mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 05:07:58 +00:00
Code Issues Releases Wiki Activity

postfix-2.10-20120226

Browse Source
This commit is contained in:
Wietse Venema 2012-02-26 00:00:00 -05:00 committed by Viktor Dukhovni
parent 3f5b9cff3c
commit 66c7fc33fb
14 changed files with 237 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
postfix/HISTORY
View File

@ -17629,3 +17629,35 @@ Apologies for any names omitted.
to a missing guard statement after an smtpd_check_rewrite()
call was moved closer to the command processor loop. Fix
by Bartek Szady. File: smtpd/smtpd.c.
20120220
Cleanup: documentation of how to use only system-supplied
certificates with *CAfile and *CApath. File: proto/postconf.proto.
Cleanup: documentation of smtp_sasl_mechanism_filter. File:
proto/postconf.proto.
20120222
Cleanup: when multiple DNSBLs block an SMTP client, the
postscreen "reject" message now gives credit to the DNSBL
with the largest weight, instead of the DNSBL that replies
first. File: postscreen/postscreeb_dnsbl.c.
Cleanup: memcache_table(5) manpage. File proto/memcache_table.
20120225
Cleanup: eliminated the build-time Perl dependency. File:
bounce/annotate.sh.
Cleanup: when -DNO_DB support was added, the makedefs script
was not updated to skip the Linux Berkeley DB tests.
FreeBSD9 is now a supported platform. Files: makedefs,
util/sys_defs.h.
20120226
Cleanup: documentation in postfix-install.

