From 86521899ec46393629fedc49f6fc19fb6e7bccb5 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Thu, 10 Feb 2005 00:00:00 -0500 Subject: [PATCH] postfix-2.2-20050210 --- postfix/HISTORY | 20 +++++ postfix/README_FILES/SMTPD_POLICY_README | 2 +- postfix/conf/canonical | 77 ++++++++-------- postfix/conf/generics | 87 +++++++++--------- postfix/conf/virtual | 107 +++++++++++------------ postfix/html/SMTPD_POLICY_README.html | 2 +- postfix/html/canonical.5.html | 75 ++++++++-------- postfix/html/generics.5.html | 85 +++++++++--------- postfix/html/virtual.5.html | 105 +++++++++++----------- postfix/man/man5/canonical.5 | 13 ++- postfix/man/man5/generics.5 | 13 ++- postfix/man/man5/virtual.5 | 13 ++- postfix/proto/SMTPD_POLICY_README.html | 2 +- postfix/proto/canonical | 13 ++- postfix/proto/generics | 13 ++- postfix/proto/virtual | 13 ++- postfix/src/global/mail_version.h | 2 +- postfix/src/smtp/smtp_connect.c | 2 +- postfix/src/smtp/smtp_map11.c | 1 + postfix/src/tls/Makefile.in | 2 +- postfix/src/tls/tls_scache.c | 66 +++++++++++--- postfix/src/tls/tls_scache.h | 4 + postfix/src/util/dict_db.c | 8 +- postfix/src/util/dict_open.c | 36 ++++++-- 24 files changed, 402 insertions(+), 359 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 83fe24140..0f56857b0 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -10336,11 +10336,31 @@ Apologies for any names omitted. Cleanup: documented the myorigin/mydomain address rewriting in canonical, generics and virtual alias maps. +20050210 + + Bugfix: spurious fallback_relay warnings after 20050202. + Victor Duchovni. File: smtp/smtp_connect.c. + + Bugfix: (introduced while adopting Postfix/TLS patch) the + TLS cache scan stopped after expiring one entry. Victor + Duchovni. File: tls/tls_scache.c. + + Safety: delete-behind when removing expired entries from + TLS session caches. Some maps mis-behave when the current + entry is deleted. File: tls/tls_scache.c. + Open problems: Med: local and remote source port and IP address for smtpd policy hook. + Med: should "generics" be "generic", for consistency with + "canonical" and "virtual". + + Med: canonical/generic/virtual mapping always append + myorigin/mydomain and never remote_header_rewrite_domain; + this needs to be clear from documentation. + Med: disable address rewriting after XCLIENT? Introduce a better concept of original submission? diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index cf60dbad5..a76a773ac 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -273,7 +273,7 @@ found at http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in. 5 reject_unauth_destination 6 check_sender_access hash:/etc/postfix/sender_access 7 ... - 8 restriction_classes = greylist + 8 smtpd_restriction_classes = greylist 9 greylist = check_policy_service unix:private/policy 10 11 /etc/postfix/sender_access: diff --git a/postfix/conf/canonical b/postfix/conf/canonical index ecfd32dc3..2d3e2b06c 100644 --- a/postfix/conf/canonical +++ b/postfix/conf/canonical @@ -102,63 +102,66 @@ # o When the result has the form @otherdomain, the # result becomes the same user in otherdomain. # -# o The result is rewritten as specified with -# append_at_myorigin or with append_dot_mydomain. +# o When "append_at_myorigin=yes", append "@$myorigin" +# to addresses without "@domain". +# +# o When "append_dot_mydomain=yes", append ".$mydomain" +# to addresses without ".domain". # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order +# ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, user+foo, user, and # @domain. # -# The propagate_unmatched_extensions parameter controls -# whether an unmatched address extension (+foo) is propa- +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- # gated to the result of table lookup. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire address being looked up. Thus, user@domain mail -# addresses are not broken up into their user and @domain +# addresses are not broken up into their user and @domain # constituent parts, nor is user+foo broken up into user and # foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- -# tion of the TCP client/server lookup protocol, see -# tcp_table(5). This feature is not available up to and +# tion of the TCP client/server lookup protocol, see +# tcp_table(5). This feature is not available up to and # including Postfix version 2.2. # # Each lookup operation uses the entire address once. Thus, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user and @domain constituent parts, nor is user+foo broken # up into user and foo. # # Results are the same as with indexed file lookups. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant. -# The text below provides only a parameter summary. See +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See # postconf(5) for more details including examples. # # canonical_classes -# What addresses are subject to canonical address +# What addresses are subject to canonical address # mapping. # # canonical_maps @@ -173,24 +176,16 @@ # header sender addresses. # # propagate_unmatched_extensions -# A list of address rewriting or forwarding mecha- -# nisms that propagate an address extension from the -# original address to the result. Specify zero or -# more of canonical, virtual, alias, forward, +# A list of address rewriting or forwarding mecha- +# nisms that propagate an address extension from the +# original address to the result. Specify zero or +# more of canonical, virtual, alias, forward, # include, or generics. # # Other parameters of interest: # -# append_at_myorigin -# Do or don't append "@$myorigin" to addresses with- -# out domain. This must be turned on in Postfix. -# -# append_dot_mydomain -# Do or don't append ".$mydomain" to addresses with- -# out "." on the right-hand side of the @. -# # inet_interfaces -# The network interface addresses that this system +# The network interface addresses that this system # receives mail on. You need to stop and start Post- # fix when this parameter changes. # @@ -200,20 +195,20 @@ # tor. # # masquerade_classes -# List of address classes subject to masquerading: -# zero or more of envelope_sender, envelope_recipi- +# List of address classes subject to masquerading: +# zero or more of envelope_sender, envelope_recipi- # ent, header_sender, header_recipient. # # masquerade_domains -# List of domains that hide their subdomain struc- +# List of domains that hide their subdomain struc- # ture. # # masquerade_exceptions -# List of user names that are not subject to address +# List of user names that are not subject to address # masquerading. # # mydestination -# List of domains that this mail system considers +# List of domains that this mail system considers # local. # # myorigin @@ -230,13 +225,13 @@ # virtual(5), virtual aliasing # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # ADDRESS_REWRITING_README, address rewriting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/generics b/postfix/conf/generics index 05a572ccb..0a77b3b99 100644 --- a/postfix/conf/generics +++ b/postfix/conf/generics @@ -89,60 +89,63 @@ # o When the result has the form @otherdomain, the # result becomes the same user in otherdomain. # -# o The result is rewritten as specified with -# append_at_myorigin or with append_dot_mydomain. +# o When "append_at_myorigin=yes", append "@$myorigin" +# to addresses without "@domain". +# +# o When "append_dot_mydomain=yes", append ".$mydomain" +# to addresses without ".domain". # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order +# ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, user+foo, user, and # @domain. # -# The propagate_unmatched_extensions parameter controls -# whether an unmatched address extension (+foo) is propa- +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- # gated to the result of table lookup. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire address being looked up. Thus, user@domain mail -# addresses are not broken up into their user and @domain +# addresses are not broken up into their user and @domain # constituent parts, nor is user+foo broken up into user and # foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- -# tion of the TCP client/server lookup protocol, see -# tcp_table(5). This feature is not available up to and +# tion of the TCP client/server lookup protocol, see +# tcp_table(5). This feature is not available up to and # including Postfix version 2.2. # # Each lookup operation uses the entire address once. Thus, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user and @domain constituent parts, nor is user+foo broken # up into user and foo. # # Results are the same as with indexed file lookups. # # EXAMPLE -# The following shows a generic mapping with an indexed -# file. When mail is sent to a remote host via SMTP, this -# replaces his@localdomain.local by his ISP mail address, -# replaces her@localdomain.local by her ISP mail address, -# and replaces other local addresses by his ISP account, -# with an address extension of +local (this example assumes +# The following shows a generic mapping with an indexed +# file. When mail is sent to a remote host via SMTP, this +# replaces his@localdomain.local by his ISP mail address, +# replaces her@localdomain.local by her ISP mail address, +# and replaces other local addresses by his ISP account, +# with an address extension of +local (this example assumes # that the ISP supports "+" style address extensions). # # /etc/postfix/main.cf: @@ -153,43 +156,35 @@ # her@localdomain.local heraccount@herisp.example # @localdomain.local hisaccount+local@hisisp.example # -# Execute the command "postmap /etc/postfix/generics" when- -# ever the table is changed. Instead of hash, some systems -# use dbm database files. To find out what tables your sys- +# Execute the command "postmap /etc/postfix/generics" when- +# ever the table is changed. Instead of hash, some systems +# use dbm database files. To find out what tables your sys- # tem supports use the command "postconf -m". # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant. -# The text below provides