mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-28 20:57:56 +00:00
Code Issues Releases Wiki Activity

postfix-3.8-20221207

Browse Source
This commit is contained in:
Wietse Venema 2022-12-07 00:00:00 -05:00 committed by Viktor Dukhovni
parent f54d4f0f18
commit 5835cf11c8
15 changed files with 283 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
postfix/HISTORY
View File

@ -26659,3 +26659,37 @@ Apologies for any names omitted.
Documentation: the local_header_rewrite_clients and Documentation: the local_header_rewrite_clients and
remote_header_rewrite_domain features also enable adding remote_header_rewrite_domain features also enable adding
missing headers. File: proto/postconf.proto. missing headers. File: proto/postconf.proto.
20221125
Bugfix (introduced: Postfix 3.6): the Postfix TLS client
logged a TLS connection as 'Untrusted' instead of 'Trusted',
when a matching DANE record was found but the MX RRset was
insecure. Fix by Viktor Dukhovni. File: tls/tls_client.c.
20221128
Bugfix (introduced: Postfix 2.2): the smtpd_proxy_client
code mis-parsed the last XFORWARD attribute name in the
SMTP server's EHLO response. The result was that the
smtpd_proxy_client code failed to forward the IDENT attribute.
Fix by Andreas Weigel. File: smtpd/smtpd_proxy.c.
Typo in MAILLOG_README. Paul Menzel.
20221207
Workaround: OpenSSL 3.x EVP_get_digestbyname() can return
lazily bound handles that may fail to work when one attempts
to use them, because no provider search happens until one
constructs an actual operation context. In sufficiently
hostile configurations, Postfix could mistakenly believe
that an algorithm is available, when in fact it is not. A
similar workaround may be needed for EVP_get_cipherbyname().
Fix by Viktor Dukhovni. Files: tls/tls.h, tls/tls_dane.c,
tls/tls_fprint.c, tls/tls_misc.c.
Bugfix (introduced: Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally;
it should evaluate the argument only if there was no prior
error. Found during code review. File: tls/tls_fprint.c.

2
postfix/README_FILES/MAILLOG_README
View File

@ -4,7 +4,7 @@ PPoossttffiixx llooggggiinngg ttoo ffiillee oorr ssttdd
OOvveerrvviieeww OOvveerrvviieeww
Postfix supports it own logging system as an alternative to syslog (which Postfix supports its own logging system as an alternative to syslog (which
remains the default). This is available with Postfix version 3.4 or later. remains the default). This is available with Postfix version 3.4 or later.
Topics covered in this document: Topics covered in this document:

15
postfix/WISHLIST
View File

@ -9,6 +9,14 @@ Wish list:
Scan Postfix code with github.com/googleprojectzero/weggli Scan Postfix code with github.com/googleprojectzero/weggli
(depends on "rust"). (depends on "rust").
In tls_fprint.c() rename unsafe macros to upper-case names.
For example, checkok() has a function-like name, but it
evaluates arguments conditionally. Rename all macros that
invoke checkok().
Update TLS_README diagram, tlsmgr no longer manages cert
info.
Consider renaming local_header_rewrite_clients to Consider renaming local_header_rewrite_clients to
local_header_canonicalize_clients, as a more accurate name. local_header_canonicalize_clients, as a more accurate name.
Optionally support "local_header_canonicalize_classes = Optionally support "local_header_canonicalize_classes =
@ -17,6 +25,13 @@ Wish list:
And ditto for remote_header_rewrite_domain, whether it And ditto for remote_header_rewrite_domain, whether it
should rewrite address, add missing headers, or both. should rewrite address, add missing headers, or both.
Add weight factors to randmap, for example randmap:{{result1}*99,
{result2}*1}. To parse out weights, see postscreen.
randmap already allows randmap:{{result}, ...}, to support
whitespace and comma in result values, but it should also
extract the value from {}.
Migrate masquerade_domains from ARGV to STRING_LIST, or Migrate masquerade_domains from ARGV to STRING_LIST, or
deprecate this feature because it breaks table-driven address deprecate this feature because it breaks table-driven address
validation. validation.

