diff --git a/postfix/HISTORY b/postfix/HISTORY index a0c4ede22..6411c45db 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -27940,5 +27940,19 @@ Apologies for any names omitted. Cleanups. Fixed some dns_rr_create() calls in test code, and reverted a workaround in the DNS record formatter; files: dns/dns_rr_test.c, dns/dns_strrecord.c. Code formatting; - file: global/nail_addr_find.c. Added missing test reference; + file: global/mail_addr_find.c. Added missing test reference; file: postconf/test76.ref. + +20240229 + + Clenup: moved the new DNS_RR.flags structure member to the + location of a "padding" hole (two bytes for ILP32 systems, + 6 bytes for LP64). File: dns/dns.h. + + Deprecation: removed permit_naked_ip_address, reject_maps_rbl, + and check_relay_domains. These have been logging deprecation + warnings since 2005 or earlier, and were removed from Postfix + documentation in 2004 (but who reads logs and documentation?). + Files: smtpd/smtpd_check.c, smtpd/smtpd_check_backup.ref, + smtpd/smtpd_exp.ref, smtpd/smtpd_deprecated.in, + smtpd/smtpd_deprecated.ref. diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 5583f891d..f6df421ce 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -118,3 +118,4 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html postconf postconf c postconf postconf_dbms c File tlsmgr tlsmgr c restrictions Files dns dns h dns dns_lookup c dns dns_rr c + systems 6 bytes for LP64 File dns dns h diff --git a/postfix/proto/stop.spell-cc b/postfix/proto/stop.spell-cc index 2516b151e..097c7ac7f 100644 --- a/postfix/proto/stop.spell-cc +++ b/postfix/proto/stop.spell-cc @@ -1386,7 +1386,6 @@ th tha thash THASH -theadsafe threadsafe thusly timecmp @@ -1839,3 +1838,4 @@ depr dfhHnopqvx fhHoqvx foqvx +ILP diff --git a/postfix/src/dns/dns.h b/postfix/src/dns/dns.h index 5f2a050ea..987b988f1 100644 --- a/postfix/src/dns/dns.h +++ b/postfix/src/dns/dns.h @@ -161,10 +161,11 @@ typedef struct DNS_RR { unsigned short pref; /* T_MX and T_SRV record related */ unsigned short weight; /* T_SRV related, defined in rfc2782 */ unsigned short port; /* T_SRV related, defined in rfc2782 */ + /* Assume that flags lives in what was previously padding */ + unsigned short flags; /* DNS_RR_FLAG_XX, see below */ struct DNS_RR *next; /* linkage */ size_t data_len; /* actual data size */ char *data; /* a bunch of data */ - int flags; /* DNS_RR_FLAG_XX, see below */ /* Add new fields at the end, for ABI forward compatibility. */ } DNS_RR; diff --git a/postfix/src/dns/dns_lookup.c b/postfix/src/dns/dns_lookup.c index 08bd0319d..4cf9a5f5a 100644 --- a/postfix/src/dns/dns_lookup.c +++ b/postfix/src/dns/dns_lookup.c @@ -306,7 +306,7 @@ typedef struct DNS_REPLY { /* * Use the threadsafe resolver API if available, not because it is - * theadsafe, but because it has more functionality. + * threadsafe, but because it has more functionality. */ #ifdef USE_RES_NCALLS static struct __res_state dns_res_state; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 02168f75c..3095c8a94 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20240228" +#define MAIL_RELEASE_DATE "20240229" #define MAIL_VERSION_NUMBER "3.9" #ifdef SNAPSHOT diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in index 4df864c4d..c8837fe7a 100644 --- a/postfix/src/smtpd/Makefile.in +++ b/postfix/src/smtpd/Makefile.in @@ -75,7 +75,8 @@ broken-tests: smtpd_check_test smtpd_check_test2 tests: smtpd_acl_test smtpd_addr_valid_test smtpd_exp_test \ smtpd_token_test smtpd_check_test4 smtpd_check_dsn_test \ smtpd_check_backup_test smtpd_dnswl_test smtpd_error_test \ - smtpd_server_test smtpd_nullmx_test smtpd_dns_filter_test + smtpd_server_test smtpd_nullmx_test smtpd_dns_filter_test \ + smtpd_deprecated_test root_tests: @@ -171,6 +172,11 @@ smtpd_error_test: smtpd_check smtpd_error.in smtpd_error.ref diff