From 66c7fc33fbd8d4bfd9e8cfa7103513fc9fbf9305 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sun, 26 Feb 2012 00:00:00 -0500 Subject: [PATCH] postfix-2.10-20120226 --- postfix/HISTORY | 32 +++++ postfix/html/memcache_table.5.html | 93 +++++++------- postfix/html/postconf.5.html | 22 +++- postfix/makedefs | 121 +++++++++--------- postfix/man/man5/memcache_table.5 | 2 +- postfix/man/man5/postconf.5 | 18 ++- postfix/postfix-install | 19 +-- postfix/proto/memcache_table | 2 +- postfix/proto/postconf.proto | 22 +++- postfix/src/bounce/Makefile.in | 4 +- .../src/bounce/{annotate.pl => annotate.sh} | 33 ++--- postfix/src/global/mail_version.h | 2 +- postfix/src/postscreen/postscreen_dnsbl.c | 15 ++- postfix/src/util/sys_defs.h | 2 +- 14 files changed, 237 insertions(+), 150 deletions(-) rename postfix/src/bounce/{annotate.pl => annotate.sh} (91%) mode change 100644 => 100755 diff --git a/postfix/HISTORY b/postfix/HISTORY index 819cc78a7..31dd8cfc4 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17629,3 +17629,35 @@ Apologies for any names omitted. to a missing guard statement after an smtpd_check_rewrite() call was moved closer to the command processor loop. Fix by Bartek Szady. File: smtpd/smtpd.c. + +20120220 + + Cleanup: documentation of how to use only system-supplied + certificates with *CAfile and *CApath. File: proto/postconf.proto. + + Cleanup: documentation of smtp_sasl_mechanism_filter. File: + proto/postconf.proto. + +20120222 + + Cleanup: when multiple DNSBLs block an SMTP client, the + postscreen "reject" message now gives credit to the DNSBL + with the largest weight, instead of the DNSBL that replies + first. File: postscreen/postscreeb_dnsbl.c. + + Cleanup: memcache_table(5) manpage. File proto/memcache_table. + +20120225 + + Cleanup: eliminated the build-time Perl dependency. File: + bounce/annotate.sh. + + Cleanup: when -DNO_DB support was added, the makedefs script + was not updated to skip the Linux Berkeley DB tests. + + FreeBSD9 is now a supported platform. Files: makedefs, + util/sys_defs.h. + +20120226 + + Cleanup: documentation in postfix-install. diff --git a/postfix/html/memcache_table.5.html b/postfix/html/memcache_table.5.html index 01da77ed3..36af14727 100644 --- a/postfix/html/memcache_table.5.html +++ b/postfix/html/memcache_table.5.html @@ -84,37 +84,38 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) flags (default: 0) Optional flags that should be stored along with a - memcache update. + memcache update. The flags are ignored when looking + up information. ttl (default: 3600) The expiration time in seconds of memcache updates. - NOTE 1: When using a memcache table as + NOTE 1: When using a memcache table as postscreen(8) or verify(8) cache without persistent backup, specify a zero *_cache_cleanup_interval - value with all Postfix instances that use the mem- - cache, and specify the largest postscreen(8) *_ttl - value or verify(8) *_expire_time value as the mem- + value with all Postfix instances that use the mem- + cache, and specify the largest postscreen(8) *_ttl + value or verify(8) *_expire_time value as the mem- cache table's ttl value. - NOTE 2: According to memcache protocol documenta- - tion, a value greater than 30 days (2592000 sec- - onds) specifies absolute UNIX time. Smaller values + NOTE 2: According to memcache protocol documenta- + tion, a value greater than 30 days (2592000 sec- + onds) specifies absolute UNIX time. Smaller values are relative to the time of the update. MEMCACHE KEY PARAMETERS key_format (default: %s) - Format of the lookup and update keys in memcache - requests. By default, these are the same as the - lookup and update keys that are given to the Post- + Format of the lookup and update keys in memcache + requests. By default, these are the same as the + lookup and update keys that are given to the Post- fix memcache client. NOTE: The key_format feature is not used for backup database requests. - When the same memcache database is used to cache - information from multiple tables, you can use the - key_format feature to avoid name collisions by + When the same memcache database is used to cache + information from multiple tables, you can use the + key_format feature to avoid name collisions by prepending a fixed string. Examples: key_format = aliases:%s @@ -125,48 +126,48 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) %% This is replaced by a literal '%' character. - %s This is replaced by the memcache client + %s This is replaced by the memcache client input key. %u When the input key is an address of the form user@domain, %u is replaced by the SQL - quoted local part of the address. Other- - wise, %u is replaced by the entire search + quoted local part of the address. Other- + wise, %u is replaced by the entire search string. If the localpart is empty, a lookup - is silently suppressed and returns no - results (an update is skipped with a warn- + is silently suppressed and returns no + results (an update is skipped with a warn- ing). %d When the input key is an address of the form - user@domain, %d is replaced by the domain + user@domain, %d is replaced by the domain part of the address. Otherwise, a lookup is - silently suppressed and returns no results + silently suppressed and returns no results (an update is skipped with a warning). %[SUD] The upper-case equivalents of the above - expansions behave in the key_format parame- + expansions behave in the key_format parame- ter identically to their lower-case counter- parts. - %[1-9] The patterns %1, %2, ... %9 are replaced by + %[1-9] The patterns %1, %2, ... %9 are replaced by the corresponding most significant component - of the input key's domain. If the input key + of the input key's domain. If the input key is user@mail.example.com, then %1 is com, %2 - is example and %3 is mail. If the input key + is example and %3 is mail. If the input key is unqualified or does not have enough - domain components to satisfy all the speci- - fied patterns, a lookup is silently sup- + domain components to satisfy all the speci- + fied patterns, a lookup is silently sup- pressed and returns no results (an update is skipped with a warning). domain (default: no domain list) This feature can significantly reduce database server load. Specify a list of domain names, paths - to files, or "type:table" databases. When speci- + to files, or "type:table" databases. When speci- fied, only fully qualified search keys with a *non- empty* localpart and a matching domain are eligible - for lookup or update: bare 'user' lookups, bare - domain lookups and "@domain" lookups are silently + for lookup or update: bare 'user' lookups, bare + domain lookups and "@domain" lookups are silently skipped (updates are skipped with a warning). Example: @@ -180,33 +181,33 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) The maximal memcache reply line length in bytes. max_try (default: 2) - The number of times to try a memcache command - before giving up. The memcache client does not + The number of times to try a memcache command + before giving up. The memcache client does not retry a command when the memcache server accepts no connection. retry_pause (default: 1) - The time in seconds before retrying a failed mem- + The time in seconds before retrying a failed mem- cache command. timeout (default: 2) - The time limit for sending a memcache command and + The time limit for sending a memcache command and for receiving a memcache reply. BUGS - The Postfix memcache client cannot be used for security- - sensitive tables such as alias_maps (these may contain - "|command and "/file/name" destinations), or vir- - tual_uid_maps, virtual_gid_maps and virtual_mailbox_maps - (these specify UNIX process privileges or "/file/name" - destinations). In a typical deployment a memcache data- - base is writable by any process that can talk to the mem- - cache server; in contrast, security-sensitive tables must + The Postfix memcache client cannot be used for security- + sensitive tables such as alias_maps (these may contain + "|command and "/file/name" destinations), or vir- + tual_uid_maps, virtual_gid_maps and virtual_mailbox_maps + (these specify UNIX process privileges or "/file/name" + destinations). In a typical deployment a memcache data- + base is writable by any process that can talk to the mem- + cache server; in contrast, security-sensitive tables must never be writable by the unprivileged Postfix user. The Postfix memcache client requires additional configura- - tion when used as postscreen(8) or verify(8) cache. For - details see the backup and ttl parameter discussions in + tion when used as postscreen(8) or verify(8) cache. For + details see the backup and ttl parameter discussions in the MEMCACHE MAIN PARAMETERS section above. SEE ALSO @@ -218,11 +219,11 @@ MEMCACHE_TABLE(5) MEMCACHE_TABLE(5) MEMCACHE_README, Postfix memcache client guide LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. HISTORY - Memcache support was introduced with Postfix version 2.9. + Memcache support was introduced with Postfix version 2.9. AUTHOR(S) Wietse Venema diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index ec54b00c4..81fb9221a 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -10201,10 +10201,10 @@ parameter, but the setting "no" does not.