2
postfix/html/MAILLOG_README.html
View File

@ -20,7 +20,7 @@ logging to file or stdout</h1>
<h2>Overview </h2> <h2>Overview </h2>
<p> Postfix supports it own logging system as an alternative to <p> Postfix supports its own logging system as an alternative to
syslog (which remains the default). This is available with Postfix syslog (which remains the default). This is available with Postfix
version 3.4 or later. </p> version 3.4 or later. </p>

36
postfix/html/smtpd.8.html
View File

@ -194,12 +194,9 @@ SMTPD(8) SMTPD(8)
Available in Postfix version 2.2 and later: Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b> <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
Rewrite message header addresses in mail from these clients and Rewrite or add message headers in mail from these clients,
update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or updating incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a>
$<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other or $<a href="postconf.5.html#mydomain">mydomain</a>, and adding missing headers.
clients at all, or rewrite message headers and update incomplete
addresses with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
<a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter.
<b>BEFORE-SMTPD PROXY AGENT</b> <b>BEFORE-SMTPD PROXY AGENT</b>
Available in Postfix version 2.10 and later: Available in Postfix version 2.10 and later:
@ -520,8 +517,8 @@ SMTPD(8) SMTPD(8)
client certificate in order to allow TLS connections to proceed. client certificate in order to allow TLS connections to proceed.
<b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b> <b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b>
Run the Postfix SMTP server in the non-standard "wrapper" mode, Run the Postfix SMTP server in TLS "wrapper" mode, instead of
instead of using the STARTTLS command. using the STARTTLS command.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b> <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
@ -654,7 +651,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b> <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533. in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> (no)</b> <b><a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> (no)</b>
Enable stricter enforcement of the SMTPUTF8 protocol. Enable stricter enforcement of the SMTPUTF8 protocol.
@ -777,12 +774,13 @@ SMTPD(8) SMTPD(8)
mail delivery transport. mail delivery transport.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
The network interface addresses that this mail system receives The local network interface addresses that this mail system
mail on. receives mail on.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail system receives The remote network interface addresses that this mail system
mail on by way of a proxy or network address translation unit. receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b> <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b>
The Internet protocols Postfix will attempt to use when making The Internet protocols Postfix will attempt to use when making
@ -818,13 +816,13 @@ SMTPD(8) SMTPD(8)
domains: domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b> <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
Postfix is final destination for the specified list of virtual Postfix is the final destination for the specified list of vir-
alias domains, that is, domains for which all addresses are tual alias domains, that is, domains for which all addresses are
aliased to addresses in other local or remote domains. aliased to addresses in other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b> <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
Optional lookup tables that alias specific mail addresses or Optional lookup tables that alias specific mail addresses or
domains to other local or remote address. domains to other local or remote addresses.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b> <b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
The Postfix SMTP server reply code when a recipient address The Postfix SMTP server reply code when a recipient address
@ -836,9 +834,9 @@ SMTPD(8) SMTPD(8)
domains: domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b> <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
Postfix is final destination for the specified list of domains; Postfix is the final destination for the specified list of
mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail
transport. delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b> <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
Optional lookup tables with all valid addresses in the domains Optional lookup tables with all valid addresses in the domains