93
postfix/html/memcache_table.5.html
View File

@ -84,37 +84,38 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5)
<b>flags (default: 0)</b>
Optional flags that should be stored along with a
memcache update.
memcache update. The flags are ignored when looking
up information.
<b>ttl (default: 3600)</b>
The expiration time in seconds of memcache updates.
NOTE 1: When using a memcache table as
NOTE 1: When using a memcache table as
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache without persistent
backup, specify a zero *_cache_cleanup_interval
value with all Postfix instances that use the mem-
cache, and specify the largest <a href="postscreen.8.html"><b>postscreen</b>(8)</a> *_ttl
value or <a href="verify.8.html"><b>verify</b>(8)</a> *_expire_time value as the mem-
value with all Postfix instances that use the mem-
cache, and specify the largest <a href="postscreen.8.html"><b>postscreen</b>(8)</a> *_ttl
value or <a href="verify.8.html"><b>verify</b>(8)</a> *_expire_time value as the mem-
cache table's <b>ttl</b> value.
NOTE 2: According to memcache protocol documenta-
tion, a value greater than 30 days (2592000 sec-
onds) specifies absolute UNIX time. Smaller values
NOTE 2: According to memcache protocol documenta-
tion, a value greater than 30 days (2592000 sec-
onds) specifies absolute UNIX time. Smaller values
are relative to the time of the update.
<b>MEMCACHE KEY PARAMETERS</b>
<b>key_format (default: %s)</b>
Format of the lookup and update keys in memcache
requests. By default, these are the same as the
lookup and update keys that are given to the Post-
Format of the lookup and update keys in memcache
requests. By default, these are the same as the
lookup and update keys that are given to the Post-
fix memcache client.
NOTE: The <b>key_format</b> feature is not used for <b>backup</b>
database requests.
When the same memcache database is used to cache
information from multiple tables, you can use the
<b>key_format</b> feature to avoid name collisions by
When the same memcache database is used to cache
information from multiple tables, you can use the
<b>key_format</b> feature to avoid name collisions by
prepending a fixed string. Examples:
key_format = aliases:%s
@ -125,48 +126,48 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5)
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the memcache client
<b>%s</b> This is replaced by the memcache client
input key.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL
quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search
quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, a lookup
is silently suppressed and returns no
results (an update is skipped with a warn-
is silently suppressed and returns no
results (an update is skipped with a warn-
ing).
<b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the domain
user@domain, <b>%d</b> is replaced by the domain
part of the address. Otherwise, a lookup is
silently suppressed and returns no results
silently suppressed and returns no results
(an update is skipped with a warning).
<b>%[SUD]</b> The upper-case equivalents of the above
expansions behave in the <b>key_format</b> parame-
expansions behave in the <b>key_format</b> parame-
ter identically to their lower-case counter-
parts.
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
of the input key's domain. If the input key
of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
is <b>example</b> and %3 is <b>mail</b>. If the input key
is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
domain components to satisfy all the speci-
fied patterns, a lookup is silently sup-
domain components to satisfy all the speci-
fied patterns, a lookup is silently sup-
pressed and returns no results (an update is
skipped with a warning).
<b>domain (default: no domain list)</b>
This feature can significantly reduce database
server load. Specify a list of domain names, paths
to files, or "<a href="DATABASE_README.html">type:table</a>" databases. When speci-
to files, or "<a href="DATABASE_README.html">type:table</a>" databases. When speci-
fied, only fully qualified search keys with a *non-
empty* localpart and a matching domain are eligible
for lookup or update: bare 'user' lookups, bare
domain lookups and "@domain" lookups are silently
for lookup or update: bare 'user' lookups, bare
domain lookups and "@domain" lookups are silently
skipped (updates are skipped with a warning).
Example:
@ -180,33 +181,33 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5)
The maximal memcache reply line length in bytes.
<b>max_try (default: 2)</b>
The number of times to try a memcache command
before giving up. The memcache client does not
The number of times to try a memcache command
before giving up. The memcache client does not
retry a command when the memcache server accepts no
connection.
<b>retry_pause (default: 1)</b>
The time in seconds before retrying a failed mem-
The time in seconds before retrying a failed mem-
cache command.
<b>timeout (default: 2)</b>
The time limit for sending a memcache command and
The time limit for sending a memcache command and
for receiving a memcache reply.
<b>BUGS</b>
The Postfix memcache client cannot be used for security-
sensitive tables such as <b><a href="postconf.5.html#alias_maps">alias_maps</a></b> (these may contain
"<i>|command</i> and "<i>/file/name</i>" destinations), or <b><a href="postconf.5.html#virtual_uid_maps">vir</a>-</b>
<b><a href="postconf.5.html#virtual_uid_maps">tual_uid_maps</a></b>, <b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a></b>
(these specify UNIX process privileges or "<i>/file/name</i>"
destinations). In a typical deployment a memcache data-
base is writable by any process that can talk to the mem-
cache server; in contrast, security-sensitive tables must
The Postfix memcache client cannot be used for security-
sensitive tables such as <b><a href="postconf.5.html#alias_maps">alias_maps</a></b> (these may contain
"<i>|command</i> and "<i>/file/name</i>" destinations), or <b><a href="postconf.5.html#virtual_uid_maps">vir</a>-</b>
<b><a href="postconf.5.html#virtual_uid_maps">tual_uid_maps</a></b>, <b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a></b>
(these specify UNIX process privileges or "<i>/file/name</i>"
destinations). In a typical deployment a memcache data-
base is writable by any process that can talk to the mem-
cache server; in contrast, security-sensitive tables must
never be writable by the unprivileged Postfix user.
The Postfix memcache client requires additional configura-
tion when used as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache. For
details see the <b>backup</b> and <b>ttl</b> parameter discussions in
tion when used as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache. For
details see the <b>backup</b> and <b>ttl</b> parameter discussions in
the MEMCACHE MAIN PARAMETERS section above.
<b>SEE ALSO</b>
@ -218,11 +219,11 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5)
<a href="MEMCACHE_README.html">MEMCACHE_README</a>, Postfix memcache client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
Memcache support was introduced with Postfix version 2.9.
Memcache support was introduced with Postfix version 2.9.
<b>AUTHOR(S)</b>
Wietse Venema

