mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 18:07:41 +00:00
Code Issues Releases Wiki Activity

postfix-3.9-20240229

Browse Source
This commit is contained in:
Wietse Z Venema 2024-02-29 00:00:00 -05:00 committed by Viktor Dukhovni
parent 3cb9a575a0
commit 5314560c55
12 changed files with 103 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
postfix/HISTORY
View File

@ -27940,5 +27940,19 @@ Apologies for any names omitted.
Cleanups. Fixed some dns_rr_create() calls in test code, Cleanups. Fixed some dns_rr_create() calls in test code,
and reverted a workaround in the DNS record formatter; and reverted a workaround in the DNS record formatter;
files: dns/dns_rr_test.c, dns/dns_strrecord.c. Code formatting; files: dns/dns_rr_test.c, dns/dns_strrecord.c. Code formatting;
file: global/nail_addr_find.c. Added missing test reference; file: global/mail_addr_find.c. Added missing test reference;
file: postconf/test76.ref. file: postconf/test76.ref.
20240229
Clenup: moved the new DNS_RR.flags structure member to the
location of a "padding" hole (two bytes for ILP32 systems,
6 bytes for LP64). File: dns/dns.h.
Deprecation: removed permit_naked_ip_address, reject_maps_rbl,
and check_relay_domains. These have been logging deprecation
warnings since 2005 or earlier, and were removed from Postfix
documentation in 2004 (but who reads logs and documentation?).
Files: smtpd/smtpd_check.c, smtpd/smtpd_check_backup.ref,
smtpd/smtpd_exp.ref, smtpd/smtpd_deprecated.in,
smtpd/smtpd_deprecated.ref.

1
postfix/proto/stop.double-history
View File

@ -118,3 +118,4 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
postconf postconf c postconf postconf_dbms c postconf postconf c postconf postconf_dbms c
File tlsmgr tlsmgr c File tlsmgr tlsmgr c
restrictions Files dns dns h dns dns_lookup c dns dns_rr c restrictions Files dns dns h dns dns_lookup c dns dns_rr c
systems 6 bytes for LP64 File dns dns h

2
postfix/proto/stop.spell-cc
View File

@ -1386,7 +1386,6 @@ th
tha tha
thash thash
THASH THASH
theadsafe
threadsafe threadsafe
thusly thusly
timecmp timecmp
@ -1839,3 +1838,4 @@ depr
dfhHnopqvx dfhHnopqvx
fhHoqvx fhHoqvx
foqvx foqvx
ILP

3
postfix/src/dns/dns.h
View File

@ -161,10 +161,11 @@ typedef struct DNS_RR {
unsigned short pref; /* T_MX and T_SRV record related */ unsigned short pref; /* T_MX and T_SRV record related */
unsigned short weight; /* T_SRV related, defined in rfc2782 */ unsigned short weight; /* T_SRV related, defined in rfc2782 */
unsigned short port; /* T_SRV related, defined in rfc2782 */ unsigned short port; /* T_SRV related, defined in rfc2782 */
/* Assume that flags lives in what was previously padding */
unsigned short flags; /* DNS_RR_FLAG_XX, see below */
struct DNS_RR *next; /* linkage */ struct DNS_RR *next; /* linkage */
size_t data_len; /* actual data size */ size_t data_len; /* actual data size */
char *data; /* a bunch of data */ char *data; /* a bunch of data */
int flags; /* DNS_RR_FLAG_XX, see below */
/* Add new fields at the end, for ABI forward compatibility. */ /* Add new fields at the end, for ABI forward compatibility. */
} DNS_RR; } DNS_RR;

2
postfix/src/dns/dns_lookup.c
View File

@ -306,7 +306,7 @@ typedef struct DNS_REPLY {
/* /*
* Use the threadsafe resolver API if available, not because it is * Use the threadsafe resolver API if available, not because it is
* theadsafe, but because it has more functionality. * threadsafe, but because it has more functionality.
*/ */
#ifdef USE_RES_NCALLS #ifdef USE_RES_NCALLS
static struct __res_state dns_res_state; static struct __res_state dns_res_state;

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20240228" #define MAIL_RELEASE_DATE "20240229"
#define MAIL_VERSION_NUMBER "3.9" #define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT #ifdef SNAPSHOT

