postfix-3.5-20200105

2025-08-30 13:48:06 +00:00 · 2020-01-05 00:00:00 -05:00 · 2020-01-05 00:00:00 -05:00 · 5f3bcc11ef
commit 5f3bcc11ef
parent d6c056b2f8
8 changed files with 77 additions and 17 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -24502,3 +24502,23 @@ Apologies for any names omitted.
 	Bugfix: sanitize server responses before storing them in
 	the verify database, to avoid Postfix warnings about malformed
 	UTF8. File: verify/verify.c.
+
+20191215
+
+	Future proofing: the Postfix DNS library logs a warning if
+	the DNS_REQ_FLAG_NCACHE_TTL dns_lookup flag is set and the
+	RES_DNSRCH or RES_DEFNAMES resolver flags are set, and
+	disables those resolver flags. File: dns/dns_lookup.c.
+
+20191230
+
+	Documentation: added the 'X' flag (final delivery) to the
+	pipe-based final delivery examples in the default master.cf
+	file. File: conf/master.cf
+
+20201005
+
+	Workaround: postlog clients open the socket before entering
+	the chroot jail and before dropping privileges. This is needed
+	on MacOS and would not hurt otherwise. Files: util/msg_logger.[hc],
+	global/maillog_client.c.
--- a/postfix/conf/master.cf
+++ b/postfix/conf/master.cf
@ -79,7 +79,7 @@ postlog   unix-dgram n  -       n       -       1       postlogd
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
 #
 #maildrop  unix  -       n       n       -       -       pipe
-#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+#  flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
 #
 # ====================================================================
 #
@ -98,7 +98,7 @@ postlog   unix-dgram n  -       n       -       1       postlogd
 # Also specify in main.cf: cyrus_destination_recipient_limit=1
 #
 #cyrus     unix  -       n       n       -       -       pipe
-#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
 #
 # ====================================================================
 #
@ -129,5 +129,5 @@ postlog   unix-dgram n  -       n       -       1       postlogd
 #  ${nexthop} ${user} ${extension}
 #
 #mailman   unix  -       n       n       -       -       pipe
-#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+#  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 #  ${nexthop} ${user}
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -18510,7 +18510,7 @@ is unwise to choose an "bleeding-edge" curve supported by only a
 small subset of clients.  </p>

 <p> The default "strong" curve is rated in NSA <a
-href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
 B</a> for information classified up to SECRET.  </p>

 <p> Note: elliptic curve names are poorly standardized; different
@ -18551,7 +18551,7 @@ curve must be implemented by OpenSSL (as reported by ecparam(1) with the
 of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p>

 <p> This default "ultra" curve is rated in NSA <a
-href="http://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
 B</a> for information classified up to TOP SECRET. </p>

 <p> If you want to take maximal advantage of ciphers that offer <a
--- a/postfix/src/dns/dns_lookup.c
+++ b/postfix/src/dns/dns_lookup.c
@ -145,6 +145,8 @@
 /*	available. The per-record reply TTL specifies how long the
 /*	DNS_NOTFOUND answer is valid. The caller should pass the
 /*	record(s) to dns_rr_free().
+/*	Logs a warning if the RES_DNSRCH or RES_DEFNAMES resolver
+/*	flags are set, and disables those flags.
 /* .RE
 /* .IP ltype
 /*	The resource record types to be looked up. In the case of
@ -461,6 +463,16 @@ static int dns_query(const char *name, int type, unsigned flags,
    if (flags & RES_USE_DNSSEC)
 	flags |= RES_USE_EDNS0;

+    /*
+     * Can't append domains: we need the right SOA TTL.
+     */
+#define APPEND_DOMAIN_FLAGS (RES_DNSRCH | RES_DEFNAMES)
+
+    if (keep_notfound && (flags & APPEND_DOMAIN_FLAGS)) {
+	msg_warn("negative caching disables RES_DEFNAMES and RES_DNSRCH");
+	flags &= ~APPEND_DOMAIN_FLAGS;
+    }
+
    /*
     * Save and restore resolver options that we overwrite, to avoid
     * surprising behavior in other code that also invokes the resolver.
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20191214"
+#define MAIL_RELEASE_DATE	"20200105"
 #define MAIL_VERSION_NUMBER	"3.5"

 #ifdef SNAPSHOT
--- a/postfix/src/global/maillog_client.c
+++ b/postfix/src/global/maillog_client.c
@ -210,7 +210,7 @@ void    maillog_client_init(const char *progname, int flags)
 	if (var_maillog_file && *var_maillog_file) {
 	    ARGV   *good_prefixes = argv_split(var_maillog_file_pfxs,
 					       CHARS_COMMA_SP);
-	    char **cpp;
+	    char  **cpp;

 	    for (cpp = good_prefixes->argv; /* see below */ ; cpp++) {
 		if (*cpp == 0)
@ -264,6 +264,8 @@ void    maillog_client_init(const char *progname, int flags)
 	}
 	if (service_path != import_service_path)
 	    myfree(service_path);
+	msg_logger_control(CA_MSG_LOGGER_CTL_CONNECT_NOW,
+			   CA_MSG_LOGGER_CTL_END);
    }

