From 82e0cd14dd4324b2ebca8cf484a193a30ba75ad1 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sun, 6 Jul 2003 00:00:00 -0500 Subject: [PATCH] postfix-2.0.13-20030706 --- postfix/HISTORY | 5 +- postfix/README_FILES/SMTPD_PROXY_README | 44 +++++++------ postfix/RELEASE_NOTES | 19 +++--- postfix/conf/tcp_table | 6 +- postfix/html/tcp_table.5.html | 6 +- postfix/man/man5/tcp_table.5 | 2 + postfix/proto/tcp_table | 2 + postfix/src/cleanup/cleanup_api.c | 2 + postfix/src/cleanup/cleanup_message.c | 2 +- postfix/src/global/Makefile.in | 12 +++- postfix/src/global/cleanup_strflags.c | 85 +++++++++++++++++++++++++ postfix/src/global/cleanup_user.h | 1 + postfix/src/global/input_transp.c | 3 +- postfix/src/global/mail_version.h | 2 +- postfix/src/global/rewrite_clnt.c | 2 + postfix/src/global/xtext.c | 4 +- 16 files changed, 151 insertions(+), 46 deletions(-) create mode 100644 postfix/src/global/cleanup_strflags.c diff --git a/postfix/HISTORY b/postfix/HISTORY index 483f10e57..9d3745c08 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -8336,9 +8336,8 @@ Apologies for any names omitted. what happens before or after an external content filter: rejecting unknown recipients, canonical and virtual address mapping, address masquerading, automatic BCC recipients - and header/body checks. This is more convenient than having - to specify two different cleanup services in the master.cf - file. + and header/body checks. This eliminates the need to configure + multiple cleanup services in the master.cf file. Open problems: diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README index 28ddbce06..0b3a24455 100644 --- a/postfix/README_FILES/SMTPD_PROXY_README +++ b/postfix/README_FILES/SMTPD_PROXY_README @@ -11,6 +11,27 @@ in the Postfix mail queue. FILTER_README document, where all mail is inspected AFTER it is stored in the Postfix mail queue] +This feature is meant to be used as follows: + / smtp + Internet -> smtpd -> proxy -> smtpd -> cleanup -> queue -> local + Postfix Postfix \ virtual etc. + +For reference, this is the normal path through Postfix: + + / smtp + Internet -> smtpd -> cleanup -> queue -> local + Postfix \ virtual etc. + +For comparison, this is the FILTER_README approach with an SMTP-based +content filter: + / smtp + Internet -> smtpd -> cleanup -> queue -> local + Postfix ^ v \ virtual etc. + smtpd smtp + Postfix Postfix + \ / + filter <- + The SMTP proxy server receives unfiltered mail from Postfix and does one of the following: @@ -18,7 +39,8 @@ does one of the following: content. 2 - Reject the mail (by sending a suitable status code back to - Postfix) so that it is returned to sender. + Postfix). Postfix passes the status back to the remote SMTP + client. This way, Postfix does not have to send a bounce message. 3 - Send the mail somewhere else. @@ -57,26 +79,6 @@ has approved. All commands are sent without using ESMTP command pipelining. The SMTP proxy server must accept the same MAIL FROM and RCPT TO command syntax as the Postfix SMTP server. -This feature is meant to be used as follows: - / smtp - Internet -> smtpd -> proxy -> smtpd -> cleanup -> queue -> local - Postfix Postfix \ virtual etc. - -For reference, this is the normal path through Postfix: - - / smtp - Internet -> smtpd -> cleanup -> queue -> local - Postfix \ virtual etc. - -For comparison, this is the FILTER_README approach with an SMTP-based -content filter: - / smtp - Internet -> smtpd -> cleanup -> queue -> local - Postfix ^ v \ virtual etc. - smtpd smtp - Postfix Postfix - \ / - filter <- Configuration parameters ======================== diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 028de4c2c..9c816160c 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -22,7 +22,7 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. -Major changes with