mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 18:07:41 +00:00
Code Issues Releases Wiki Activity

postfix-3.9-20240206

Browse Source
This commit is contained in:
Wietse Z Venema 2024-02-06 00:00:00 -05:00 committed by Viktor Dukhovni
parent 36c1c0967b
commit 8109ebaddf
12 changed files with 176 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
postfix/HISTORY
View File

@ -27787,3 +27787,26 @@ Apologies for any names omitted.
configurable, and updated the mysql_table(5) and pgsql_table(5) configurable, and updated the mysql_table(5) and pgsql_table(5)
manpages. Files: global/dict_mysql.c, global/dict_pgsql.c, manpages. Files: global/dict_mysql.c, global/dict_pgsql.c,
proto/mysql_table, proto/pgsql_table. proto/mysql_table, proto/pgsql_table.
20230130
Reproducible build: added LC_ALL=C to the top of the makedefs
script.
20240206
Documentation: in COMPATIBILITY_README, the descriptions
of smtpd_relay_restrictions and smtputf8_enable were grouped
under the wrong compatibility level value. Reported by Rune
Philosof. File: proto/COMPATIBILITY_README.html.
Compatibility: the RFC 5322 date and time specification
recommends (i.e. should) that a single space be used in
each place that FWS appears. To avoid a breaking change,
Postfix now formats numerical days as two-digit days, i.e.
days 1-9 have a leading zero instead of a leading space.
Files: util/sys_defs.h global/mail_date.c.
Documentation: the post-install(1) manpage now lists
$config_directory/makedefs.out as one of the installed
files. File: postfix-install.

64
postfix/README_FILES/COMPATIBILITY_README
View File

@ -33,17 +33,17 @@ Logged with compatibility_level < 1:
* Using backwards-compatible default setting chroot=y * Using backwards-compatible default setting chroot=y
Logged with compatibility_level < 2:
* Using backwards-compatible default setting "smtpd_relay_restrictions = * Using backwards-compatible default setting "smtpd_relay_restrictions =
(empty)" (empty)"
* Using backwards-compatible default setting smtputf8_enable=no
Logged with compatibility_level < 2:
* Using backwards-compatible default setting mynetworks_style=subnet * Using backwards-compatible default setting mynetworks_style=subnet
* Using backwards-compatible default setting relay_domains=$mydestination * Using backwards-compatible default setting relay_domains=$mydestination
* Using backwards-compatible default setting smtputf8_enable=no
Logged with compatibility_level < 3.6: Logged with compatibility_level < 3.6:
* Using backwards-compatible default setting smtpd_tls_fingerprint_digest=md5 * Using backwards-compatible default setting smtpd_tls_fingerprint_digest=md5
@ -152,6 +152,34 @@ permanent in main.cf:
# ppoossttccoonnff ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss== # ppoossttccoonnff ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss==
# ppoossttffiixx rreellooaadd # ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo
The smtputf8_enable default value has changed from "no" to "yes". With the new
"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
that don't request SMTPUTF8 support, after Postfix is updated from an older
version. The backwards-compatibility safety net is designed to prevent such
surprises.
As long as the smtputf8_enable parameter is left at its implicit default value,
and the compatibility_level setting is less than 1, Postfix logs a warning each
time an SMTP command uses a non-ASCII address localpart without requesting
SMTPUTF8 support:
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII sender address
"??@example.org" from localhost[127.0.0.1]
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII recipient address
"??@example.com" from localhost[127.0.0.1]
If the address should not be rejected, and the client cannot be updated to use
SMTPUTF8, then the system administrator should make the backwards-compatible
setting "smtputf8_enable = no" permanent in main.cf:
# ppoossttccoonnff ssmmttppuuttff88__eennaabbllee==nnoo
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett
The mynetworks_style default value has changed from "subnet" to "host". This The mynetworks_style default value has changed from "subnet" to "host". This
@ -223,34 +251,6 @@ Note: quotes are required as indicated above.
Instead of $mydestination, it may be better to specify an explicit list of Instead of $mydestination, it may be better to specify an explicit list of
domain names. domain names.
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo
The smtputf8_enable default value has changed from "no" to "yes". With the new
"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
that don't request SMTPUTF8 support, after Postfix is updated from an older
version. The backwards-compatibility safety net is designed to prevent such
surprises.
As long as the smtputf8_enable parameter is left at its implicit default value,
and the compatibility_level setting is less than 1, Postfix logs a warning each
time an SMTP command uses a non-ASCII address localpart without requesting
SMTPUTF8 support:
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII sender address
"??@example.org" from localhost[127.0.0.1]
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII recipient address
"??@example.com" from localhost[127.0.0.1]
If the address should not be rejected, and the client cannot be updated to use
SMTPUTF8, then the system administrator should make the backwards-compatible
setting "smtputf8_enable = no" permanent in main.cf:
# ppoossttccoonnff ssmmttppuuttff88__eennaabbllee==nnoo
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppdd__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55 UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppdd__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55
The smtpd_tls_fingerprint_digest default value has changed from "md5" to The smtpd_tls_fingerprint_digest default value has changed from "md5" to

