diff --git a/postfix/HISTORY b/postfix/HISTORY
index 483f10e57..9d3745c08 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -8336,9 +8336,8 @@ Apologies for any names omitted.
what happens before or after an external content filter:
rejecting unknown recipients, canonical and virtual address
mapping, address masquerading, automatic BCC recipients
- and header/body checks. This is more convenient than having
- to specify two different cleanup services in the master.cf
- file.
+ and header/body checks. This eliminates the need to configure
+ multiple cleanup services in the master.cf file.
Open problems:
diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README
index 28ddbce06..0b3a24455 100644
--- a/postfix/README_FILES/SMTPD_PROXY_README
+++ b/postfix/README_FILES/SMTPD_PROXY_README
@@ -11,6 +11,27 @@ in the Postfix mail queue.
FILTER_README document, where all mail is inspected AFTER it is
stored in the Postfix mail queue]
+This feature is meant to be used as follows:
+ / smtp
+ Internet -> smtpd -> proxy -> smtpd -> cleanup -> queue -> local
+ Postfix Postfix \ virtual etc.
+
+For reference, this is the normal path through Postfix:
+
+ / smtp
+ Internet -> smtpd -> cleanup -> queue -> local
+ Postfix \ virtual etc.
+
+For comparison, this is the FILTER_README approach with an SMTP-based
+content filter:
+ / smtp
+ Internet -> smtpd -> cleanup -> queue -> local
+ Postfix ^ v \ virtual etc.
+ smtpd smtp
+ Postfix Postfix
+ \ /
+ filter <-
+
The SMTP proxy server receives unfiltered mail from Postfix and
does one of the following:
@@ -18,7 +39,8 @@ does one of the following:
content.
2 - Reject the mail (by sending a suitable status code back to
- Postfix) so that it is returned to sender.
+ Postfix). Postfix passes the status back to the remote SMTP
+ client. This way, Postfix does not have to send a bounce message.
3 - Send the mail somewhere else.
@@ -57,26 +79,6 @@ has approved. All commands are sent without using ESMTP command
pipelining. The SMTP proxy server must accept the same MAIL FROM
and RCPT TO command syntax as the Postfix SMTP server.
-This feature is meant to be used as follows:
- / smtp
- Internet -> smtpd -> proxy -> smtpd -> cleanup -> queue -> local
- Postfix Postfix \ virtual etc.
-
-For reference, this is the normal path through Postfix:
-
- / smtp
- Internet -> smtpd -> cleanup -> queue -> local
- Postfix \ virtual etc.
-
-For comparison, this is the FILTER_README approach with an SMTP-based
-content filter:
- / smtp
- Internet -> smtpd -> cleanup -> queue -> local
- Postfix ^ v \ virtual etc.
- smtpd smtp
- Postfix Postfix
- \ /
- filter <-
Configuration parameters
========================
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 028de4c2c..9c816160c 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -22,7 +22,7 @@ snapshot release). Patches change the patchlevel and the release
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
-Major changes with Postfix snapshot 2.0.13-20030705
+Major changes with Postfix snapshot 2.0.13-20030706
===================================================
New receive_override_options parameter that eliminates the need
@@ -58,9 +58,10 @@ Credits to Victor Duchovni and Lamont Jones.
New CIDR-based lookup table, remotely based on code by Jozsef
Kadlecsik. For details and examples, see "man cidr_table".
-The TCP-based client-server table lookup protocol is finished.
-For details and examples, see "man tcp_table". This will allow you
-to implement your own greylisting.
+The TCP-based table lookup protocol is finished. For details and
+examples, see "man tcp_table". This will allow you to implement
+your own greylisting, or to do your own open proxy tests before
+accepting mail.
Support for !/pattern/ (negative matches) in PCRE lookup tables by
Victor Duchovni. See "man pcre_table" for more.
@@ -71,11 +72,11 @@ If this is turned off Postfix produces no X-Original-To: headers
and ignores the original recipient when eliminating duplicates
after virtual alias expansion. Code by Victor Duchovni.