Postfix snapshot 2.0.13-20030705 +Major changes with Postfix snapshot 2.0.13-20030706 =================================================== New receive_override_options parameter that eliminates the need @@ -58,9 +58,10 @@ Credits to Victor Duchovni and Lamont Jones. New CIDR-based lookup table, remotely based on code by Jozsef Kadlecsik. For details and examples, see "man cidr_table". -The TCP-based client-server table lookup protocol is finished. -For details and examples, see "man tcp_table". This will allow you -to implement your own greylisting. +The TCP-based table lookup protocol is finished. For details and +examples, see "man tcp_table". This will allow you to implement +your own greylisting, or to do your own open proxy tests before +accepting mail. Support for !/pattern/ (negative matches) in PCRE lookup tables by Victor Duchovni. See "man pcre_table" for more. @@ -71,11 +72,11 @@ If this is turned off Postfix produces no X-Original-To: headers and ignores the original recipient when eliminating duplicates after virtual alias expansion. Code by Victor Duchovni. -Finer control over how long the SMTP server waits for address -verification probes to complete. address_verify_poll_{count,delay} -control how often to query the verify server and how long to wait -between queries. Specify address_verify_poll_count=1 to implement -a crude form of greylisting. +Finer control over how long Postfix SMTPD waits for completion of +address verification probes: the address_verify_poll_{count,delay} +parameters control how often to query the verify server and how +long to wait between queries. Specify address_verify_poll_count=1 +to implement a crude form of greylisting. Major changes with Postfix snapshot 2.0.11-20030611 =================================================== diff --git a/postfix/conf/tcp_table b/postfix/conf/tcp_table index 60c4b4e7a..a9d69a86c 100644 --- a/postfix/conf/tcp_table +++ b/postfix/conf/tcp_table @@ -70,9 +70,9 @@ # to not contain the % or NEWLINE character. # # SECURITY -# Do not use TCP lookup tables for security critical purposes. -# The client-server connection is not protected and the server -# is not authenticated. +# Do not use TCP lookup tables for security critical pur- +# poses. The client-server connection is not protected and +# the server is not authenticated. # # SEE ALSO # regexp_table(5) format of regular expression tables diff --git a/postfix/html/tcp_table.5.html b/postfix/html/tcp_table.5.html index 7204cbcd6..cd248906c 100644 --- a/postfix/html/tcp_table.5.html +++ b/postfix/html/tcp_table.5.html @@ -71,9 +71,9 @@ TCP_TABLE(5) TCP_TABLE(5) to not contain the % or NEWLINE character. SECURITY - Do not use TCP lookup tables for security critical purposes. - The client-server connection is not protected and the server - is not authenticated. + Do not use TCP lookup tables for security critical pur- + poses. The client-server connection is not protected and + the server is not authenticated. SEE ALSO regexp_table(5) format of regular expression tables diff --git a/postfix/man/man5/tcp_table.5 b/postfix/man/man5/tcp_table.5 index d42de894c..2ae2ea6af 100644 --- a/postfix/man/man5/tcp_table.5 +++ b/postfix/man/man5/tcp_table.5 @@ -78,6 +78,8 @@ is guaranteed to not contain the % or NEWLINE character. .SH SECURITY .na .nf +.ad +.fi Do not use TCP lookup tables for security critical purposes. The client-server connection is not protected and the server is not authenticated. diff --git a/postfix/proto/tcp_table b/postfix/proto/tcp_table index d92e01579..54406626a 100644 --- a/postfix/proto/tcp_table +++ b/postfix/proto/tcp_table @@ -62,6 +62,8 @@ # The server may omit the encoding as long as the reply # is guaranteed to not contain the % or NEWLINE character. # SECURITY +# .ad +# .fi # Do not use TCP lookup tables for