14
postfix/WISHLIST
View File

@ -6,8 +6,6 @@ Wish list:
Disable -DSNAPSHOT and -DNONPROD in makedefs. Disable -DSNAPSHOT and -DNONPROD in makedefs.
postfix-install should mention makedefs.out.
Remove .printfck directories, and remove printfck targets Remove .printfck directories, and remove printfck targets
from Makefiles. from Makefiles.
@ -36,16 +34,12 @@ Wish list:
Check out https://github.com/milter-manager/milter-manager/ Check out https://github.com/milter-manager/milter-manager/
Check out https://cutter.osdn.jp/ (C/C++ unit tests). Check out https://github.com/clear-code/cutter
(https://cutter.osdn.jp/) for C/C++ unit tests.
Follow https://github.com/vdukhovni/postfix/commits/rpk postscreen hints to smtpd to suppress the server greeting
Figure out which mysql_*escape_string*() variant to use and
handle error results accordingly.
postscreen hints to smtpd to suppress the server greeating
after a remote SMTP client has pregreeted. This makes the after a remote SMTP client has pregreeted. This makes the
PIPELINING detection more meaingful. PIPELINING detection more meaningful.
Multi-recipient support in sender/recipient_bcc_maps and Multi-recipient support in sender/recipient_bcc_maps and
always_bcc. always_bcc.

