snapshot-19990911

postfix/HISTORY

@@ -3089,3 +3089,8 @@ Apologies for any names omitted.
 	and added a test for the case that they specify a lookup
 	table on the right-hand side of an SMTPD access map.
 	File: smtpd/smtpd_access.c.
+
+	Cleanup: removed spurious sender address checks for <>.
+
+	Cleanup: the smtp client now consistently logs host[address]
+	for all connection attempts.

postfix/RELEASE_NOTES

@@ -1,11 +1,11 @@
-Incompatible changes with snapshot 19990910
+Incompatible changes with snapshot 19990911
 ===========================================
 
 - You can not longer use virtual, canonical or aliases tables as
 SMTPD access control tables. Use the permit_recipient_map feature
 instead. The loss is compensated for.
 
-Major changes with snapshot 19990910
+Major changes with snapshot 19990911
 ====================================
 
 - Per-client/helo/sender/recipient UCE restrictions: you can now
@@ -42,16 +42,26 @@ That should stop a lot of the mail to non-existent recipients.  It
 won't stop mail to broken aliases or to users with broken .forward
 files, though.
 
-All this is great for non-relaying sites. A good example with
+For a relaying site, the best we can do is something like:
-permit_recipient_map for relaying sites still needs to be found.
+
+    smtpd_recipient_restrictions =
+	permit_mynetworks
+	reject_unauth_destination
+	reject_unknown_sender_domain
+	...other checks to reject non-FQDN, RBL, access maps...
+	permit_recipient_map unix:passwd.byname
+	permit_recipient_map hash:/etc/canonical
+	permit_recipient_map hash:/etc/postfix/virtual
+	permit_recipient_map hash:/etc/aliases
+	reject
 
 Unfortunately, permit_recipient_map does not combine well with
-permit_mynetworks, because permit_mynetworks accepts mail for ALL
+permit_mynetworks, because permit_mynetworks accepts mail for 
-destinations, including ALL LOCAL destinations.
+non-existent local recipients.
 
 Unfortunately, permit_recipient_map does not combine well with
-check_relay_domains, because check_relay_domains permits mail for
+check_relay_domains, because check_relay_domains permits either
-ALL LOCAL destinations.
+rejects mail, or accepts mail for non-existent local recipients.
 
 Incompatible changes with postfix-19990906
 ==========================================

postfix/global/mail_version.h

@@ -15,7 +15,7 @@
   * Version of this program.
   */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Snapshot-19990910"
+#define DEF_MAIL_VERSION	"Snapshot-19990911"
 extern char *var_mail_version;
 
 /* LICENSE

postfix/smtp/smtp_connect.c

@@ -174,7 +174,7 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
     memcpy((char *) &sin.sin_addr, addr->data, sizeof(sin.sin_addr));
 
     if (msg_verbose)
-	msg_info("%s: trying: %s/%s port %d...",
+	msg_info("%s: trying: %s[%s] port %d...",
 		 myname, addr->name, inet_ntoa(sin.sin_addr), ntohs(port));
     if (var_smtp_conn_tmout > 0) {
 	non_blocking(sock, NON_BLOCKING);
@@ -187,7 +187,8 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
 	conn_stat = connect(sock, (struct sockaddr *) & sin, sizeof(sin));
     }
     if (conn_stat < 0) {
-	vstring_sprintf(why, "connect to %s: %m", addr->name);
+	vstring_sprintf(why, "connect to %s[%s]: %m",
+			addr->name, inet_ntoa(sin.sin_addr));
 	smtp_errno = SMTP_RETRY;
 	close(sock);
 	return (0);
@@ -197,7 +198,8 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
      * Skip this host if it takes no action within some time limit.
      */
     if (read_wait(sock, var_smtp_helo_tmout) < 0) {
-	vstring_sprintf(why, "connect to %s: read timeout", addr->name);
+	vstring_sprintf(why, "connect to %s[%s]: read timeout",
+			addr->name, inet_ntoa(sin.sin_addr));
 	smtp_errno = SMTP_RETRY;
 	close(sock);
 	return (0);
@@ -208,8 +210,8 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
      */
     stream = vstream_fdopen(sock, O_RDWR);
     if ((ch = VSTREAM_GETC(stream)) == VSTREAM_EOF) {
-	vstring_sprintf(why, "connect to %s: server dropped connection",
+	vstring_sprintf(why, "connect to %s[%s]: server dropped connection",
-			addr->name);
+			addr->name, inet_ntoa(sin.sin_addr));
 	smtp_errno = SMTP_RETRY;
 	vstream_fclose(stream);
 	return (0);
@@ -219,8 +221,8 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
      * Skip this host if it sends a 4xx greeting.
      */
     if (ch == '4' && var_smtp_skip_4xx_greeting) {
-	vstring_sprintf(why, "connect to %s: server refused mail service",
+	vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
-			addr->name);
+			addr->name, inet_ntoa(sin.sin_addr));
 	smtp_errno = SMTP_RETRY;
 	vstream_fclose(stream);
 	return (0);

postfix/smtpd/smtpd_check.c

@@ -1513,16 +1513,16 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
 	 * Sender mail address restrictions.
 	 */
 	else if (is_map_command(name, CHECK_SENDER_ACL, &cpp)) {
-	    if (state->sender)
+	    if (state->sender && *state->sender)
 		status = check_mail_access(state, *cpp, state->sender,
 					   state->sender,
 					   SMTPD_NAME_SENDER, def_acl);
 	} else if (strcasecmp(name, REJECT_UNKNOWN_ADDRESS) == 0) {
-	    if (state->sender)
+	    if (state->sender && *state->sender)
 		status = reject_unknown_address(state, state->sender,
 					  state->sender, SMTPD_NAME_SENDER);
 	} else if (strcasecmp(name, REJECT_UNKNOWN_SENDDOM) == 0) {
-	    if (state->sender)
+	    if (state->sender && *state->sender)
 		status = reject_unknown_address(state, state->sender,
 					  state->sender, SMTPD_NAME_SENDER);
 	} else if (strcasecmp(name, REJECT_NON_FQDN_SENDER) == 0) {