", reply_name, reply_class, vstring_sprintf(error_text, "<%s>: %s %s", reply_name, reply_class,
*cmd_text ? cmd_text : "triggers DISCARD action"); *cmd_text ? cmd_text : "triggers DISCARD action");
log_whatsup(state, "discard", STR(error_text)); log_whatsup(state, "discard", STR(error_text));
#ifndef TEST #ifndef TEST
rec_fprintf(state->dest->stream, REC_TYPE_FLGS, "%d", state->saved_flags |= CLEANUP_FLAG_DISCARD;
CLEANUP_FLAG_DISCARD);
state->discard = 1; state->discard = 1;
#endif #endif
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_OK);
@@ -1886,10 +1894,8 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
*/ */
if (STREQUAL(value, "REDIRECT", cmd_len)) { if (STREQUAL(value, "REDIRECT", cmd_len)) {
#ifndef TEST #ifndef TEST
if (state->dest == 0) { if (can_delegate_action(state, table, "REDIRECT", reply_class) == 0)
warn_skip_access_action(table, "REDIRECT", reply_class);
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
}
#endif #endif
if (strchr(cmd_text, '@') == 0) { if (strchr(cmd_text, '@') == 0) {
msg_warn("access map %s entry \"%s\" requires user@domain target", msg_warn("access map %s entry \"%s\" requires user@domain target",
@@ -1900,7 +1906,7 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
reply_name, reply_class, cmd_text); reply_name, reply_class, cmd_text);
log_whatsup(state, "redirect", STR(error_text)); log_whatsup(state, "redirect", STR(error_text));
#ifndef TEST #ifndef TEST
rec_fprintf(state->dest->stream, REC_TYPE_RDR, "%s", cmd_text); UPDATE_STRING(state->saved_redirect, cmd_text);
#endif #endif
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
} }
@@ -4307,8 +4313,6 @@ int main(int argc, char **argv)
*/ */
case 4: case 4:
case 3: case 3:
#define UPDATE_STRING(ptr,val) { if (ptr) myfree(ptr); ptr = mystrdup(val); }
if (strcasecmp(args->argv[0], "client") == 0) { if (strcasecmp(args->argv[0], "client") == 0) {
state.where = "CONNECT"; state.where = "CONNECT";
UPDATE_STRING(state.name, args->argv[1]); UPDATE_STRING(state.name, args->argv[1]);

3
postfix/src/smtpd/smtpd_state.c
View File

@@ -104,6 +104,9 @@ void smtpd_state_init(SMTPD_STATE *state, VSTREAM *stream)
state->proxy_buffer = 0; state->proxy_buffer = 0;
state->proxy_mail = 0; state->proxy_mail = 0;
state->proxy_features = 0; state->proxy_features = 0;
state->saved_filter = 0;
state->saved_redirect = 0;
state->saved_flags = 0;
#ifdef USE_SASL_AUTH #ifdef USE_SASL_AUTH
if (SMTPD_STAND_ALONE(state)) if (SMTPD_STAND_ALONE(state))