If non-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. Different client and -server implementations may support different mechanism lists. By +server implementations may support different mechanism lists; by default, the Postfix SMTP client will use the intersection of the -two. smtp_sasl_mechanism_filter further restricts what server -mechanisms the client will take into consideration.

+two. smtp_sasl_mechanism_filter specifies an optional third mechanism +list to intersect with.

Specify mechanism names, "/file/name" patterns or "type:table" lookup tables. The right-hand side result from "type:table" lookups @@ -10490,6 +10490,10 @@ file may also be used to augment the client certificate trust chain, but it is best to include all the required certificates directly in $smtp_tls_cert_file.

+

Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use +ONLY the system-supplied default certificate authority certificates. +

+

Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates.

@@ -10517,6 +10521,10 @@ with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".

To use this option in chroot mode, this directory (or a copy) must be inside the chroot jail.

+

Specify "smtp_tls_CApath = /path/to/system_CA_directory" to +use ONLY the system-supplied default certificate authority certificates. +

+

Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates.

@@ -14196,6 +14204,10 @@ file may also be used to augment the server certificate trust chain, but it is best to include all the required certificates directly in the server certificate file.

+

Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY +the system-supplied default certificate authority certificates. +

+

Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates.

@@ -14231,6 +14243,10 @@ for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use smtpd_tls_CApath in chroot mode, this directory (or a copy) must be inside the chroot jail.

+

Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to +use ONLY the system-supplied default certificate authority certificates. +

+

Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates.