23
postfix/man/man8/smtpd.8
View File

@ -190,12 +190,9 @@ filtering, or address mapping.
.PP .PP
Available in Postfix version 2.2 and later: Available in Postfix version 2.2 and later:
.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
Rewrite message header addresses in mail from these clients and Rewrite or add message headers in mail from these clients,
update incomplete addresses with the domain name in $myorigin or updating incomplete addresses with the domain name in $myorigin or
$mydomain; either don't rewrite message headers from other clients $mydomain, and adding missing headers.
at all, or rewrite message headers and update incomplete addresses
with the domain specified in the remote_header_rewrite_domain
parameter.
.SH "BEFORE-SMTPD PROXY AGENT" .SH "BEFORE-SMTPD PROXY AGENT"
.na .na
.nf .nf
@ -473,7 +470,7 @@ CommonName.
With mandatory TLS encryption, require a trusted remote SMTP client With mandatory TLS encryption, require a trusted remote SMTP client
certificate in order to allow TLS connections to proceed. certificate in order to allow TLS connections to proceed.
.IP "\fBsmtpd_tls_wrappermode (no)\fR" .IP "\fBsmtpd_tls_wrappermode (no)\fR"
Run the Postfix SMTP server in the non\-standard "wrapper" mode, Run the Postfix SMTP server in TLS "wrapper" mode,
instead of using the STARTTLS command. instead of using the STARTTLS command.
.IP "\fBtls_daemon_random_bytes (32)\fR" .IP "\fBtls_daemon_random_bytes (32)\fR"
The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
@ -584,7 +581,7 @@ cipher list.
Preliminary SMTPUTF8 support is introduced with Postfix 3.0. Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
.IP "\fBsmtputf8_enable (yes)\fR" .IP "\fBsmtputf8_enable (yes)\fR"
Enable preliminary SMTPUTF8 support for the protocols described Enable preliminary SMTPUTF8 support for the protocols described
in RFC 6531..6533. in RFC 6531, RFC 6532, and RFC 6533.
.IP "\fBstrict_smtputf8 (no)\fR" .IP "\fBstrict_smtputf8 (no)\fR"
Enable stricter enforcement of the SMTPUTF8 protocol. Enable stricter enforcement of the SMTPUTF8 protocol.
.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
@ -694,10 +691,10 @@ Parameters concerning known/unknown local recipients:
The list of domains that are delivered via the $local_transport The list of domains that are delivered via the $local_transport
mail delivery transport. mail delivery transport.
.IP "\fBinet_interfaces (all)\fR" .IP "\fBinet_interfaces (all)\fR"
The network interface addresses that this mail system receives The local network interface addresses that this mail system receives
mail on. mail on.
.IP "\fBproxy_interfaces (empty)\fR" .IP "\fBproxy_interfaces (empty)\fR"
The network interface addresses that this mail system receives mail The remote network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit. on by way of a proxy or network address translation unit.
.IP "\fBinet_protocols (see 'postconf -d output')\fR" .IP "\fBinet_protocols (see 'postconf -d output')\fR"
The Internet protocols Postfix will attempt to use when making The Internet protocols Postfix will attempt to use when making
@ -726,12 +723,12 @@ a list of lookup tables that does not match the recipient address.
Parameters concerning known/unknown recipients in virtual alias Parameters concerning known/unknown recipients in virtual alias
domains: domains:
.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" .IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
Postfix is final destination for the specified list of virtual Postfix is the final destination for the specified list of virtual
alias domains, that is, domains for which all addresses are aliased alias domains, that is, domains for which all addresses are aliased
to addresses in other local or remote domains. to addresses in other local or remote domains.
.IP "\fBvirtual_alias_maps ($virtual_maps)\fR" .IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
Optional lookup tables that alias specific mail addresses or domains Optional lookup tables that alias specific mail addresses or domains
to other local or remote address. to other local or remote addresses.
.IP "\fBunknown_virtual_alias_reject_code (550)\fR" .IP "\fBunknown_virtual_alias_reject_code (550)\fR"
The Postfix SMTP server reply code when a recipient address matches The Postfix SMTP server reply code when a recipient address matches
$virtual_alias_domains, and $virtual_alias_maps specifies a list $virtual_alias_domains, and $virtual_alias_maps specifies a list
@ -740,7 +737,7 @@ of lookup tables that does not match the recipient address.
Parameters concerning known/unknown recipients in virtual mailbox Parameters concerning known/unknown recipients in virtual mailbox
domains: domains:
.IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR" .IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR"
Postfix is final destination for the specified list of domains; Postfix is the final destination for the specified list of domains;
mail is delivered via the $virtual_transport mail delivery transport. mail is delivered via the $virtual_transport mail delivery transport.
.IP "\fBvirtual_mailbox_maps (empty)\fR" .IP "\fBvirtual_mailbox_maps (empty)\fR"
Optional lookup tables with all valid addresses in the domains that Optional lookup tables with all valid addresses in the domains that

2
postfix/proto/MAILLOG_README.html
View File

@ -20,7 +20,7 @@ logging to file or stdout</h1>
<h2>Overview </h2> <h2>Overview </h2>
<p> Postfix supports it own logging system as an alternative to <p> Postfix supports its own logging system as an alternative to
syslog (which remains the default). This is available with Postfix syslog (which remains the default). This is available with Postfix
version 3.4 or later. </p> version 3.4 or later. </p>