22
postfix/html/postconf.5.html
View File

@ -10201,10 +10201,10 @@ parameter, but the setting "no" does not. </p>
<p>
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and
server implementations may support different mechanism lists. By
server implementations may support different mechanism lists; by
default, the Postfix SMTP client will use the intersection of the
two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> further restricts what server
mechanisms the client will take into consideration. </p>
two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> specifies an optional third mechanism
list to intersect with. </p>
<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>"
lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups
@ -10490,6 +10490,10 @@ file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
<p> Specify "<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /path/to/system_CA_file" to use
ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
@ -10517,6 +10521,10 @@ with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
<p> To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail. </p>
<p> Specify "<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /path/to/system_CA_directory" to
use ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
@ -14196,6 +14204,10 @@ file may also be used to augment the server certificate trust chain,
but it is best to include all the required certificates directly in the
server certificate file. </p>
<p> Specify "<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /path/to/system_CA_file" to use ONLY
the system-supplied default certificate authority certificates.
</p>
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
@ -14231,6 +14243,10 @@ for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be
inside the chroot jail. </p>
<p> Specify "<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /path/to/system_CA_directory" to
use ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>

121
postfix/makedefs
View File

@ -153,6 +153,8 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.8*) SYSTYPE=FREEBSD8
;;
FreeBSD.9*) SYSTYPE=FREEBSD9
;;
OpenBSD.2*) SYSTYPE=OPENBSD2
;;
OpenBSD.3*) SYSTYPE=OPENBSD3
@ -267,36 +269,31 @@ case "$SYSTEM.$RELEASE" in
esac;;
# Tested with RedHat 3.03 on 20020729.
Linux.1*) SYSTYPE=LINUX1
SYSLIBS="-ldb"
case "$CCARGS" in
*-DNO_DB*) ;;
*) SYSLIBS="-ldb";;
esac
;;
Linux.2*) SYSTYPE=LINUX2
# Postfix no longer needs DB 1.85 compatibility
if [ -f /usr/include/db.h ]
then
: we are all set
elif [ -f /usr/include/db/db.h ]
then
CCARGS="$CCARGS -I/usr/include/db"
else
# No, we're not going to try db1 db2 db3 etc.
# On a properly installed system, Postfix builds
# by including <db.h> and by linking with -ldb
echo "No <db.h> include file found." 1>&2
echo "Install the appropriate db*-devel package first." 1>&2
echo "See the RELEASE_NOTES file for more information." 1>&2
exit 1
fi
# GDBM locks the DBM .pag file after open. This breaks postmap.
# if [ -f /usr/include/gdbm-ndbm.h ]
# then
# CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H='<gdbm-ndbm.h>'"
# GDBM_LIBS=gdbm
# elif [ -f /usr/include/gdbm/ndbm.h ]
# then
# CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H='<gdbm/ndbm.h>'"
# GDBM_LIBS=gdbm
# fi
SYSLIBS="-ldb"
case "$CCARGS" in
*-DNO_DB*) ;;
*) if [ -f /usr/include/db.h ]
then
: we are all set
elif [ -f /usr/include/db/db.h ]
then
CCARGS="$CCARGS -I/usr/include/db"
else
# No, we're not going to try db1 db2 db3 etc.
# On a properly installed system, Postfix builds
# by including <db.h> and by linking with -ldb
echo "No <db.h> include file found." 1>&2
echo "Install the appropriate db*-devel package first." 1>&2
exit 1
fi
SYSLIBS="-ldb"
;;
esac
for name in nsl resolv $GDBM_LIBS
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
@ -350,21 +347,24 @@ EOF
esac
;;
Linux.3*) SYSTYPE=LINUX3
if [ -f /usr/include/db.h ]
then
: we are all set
elif [ -f /usr/include/db/db.h ]
then
CCARGS="$CCARGS -I/usr/include/db"
else
# On a properly installed system, Postfix builds
# by including <db.h> and by linking with -ldb
echo "No <db.h> include file found." 1>&2
echo "Install the appropriate db*-devel package first." 1>&2
echo "See the RELEASE_NOTES file for more information." 1>&2
exit 1
fi
SYSLIBS="-ldb"
case "$CCARGS" in
*-DNO_DB*) ;;
*) if [ -f /usr/include/db.h ]
then
: we are all set
elif [ -f /usr/include/db/db.h ]
then
CCARGS="$CCARGS -I/usr/include/db"
else
# On a properly installed system, Postfix builds
# by including <db.h> and by linking with -ldb
echo "No <db.h> include file found." 1>&2
echo "Install the appropriate db*-devel package first." 1>&2
exit 1
fi
SYSLIBS="-ldb"
;;
esac
for name in nsl resolv
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
@ -378,23 +378,24 @@ EOF
;;
GNU.0*|GNU/kFreeBSD.[567]*)
SYSTYPE=GNU0
# Postfix no longer needs DB 1.85 compatibility
if [ -f /usr/include/db.h ]
then
: we are all set
elif [ -f /usr/include/db/db.h ]
then
CCARGS="$CCARGS -I/usr/include/db"
else
# No, we're not going to try db1 db2 db3 etc.
# On a properly installed system, Postfix builds
# by including <db.h> and by linking with -ldb
echo "No <db.h> include file found." 1>&2
echo "Install the appropriate db*-devel package first." 1>&2
echo "See the RELEASE_NOTES file for more information." 1>&2
exit 1
fi
SYSLIBS="-ldb"
case "$CCARGS" in
*-DNO_DB*) ;;
*) if [ -f /usr/include/db.h ]
then
: we are all set
elif [ -f /usr/include/db/db.h ]
then
CCARGS="$CCARGS -I/usr/include/db"
else
# On a properly installed system, Postfix builds
# by including <db.h> and by linking with -ldb
echo "No <db.h> include file found." 1>&2
echo "Install the appropriate db*-devel package first." 1>&2
exit 1
fi
SYSLIBS="-ldb"
;;
esac
for name in nsl resolv
do
for lib in /usr/lib64 /lib64 /usr/lib /lib