smtpd_error.ref smtpd_check.tmp rm -f smtpd_check.tmp +smtpd_deprecated_test: smtpd_check smtpd_deprecated.in smtpd_deprecated.ref + $(SHLIB_ENV) $(VALGRIND) ./smtpd_check smtpd_check.tmp 2>&1 + diff smtpd_deprecated.ref smtpd_check.tmp + rm -f smtpd_check.tmp + depend: $(MAKES) (sed '1,/^# do not edit/!d' Makefile.in; \ set -e; for i in [a-z][a-z0-9]*.c; do \ diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 769f7c90b..1ea31e7c6 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -1675,44 +1675,13 @@ static int check_relay_domains(SMTPD_STATE *state, char *recipient, /* * Restriction check_relay_domains is deprecated as of Postfix 2.2. */ -#if 1 - static int once; - - if (once == 0) { - once = 1; - msg_warn("support for restriction \"%s\" will be removed from %s; " - "use \"%s\" instead", - CHECK_RELAY_DOMAINS, var_mail_name, REJECT_UNAUTH_DEST); - } -#endif - if (msg_verbose) msg_info("%s: %s", myname, recipient); - /* - * Permit if the client matches the relay_domains list. - */ - if (domain_list_match(relay_domains, state->name)) { - if (warn_compat_break_relay_domains) - msg_info("using backwards-compatible default setting " - VAR_RELAY_DOMAINS "=$mydestination to permit " - "request from client \"%s\"", state->name); - return (SMTPD_CHECK_OK); - } - - /* - * Permit authorized destinations. - */ - if (permit_auth_destination(state, recipient) == SMTPD_CHECK_OK) - return (SMTPD_CHECK_OK); - - /* - * Deny relaying between sites that both are not in relay_domains. - */ - return (smtpd_check_reject(state, MAIL_ERROR_POLICY, - var_relay_code, "5.7.1", - "<%s>: %s rejected: Relay access denied", - reply_name, reply_class)); + msg_warn("support for restriction \"%s\" has been removed in %s 3.9; " + "use \"%s\" instead", + CHECK_RELAY_DOMAINS, var_mail_name, REJECT_UNAUTH_DEST); + reject_server_error(state); } /* permit_auth_destination - OK for message relaying */ @@ -3928,11 +3897,6 @@ static int permit_dnswl_domain(SMTPD_STATE *state, const char *dnswl_domain, static int reject_maps_rbl(SMTPD_STATE *state) { const char *myname = "reject_maps_rbl"; - char *saved_domains = mystrdup(var_maps_rbl_domains); - char *bp = saved_domains; - char *rbl_domain; - int result = SMTPD_CHECK_DUNNO; - static int warned; if (msg_verbose) msg_info("%s: %s", myname, state->addr); @@ -3940,25 +3904,11 @@ static int reject_maps_rbl(SMTPD_STATE *state) /* * Restriction reject_maps_rbl is deprecated as of Postfix 2.1. */ - if (warned == 0) { - warned++; - msg_warn("support for restriction \"%s\" will be removed from %s; " - "use \"%s domain-name\" instead", - REJECT_MAPS_RBL, var_mail_name, REJECT_RBL_CLIENT); - } - while ((rbl_domain = mystrtok(&bp, CHARS_COMMA_SP)) != 0) { - result = reject_rbl_addr(state, rbl_domain, state->addr, - SMTPD_NAME_CLIENT); - if (result != SMTPD_CHECK_DUNNO) - break; - } + msg_warn("support for restriction \"%s\" has been removed in %s 3.9; " + "use \"%s domain-name\" instead", + REJECT_MAPS_RBL, var_mail_name, REJECT_RBL_CLIENT); - /* - * Clean up. - */ - myfree(saved_domains); - - return (result); + reject_server_error(state); } #ifdef USE_SASL_AUTH @@ -4537,15 +4487,11 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, } } else if (strcasecmp(name, PERMIT_NAKED_IP_ADDR) == 0) { /* permit_naked_ip_addr is deprecated as of Postfix 2.0. */ - msg_warn("restriction %s is deprecated. Use %s or %s instead", - PERMIT_NAKED_IP_ADDR, PERMIT_MYNETWORKS, PERMIT_SASL_AUTH); - if (state->helo_name) { - if (state->helo_name[strspn(state->helo_name, "0123456789.:")] == 0 - && (status = reject_invalid_hostaddr(state, state->helo_name, - state->helo_name, SMTPD_NAME_HELO)) == 0) - status = smtpd_acl_permit(state, name, SMTPD_NAME_HELO, - state->helo_name, NO_PRINT_ARGS); - } + msg_warn("restriction %s has been removed in %s 3.9;" + " use %s or %s