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20221023" #define MAIL_RELEASE_DATE "20221207"
#define MAIL_VERSION_NUMBER "3.8" #define MAIL_VERSION_NUMBER "3.8"
#ifdef SNAPSHOT #ifdef SNAPSHOT

23
postfix/src/smtpd/smtpd.c
View File

@ -172,12 +172,9 @@
/* .PP /* .PP
/* Available in Postfix version 2.2 and later: /* Available in Postfix version 2.2 and later:
/* .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" /* .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
/* Rewrite message header addresses in mail from these clients and /* Rewrite or add message headers in mail from these clients,
/* update incomplete addresses with the domain name in $myorigin or /* updating incomplete addresses with the domain name in $myorigin or
/* $mydomain; either don't rewrite message headers from other clients /* $mydomain, and adding missing headers.
/* at all, or rewrite message headers and update incomplete addresses
/* with the domain specified in the remote_header_rewrite_domain
/* parameter.
/* BEFORE-SMTPD PROXY AGENT /* BEFORE-SMTPD PROXY AGENT
/* .ad /* .ad
/* .fi /* .fi
@ -439,7 +436,7 @@
/* With mandatory TLS encryption, require a trusted remote SMTP client /* With mandatory TLS encryption, require a trusted remote SMTP client
/* certificate in order to allow TLS connections to proceed. /* certificate in order to allow TLS connections to proceed.
/* .IP "\fBsmtpd_tls_wrappermode (no)\fR" /* .IP "\fBsmtpd_tls_wrappermode (no)\fR"
/* Run the Postfix SMTP server in the non-standard "wrapper" mode, /* Run the Postfix SMTP server in TLS "wrapper" mode,
/* instead of using the STARTTLS command. /* instead of using the STARTTLS command.
/* .IP "\fBtls_daemon_random_bytes (32)\fR" /* .IP "\fBtls_daemon_random_bytes (32)\fR"
/* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
@ -546,7 +543,7 @@
/* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. /* Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
/* .IP "\fBsmtputf8_enable (yes)\fR" /* .IP "\fBsmtputf8_enable (yes)\fR"
/* Enable preliminary SMTPUTF8 support for the protocols described /* Enable preliminary SMTPUTF8 support for the protocols described
/* in RFC 6531..6533. /* in RFC 6531, RFC 6532, and RFC 6533.
/* .IP "\fBstrict_smtputf8 (no)\fR" /* .IP "\fBstrict_smtputf8 (no)\fR"
/* Enable stricter enforcement of the SMTPUTF8 protocol. /* Enable stricter enforcement of the SMTPUTF8 protocol.
/* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
@ -650,10 +647,10 @@
/* The list of domains that are delivered via the $local_transport /* The list of domains that are delivered via the $local_transport
/* mail delivery transport. /* mail delivery transport.
/* .IP "\fBinet_interfaces (all)\fR" /* .IP "\fBinet_interfaces (all)\fR"
/* The network interface addresses that this mail system receives /* The local network interface addresses that this mail system receives
/* mail on. /* mail on.
/* .IP "\fBproxy_interfaces (empty)\fR" /* .IP "\fBproxy_interfaces (empty)\fR"
/* The network interface addresses that this mail system receives mail /* The remote network interface addresses that this mail system receives mail
/* on by way of a proxy or network address translation unit. /* on by way of a proxy or network address translation unit.
/* .IP "\fBinet_protocols (see 'postconf -d output')\fR" /* .IP "\fBinet_protocols (see 'postconf -d output')\fR"
/* The Internet protocols Postfix will attempt to use when making /* The Internet protocols Postfix will attempt to use when making
@ -682,12 +679,12 @@
/* Parameters concerning known/unknown recipients in virtual alias /* Parameters concerning known/unknown recipients in virtual alias
/* domains: /* domains:
/* .IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" /* .IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
/* Postfix is final destination for the specified list of virtual /* Postfix is the final destination for the specified list of virtual
/* alias domains, that is, domains for which all addresses are aliased /* alias domains, that is, domains for which all addresses are aliased
/* to addresses in other local or remote domains. /* to addresses in other local or remote domains.
/* .IP "\fBvirtual_alias_maps ($virtual_maps)\fR" /* .IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
/* Optional lookup tables that alias specific mail addresses or domains /* Optional lookup tables that alias specific mail addresses or domains
/* to other local or remote address. /* to other local or remote addresses.
/* .IP "\fBunknown_virtual_alias_reject_code (550)\fR" /* .IP "\fBunknown_virtual_alias_reject_code (550)\fR"
/* The Postfix SMTP server reply code when a recipient address matches /* The Postfix SMTP server reply code when a recipient address matches
/* $virtual_alias_domains, and $virtual_alias_maps specifies a list /* $virtual_alias_domains, and $virtual_alias_maps specifies a list
@ -696,7 +693,7 @@
/* Parameters concerning known/unknown recipients in virtual mailbox /* Parameters concerning known/unknown recipients in virtual mailbox
/* domains: /* domains:
/* .IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR" /* .IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR"
/* Postfix is final destination for the specified list of domains; /* Postfix is the final destination for the specified list of domains;
/* mail is delivered via the $virtual_transport mail delivery transport. /* mail is delivered via the $virtual_transport mail delivery transport.
/* .IP "\fBvirtual_mailbox_maps (empty)\fR" /* .IP "\fBvirtual_mailbox_maps (empty)\fR"
/* Optional lookup tables with all valid addresses in the domains that /* Optional lookup tables with all valid addresses in the domains that