    /*
--- a/postfix/src/util/msg_logger.c
+++ b/postfix/src/util/msg_logger.c
@ -62,6 +62,10 @@
 /* .IP CA_MSG_LOGGER_CTL_DISABLE
 /*	Disable the msg_logger. This remains in effect until the
 /*	next msg_logger_init() call.
+/* .IP CA_MSG_LOGGER_CTL_CONNECT_NOW
+/*	Close the logging socket if it was already open, and open
+/*	the logging socket now, if permitted by current settings.
+/*	Otherwise, the open is delayed until a logging request.
 /* SEE ALSO
 /*	msg(3)  diagnostics module
 /* BUGS
@ -111,6 +115,8 @@ static void (*msg_logger_fallback_fn) (const char *);
 static int msg_logger_fallback_only_override = 0;
 static int msg_logger_enable = 0;

+#define MSG_LOGGER_NEED_SOCKET() (msg_logger_fallback_only_override == 0)
+
 /*
  * Other state.
  */
@ -130,6 +136,26 @@ static int msg_logger_sock = MSG_LOGGER_SOCK_NONE;
 #define STR(x)	vstring_str(x)
 #define LEN(x)	VSTRING_LEN(x)

+/* msg_logger_connect - connect to logger service */
+
+static void msg_logger_connect(void)
+{
+    if (msg_logger_sock == MSG_LOGGER_SOCK_NONE) {
+	msg_logger_sock = unix_dgram_connect(msg_logger_unix_path, BLOCKING);
+	if (msg_logger_sock >= 0)
+	    close_on_exec(msg_logger_sock, CLOSE_ON_EXEC);
+    }
+}
+
+/* msg_logger_disconnect - disconnect from logger service */
+
+static void msg_logger_disconnect(void)
+{
+    if (msg_logger_sock != MSG_LOGGER_SOCK_NONE) {
+	(void) close(msg_logger_sock);
+	msg_logger_sock = MSG_LOGGER_SOCK_NONE;
+    }
+}

 /* msg_logger_print - log info to service or file */

@ -203,12 +229,8 @@ static void msg_logger_print(int level, const char *text)
     * will report ENOENT if the endpoint does not exist, ECONNREFUSED if no
     * server has opened the endpoint.
     */
-    if (msg_logger_fallback_only_override == 0
-	&& msg_logger_sock == MSG_LOGGER_SOCK_NONE) {
-	msg_logger_sock = unix_dgram_connect(msg_logger_unix_path, BLOCKING);
-	if (msg_logger_sock >= 0)
-	    close_on_exec(msg_logger_sock, CLOSE_ON_EXEC);
-    }
+    if (MSG_LOGGER_NEED_SOCKET())
+	msg_logger_connect();
    if (msg_logger_sock != MSG_LOGGER_SOCK_NONE) {
 	send(msg_logger_sock, STR(msg_logger_buf), LEN(msg_logger_buf), 0);
    } else if (msg_logger_fallback_fn) {
@ -286,10 +308,7 @@ void    msg_logger_control(int name,...)
 	switch (name) {
 	case MSG_LOGGER_CTL_FALLBACK_ONLY:
 	    msg_logger_fallback_only_override = 1;
-	    if (msg_logger_sock != MSG_LOGGER_SOCK_NONE) {
-		(void) close(msg_logger_sock);
-		msg_logger_sock = MSG_LOGGER_SOCK_NONE;
-	    }
+	    msg_logger_disconnect();
 	    break;
 	case MSG_LOGGER_CTL_FALLBACK_FN:
 	    msg_logger_fallback_fn = va_arg(ap, MSG_LOGGER_FALLBACK_FN);
@ -297,6 +316,11 @@ void    msg_logger_control(int name,...)
 	case MSG_LOGGER_CTL_DISABLE:
 	    msg_logger_enable = 0;
 	    break;
+	case MSG_LOGGER_CTL_CONNECT_NOW:
+	    msg_logger_disconnect();
+	    if (MSG_LOGGER_NEED_SOCKET())
+		msg_logger_connect();
+	    break;
 	default:
 	    msg_panic("%s: bad name %d", myname, name);
 	}
--- a/postfix/src/util/msg_logger.h
+++ b/postfix/src/util/msg_logger.h
@ -35,6 +35,7 @@ extern void msg_logger_control(int,...);
 #define MSG_LOGGER_CTL_FALLBACK_ONLY	1
 #define MSG_LOGGER_CTL_FALLBACK_FN	2
 #define MSG_LOGGER_CTL_DISABLE		3
+#define MSG_LOGGER_CTL_CONNECT_NOW	4

 /* Safer API: type-checked arguments, external use. */
 #define CA_MSG_LOGGER_CTL_END		MSG_LOGGER_CTL_END
@ -43,6 +44,7 @@ extern void msg_logger_control(int,...);
 	MSG_LOGGER_CTL_FALLBACK_FN, CHECK_VAL(MSG_LOGGER_CTL, \
 		MSG_LOGGER_FALLBACK_FN, (v))
 #define CA_MSG_LOGGER_CTL_DISABLE	MSG_LOGGER_CTL_DISABLE
+#define CA_MSG_LOGGER_CTL_CONNECT_NOW	MSG_LOGGER_CTL_CONNECT_NOW

 CHECK_VAL_HELPER_DCL(MSG_LOGGER_CTL, MSG_LOGGER_FALLBACK_FN);