-Finer control over how long the SMTP server waits for address
-verification probes to complete. address_verify_poll_{count,delay}
-control how often to query the verify server and how long to wait
-between queries. Specify address_verify_poll_count=1 to implement
-a crude form of greylisting.
+Finer control over how long Postfix SMTPD waits for completion of
+address verification probes: the address_verify_poll_{count,delay}
+parameters control how often to query the verify server and how
+long to wait between queries. Specify address_verify_poll_count=1
+to implement a crude form of greylisting.
Major changes with Postfix snapshot 2.0.11-20030611
===================================================
diff --git a/postfix/conf/tcp_table b/postfix/conf/tcp_table
index 60c4b4e7a..a9d69a86c 100644
--- a/postfix/conf/tcp_table
+++ b/postfix/conf/tcp_table
@@ -70,9 +70,9 @@
# to not contain the % or NEWLINE character.
#
# SECURITY
-# Do not use TCP lookup tables for security critical purposes.
-# The client-server connection is not protected and the server
-# is not authenticated.
+# Do not use TCP lookup tables for security critical pur-
+# poses. The client-server connection is not protected and
+# the server is not authenticated.
#
# SEE ALSO
# regexp_table(5) format of regular expression tables
diff --git a/postfix/html/tcp_table.5.html b/postfix/html/tcp_table.5.html
index 7204cbcd6..cd248906c 100644
--- a/postfix/html/tcp_table.5.html
+++ b/postfix/html/tcp_table.5.html
@@ -71,9 +71,9 @@ TCP_TABLE(5) TCP_TABLE(5)
to not contain the % or NEWLINE character.
SECURITY
- Do not use TCP lookup tables for security critical purposes.
- The client-server connection is not protected and the server
- is not authenticated.
+ Do not use TCP lookup tables for security critical pur-
+ poses. The client-server connection is not protected and
+ the server is not authenticated.
SEE ALSO
regexp_table(5) format of regular expression tables
diff --git a/postfix/man/man5/tcp_table.5 b/postfix/man/man5/tcp_table.5
index d42de894c..2ae2ea6af 100644
--- a/postfix/man/man5/tcp_table.5
+++ b/postfix/man/man5/tcp_table.5
@@ -78,6 +78,8 @@ is guaranteed to not contain the % or NEWLINE character.
.SH SECURITY
.na
.nf
+.ad
+.fi
Do not use TCP lookup tables for security critical purposes.
The client-server connection is not protected and the server
is not authenticated.
diff --git a/postfix/proto/tcp_table b/postfix/proto/tcp_table
index d92e01579..54406626a 100644
--- a/postfix/proto/tcp_table
+++ b/postfix/proto/tcp_table
@@ -62,6 +62,8 @@
# The server may omit the encoding as long as the reply
# is guaranteed to not contain the % or NEWLINE character.
# SECURITY
+# .ad
+# .fi
# Do not use TCP lookup tables for security critical purposes.
# The client-server connection is not protected and the server
# is not authenticated.
diff --git a/postfix/src/cleanup/cleanup_api.c b/postfix/src/cleanup/cleanup_api.c
index 8906894e9..d361f1a77 100644
--- a/postfix/src/cleanup/cleanup_api.c
+++ b/postfix/src/cleanup/cleanup_api.c
@@ -175,6 +175,8 @@ void cleanup_control(CLEANUP_STATE *state, int flags)
* discard input after any lethal error. See the CLEANUP_OUT_OK() macro
* definition.