2
postfix/src/smtpd/smtpd_proxy.c
View File

@ -388,7 +388,7 @@ static int smtpd_proxy_connect(SMTPD_STATE *state)
*/ */
server_xforward_features = 0; server_xforward_features = 0;
lines = STR(proxy->reply); lines = STR(proxy->reply);
while ((words = mystrtok(&lines, "\n")) != 0) { while ((words = mystrtok(&lines, "\r\n")) != 0) {
if (mystrtok(&words, "- ") && (word = mystrtok(&words, " \t")) != 0) { if (mystrtok(&words, "- ") && (word = mystrtok(&words, " \t")) != 0) {
if (strcasecmp(word, XFORWARD_CMD) == 0) if (strcasecmp(word, XFORWARD_CMD) == 0)
while ((word = mystrtok(&words, " \t")) != 0) while ((word = mystrtok(&words, " \t")) != 0)

1
postfix/src/tls/tls.h
View File

@ -647,6 +647,7 @@ extern TLS_TLSA *tlsa_prepend(TLS_TLSA *, uint8_t, uint8_t, uint8_t,
/* /*
* tls_fprint.c * tls_fprint.c
*/ */
extern const EVP_MD *tls_digest_byname(const char *, EVP_MD_CTX **);
extern char *tls_digest_encode(const unsigned char *, int); extern char *tls_digest_encode(const unsigned char *, int);
extern char *tls_cert_fprint(X509 *, const char *); extern char *tls_cert_fprint(X509 *, const char *);
extern char *tls_pkey_fprint(X509 *, const char *); extern char *tls_pkey_fprint(X509 *, const char *);

4
postfix/src/tls/tls_client.c
View File

@ -324,6 +324,7 @@ static void verify_extract_name(TLS_SESS_STATE *TLScontext, X509 *peercert,
* checks are now performed internally in OpenSSL. * checks are now performed internally in OpenSSL.
*/ */
if (SSL_get_verify_result(TLScontext->con) == X509_V_OK) { if (SSL_get_verify_result(TLScontext->con) == X509_V_OK) {
TLScontext->peer_status |= TLS_CERT_FLAG_TRUSTED;
if (TLScontext->must_fail) { if (TLScontext->must_fail) {
msg_panic("%s: cert valid despite trust init failure", msg_panic("%s: cert valid despite trust init failure",
TLScontext->namaddr); TLScontext->namaddr);
@ -352,8 +353,7 @@ static void verify_extract_name(TLS_SESS_STATE *TLScontext, X509 *peercert,
TLScontext->namaddr, peername); TLScontext->namaddr, peername);
tls_dane_log(TLScontext); tls_dane_log(TLScontext);
} }
} else }
TLScontext->peer_status |= TLS_CERT_FLAG_TRUSTED;
} }
/* /*