8
postfix/src/smtpd/Makefile.in
View File

@ -75,7 +75,8 @@ broken-tests: smtpd_check_test smtpd_check_test2
tests: smtpd_acl_test smtpd_addr_valid_test smtpd_exp_test \ tests: smtpd_acl_test smtpd_addr_valid_test smtpd_exp_test \
smtpd_token_test smtpd_check_test4 smtpd_check_dsn_test \ smtpd_token_test smtpd_check_test4 smtpd_check_dsn_test \
smtpd_check_backup_test smtpd_dnswl_test smtpd_error_test \ smtpd_check_backup_test smtpd_dnswl_test smtpd_error_test \
smtpd_server_test smtpd_nullmx_test smtpd_dns_filter_test smtpd_server_test smtpd_nullmx_test smtpd_dns_filter_test \
smtpd_deprecated_test
root_tests: root_tests:
@ -171,6 +172,11 @@ smtpd_error_test: smtpd_check smtpd_error.in smtpd_error.ref
diff smtpd_error.ref smtpd_check.tmp diff smtpd_error.ref smtpd_check.tmp
rm -f smtpd_check.tmp rm -f smtpd_check.tmp
smtpd_deprecated_test: smtpd_check smtpd_deprecated.in smtpd_deprecated.ref
$(SHLIB_ENV) $(VALGRIND) ./smtpd_check <smtpd_deprecated.in >smtpd_check.tmp 2>&1
diff smtpd_deprecated.ref smtpd_check.tmp
rm -f smtpd_check.tmp
depend: $(MAKES) depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \ (sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \ set -e; for i in [a-z][a-z0-9]*.c; do \

80
postfix/src/smtpd/smtpd_check.c
View File

@ -1675,44 +1675,13 @@ static int check_relay_domains(SMTPD_STATE *state, char *recipient,
/* /*
* Restriction check_relay_domains is deprecated as of Postfix 2.2. * Restriction check_relay_domains is deprecated as of Postfix 2.2.
*/ */
#if 1
static int once;
if (once == 0) {
once = 1;
msg_warn("support for restriction \"%s\" will be removed from %s; "
"use \"%s\" instead",
CHECK_RELAY_DOMAINS, var_mail_name, REJECT_UNAUTH_DEST);
}
#endif
if (msg_verbose) if (msg_verbose)
msg_info("%s: %s", myname, recipient); msg_info("%s: %s", myname, recipient);
/* msg_warn("support for restriction \"%s\" has been removed in %s 3.9; "
* Permit if the client matches the relay_domains list. "use \"%s\" instead",
*/ CHECK_RELAY_DOMAINS, var_mail_name, REJECT_UNAUTH_DEST);
if (domain_list_match(relay_domains, state->name)) { reject_server_error(state);
if (warn_compat_break_relay_domains)
msg_info("using backwards-compatible default setting "
VAR_RELAY_DOMAINS "=$mydestination to permit "
"request from client \"%s\"", state->name);
return (SMTPD_CHECK_OK);
}
/*
* Permit authorized destinations.
*/
if (permit_auth_destination(state, recipient) == SMTPD_CHECK_OK)
return (SMTPD_CHECK_OK);
/*
* Deny relaying between sites that both are not in relay_domains.
*/
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
var_relay_code, "5.7.1",
"<%s>: %s rejected: Relay access denied",
reply_name, reply_class));
} }
/* permit_auth_destination - OK for message relaying */ /* permit_auth_destination - OK for message relaying */
@ -3928,11 +3897,6 @@ static int permit_dnswl_domain(SMTPD_STATE *state, const char *dnswl_domain,
static int reject_maps_rbl(SMTPD_STATE *state) static int reject_maps_rbl(SMTPD_STATE *state)
{ {
const char *myname = "reject_maps_rbl"; const char *myname = "reject_maps_rbl";
char *saved_domains = mystrdup(var_maps_rbl_domains);
char *bp = saved_domains;
char *rbl_domain;
int result = SMTPD_CHECK_DUNNO;
static int warned;
if (msg_verbose) if (msg_verbose)
msg_info("%s: %s", myname, state->addr); msg_info("%s: %s", myname, state->addr);
@ -3940,25 +3904,11 @@ static int reject_maps_rbl(SMTPD_STATE *state)
/* /*
* Restriction reject_maps_rbl is deprecated as of Postfix 2.1. * Restriction reject_maps_rbl is deprecated as of Postfix 2.1.
*/ */
if (warned == 0) { msg_warn("support for restriction \"%s\" has been removed in %s 3.9; "
warned++; "use \"%s domain-name\" instead",
msg_warn("support for restriction \"%s\" will be removed from %s; " REJECT_MAPS_RBL, var_mail_name, REJECT_RBL_CLIENT);
"use \"%s domain-name\" instead",
REJECT_MAPS_RBL, var_mail_name, REJECT_RBL_CLIENT);
}
while ((rbl_domain = mystrtok(&bp, CHARS_COMMA_SP)) != 0) {
result = reject_rbl_addr(state, rbl_domain, state->addr,
SMTPD_NAME_CLIENT);
if (result != SMTPD_CHECK_DUNNO)
break;
}
/* reject_server_error(state);
* Clean up.
*/
myfree(saved_domains);
return (result);
} }
#ifdef USE_SASL_AUTH #ifdef USE_SASL_AUTH
@ -4537,15 +4487,11 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
} }
} else if (strcasecmp(name, PERMIT_NAKED_IP_ADDR) == 0) { } else if (strcasecmp(name, PERMIT_NAKED_IP_ADDR) == 0) {
/* permit_naked_ip_addr is deprecated as of Postfix 2.0. */ /* permit_naked_ip_addr is deprecated as of Postfix 2.0. */
msg_warn("restriction %s is deprecated. Use %s or %s instead", msg_warn("restriction %s has been removed in %s 3.9;"
PERMIT_NAKED_IP_ADDR, PERMIT_MYNETWORKS, PERMIT_SASL_AUTH); " use %s or %s instead",
if (state->helo_name) { PERMIT_NAKED_IP_ADDR, var_mail_name,
if (state->helo_name[strspn(state->helo_name, "0123456789.:")] == 0 PERMIT_MYNETWORKS, PERMIT_SASL_AUTH);
&& (status = reject_invalid_hostaddr(state, state->helo_name, reject_server_error(state);
state->helo_name, SMTPD_NAME_HELO)) == 0)
status = smtpd_acl_permit(state, name, SMTPD_NAME_HELO,
state->helo_name, NO_PRINT_ARGS);
}
} else if (is_map_command(state, name, CHECK_HELO_NS_ACL, &cpp)) { } else if (is_map_command(state, name, CHECK_HELO_NS_ACL, &cpp)) {
if (state->helo_name) { if (state->helo_name) {
status = check_server_access(state, *cpp, state->helo_name, status = check_server_access(state, *cpp, state->helo_name,