*/
+ if (msg_verbose)
+ msg_info("cleanup flags = %s", cleanup_strflags(flags));
if ((state->flags = flags) & CLEANUP_FLAG_BOUNCE) {
state->err_mask = CLEANUP_STAT_MASK_INCOMPLETE;
} else {
diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c
index 2037fa857..328d62890 100644
--- a/postfix/src/cleanup/cleanup_message.c
+++ b/postfix/src/cleanup/cleanup_message.c
@@ -382,7 +382,7 @@ static void cleanup_header_callback(void *context, int header_class,
const char *map_class;
if (msg_verbose)
- msg_info("%s: '%s'", myname, vstring_str(header_buf));
+ msg_info("%s: '%.200s'", myname, vstring_str(header_buf));
/*
* Crude header filtering. This stops malware that isn't sophisticated
diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in
index 6f6b2b53c..c69bc804c 100644
--- a/postfix/src/global/Makefile.in
+++ b/postfix/src/global/Makefile.in
@@ -21,7 +21,8 @@ SRCS = been_here.c bounce.c canon_addr.c cleanup_strerror.c clnt_stream.c \
flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \
verp_sender.c match_parent_style.c mime_state.c header_token.c \
strip_addr.c virtual8_maps.c hold_message.c verify_clnt.c \
- trace.c log_adhoc.c verify.c dict_proxy.c mail_dict.c input_transp.c
+ trace.c log_adhoc.c verify.c dict_proxy.c mail_dict.c input_transp.c \
+ cleanup_strflags.c
OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
debug_peer.o debug_process.o defer.o deliver_completed.o \
deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \
@@ -44,7 +45,8 @@ OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \
verp_sender.o match_parent_style.o mime_state.o header_token.o \
strip_addr.o virtual8_maps.o hold_message.o verify_clnt.o \
- trace.o log_adhoc.o verify.o dict_proxy.o mail_dict.o input_transp.o
+ trace.o log_adhoc.o verify.o dict_proxy.o mail_dict.o input_transp.o \
+ cleanup_strflags.o
HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
config.h debug_peer.h debug_process.h defer.h deliver_completed.h \
deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \
@@ -433,6 +435,12 @@ cleanup_strerror.o: ../../include/sys_defs.h
cleanup_strerror.o: ../../include/vstring.h
cleanup_strerror.o: ../../include/vbuf.h
cleanup_strerror.o: cleanup_user.h
+cleanup_strflags.o: cleanup_strflags.c
+cleanup_strflags.o: ../../include/sys_defs.h
+cleanup_strflags.o: ../../include/msg.h
+cleanup_strflags.o: ../../include/vstring.h
+cleanup_strflags.o: ../../include/vbuf.h
+cleanup_strflags.o: cleanup_user.h
clnt_stream.o: clnt_stream.c
clnt_stream.o: ../../include/sys_defs.h
clnt_stream.o: ../../include/msg.h
diff --git a/postfix/src/global/cleanup_strflags.c b/postfix/src/global/cleanup_strflags.c
new file mode 100644
index 000000000..1b9135da0
--- /dev/null
+++ b/postfix/src/global/cleanup_strflags.c
@@ -0,0 +1,85 @@
+/*++
+/* NAME
+/* cleanup_strflags 3
+/* SUMMARY
+/* cleanup flags code to string
+/* SYNOPSIS
+/* #include
+/*
+/* const char *cleanup_strflags(code)
+/* int code;
+/* DESCRIPTION
+/* cleanup_strflags() maps a CLEANUP_FLAGS code to printable string.
+/* The result is for read purposes only. The result is overwritten
+/* upon each call.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include
+
+/* Utility library. */
+
+#include
+#include
+
+/* Global library. */
+
+#include "cleanup_user.h"
+
+ /*
+ * Mapping from flags code to printable string.