8
postfix/src/tls/tls_dane.c
View File

@ -823,7 +823,7 @@ int tls_dane_enable(TLS_SESS_STATE *TLScontext)
/* tls_dane_digest_init - configure supported DANE digests */ /* tls_dane_digest_init - configure supported DANE digests */
void tls_dane_digest_init(SSL_CTX *ctx, const EVP_MD * fpt_alg) void tls_dane_digest_init(SSL_CTX *ctx, const EVP_MD *fpt_alg)
{ {
dane_mtype mtypes[256]; dane_mtype mtypes[256];
char *cp; char *cp;
@ -930,7 +930,7 @@ void tls_dane_digest_init(SSL_CTX *ctx, const EVP_MD * fpt_alg)
} }
mtypes[codepoint].ord = ++ord; mtypes[codepoint].ord = ++ord;
if ((mtypes[codepoint].alg = EVP_get_digestbyname(algname)) == 0) { if ((mtypes[codepoint].alg = tls_digest_byname(algname, NULL)) == 0) {
msg_warn("%s: digest algorithm \"%s\"(%d) unknown", msg_warn("%s: digest algorithm \"%s\"(%d) unknown",
VAR_TLS_DANE_DIGESTS, algname, codepoint); VAR_TLS_DANE_DIGESTS, algname, codepoint);
continue; continue;
@ -1132,11 +1132,11 @@ static void load_tlsa_args(SSL *ssl, char *argv[])
case 0: case 0:
break; break;
case 1: case 1:
if ((md = EVP_get_digestbyname(LN_sha256)) == 0) if ((md = tls_digest_byname(LN_sha256, NULL)) == 0)
msg_fatal("Digest %s not found", LN_sha256); msg_fatal("Digest %s not found", LN_sha256);
break; break;
case 2: case 2:
if ((md = EVP_get_digestbyname(LN_sha512)) == 0) if ((md = tls_digest_byname(LN_sha512, NULL)) == 0)
msg_fatal("Digest %s not found", LN_sha512); msg_fatal("Digest %s not found", LN_sha512);
break; break;
default: default:

76
postfix/src/tls/tls_fprint.c
View File

@ -6,6 +6,10 @@
/* SYNOPSIS /* SYNOPSIS
/* #include <tls.h> /* #include <tls.h>
/* /*
/* EVP_MD *tls_digest_byname(const char *mdalg, EVP_MD_CTX **mdctxPtr)
/* const char *mdalg;
/* EVP_MD_CTX **mdctxPtr;
/*
/* char *tls_serverid_digest(TLScontext, props, ciphers) /* char *tls_serverid_digest(TLScontext, props, ciphers)
/* TLS_SESS_STATE *TLScontext; /* TLS_SESS_STATE *TLScontext;
/* const TLS_CLIENT_START_PROPS *props; /* const TLS_CLIENT_START_PROPS *props;
@ -23,6 +27,13 @@
/* X509 *peercert; /* X509 *peercert;
/* const char *mdalg; /* const char *mdalg;
/* DESCRIPTION /* DESCRIPTION
/* tls_digest_byname() constructs, and optionally returns, an EVP_MD_CTX
/* handle for performing digest operations with the algorithm named by the
/* mdalg parameter. The return value is non-null on success, and holds a
/* digest algorithm handle. If the mdctxPtr argument is non-null the
/* created context is returned to the caller, who is then responsible for
/* deleting it by calling EVP_MD_ctx_free() once it is no longer needed.
/*
/* tls_digest_encode() converts a binary message digest to a hex ASCII /* tls_digest_encode() converts a binary message digest to a hex ASCII
/* format with ':' separators between each pair of hex digits. /* format with ':' separators between each pair of hex digits.
/* The return value is dynamically allocated with mymalloc(), /* The return value is dynamically allocated with mymalloc(),
@ -50,6 +61,8 @@
/* free it with myfree(). /* free it with myfree().
/* /*
/* Arguments: /* Arguments:
/* .IP mdalg
/* A digest algorithm name, such as "sha256".
/* .IP peercert /* .IP peercert
/* Server or client X.509 certificate. /* Server or client X.509 certificate.
/* .IP md_buf /* .IP md_buf
@ -60,6 +73,9 @@
/* Name of a message digest algorithm suitable for computing secure /* Name of a message digest algorithm suitable for computing secure
/* (1st pre-image resistant) message digests of certificates. For now, /* (1st pre-image resistant) message digests of certificates. For now,
/* md5, sha1, or member of SHA-2 family if supported by OpenSSL. /* md5, sha1, or member of SHA-2 family if supported by OpenSSL.
/* .IP mdctxPtr
/* Pointer to an (EVP_MD_CTX *) handle, or NULL if only probing for
/* algorithm support without immediate use in mind.
/* .IP buf /* .IP buf
/* Input data for the message digest algorithm mdalg. /* Input data for the message digest algorithm mdalg.
/* .IP len /* .IP len
@ -114,7 +130,7 @@
static const char hexcodes[] = "0123456789ABCDEF"; static const char hexcodes[] = "0123456789ABCDEF";
#define checkok(ret) (ok &= ((ret) ? 1 : 0)) #define checkok(stillok) (ok = ok && (stillok))
#define digest_object(p) digest_data((unsigned char *)(p), sizeof(*(p))) #define digest_object(p) digest_data((unsigned char *)(p), sizeof(*(p)))
#define digest_data(p, l) checkok(digest_bytes(mdctx, (p), (l))) #define digest_data(p, l) checkok(digest_bytes(mdctx, (p), (l)))
#define digest_string(s) checkok(digest_chars(mdctx, (s))) #define digest_string(s) checkok(digest_chars(mdctx, (s)))
@ -182,6 +198,44 @@ static int tls_digest_tlsa(EVP_MD_CTX *mdctx, TLS_TLSA *tlsa)
return (ok); return (ok);
} }
/* tls_digest_byname - test availability or prepare to use digest */
const EVP_MD *tls_digest_byname(const char *mdalg, EVP_MD_CTX **mdctxPtr)
{
const EVP_MD *md;
EVP_MD_CTX *mdctx = NULL;
int ok = 1;
/*
* In OpenSSL 3.0, because of dynamically variable algorithm providers,
* there is a time-of-check/time-of-use issue that means that abstract
* algorithm handles returned by EVP_get_digestbyname() can (and not
* infrequently do) return ultimately unusable algorithms, to check for
* actual availability, one needs to use the new EVP_MD_fetch() API, or
* indirectly check usability by creating a concrete context. We take the
* latter approach here (works for 1.1.1 without #ifdef).
*
* Note that EVP_MD_CTX_{create,destroy} were renamed to, respectively,
* EVP_MD_CTX_{new,free} in OpenSSL 1.1.0.
*/
checkok(md = EVP_get_digestbyname(mdalg));
/*
* Sanity check: Newer shared libraries could (hypothentical ABI break)
* allow larger digests, we avoid such poison algorithms.
*/
checkok(EVP_MD_size(md) <= EVP_MAX_MD_SIZE);
checkok(mdctx = EVP_MD_CTX_new());
checkok(EVP_DigestInit_ex(mdctx, md, NULL));