instead", + PERMIT_NAKED_IP_ADDR, var_mail_name, + PERMIT_MYNETWORKS, PERMIT_SASL_AUTH); + reject_server_error(state); } else if (is_map_command(state, name, CHECK_HELO_NS_ACL, &cpp)) { if (state->helo_name) { status = check_server_access(state, *cpp, state->helo_name, diff --git a/postfix/src/smtpd/smtpd_check_backup.ref b/postfix/src/smtpd/smtpd_check_backup.ref index 8f4a0f279..c15be35f3 100644 --- a/postfix/src/smtpd/smtpd_check_backup.ref +++ b/postfix/src/smtpd/smtpd_check_backup.ref @@ -17,6 +17,7 @@ OK >>> recipient_restrictions permit_mx_backup,reject OK >>> rcpt wietse@wzv.porcupine.org +./smtpd_check: warning: support for restriction "permit_mx_backup" will be removed from Postfix; instead, use "relay_domains" OK >>> rcpt wietse@backup.porcupine.org OK diff --git a/postfix/src/smtpd/smtpd_deprecated.in b/postfix/src/smtpd/smtpd_deprecated.in new file mode 100644 index 000000000..345ee7107 --- /dev/null +++ b/postfix/src/smtpd/smtpd_deprecated.in @@ -0,0 +1,20 @@ +# +# permit_naked_ip_address +# +client foo 127.0.0.2 +recipient_restrictions permit_naked_ip_address +helo 127.0.0.2 +mail sname@sdomain.example +rcpt rname@rdomain.example +# +# check_relay_domains +# +client foo 127.0.0.2 +recipient_restrictions check_relay_domains +relay_domains foo +helo 127.0.0.2 +mail sname@sdomain.example +rcpt rname@rdomain.example +# +# reject_maps_rbl is already covered elsewhere. +# diff --git a/postfix/src/smtpd/smtpd_deprecated.ref b/postfix/src/smtpd/smtpd_deprecated.ref new file mode 100644 index 000000000..d64f1b3d5 --- /dev/null +++ b/postfix/src/smtpd/smtpd_deprecated.ref @@ -0,0 +1,35 @@ +>>> # +>>> # permit_naked_ip_address +>>> # +>>> client foo 127.0.0.2 +OK +>>> recipient_restrictions permit_naked_ip_address +OK +>>> helo 127.0.0.2 +OK +>>> mail sname@sdomain.example +OK +>>> rcpt rname@rdomain.example +./smtpd_check: warning: restriction permit_naked_ip_address has been removed in Postfix 3.9; use permit_mynetworks or permit_sasl_authenticated instead +./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from= to= proto=SMTP helo=<127.0.0.2> +451 4.3.5 Server configuration error +>>> # +>>> # check_relay_domains +>>> # +>>> client foo 127.0.0.2 +OK +>>> recipient_restrictions check_relay_domains +OK +>>> relay_domains foo +OK +>>> helo 127.0.0.2 +OK +>>> mail sname@sdomain.example +OK +>>> rcpt rname@rdomain.example +./smtpd_check: warning: support for restriction "check_relay_domains" has been removed in Postfix 3.9; use "reject_unauth_destination" instead +./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from= to= proto=SMTP helo=<127.0.0.2> +451 4.3.5 Server configuration error +>>> # +>>> # reject_maps_rbl is already covered elsewhere. +>>> # diff --git a/postfix/src/smtpd/smtpd_exp.ref b/postfix/src/smtpd/smtpd_exp.ref index 22c027e76..00848a538 100644 --- a/postfix/src/smtpd/smtpd_exp.ref +++ b/postfix/src/smtpd/smtpd_exp.ref @@ -25,13 +25,15 @@ OK >>> client spike.porcupine.org 168.100.3.2 OK >>> rcpt rname@rdomain -./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead -OK +./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; use "reject_rbl_client domain-name" instead +./smtpd_check: : reject: RCPT from spike.porcupine.org[168.100.3.2]: 451 4.3.5 Server configuration error; from= to= proto=SMTP helo= +451 4.3.5 Server configuration error >>> client foo 127.0.0.2 OK >>> rcpt rname@rdomain -./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test; from= to= proto=SMTP helo= -554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test +./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; use "reject_rbl_client domain-name" instead +./smtpd_check: : reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from= to= proto=SMTP helo= +451 4.3.5 Server configuration error >>> # >>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org OK