96
postfix/html/COMPATIBILITY_README.html
View File

@ -61,24 +61,24 @@ default setting append_dot_mydomain=yes </a> </p>
<li> <p> <a href="#chroot"> Using backwards-compatible default setting <li> <p> <a href="#chroot"> Using backwards-compatible default setting
chroot=y</a> </p> chroot=y</a> </p>
<li><p> <a href="#relay_restrictions"> Using backwards-compatible
default setting "smtpd_relay_restrictions = (empty)"</a> </p>
<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
default setting smtputf8_enable=no</a> </p>
</ul> </ul>
<p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 2: </p> <p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 2: </p>
<ul> <ul>
<li><p> <a href="#relay_restrictions"> Using backwards-compatible
default setting "smtpd_relay_restrictions = (empty)"</a> </p>
<li> <p> <a href="#mynetworks_style"> Using backwards-compatible <li> <p> <a href="#mynetworks_style"> Using backwards-compatible
default setting mynetworks_style=subnet </a> </p> default setting mynetworks_style=subnet </a> </p>
<li> <p> <a href="#relay_domains"> Using backwards-compatible default <li> <p> <a href="#relay_domains"> Using backwards-compatible default
setting relay_domains=$mydestination </a> </p> setting relay_domains=$mydestination </a> </p>
<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
default setting smtputf8_enable=no</a> </p>
</ul> </ul>
<p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 3.6: </p> <p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 3.6: </p>
@ -241,6 +241,48 @@ administrator should make the backwards-compatible setting
</pre> </pre>
</blockquote> </blockquote>
<h2> <a name="smtputf8_enable"> Using backwards-compatible default
setting smtputf8_enable=no</a> </h2>
<p> The <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> default value has changed from "no" to "yes".
With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
addresses from clients that don't request SMTPUTF8 support, after
Postfix is updated from an older version. The backwards-compatibility
safety net is designed to prevent such surprises. </p>
<p> As long as the <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> parameter is left at its implicit
default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is
less than 1, Postfix logs a warning each time an SMTP command uses a
non-ASCII address localpart without requesting SMTPUTF8 support: </p>
<blockquote>
<pre>
postfix/smtpd[27560]: using backwards-compatible default setting
<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII sender address
"??@example.org" from localhost[127.0.0.1]
</pre>
</blockquote>
<blockquote>
<pre>
postfix/smtpd[27560]: using backwards-compatible default setting
<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII recipient address
"??@example.com" from localhost[127.0.0.1]
</pre>
</blockquote>
<p> If the address should not be rejected, and the client cannot
be updated to use SMTPUTF8, then the system administrator should
make the backwards-compatible setting "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = no" permanent
in <a href="postconf.5.html">main.cf</a>:
<blockquote>
<pre>
# <b>postconf <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no</b>
# <b>postfix reload</b>
</pre>
</blockquote>
<h2> <a name="mynetworks_style"> Using backwards-compatible default <h2> <a name="mynetworks_style"> Using backwards-compatible default
setting mynetworks_style=subnet</a> </h2> setting mynetworks_style=subnet</a> </h2>
@ -352,48 +394,6 @@ administrator should make the backwards-compatible setting
<p> Instead of $<a href="postconf.5.html#mydestination">mydestination</a>, it may be better to specify an <p> Instead of $<a href="postconf.5.html#mydestination">mydestination</a>, it may be better to specify an
explicit list of domain names. </p> explicit list of domain names. </p>
<h2> <a name="smtputf8_enable"> Using backwards-compatible default
setting smtputf8_enable=no</a> </h2>
<p> The <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> default value has changed from "no" to "yes".
With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
addresses from clients that don't request SMTPUTF8 support, after
Postfix is updated from an older version. The backwards-compatibility
safety net is designed to prevent such surprises. </p>
<p> As long as the <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> parameter is left at its implicit
default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is
less than 1, Postfix logs a warning each time an SMTP command uses a
non-ASCII address localpart without requesting SMTPUTF8 support: </p>
<blockquote>
<pre>
postfix/smtpd[27560]: using backwards-compatible default setting
<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII sender address
"??@example.org" from localhost[127.0.0.1]
</pre>
</blockquote>
<blockquote>
<pre>
postfix/smtpd[27560]: using backwards-compatible default setting
<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII recipient address
"??@example.com" from localhost[127.0.0.1]
</pre>
</blockquote>
<p> If the address should not be rejected, and the client cannot
be updated to use SMTPUTF8, then the system administrator should
make the backwards-compatible setting "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = no" permanent
in <a href="postconf.5.html">main.cf</a>:
<blockquote>
<pre>
# <b>postconf <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no</b>
# <b>postfix reload</b>
</pre>
</blockquote>
<h2> <a name="smtpd_digest"> Using backwards-compatible <h2> <a name="smtpd_digest"> Using backwards-compatible
default setting smtpd_tls_fingerprint_digest=md5</a> </h2> default setting smtpd_tls_fingerprint_digest=md5</a> </h2>

3
postfix/makedefs
View File

@ -184,6 +184,9 @@
# New York, NY 10011, USA # New York, NY 10011, USA
#-- #--
# Override all LC_* settings and LANG for reproducibility.
LC_ALL=C; export LC_ALL
# By now all shells must have functions. # By now all shells must have functions.
error() { error() {