if (ok && mdctxPtr != 0)
*mdctxPtr = mdctx;
else
EVP_MD_CTX_free(mdctx);
return (ok ? md : 0);
}
/* tls_serverid_digest - suffix props->serverid with parameter digest */ /* tls_serverid_digest - suffix props->serverid with parameter digest */
char *tls_serverid_digest(TLS_SESS_STATE *TLScontext, char *tls_serverid_digest(TLS_SESS_STATE *TLScontext,
@ -189,7 +243,6 @@ char *tls_serverid_digest(TLS_SESS_STATE *TLScontext,
const char *ciphers) const char *ciphers)
{ {
EVP_MD_CTX *mdctx; EVP_MD_CTX *mdctx;
const EVP_MD *md;
const char *mdalg; const char *mdalg;
unsigned char md_buf[EVP_MAX_MD_SIZE]; unsigned char md_buf[EVP_MAX_MD_SIZE];
unsigned int md_len; unsigned int md_len;
@ -205,17 +258,17 @@ char *tls_serverid_digest(TLS_SESS_STATE *TLScontext,
* default digest, but DANE requires sha256 and sha512, so if we must * default digest, but DANE requires sha256 and sha512, so if we must
* fall back to our default digest, DANE support won't be available. We * fall back to our default digest, DANE support won't be available. We
* panic if the fallback algorithm is not available, as it was verified * panic if the fallback algorithm is not available, as it was verified
* available in tls_client_init() and must not simply vanish. * available in tls_client_init() and must not simply vanish. Our
* provider set is not expected to change once the OpenSSL library is
* initialised.
*/ */
if ((md = EVP_get_digestbyname(mdalg = "sha256")) == 0 if (tls_digest_byname(mdalg = LN_sha256, &mdctx) == 0
&& (md = EVP_get_digestbyname(mdalg = props->mdalg)) == 0) && tls_digest_byname(mdalg = props->mdalg, &mdctx) == 0)
msg_panic("digest algorithm \"%s\" not found", mdalg); msg_panic("digest algorithm \"%s\" not found", props->mdalg);
/* Salt the session lookup key with the OpenSSL runtime version. */ /* Salt the session lookup key with the OpenSSL runtime version. */
sslversion = OpenSSL_version_num(); sslversion = OpenSSL_version_num();
mdctx = EVP_MD_CTX_create();
checkok(EVP_DigestInit_ex(mdctx, md, NULL));
digest_string(props->helo ? props->helo : ""); digest_string(props->helo ? props->helo : "");
digest_object(&sslversion); digest_object(&sslversion);
digest_string(props->protocols); digest_string(props->protocols);
@ -306,18 +359,15 @@ char *tls_digest_encode(const unsigned char *md_buf, int md_len)
static char *tls_data_fprint(const unsigned char *buf, int len, const char *mdalg) static char *tls_data_fprint(const unsigned char *buf, int len, const char *mdalg)
{ {
EVP_MD_CTX *mdctx; EVP_MD_CTX *mdctx = NULL;
const EVP_MD *md;
unsigned char md_buf[EVP_MAX_MD_SIZE]; unsigned char md_buf[EVP_MAX_MD_SIZE];
unsigned int md_len; unsigned int md_len;
int ok = 1; int ok = 1;
/* Previously available in "init" routine. */ /* Previously available in "init" routine. */
if ((md = EVP_get_digestbyname(mdalg)) == 0) if (tls_digest_byname(mdalg, &mdctx) == 0)
msg_panic("digest algorithm \"%s\" not found", mdalg); msg_panic("digest algorithm \"%s\" not found", mdalg);
mdctx = EVP_MD_CTX_create();
checkok(EVP_DigestInit_ex(mdctx, md, NULL));
digest_data(buf, len); digest_data(buf, len);
checkok(EVP_DigestFinal_ex(mdctx, md_buf, &md_len)); checkok(EVP_DigestFinal_ex(mdctx, md_buf, &md_len));
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);

14
postfix/src/tls/tls_misc.c
View File

@ -1575,25 +1575,13 @@ long tls_bio_dump_cb(BIO *bio, int cmd, const char *argp, size_t len,
const EVP_MD *tls_validate_digest(const char *dgst) const EVP_MD *tls_validate_digest(const char *dgst)
{ {
const EVP_MD *md_alg; const EVP_MD *md_alg;
unsigned int md_len;
/* /*
* If the administrator specifies an unsupported digest algorithm, fail * If the administrator specifies an unsupported digest algorithm, fail
* now, rather than in the middle of a TLS handshake. * now, rather than in the middle of a TLS handshake.
*/ */
if ((md_alg = EVP_get_digestbyname(dgst)) == 0) { if ((md_alg = tls_digest_byname(dgst, NULL)) == 0)
msg_warn("Digest algorithm \"%s\" not found", dgst); msg_warn("Digest algorithm \"%s\" not found", dgst);
return (0);
}
/*
* Sanity check: Newer shared libraries may use larger digests.
*/
if ((md_len = EVP_MD_size(md_alg)) > EVP_MAX_MD_SIZE) {
msg_warn("Digest algorithm \"%s\" output size %u too large",
dgst, md_len);
return (0);
}
return md_alg; return md_alg;
} }