security critical purposes. # The client-server connection is not protected and the server # is not authenticated. diff --git a/postfix/src/cleanup/cleanup_api.c b/postfix/src/cleanup/cleanup_api.c index 8906894e9..d361f1a77 100644 --- a/postfix/src/cleanup/cleanup_api.c +++ b/postfix/src/cleanup/cleanup_api.c @@ -175,6 +175,8 @@ void cleanup_control(CLEANUP_STATE *state, int flags) * discard input after any lethal error. See the CLEANUP_OUT_OK() macro * definition. */ + if (msg_verbose) + msg_info("cleanup flags = %s", cleanup_strflags(flags)); if ((state->flags = flags) & CLEANUP_FLAG_BOUNCE) { state->err_mask = CLEANUP_STAT_MASK_INCOMPLETE; } else { diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index 2037fa857..328d62890 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -382,7 +382,7 @@ static void cleanup_header_callback(void *context, int header_class, const char *map_class; if (msg_verbose) - msg_info("%s: '%s'", myname, vstring_str(header_buf)); + msg_info("%s: '%.200s'", myname, vstring_str(header_buf)); /* * Crude header filtering. This stops malware that isn't sophisticated diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index 6f6b2b53c..c69bc804c 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -21,7 +21,8 @@ SRCS = been_here.c bounce.c canon_addr.c cleanup_strerror.c clnt_stream.c \ flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \ verp_sender.c match_parent_style.c mime_state.c header_token.c \ strip_addr.c virtual8_maps.c hold_message.c verify_clnt.c \ - trace.c log_adhoc.c verify.c dict_proxy.c mail_dict.c input_transp.c + trace.c log_adhoc.c verify.c dict_proxy.c mail_dict.c input_transp.c \ + cleanup_strflags.c OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \ debug_peer.o debug_process.o defer.o deliver_completed.o \ deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \ @@ -44,7 +45,8 @@ OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \ flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \ verp_sender.o match_parent_style.o mime_state.o header_token.o \ strip_addr.o virtual8_maps.o hold_message.o verify_clnt.o \ - trace.o log_adhoc.o verify.o dict_proxy.o mail_dict.o input_transp.o + trace.o log_adhoc.o verify.o dict_proxy.o mail_dict.o input_transp.o \ + cleanup_strflags.o HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \ config.h debug_peer.h debug_process.h defer.h deliver_completed.h \ deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \ @@ -433,6 +435,12 @@ cleanup_strerror.o: ../../include/sys_defs.h cleanup_strerror.o: ../../include/vstring.h cleanup_strerror.o: ../../include/vbuf.h cleanup_strerror.o: cleanup_user.h +cleanup_strflags.o: cleanup_strflags.c +cleanup_strflags.o: ../../include/sys_defs.h +cleanup_strflags.o: ../../include/msg.h +cleanup_strflags.o: ../../include/vstring.h +cleanup_strflags.o: ../../include/vbuf.h +cleanup_strflags.o: cleanup_user.h clnt_stream.o: clnt_stream.c clnt_stream.o: ../../include/sys_defs.h clnt_stream.o: ../../include/msg.h diff --git a/postfix/src/global/cleanup_strflags.c b/postfix/src/global/cleanup_strflags.c new file mode 100644 index 000000000..1b9135da0 --- /dev/null +++ b/postfix/src/global/cleanup_strflags.c @@ -0,0 +1,85 @@ +/*++ +/* NAME +/* cleanup_strflags 3 +/* SUMMARY +/* cleanup flags code to string +/* SYNOPSIS +/* #include +/* +/* const char *cleanup_strflags(code) +/* int code; +/* DESCRIPTION +/* cleanup_strflags() maps a CLEANUP_FLAGS code to printable string. +/* The result is for read purposes only. The result is overwritten +/* upon each call. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + +/* System library. */ + +#include + +/* Utility library. */ + +#include +#include + +/* Global library. */ + +#include "cleanup_user.h" + + /* + * Mapping from flags code to printable string. + */ +struct cleanup_flag_map { + unsigned flag; + const char *text; +}; + +static struct cleanup_flag_map cleanup_flag_map[] = { + CLEANUP_FLAG_BOUNCE, "enable_bad_mail_bounce", + CLEANUP_FLAG_FILTER, "enable_header_body_filter", + CLEANUP_FLAG_HOLD, "hold_message", + CLEANUP_FLAG_DISCARD, "discard_message", + CLEANUP_FLAG_BCC_OK, "enable_automatic_bcc", + CLEANUP_FLAG_MAP_OK, "enable_address_mapping", +}; + +/* cleanup_strflags - map flags code to printable string */ + +const char *cleanup_strflags(unsigned flags) +{ + static VSTRING *result; + unsigned i; + + if (flags == 0) + return ("none"); + + if (result == 0) + result = vstring_alloc(20); + else + VSTRING_RESET(result); + + for (i = 0; i < sizeof(cleanup_flag_map) / sizeof(cleanup_flag_map[0]); i++) { + if (cleanup_flag_map[i].flag & flags) { + vstring_sprintf_append(result, "%s ", cleanup_flag_map[i].text); + flags &= ~cleanup_flag_map[i].flag; + } + } + + if (flags != 0 || VSTRING_LEN(result) == 0) + msg_panic("cleanup_strflags: unrecognized flag value(s) 0x%x", flags); + + vstring_truncate(result, VSTRING_LEN(result) - 1); + VSTRING_TERMINATE(result); + + return (vstring_str(result)); +} diff --git a/postfix/src/global/cleanup_user.h b/postfix/src/global/cleanup_user.h index 9f49d03c6..8a398c7a8 100644 --- a/postfix/src/global/cleanup_user.h +++ b/postfix/src/global/cleanup_user.h @@ -66,6 +66,7 @@ (CLEANUP_STAT_BAD | CLEANUP_STAT_WRITE | CLEANUP_STAT_SIZE) extern const char *cleanup_strerror(unsigned); +extern const char *cleanup_strflags(unsigned); /* LICENSE /* .ad diff --git a/postfix/src/global/input_transp.c b/postfix/src/global/input_transp.c index 2e9cc84dd..54742ab64 100644 --- a/postfix/src/global/input_transp.c +++ b/postfix/src/global/input_transp.c @@ -13,7 +13,8 @@ /* This module controls how much processing happens before mail is /* written to the Postfix queue. Each transparency option is either /* implemented by a client of the cleanup service, or is passed -/* along in a client request to the cleanup service. +/* along in a client request to the cleanup service. This eliminates +/* the need to configure multiple cleanup service instances. /* /* input_transp_mask() takes a comma-separated list of names and /* computes the corresponding mask. The following names are diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 30d220cf2..5c0b972a8 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20030705" +#define MAIL_RELEASE_DATE "20030706" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION "2.0.13-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/rewrite_clnt.c b/postfix/src/global/rewrite_clnt.c index a2cf24cd2..4a20c7cee 100644 --- a/postfix/src/global/rewrite_clnt.c +++ b/postfix/src/global/rewrite_clnt.c @@ -102,6 +102,8 @@ VSTRING *rewrite_clnt(const char *rule, const char *addr, VSTRING *result) /* * Peek at the cache. + * + * XXX Must be made "rule" specific. */ if (strcmp(addr, STR(last_addr)) == 0) { vstring_strcpy(result, STR(last_result)); diff --git a/postfix/src/global/xtext.c b/postfix/src/global/xtext.c index efbc9671b..14806e46e 100644 --- a/postfix/src/global/xtext.c +++ b/postfix/src/global/xtext.c @@ -16,11 +16,11 @@ /* const char *quoted; /* DESCRIPTION /* xtext_quote() takes a null-terminated string and replaces characters -/* <33(10) and >126(10), as well as characters specified with "special" +/* +, <33(10) and >126(10), as well as characters specified with "special" /* by +XX, XX being the two-digit uppercase hexadecimal equivalent. /* /* xtext_unquote() performs the opposite transformation. This function -/* understands lowercase, uppercase, and mixed case %XX sequences. The +/* understands lowercase, uppercase, and mixed case +XX sequences. The /* result value is the unquoted argument in case of success, a null pointer /* otherwise. /* BUGS