+ */
+struct cleanup_flag_map {
+ unsigned flag;
+ const char *text;
+};
+
+static struct cleanup_flag_map cleanup_flag_map[] = {
+ CLEANUP_FLAG_BOUNCE, "enable_bad_mail_bounce",
+ CLEANUP_FLAG_FILTER, "enable_header_body_filter",
+ CLEANUP_FLAG_HOLD, "hold_message",
+ CLEANUP_FLAG_DISCARD, "discard_message",
+ CLEANUP_FLAG_BCC_OK, "enable_automatic_bcc",
+ CLEANUP_FLAG_MAP_OK, "enable_address_mapping",
+};
+
+/* cleanup_strflags - map flags code to printable string */
+
+const char *cleanup_strflags(unsigned flags)
+{
+ static VSTRING *result;
+ unsigned i;
+
+ if (flags == 0)
+ return ("none");
+
+ if (result == 0)
+ result = vstring_alloc(20);
+ else
+ VSTRING_RESET(result);
+
+ for (i = 0; i < sizeof(cleanup_flag_map) / sizeof(cleanup_flag_map[0]); i++) {
+ if (cleanup_flag_map[i].flag & flags) {
+ vstring_sprintf_append(result, "%s ", cleanup_flag_map[i].text);
+ flags &= ~cleanup_flag_map[i].flag;
+ }
+ }
+
+ if (flags != 0 || VSTRING_LEN(result) == 0)
+ msg_panic("cleanup_strflags: unrecognized flag value(s) 0x%x", flags);
+
+ vstring_truncate(result, VSTRING_LEN(result) - 1);
+ VSTRING_TERMINATE(result);
+
+ return (vstring_str(result));
+}
diff --git a/postfix/src/global/cleanup_user.h b/postfix/src/global/cleanup_user.h
index 9f49d03c6..8a398c7a8 100644
--- a/postfix/src/global/cleanup_user.h
+++ b/postfix/src/global/cleanup_user.h
@@ -66,6 +66,7 @@
(CLEANUP_STAT_BAD | CLEANUP_STAT_WRITE | CLEANUP_STAT_SIZE)
extern const char *cleanup_strerror(unsigned);
+extern const char *cleanup_strflags(unsigned);
/* LICENSE
/* .ad
diff --git a/postfix/src/global/input_transp.c b/postfix/src/global/input_transp.c
index 2e9cc84dd..54742ab64 100644
--- a/postfix/src/global/input_transp.c
+++ b/postfix/src/global/input_transp.c
@@ -13,7 +13,8 @@
/* This module controls how much processing happens before mail is
/* written to the Postfix queue. Each transparency option is either
/* implemented by a client of the cleanup service, or is passed
-/* along in a client request to the cleanup service.
+/* along in a client request to the cleanup service. This eliminates
+/* the need to configure multiple cleanup service instances.
/*
/* input_transp_mask() takes a comma-separated list of names and
/* computes the corresponding mask. The following names are
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 30d220cf2..5c0b972a8 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20030705"
+#define MAIL_RELEASE_DATE "20030706"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.13-" MAIL_RELEASE_DATE
diff --git a/postfix/src/global/rewrite_clnt.c b/postfix/src/global/rewrite_clnt.c
index a2cf24cd2..4a20c7cee 100644
--- a/postfix/src/global/rewrite_clnt.c
+++ b/postfix/src/global/rewrite_clnt.c
@@ -102,6 +102,8 @@ VSTRING *rewrite_clnt(const char *rule, const char *addr, VSTRING *result)
/*
* Peek at the cache.
+ *
+ * XXX Must be made "rule" specific.
*/
if (strcmp(addr, STR(last_addr)) == 0) {
vstring_strcpy(result, STR(last_result));
diff --git a/postfix/src/global/xtext.c b/postfix/src/global/xtext.c
index efbc9671b..14806e46e 100644
--- a/postfix/src/global/xtext.c
+++ b/postfix/src/global/xtext.c
@@ -16,11 +16,11 @@
/* const char *quoted;
/* DESCRIPTION
/* xtext_quote() takes a null-terminated string and replaces characters
-/* <33(10) and >126(10), as well as characters specified with "special"
+/* +, <33(10) and >126(10), as well as characters specified with "special"
/* by +XX, XX being the two-digit uppercase hexadecimal equivalent.
/*
/* xtext_unquote() performs the opposite transformation. This function
-/* understands lowercase, uppercase, and mixed case %XX sequences. The
+/* understands lowercase, uppercase, and mixed case +XX sequences. The
/* result value is the unquoted argument in case of success, a null pointer
/* otherwise.
/* BUGS