1
postfix/postfix-install
View File

@ -176,6 +176,7 @@
# post-install(1) post-installation procedure # post-install(1) post-installation procedure
# FILES # FILES
# $config_directory/main.cf, Postfix installation configuration. # $config_directory/main.cf, Postfix installation configuration.
# $config_directory/makedefs.out, Postfix 'make makefiles' options.
# $meta_directory/postfix-files, installation control file. # $meta_directory/postfix-files, installation control file.
# $config_directory/install.cf, obsolete configuration file. # $config_directory/install.cf, obsolete configuration file.
# LICENSE # LICENSE

96
postfix/proto/COMPATIBILITY_README.html
View File

@ -61,24 +61,24 @@ default setting append_dot_mydomain=yes </a> </p>
<li> <p> <a href="#chroot"> Using backwards-compatible default setting <li> <p> <a href="#chroot"> Using backwards-compatible default setting
chroot=y</a> </p> chroot=y</a> </p>
<li><p> <a href="#relay_restrictions"> Using backwards-compatible
default setting "smtpd_relay_restrictions = (empty)"</a> </p>
<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
default setting smtputf8_enable=no</a> </p>
</ul> </ul>
<p> Logged with compatibility_level &lt; 2: </p> <p> Logged with compatibility_level &lt; 2: </p>
<ul> <ul>
<li><p> <a href="#relay_restrictions"> Using backwards-compatible
default setting "smtpd_relay_restrictions = (empty)"</a> </p>
<li> <p> <a href="#mynetworks_style"> Using backwards-compatible <li> <p> <a href="#mynetworks_style"> Using backwards-compatible
default setting mynetworks_style=subnet </a> </p> default setting mynetworks_style=subnet </a> </p>
<li> <p> <a href="#relay_domains"> Using backwards-compatible default <li> <p> <a href="#relay_domains"> Using backwards-compatible default
setting relay_domains=$mydestination </a> </p> setting relay_domains=$mydestination </a> </p>
<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
default setting smtputf8_enable=no</a> </p>
</ul> </ul>
<p> Logged with compatibility_level &lt; 3.6: </p> <p> Logged with compatibility_level &lt; 3.6: </p>
@ -241,6 +241,48 @@ administrator should make the backwards-compatible setting
</pre> </pre>
</blockquote> </blockquote>
<h2> <a name="smtputf8_enable"> Using backwards-compatible default
setting smtputf8_enable=no</a> </h2>
<p> The smtputf8_enable default value has changed from "no" to "yes".
With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
addresses from clients that don't request SMTPUTF8 support, after
Postfix is updated from an older version. The backwards-compatibility
safety net is designed to prevent such surprises. </p>
<p> As long as the smtputf8_enable parameter is left at its implicit
default value, and the compatibility_level setting is
less than 1, Postfix logs a warning each time an SMTP command uses a
non-ASCII address localpart without requesting SMTPUTF8 support: </p>
<blockquote>
<pre>
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII sender address
"??@example.org" from localhost[127.0.0.1]
</pre>
</blockquote>
<blockquote>
<pre>
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII recipient address
"??@example.com" from localhost[127.0.0.1]
</pre>
</blockquote>
<p> If the address should not be rejected, and the client cannot
be updated to use SMTPUTF8, then the system administrator should
make the backwards-compatible setting "smtputf8_enable = no" permanent
in main.cf:
<blockquote>
<pre>
# <b>postconf smtputf8_enable=no</b>
# <b>postfix reload</b>
</pre>
</blockquote>
<h2> <a name="mynetworks_style"> Using backwards-compatible default <h2> <a name="mynetworks_style"> Using backwards-compatible default
setting mynetworks_style=subnet</a> </h2> setting mynetworks_style=subnet</a> </h2>
@ -352,48 +394,6 @@ administrator should make the backwards-compatible setting
<p> Instead of $mydestination, it may be better to specify an <p> Instead of $mydestination, it may be better to specify an
explicit list of domain names. </p> explicit list of domain names. </p>
<h2> <a name="smtputf8_enable"> Using backwards-compatible default
setting smtputf8_enable=no</a> </h2>
<p> The smtputf8_enable default value has changed from "no" to "yes".
With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
addresses from clients that don't request SMTPUTF8 support, after
Postfix is updated from an older version. The backwards-compatibility
safety net is designed to prevent such surprises. </p>
<p> As long as the smtputf8_enable parameter is left at its implicit
default value, and the compatibility_level setting is
less than 1, Postfix logs a warning each time an SMTP command uses a
non-ASCII address localpart without requesting SMTPUTF8 support: </p>
<blockquote>
<pre>
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII sender address
"??@example.org" from localhost[127.0.0.1]
</pre>
</blockquote>
<blockquote>
<pre>
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII recipient address
"??@example.com" from localhost[127.0.0.1]
</pre>
</blockquote>
<p> If the address should not be rejected, and the client cannot
be updated to use SMTPUTF8, then the system administrator should
make the backwards-compatible setting "smtputf8_enable = no" permanent
in main.cf:
<blockquote>
<pre>
# <b>postconf smtputf8_enable=no</b>
# <b>postfix reload</b>
</pre>
</blockquote>
<h2> <a name="smtpd_digest"> Using backwards-compatible <h2> <a name="smtpd_digest"> Using backwards-compatible
default setting smtpd_tls_fingerprint_digest=md5</a> </h2> default setting smtpd_tls_fingerprint_digest=md5</a> </h2>