2
postfix/man/man5/memcache_table.5
View File

@ -88,7 +88,7 @@ setting (depending on whether the access is read-only or
read-write).
.IP "\fBflags (default: 0)\fR"
Optional flags that should be stored along with a memcache
update.
update. The flags are ignored when looking up information.
.IP "\fBttl (default: 3600)\fR"
The expiration time in seconds of memcache updates.

18
postfix/man/man5/postconf.5
View File

@ -5989,10 +5989,10 @@ This feature is available in Postfix 2.5 and later.
.SH smtp_sasl_mechanism_filter (default: empty)
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and
server implementations may support different mechanism lists. By
server implementations may support different mechanism lists; by
default, the Postfix SMTP client will use the intersection of the
two. smtp_sasl_mechanism_filter further restricts what server
mechanisms the client will take into consideration.
two. smtp_sasl_mechanism_filter specifies an optional third mechanism
list to intersect with.
.PP
Specify mechanism names, "/file/name" patterns or "type:table"
lookup tables. The right-hand side result from "type:table" lookups
@ -6160,6 +6160,9 @@ file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
$smtp_tls_cert_file.
.PP
Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use
ONLY the system-supplied default certificate authority certificates.
.PP
Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates.
@ -6184,6 +6187,9 @@ with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail.
.PP
Specify "smtp_tls_CApath = /path/to/system_CA_directory" to
use ONLY the system-supplied default certificate authority certificates.
.PP
Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates.
@ -8993,6 +8999,9 @@ file may also be used to augment the server certificate trust chain,
but it is best to include all the required certificates directly in the
server certificate file.
.PP
Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY
the system-supplied default certificate authority certificates.
.PP
Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates.
@ -9026,6 +9035,9 @@ for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
inside the chroot jail.
.PP
Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to
use ONLY the system-supplied default certificate authority certificates.
.PP
Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates.