diff --git a/postfix/makedefs b/postfix/makedefs index 316d94b48..92a9717c3 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -153,6 +153,8 @@ case "$SYSTEM.$RELEASE" in ;; FreeBSD.8*) SYSTYPE=FREEBSD8 ;; + FreeBSD.9*) SYSTYPE=FREEBSD9 + ;; OpenBSD.2*) SYSTYPE=OPENBSD2 ;; OpenBSD.3*) SYSTYPE=OPENBSD3 @@ -267,36 +269,31 @@ case "$SYSTEM.$RELEASE" in esac;; # Tested with RedHat 3.03 on 20020729. Linux.1*) SYSTYPE=LINUX1 - SYSLIBS="-ldb" + case "$CCARGS" in + *-DNO_DB*) ;; + *) SYSLIBS="-ldb";; + esac ;; Linux.2*) SYSTYPE=LINUX2 - # Postfix no longer needs DB 1.85 compatibility - if [ -f /usr/include/db.h ] - then - : we are all set - elif [ -f /usr/include/db/db.h ] - then - CCARGS="$CCARGS -I/usr/include/db" - else - # No, we're not going to try db1 db2 db3 etc. - # On a properly installed system, Postfix builds - # by including and by linking with -ldb - echo "No include file found." 1>&2 - echo "Install the appropriate db*-devel package first." 1>&2 - echo "See the RELEASE_NOTES file for more information." 1>&2 - exit 1 - fi - # GDBM locks the DBM .pag file after open. This breaks postmap. - # if [ -f /usr/include/gdbm-ndbm.h ] - # then - # CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H=''" - # GDBM_LIBS=gdbm - # elif [ -f /usr/include/gdbm/ndbm.h ] - # then - # CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H=''" - # GDBM_LIBS=gdbm - # fi - SYSLIBS="-ldb" + case "$CCARGS" in + *-DNO_DB*) ;; + *) if [ -f /usr/include/db.h ] + then + : we are all set + elif [ -f /usr/include/db/db.h ] + then + CCARGS="$CCARGS -I/usr/include/db" + else + # No, we're not going to try db1 db2 db3 etc. + # On a properly installed system, Postfix builds + # by including and by linking with -ldb + echo "No include file found." 1>&2 + echo "Install the appropriate db*-devel package first." 1>&2 + exit 1 + fi + SYSLIBS="-ldb" + ;; + esac for name in nsl resolv $GDBM_LIBS do for lib in /usr/lib64 /lib64 /usr/lib /lib @@ -350,21 +347,24 @@ EOF esac ;; Linux.3*) SYSTYPE=LINUX3 - if [ -f /usr/include/db.h ] - then - : we are all set - elif [ -f /usr/include/db/db.h ] - then - CCARGS="$CCARGS -I/usr/include/db" - else - # On a properly installed system, Postfix builds - # by including and by linking with -ldb - echo "No include file found." 1>&2 - echo "Install the appropriate db*-devel package first." 1>&2 - echo "See the RELEASE_NOTES file for more information." 1>&2 - exit 1 - fi - SYSLIBS="-ldb" + case "$CCARGS" in + *-DNO_DB*) ;; + *) if [ -f /usr/include/db.h ] + then + : we are all set + elif [ -f /usr/include/db/db.h ] + then + CCARGS="$CCARGS -I/usr/include/db" + else + # On a properly installed system, Postfix builds + # by including and by linking with -ldb + echo "No include file found." 1>&2 + echo "Install the appropriate db*-devel package first." 1>&2 + exit 1 + fi + SYSLIBS="-ldb" + ;; + esac for name in nsl resolv do for lib in /usr/lib64 /lib64 /usr/lib /lib @@ -378,23 +378,24 @@ EOF ;; GNU.0*|GNU/kFreeBSD.[567]*) SYSTYPE=GNU0 - # Postfix no longer needs DB 1.85 compatibility - if [ -f /usr/include/db.h ] - then - : we are all set - elif [ -f /usr/include/db/db.h ] - then - CCARGS="$CCARGS -I/usr/include/db" - else - # No, we're not going to try db1 db2 db3 etc. - # On a properly installed system, Postfix builds - # by including and by linking with -ldb - echo "No include file found." 1>&2 - echo "Install the appropriate db*-devel package first." 1>&2 - echo "See the RELEASE_NOTES file for more information." 1>&2 - exit 1 - fi - SYSLIBS="-ldb" + case "$CCARGS" in + *-DNO_DB*) ;; + *) if [ -f /usr/include/db.h ] + then + : we are all set + elif [ -f /usr/include/db/db.h ] + then + CCARGS="$CCARGS -I/usr/include/db" + else + # On a properly installed system, Postfix builds + # by including and by linking with -ldb + echo "No include file found." 1>&2 + echo "Install the appropriate db*-devel package first." 1>&2 + exit 1 + fi + SYSLIBS="-ldb" + ;; + esac for name in nsl resolv do for lib in /usr/lib64 /lib64 /usr/lib /lib diff --git a/postfix/man/man5/memcache_table.5 b/postfix/man/man5/memcache_table.5 index 1c33b09fe..692cc8d34 100644 --- a/postfix/man/man5/memcache_table.5 +++ b/postfix/man/man5/memcache_table.5 @@ -88,7 +88,7 @@ setting (depending on whether the access is read-only or read-write). .IP "\fBflags (default: 0)\fR" Optional flags that should be stored along with a memcache -update. +update. The flags are ignored when looking up information. .IP "\fBttl (default: 3600)\fR" The expiration time in seconds of memcache updates. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 09506eae2..23cf48301 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -5989,10 +5989,10 @@ This feature is available in Postfix 2.5 and later. .SH smtp_sasl_mechanism_filter (default: empty) If non-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. Different client and -server implementations may support different mechanism lists. By +server implementations may support different mechanism lists; by default, the Postfix SMTP client will use the intersection of the -two. smtp_sasl_mechanism_filter further restricts what server -mechanisms the client will take into consideration. +two. smtp_sasl_mechanism_filter specifies an optional third mechanism +list to intersect with. .PP Specify mechanism names, "/file/name" patterns or "type:table" lookup tables. The right-hand side result from "type:table" lookups @@ -6160,6 +6160,9 @@ file may also be used to augment the client certificate trust chain, but it is best to include all the required certificates directly in $smtp_tls_cert_file. .PP +Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use +ONLY the system-supplied default certificate authority certificates. +.PP Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates. @@ -6184,6 +6187,9 @@ with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use this option in chroot mode, this directory (or a copy) must be inside the chroot jail. .PP +Specify "smtp_tls_CApath = /path/to/system_CA_directory" to +use ONLY the system-supplied default certificate authority certificates. +.PP Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates. @@ -8993,6 +8999,9 @@ file may also be used to augment the server certificate trust chain, but it is best to include all the required certificates directly in the server certificate file. .PP +Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY +the system-supplied default certificate authority certificates. +.PP Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates. @@ -9026,6 +9035,9 @@ for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use smtpd_tls_CApath in chroot mode, this directory (or a copy) must be inside the chroot jail. .PP +Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to +use ONLY the system-supplied default certificate authority certificates. +.PP Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates. diff --git a/postfix/postfix-install b/postfix/postfix-install index 49225ac88..7f14c03ef 100644 --- a/postfix/postfix-install +++ b/postfix/postfix-install @@ -104,7 +104,7 @@ # users. The built-in default directory name is system dependent. # This parameter setting is recorded in the installed main.cf file. # .IP html_directory -# The destination directory for the Postfix HTML files. +# The final destination directory for the Postfix HTML files. # This parameter setting is recorded in the installed main.cf file. # .IP queue_directory # The final destination directory for Postfix queues. @@ -138,14 +138,14 @@ # The built-in default group name is postdrop. # This parameter setting is recorded in the installed main.cf file. # .IP manpage_directory -# The destination directory for the Postfix on-line manual pages. +# The final destination directory for the Postfix on-line manual pages. # This parameter setting is recorded in the installed main.cf file. # .IP sample_directory -# The destination directory for the Postfix sample configuration files. -# This parameter is obsolete as of Postfix version 2.1. +# The final destination directory for the Postfix sample configuration +# files. This parameter is obsolete as of Postfix version 2.1. # This parameter setting is recorded in the installed main.cf file. # .IP readme_directory -# The destination directory for the Postfix README files. +# The final destination directory for the Postfix README files. # This parameter setting is recorded in the installed main.cf file. # SEE ALSO # post-install(1) post-installation procedure @@ -350,13 +350,14 @@ management commands. Specify a group name with a numerical group ID that is not shared with other accounts, not even with the Postfix mail_owner account. You can no longer specify \"no\" here." -manpage_directory_prompt="the destination directory for the Postfix on-line -manual pages. You can no longer specify \"no\" here." +manpage_directory_prompt="the final destination directory for the +Postfix on-line manual pages. You can no longer specify \"no\" +here." -readme_directory_prompt="the destination directory for the Postfix +readme_directory_prompt="the final destination directory for the Postfix README files. Specify \"no\" if you do not want to install these files." -html_directory_prompt="the destination directory for the Postfix +html_directory_prompt="the final destination directory for the Postfix HTML files. Specify \"no\" if you do not want to install these files." # Default settings, just to get started. diff --git a/postfix/proto/memcache_table b/postfix/proto/memcache_table index 3dc4678b7..c065e65da 100644 --- a/postfix/proto/memcache_table +++ b/postfix/proto/memcache_table @@ -80,7 +80,7 @@ # read-write). # .IP "\fBflags (default: 0)\fR" # Optional flags that should be stored along with a memcache -# update. +# update. The flags are ignored when looking up information. # .IP "\fBttl (default: 3600)\fR" # The expiration time in seconds of memcache updates. # diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 8e5e47a36..63804d43c 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -4362,10 +4362,10 @@ smtp_sasl_security_options = noplaintext

