postfix-2.8.15

postfix/HISTORY

@@ -16887,3 +16887,31 @@ Apologies for any names omitted.
 
 	Bugfix: the 20121010 fix for tls_misc.c was documented but
 	not included.
+
+20130403
+
+	Bugfix (introduced: Postfix 2.3): don't reuse TCP connections
+	when smtp_tls_policy_maps is specified. Victor Duchovni.
+	Found during Postfix 2.11 code maintenance.  File:
+	smtp/smtp_reuse.c.
+
+20130423
+
+	Bugfix (introduced: Postfix 2.0): when myhostname is not
+	listed in mydestination, the trivial-rewrite resolver may
+	log "do not list <myhostname value> in both mydestination
+	and <name of non-mydestination domain list>".  The fix is
+	to re-resolve a domain-less address after adding $myhostname
+	as the surrogate domain, so that it pops out with the right
+	address-class label.  Problem reported by Quanah Gibson-Mount.
+	File: trivial-rewrite/resolve.c.
+
+20130425
+
+	Bugfix (introduced: Postfix 2.2): don't reuse TCP connections
+	when SASL authentication is enabled. SASL passwords may
+	depend on the remote SMTP server hostname, but the Postfix
+	<2.11 SMTP connection cache client does not distinguish
+	between different hostnames that resolve to the same IP
+	address.  Found during Postfix 2.11 code maintenance.  File:
+	smtp/smtp_connect.c.

postfix/src/global/mail_version.h

@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20130203"
+#define MAIL_RELEASE_DATE	"20130622"
-#define MAIL_VERSION_NUMBER	"2.8.14"
+#define MAIL_VERSION_NUMBER	"2.8.15"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE

postfix/src/smtp/smtp_connect.c

@@ -456,12 +456,12 @@ static void smtp_cache_policy(SMTP_STATE *state, const char *dest)
     state->misc_flags &= ~SMTP_MISC_FLAG_CONN_CACHE_MASK;
 
     /*
-     * XXX Disable connection caching when sender-dependent authentication is
+     * XXX Disable connection caching when SASL authentication is
      * enabled. We must not send someone elses mail over an authenticated
      * connection, and we must not send mail that requires authentication
      * over a connection that wasn't authenticated.
      */
-    if (var_smtp_sender_auth)
+    if (var_smtp_sasl_passwd && *var_smtp_sasl_passwd)
 	return;
 
     if (smtp_cache_dest && string_list_match(smtp_cache_dest, dest)) {

postfix/src/smtp/smtp_reuse.c

@@ -270,7 +270,7 @@ SMTP_SESSION *smtp_reuse_addr(SMTP_STATE *state, const char *addr,
      * credentials or the wrong TLS policy.
      */
     if ((var_smtp_tls_per_site && *var_smtp_tls_per_site)
-	|| (var_smtp_sasl_passwd && *var_smtp_sasl_passwd))
+	|| (var_smtp_tls_policy && *var_smtp_tls_policy))
 	return (0);
 
     /*

postfix/src/trivial-rewrite/resolve.c

@@ -324,9 +324,18 @@ static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr,
 	    tok822_free(tree->head);
 	    tree->head = 0;
 	}
-	/* XXX must be localpart only, not user@domain form. */
+	/* XXX Re-resolve the surrogate, in case already in user@domain form. */
-	if (tree->head == 0)
+	if (tree->head == 0) {
 	    tree->head = tok822_scan(var_empty_addr, &tree->tail);
+	    continue;
+	}
+
+	/* XXX Re-resolve with @$myhostname for backwards compatibility. */
+	if (domain == 0 && saved_domain == 0) {
+	    tok822_sub_append(tree, tok822_alloc('@', (char *) 0));
+	    tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0));
+	    continue;
+	}
 
 	/*
 	 * We're done. There are no domains left to strip off the address,