19
postfix/postfix-install
View File

@ -104,7 +104,7 @@
# users. The built-in default directory name is system dependent.
# This parameter setting is recorded in the installed main.cf file.
# .IP html_directory
# The destination directory for the Postfix HTML files.
# The final destination directory for the Postfix HTML files.
# This parameter setting is recorded in the installed main.cf file.
# .IP queue_directory
# The final destination directory for Postfix queues.
@ -138,14 +138,14 @@
# The built-in default group name is postdrop.
# This parameter setting is recorded in the installed main.cf file.
# .IP manpage_directory
# The destination directory for the Postfix on-line manual pages.
# The final destination directory for the Postfix on-line manual pages.
# This parameter setting is recorded in the installed main.cf file.
# .IP sample_directory
# The destination directory for the Postfix sample configuration files.
# This parameter is obsolete as of Postfix version 2.1.
# The final destination directory for the Postfix sample configuration
# files. This parameter is obsolete as of Postfix version 2.1.
# This parameter setting is recorded in the installed main.cf file.
# .IP readme_directory
# The destination directory for the Postfix README files.
# The final destination directory for the Postfix README files.
# This parameter setting is recorded in the installed main.cf file.
# SEE ALSO
# post-install(1) post-installation procedure
@ -350,13 +350,14 @@ management commands. Specify a group name with a numerical group
ID that is not shared with other accounts, not even with the Postfix
mail_owner account. You can no longer specify \"no\" here."
manpage_directory_prompt="the destination directory for the Postfix on-line
manual pages. You can no longer specify \"no\" here."
manpage_directory_prompt="the final destination directory for the
Postfix on-line manual pages. You can no longer specify \"no\"
here."
readme_directory_prompt="the destination directory for the Postfix
readme_directory_prompt="the final destination directory for the Postfix
README files. Specify \"no\" if you do not want to install these files."
html_directory_prompt="the destination directory for the Postfix
html_directory_prompt="the final destination directory for the Postfix
HTML files. Specify \"no\" if you do not want to install these files."
# Default settings, just to get started.

2
postfix/proto/memcache_table
View File

@ -80,7 +80,7 @@
# read-write).
# .IP "\fBflags (default: 0)\fR"
# Optional flags that should be stored along with a memcache
# update.
# update. The flags are ignored when looking up information.
# .IP "\fBttl (default: 3600)\fR"
# The expiration time in seconds of memcache updates.
#

22
postfix/proto/postconf.proto
View File

@ -4362,10 +4362,10 @@ smtp_sasl_security_options = noplaintext
<p>
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and
server implementations may support different mechanism lists. By
server implementations may support different mechanism lists; by
default, the Postfix SMTP client will use the intersection of the
two. smtp_sasl_mechanism_filter further restricts what server
mechanisms the client will take into consideration. </p>
two. smtp_sasl_mechanism_filter specifies an optional third mechanism
list to intersect with. </p>
<p> Specify mechanism names, "/file/name" patterns or "type:table"
lookup tables. The right-hand side result from "type:table" lookups
@ -8811,6 +8811,10 @@ file may also be used to augment the server certificate trust chain,
but it is best to include all the required certificates directly in the
server certificate file. </p>
<p> Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY
the system-supplied default certificate authority certificates.
</p>
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
@ -8842,6 +8846,10 @@ for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
inside the chroot jail. </p>
<p> Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to
use ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
@ -9221,6 +9229,10 @@ file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
$smtp_tls_cert_file. </p>
<p> Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use
ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
@ -9244,6 +9256,10 @@ with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
<p> To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail. </p>
<p> Specify "smtp_tls_CApath = /path/to/system_CA_directory" to
use ONLY the system-supplied default certificate authority certificates.
</p>
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>

4
postfix/src/bounce/Makefile.in
View File

@ -25,9 +25,9 @@ $(PROG): $(OBJS) $(LIBS)
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
# Eliminate dependency on installed Postfix.
../../conf/bounce.cf.default: template_test.ref annotate.pl
../../conf/bounce.cf.default: template_test.ref annotate.sh
rm -f $@
perl annotate.pl <template_test.ref >$@
./annotate.sh <template_test.ref >$@
main.cf:
echo queue_directory=. >main.cf