If non-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. Different client and -server implementations may support different mechanism lists. By +server implementations may support different mechanism lists; by default, the Postfix SMTP client will use the intersection of the -two. smtp_sasl_mechanism_filter further restricts what server -mechanisms the client will take into consideration.

+two. smtp_sasl_mechanism_filter specifies an optional third mechanism +list to intersect with.

Specify mechanism names, "/file/name" patterns or "type:table" lookup tables. The right-hand side result from "type:table" lookups @@ -8811,6 +8811,10 @@ file may also be used to augment the server certificate trust chain, but it is best to include all the required certificates directly in the server certificate file.

+

Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY +the system-supplied default certificate authority certificates. +

+

Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates.

@@ -8842,6 +8846,10 @@ for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use smtpd_tls_CApath in chroot mode, this directory (or a copy) must be inside the chroot jail.

+

Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to +use ONLY the system-supplied default certificate authority certificates. +

+

Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates.

@@ -9221,6 +9229,10 @@ file may also be used to augment the client certificate trust chain, but it is best to include all the required certificates directly in $smtp_tls_cert_file.

+

Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use +ONLY the system-supplied default certificate authority certificates. +

+

Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates.

@@ -9244,6 +9256,10 @@ with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".

To use this option in chroot mode, this directory (or a copy) must be inside the chroot jail.

+

Specify "smtp_tls_CApath = /path/to/system_CA_directory" to +use ONLY the system-supplied default certificate authority certificates. +

+

Specify "tls_append_default_CA = no" to prevent Postfix from appending the system-supplied default CAs and trusting third-party certificates.