1
postfix/src/smtpd/smtpd_check_backup.ref
View File

@ -17,6 +17,7 @@ OK
>>> recipient_restrictions permit_mx_backup,reject >>> recipient_restrictions permit_mx_backup,reject
OK OK
>>> rcpt wietse@wzv.porcupine.org >>> rcpt wietse@wzv.porcupine.org
./smtpd_check: warning: support for restriction "permit_mx_backup" will be removed from Postfix; instead, use "relay_domains"
OK OK
>>> rcpt wietse@backup.porcupine.org >>> rcpt wietse@backup.porcupine.org
OK OK

20
postfix/src/smtpd/smtpd_deprecated.in Normal file
View File

@ -0,0 +1,20 @@
#
# permit_naked_ip_address
#
client foo 127.0.0.2
recipient_restrictions permit_naked_ip_address
helo 127.0.0.2
mail sname@sdomain.example
rcpt rname@rdomain.example
#
# check_relay_domains
#
client foo 127.0.0.2
recipient_restrictions check_relay_domains
relay_domains foo
helo 127.0.0.2
mail sname@sdomain.example
rcpt rname@rdomain.example
#
# reject_maps_rbl is already covered elsewhere.
#

35
postfix/src/smtpd/smtpd_deprecated.ref Normal file
View File

@ -0,0 +1,35 @@
>>> #
>>> # permit_naked_ip_address
>>> #
>>> client foo 127.0.0.2
OK
>>> recipient_restrictions permit_naked_ip_address
OK
>>> helo 127.0.0.2
OK
>>> mail sname@sdomain.example
OK
>>> rcpt rname@rdomain.example
./smtpd_check: warning: restriction permit_naked_ip_address has been removed in Postfix 3.9; use permit_mynetworks or permit_sasl_authenticated instead
./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain.example> to=<rname@rdomain.example> proto=SMTP helo=<127.0.0.2>
451 4.3.5 Server configuration error
>>> #
>>> # check_relay_domains
>>> #
>>> client foo 127.0.0.2
OK
>>> recipient_restrictions check_relay_domains
OK
>>> relay_domains foo
OK
>>> helo 127.0.0.2
OK
>>> mail sname@sdomain.example
OK
>>> rcpt rname@rdomain.example
./smtpd_check: warning: support for restriction "check_relay_domains" has been removed in Postfix 3.9; use "reject_unauth_destination" instead
./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain.example> to=<rname@rdomain.example> proto=SMTP helo=<127.0.0.2>
451 4.3.5 Server configuration error
>>> #
>>> # reject_maps_rbl is already covered elsewhere.
>>> #

10
postfix/src/smtpd/smtpd_exp.ref
View File

@ -25,13 +25,15 @@ OK
>>> client spike.porcupine.org 168.100.3.2 >>> client spike.porcupine.org 168.100.3.2
OK OK
>>> rcpt rname@rdomain >>> rcpt rname@rdomain
./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead ./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; use "reject_rbl_client domain-name" instead
OK ./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
451 4.3.5 Server configuration error
>>> client foo 127.0.0.2 >>> client foo 127.0.0.2
OK OK
>>> rcpt rname@rdomain >>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar> ./smtpd_check: warning: support for restriction "reject_maps_rbl" has been removed in Postfix 3.9; use "reject_rbl_client domain-name" instead
554 5.7.1 Service unavailable; Client host [127.0.0.2] blocked using dnsbltest.porcupine.org; DNS blocklist test ./smtpd_check: <queue id>: reject: RCPT from foo[127.0.0.2]: 451 4.3.5 Server configuration error; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<foobar>
451 4.3.5 Server configuration error
>>> # >>> #
>>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org >>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org
OK OK