1
postfix/proto/stop
View File

@ -1594,3 +1594,4 @@ lf
EOD EOD
chunking chunking
allowlists allowlists
FWS

2
postfix/proto/stop.spell-history
View File

@ -68,3 +68,5 @@ Levente
MariaDB MariaDB
dehtml dehtml
NONPROD NONPROD
LC
Philosof

7
postfix/src/global/mail_date.c
View File

@ -98,8 +98,13 @@ const char *mail_date(time_t when)
* First, format the date and wall-clock time. XXX The %e format (day of * First, format the date and wall-clock time. XXX The %e format (day of
* month, leading zero replaced by blank) isn't in my POSIX book, but * month, leading zero replaced by blank) isn't in my POSIX book, but
* many vendors seem to support it. * many vendors seem to support it.
*
* The RFC 5322 Date and Time Specification recommends (i.e., should) "that
* a single space be used in each place that FWS appears". To avoid a
* potentially breaking change, we prefer the %d (two-digit day) format,
* i.e. days 1-9 now have a leading zero instead of a leading space.
*/ */
#ifdef MISSING_STRFTIME_E #if defined(MISSING_STRFTIME_E) || defined (TWO_DIGIT_DAY_IN_DATE_TIME)
#define STRFTIME_FMT "%a, %d %b %Y %H:%M:%S " #define STRFTIME_FMT "%a, %d %b %Y %H:%M:%S "
#else #else
#define STRFTIME_FMT "%a, %e %b %Y %H:%M:%S " #define STRFTIME_FMT "%a, %e %b %Y %H:%M:%S "

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20240129" #define MAIL_RELEASE_DATE "20240206"
#define MAIL_VERSION_NUMBER "3.9" #define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT #ifdef SNAPSHOT

7
postfix/src/util/sys_defs.h
View File

@ -1331,6 +1331,13 @@ extern int dup2_pass_on_exec(int oldd, int newd);
#undef HAVE_RES_SEND #undef HAVE_RES_SEND
#endif #endif
/*
* The RFC 5322 Date and Time Specification recommends single space between
* date-time tokens. To avoid breaking change, format all numerical days as
* two-digit days (i.e. days 1-9 now have a leading zero instead of space).
*/
#define TWO_DIGIT_DAY_IN_DATE_TIME
/* /*
* Check for required but missing definitions. * Check for required but missing definitions.
*/ */