diff --git a/postfix/src/bounce/Makefile.in b/postfix/src/bounce/Makefile.in index 09de6e9d0..8c98151db 100644 --- a/postfix/src/bounce/Makefile.in +++ b/postfix/src/bounce/Makefile.in @@ -25,9 +25,9 @@ $(PROG): $(OBJS) $(LIBS) $(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS) # Eliminate dependency on installed Postfix. -../../conf/bounce.cf.default: template_test.ref annotate.pl +../../conf/bounce.cf.default: template_test.ref annotate.sh rm -f $@ - perl annotate.pl $@ + ./annotate.sh $@ main.cf: echo queue_directory=. >main.cf diff --git a/postfix/src/bounce/annotate.pl b/postfix/src/bounce/annotate.sh old mode 100644 new mode 100755 similarity index 91% rename from postfix/src/bounce/annotate.pl rename to postfix/src/bounce/annotate.sh index a7aabfe67..c2acaa847 --- a/postfix/src/bounce/annotate.pl +++ b/postfix/src/bounce/annotate.sh @@ -1,4 +1,6 @@ -print <<'EOF' +#!/bin/sh + +cat <<'EOF' # # Do not edit this file. This file shows the default delivery status # notification (DSN) messages that are built into Postfix. @@ -60,10 +62,11 @@ EOF # bounce_template_file = $config_directory/bounce.cf # #EOF -; -while (<>) { - if (/^failure_template/) { print <<'EOF' +IFS= +while read line; do + case "$line" in + failure_template*) cat <<'EOF' # # The failure template is used when mail is returned to the sender; @@ -72,8 +75,8 @@ while (<>) { # EOF -; - } elsif (/^delay_template/) { print <<'EOF' + ;; + delay_template*) cat <<'EOF' # # The delay template is used when mail is delayed. Note a neat trick: @@ -90,8 +93,8 @@ EOF # EOF -; - } elsif (/^success_template/) { print <<'EOF' + ;; + success_template*) cat <<'EOF' # # The success template is used when mail is delivered to mailbox, @@ -101,17 +104,17 @@ EOF # EOF -; - } elsif (/^verify_template/) { print <<'EOF' + ;; + verify_template*) cat <<'EOF' # # The verify template is used for address verification (sendmail -bv -# address...). or for verbose mail delivery (sendmail -v address...). +# address...) or for verbose mail delivery (sendmail -v address...). # It is an error to specify a Postmaster-Subject: here. # EOF -; - } - print $_; -} + ;; + esac + echo "$line"; +done diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b53552213..00c359944 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20120218" +#define MAIL_RELEASE_DATE "20120226" #define MAIL_VERSION_NUMBER "2.10" #ifdef SNAPSHOT diff --git a/postfix/src/postscreen/postscreen_dnsbl.c b/postfix/src/postscreen/postscreen_dnsbl.c index b85a9da93..82f88240c 100644 --- a/postfix/src/postscreen/postscreen_dnsbl.c +++ b/postfix/src/postscreen/postscreen_dnsbl.c @@ -139,7 +139,8 @@ typedef struct { } PSC_CALL_BACK_ENTRY; typedef struct { - const char *dnsbl; /* one contributing DNSBL */ + const char *dnsbl_name; /* DNSBL with largest contribution */ + int dnsbl_weight; /* weight of largest contribution */ int total; /* combined blocklist score */ int refcount; /* score reference count */ int pending_lookups; /* nr of DNS requests in flight */ @@ -328,7 +329,7 @@ int psc_dnsbl_retrieve(const char *client_addr, const char **dnsbl_name, * Reads are destructive. */ result_score = score->total; - *dnsbl_name = score->dnsbl; + *dnsbl_name = score->dnsbl_name; score->refcount -= 1; if (score->refcount < 1) { if (msg_verbose > 1) @@ -398,8 +399,11 @@ static void psc_dnsbl_receive(int event, char *context) if (site->byte_codes == 0 || psc_dnsbl_match(site->byte_codes, reply_argv ? reply_argv : (reply_argv = argv_split(STR(reply_addr), " ")))) { - if (score->dnsbl == 0) - score->dnsbl = head->safe_dnsbl; + if (score->dnsbl_name == 0 + || score->dnsbl_weight < site->weight) { + score->dnsbl_name = head->safe_dnsbl; + score->dnsbl_weight = site->weight; + } score->total += site->weight; if (msg_verbose > 1) msg_info("%s: filter=\"%s\" weight=%d score=%d", @@ -477,7 +481,8 @@ int psc_dnsbl_request(const char *client_addr, msg_info("%s: create blocklist score for %s", myname, client_addr); score = (PSC_DNSBL_SCORE *) mymalloc(sizeof(*score)); score->request_id = request_count++; - score->dnsbl = 0; + score->dnsbl_name = 0; + score->dnsbl_weight = 0; score->total = 0; score->refcount = 1; score->pending_lookups = 0; diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index b6af7cfea..482fa7327 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -25,7 +25,7 @@ */ #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \ - || defined(FREEBSD8) \ + || defined(FREEBSD8) || defined(FREEBSD9) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ || defined(OPENBSD5) \