33
postfix/src/bounce/annotate.pl → postfix/src/bounce/annotate.sh Normal file → Executable file
View File

@ -1,4 +1,6 @@
print <<'EOF'
#!/bin/sh
cat <<'EOF'
#
# Do not edit this file. This file shows the default delivery status
# notification (DSN) messages that are built into Postfix.
@ -60,10 +62,11 @@ EOF
# bounce_template_file = $config_directory/bounce.cf
#
#EOF
;
while (<>) {
if (/^failure_template/) { print <<'EOF'
IFS=
while read line; do
case "$line" in
failure_template*) cat <<'EOF'
#
# The failure template is used when mail is returned to the sender;
@ -72,8 +75,8 @@ while (<>) {
#
EOF
;
} elsif (/^delay_template/) { print <<'EOF'
;;
delay_template*) cat <<'EOF'
#
# The delay template is used when mail is delayed. Note a neat trick:
@ -90,8 +93,8 @@ EOF
#
EOF
;
} elsif (/^success_template/) { print <<'EOF'
;;
success_template*) cat <<'EOF'
#
# The success template is used when mail is delivered to mailbox,
@ -101,17 +104,17 @@ EOF
#
EOF
;
} elsif (/^verify_template/) { print <<'EOF'
;;
verify_template*) cat <<'EOF'
#
# The verify template is used for address verification (sendmail -bv
# address...). or for verbose mail delivery (sendmail -v address...).
# address...) or for verbose mail delivery (sendmail -v address...).
# It is an error to specify a Postmaster-Subject: here.
#
EOF
;
}
print $_;
}
;;
esac
echo "$line";
done

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20120218"
#define MAIL_RELEASE_DATE "20120226"
#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT

15
postfix/src/postscreen/postscreen_dnsbl.c
View File

@ -139,7 +139,8 @@ typedef struct {
} PSC_CALL_BACK_ENTRY;
typedef struct {
const char *dnsbl; /* one contributing DNSBL */
const char *dnsbl_name; /* DNSBL with largest contribution */
int dnsbl_weight; /* weight of largest contribution */
int total; /* combined blocklist score */
int refcount; /* score reference count */
int pending_lookups; /* nr of DNS requests in flight */
@ -328,7 +329,7 @@ int psc_dnsbl_retrieve(const char *client_addr, const char **dnsbl_name,
* Reads are destructive.
*/
result_score = score->total;
*dnsbl_name = score->dnsbl;
*dnsbl_name = score->dnsbl_name;
score->refcount -= 1;
if (score->refcount < 1) {
if (msg_verbose > 1)
@ -398,8 +399,11 @@ static void psc_dnsbl_receive(int event, char *context)
if (site->byte_codes == 0
|| psc_dnsbl_match(site->byte_codes, reply_argv ? reply_argv :
(reply_argv = argv_split(STR(reply_addr), " ")))) {
if (score->dnsbl == 0)
score->dnsbl = head->safe_dnsbl;
if (score->dnsbl_name == 0
|| score->dnsbl_weight < site->weight) {
score->dnsbl_name = head->safe_dnsbl;
score->dnsbl_weight = site->weight;
}
score->total += site->weight;
if (msg_verbose > 1)
msg_info("%s: filter=\"%s\" weight=%d score=%d",
@ -477,7 +481,8 @@ int psc_dnsbl_request(const char *client_addr,
msg_info("%s: create blocklist score for %s", myname, client_addr);
score = (PSC_DNSBL_SCORE *) mymalloc(sizeof(*score));
score->request_id = request_count++;
score->dnsbl = 0;
score->dnsbl_name = 0;
score->dnsbl_weight = 0;
score->total = 0;
score->refcount = 1;
score->pending_lookups = 0;

2
postfix/src/util/sys_defs.h
View File

@ -25,7 +25,7 @@
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
|| defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
|| defined(FREEBSD8) \
|| defined(FREEBSD8) || defined(FREEBSD9) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
|| defined(OPENBSD5) \