only a parameter summary. See +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See # postconf(5) for more details including examples. # # smtp_generics_maps # Address mapping lookup table for envelope and -# header sender and recipient addresses while deliv- +# header sender and recipient addresses while deliv- # ering mail via SMTP. # # propagate_unmatched_extensions -# A list of address rewriting or forwarding mecha- -# nisms that propagate an address extension from the -# original address to the result. Specify zero or -# more of canonical, virtual, alias, forward, +# A list of address rewriting or forwarding mecha- +# nisms that propagate an address extension from the +# original address to the result. Specify zero or +# more of canonical, virtual, alias, forward, # include, or generics. # # Other parameters of interest: # -# append_at_myorigin -# Do or don't append "@$myorigin" to addresses with- -# out domain. This must be turned on in Postfix. -# -# append_dot_mydomain -# Do or don't append ".$mydomain" to addresses with- -# out "." on the right-hand side of the @. -# # inet_interfaces -# The network interface addresses that this system +# The network interface addresses that this system # receives mail on. You need to stop and start Post- # fix when this parameter changes. # @@ -199,7 +194,7 @@ # tor. # # mydestination -# List of domains that this mail system considers +# List of domains that this mail system considers # local. # # myorigin @@ -215,13 +210,13 @@ # smtp(8), Postfix SMTP client # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # ADDRESS_REWRITING_README, address rewriting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # HISTORY diff --git a/postfix/conf/virtual b/postfix/conf/virtual index 1f33a6815..8df4eec53 100644 --- a/postfix/conf/virtual +++ b/postfix/conf/virtual @@ -103,34 +103,37 @@ # works only for the first address in a multi-address # lookup result. # -# o The result is rewritten as specified with -# append_at_myorigin or with append_dot_mydomain. +# o When "append_at_myorigin=yes", append "@$myorigin" +# to addresses without "@domain". +# +# o When "append_dot_mydomain=yes", append ".$mydomain" +# to addresses without ".domain". # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order +# ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, user+foo, user, and # @domain. # -# The propagate_unmatched_extensions parameter controls -# whether an unmatched address extension (+foo) is propa- +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- # gated to the result of table lookup. # # VIRTUAL ALIAS DOMAINS -# Besides virtual aliases, the virtual alias table can also +# Besides virtual aliases, the virtual alias table can also # be used to implement virtual alias domains. With a virtual -# alias domain, all recipient addresses are aliased to +# alias domain, all recipient addresses are aliased to # addresses in other domains. # # Virtual alias domains are not to be confused with the vir- # tual mailbox domains that are implemented with the Postfix # virtual(8) mail delivery agent. With virtual mailbox -# domains, each recipient address can have its own mailbox. +# domains, each recipient address can have its own mailbox. # -# With a virtual alias domain, the virtual domain has its -# own user name space. Local (i.e. non-virtual) usernames -# are not visible in a virtual alias domain. In particular, -# local aliases(5) and local mailing lists are not visible +# With a virtual alias domain, the virtual domain has its +# own user name space. Local (i.e. non-virtual) usernames +# are not visible in a virtual alias domain. In particular, +# local aliases(5) and local mailing lists are not visible # as localname@virtual-alias.domain. # # Support for a virtual alias domain looks like: @@ -138,7 +141,7 @@ # /etc/postfix/main.cf: # virtual_alias_maps = hash:/etc/postfix/virtual # -# Note: some systems use dbm databases instead of hash. +# Note: some systems use dbm databases instead of hash. # See the output from "postconf -m" for available # database types. # @@ -148,103 +151,95 @@ # user1@virtual-alias.domain address1 # user2@virtual-alias.domain address2, address3 # -# The virtual-alias.domain anything entry is required for a +# The virtual-alias.domain anything entry is required for a # virtual alias domain. Without this entry, mail is rejected -# with "relay access denied", or bounces with "mail loops +# with "relay access denied", or bounces with "mail loops # back to myself". # -# Do not specify virtual alias domain names in the main.cf +# Do not specify virtual alias domain names in the main.cf # mydestination or relay_domains configuration parameters. # -# With a virtual alias domain, the Postfix SMTP server -# accepts mail for known-user@virtual-alias.domain, and -# rejects mail for unknown-user@virtual-alias.domain as +# With a virtual alias domain, the Postfix SMTP server +# accepts mail for known-user@virtual-alias.domain, and +# rejects mail for unknown-user@virtual-alias.domain as # undeliverable. # -# Instead of specifying the virtual alias domain name via -# the virtual_alias_maps table, you may also specify it via +# Instead of specifying the virtual alias domain name via +# the virtual_alias_maps table, you may also specify it via # the main.cf virtual_alias_domains configuration parameter. -# This latter parameter uses the same syntax as the main.cf +# This latter parameter uses the same syntax as the main.cf # mydestination configuration parameter. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire address being looked up. Thus, user@domain mail -# addresses are not broken up into their user and @domain +# addresses are not broken up into their user and @domain # constituent parts, nor is user+foo broken up into user and # foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- -# tion of the TCP client/server lookup protocol, see -# tcp_table(5). This feature is not available up to and +# tion of the TCP client/server lookup protocol, see +# tcp_table(5). This feature is not available up to and # including Postfix version 2.2. # # Each lookup operation uses the entire address once. Thus, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user and @domain constituent parts, nor is user+foo broken # up into user and foo. # # Results are the same as with indexed file lookups. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant -# to this topic. See the Postfix main.cf file for syntax -# details and for default values. Use the "postfix reload" +# The following main.cf parameters are especially relevant +# to this topic. See the Postfix main.cf file for syntax +# details and for default values. Use the "postfix reload" # command after a configuration change. # # virtual_alias_maps # List of virtual aliasing tables. # # virtual_alias_domains -# List of virtual alias domains. This uses the same +# List of virtual alias domains. This uses the same # syntax as the mydestination parameter. # # propagate_unmatched_extensions -# A list of address rewriting or forwarding mecha- -# nisms that propagate an address extension from the -# original address to the result. Specify zero or -# more of canonical, virtual, alias, forward, +# A list of address rewriting or forwarding mecha- +# nisms that propagate an address extension from the +# original address to the result. Specify zero or +# more of canonical, virtual, alias, forward, # include, or generics. # # Other parameters of interest: # -# append_at_myorigin -# Do or don't append "@$myorigin" to addresses with- -# out domain. This must be turned on in Postfix. -# -# append_dot_mydomain -# Do or don't append ".$mydomain" to addresses with- -# out "." on the right-hand side of the @. -# # inet_interfaces -# The network interface addresses that this system +# The network interface addresses that this system # receives mail on. You need to stop and start Post- # fix when this parameter changes. # # mydestination -# List of domains that this mail system considers +# List of domains that this mail system considers # local. # # myorigin -# The domain that is appended to any address that +# The domain that is appended to any address that # does not have a domain. # # owner_request_special @@ -263,14 +258,14 @@ # canonical(5), canonical address mapping # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # ADDRESS_REWRITING_README, address rewriting guide # VIRTUAL_README, domain hosting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index 61afced15..7279933a2 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -386,7 +386,7 @@ forged MAIL FROM domains can be found at 5 reject_unauth_destination 6 check_sender_access hash:/etc/postfix/sender_access 7 ... - 8 restriction_classes = greylist + 8 smtpd_restriction_classes = greylist 9 greylist = check_policy_service unix:private/policy 10 11 /etc/postfix/sender_access: diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html index 0c1294d9d..e56d9a75e 100644 --- a/postfix/html/canonical.5.html +++ b/postfix/html/canonical.5.html @@ -108,63 +108,66 @@ CANONICAL(5) CANONICAL(5) o When the result has the form @otherdomain, the result becomes the same user in otherdomain. - o The result is rewritten as specified with - append_at_myorigin or with append_dot_mydomain. + o When "append_at_myorigin=yes", append "@$myorigin" + to addresses without "@domain". + + o When "append_dot_mydomain=yes", append ".$mydomain" + to addresses without ".domain". ADDRESS EXTENSION When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order + ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- + The propagate_unmatched_extensions parameter controls + whether an unmatched address extension (+foo) is propa- gated to the result of table lookup. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain + addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Results are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see - tcp_table(5). This feature is not available up to and + tion of the TCP client/server lookup protocol, see + tcp_table(5). This feature is not available up to and including Postfix version 2.2. Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their + user@domain mail addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See + The following main.cf parameters are especially relevant. + The text below provides only a parameter summary. See postconf(5) for more details including examples. canonical_classes - What addresses are subject to canonical address + What addresses are subject to canonical address mapping. canonical_maps @@ -179,24 +182,16 @@ CANONICAL(5) CANONICAL(5) header sender addresses. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, + A list of address rewriting or forwarding mecha- + nisms that propagate an address extension from the + original address to the result. Specify zero or + more of canonical, virtual, alias, forward, include, or generics. Other parameters of interest: - append_at_myorigin - Do or don't append "@$myorigin" to addresses with- - out domain. This must be turned on in Postfix. - - append_dot_mydomain - Do or don't append ".$mydomain" to addresses with- - out "." on the right-hand side of the @. - inet_interfaces - The network interface addresses that this system + The network interface addresses that this system receives mail on. You need to stop and start Post- fix when this parameter changes. @@ -206,20 +201,20 @@ CANONICAL(5) CANONICAL(5) tor. masquerade_classes - List of address classes subject to masquerading: - zero or more of envelope_sender, envelope_recipi- + List of address classes subject to masquerading: + zero or more of envelope_sender, envelope_recipi- ent, header_sender, header_recipient. masquerade_domains - List of domains that hide their subdomain struc- + List of domains that hide their subdomain struc- ture. masquerade_exceptions - List of user names that are not subject to address + List of user names that are not subject to address masquerading. mydestination - List of domains that this mail system considers + List of domains that this mail system considers local. myorigin @@ -240,7 +235,7 @@ CANONICAL(5) CANONICAL(5) ADDRESS_REWRITING_README, address rewriting guide LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/generics.5.html b/postfix/html/generics.5.html index e414db163..33b466f70 100644 --- a/postfix/html/generics.5.html +++ b/postfix/html/generics.5.html @@ -95,60 +95,63 @@ GENERICS(5) GENERICS(5) o When the result has the form @otherdomain, the result becomes the same user in otherdomain. - o The result is rewritten as specified with - append_at_myorigin or with append_dot_mydomain. + o When "append_at_myorigin=yes", append "@$myorigin" + to addresses without "@domain". + + o When "append_dot_mydomain=yes", append ".$mydomain" + to addresses without ".domain". ADDRESS EXTENSION When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order + ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- + The propagate_unmatched_extensions parameter controls + whether an unmatched address extension (+foo) is propa- gated to the result of table lookup. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain + addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Results are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see - tcp_table(5). This feature is not available up to and + tion of the TCP client/server lookup protocol, see + tcp_table(5). This feature is not available up to and including Postfix version 2.2. Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their + user@domain mail addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. EXAMPLE - The following shows a generic mapping with an indexed - file. When mail is sent to a remote host via SMTP, this - replaces his@localdomain.local by his ISP mail address, - replaces her@localdomain.local by her ISP mail address, - and replaces other local addresses by his ISP account, - with an address extension of +local (this example assumes + The following shows a generic mapping with an indexed + file. When mail is sent to a remote host via SMTP, this + replaces his@localdomain.local by his ISP mail address, + replaces her@localdomain.local by her ISP mail address, + and replaces other local addresses by his ISP account, + with an address extension of +local (this example assumes that the ISP supports "+" style address extensions). /etc/postfix/main.cf: @@ -159,43 +162,35 @@ GENERICS(5) GENERICS(5) her@localdomain.local heraccount@herisp.example @localdomain.local hisaccount+local@hisisp.example - Execute the command "postmap /etc/postfix/generics" when- - ever the table is changed. Instead of hash, some systems - use dbm database files. To find out what tables your sys- + Execute the command "postmap /etc/postfix/generics" when- + ever the table is changed. Instead of hash, some systems + use dbm database files. To find out what tables your sys- tem supports use the command "postconf -m". BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See + The following main.cf parameters are especially relevant. + The text below provides only a parameter summary. See postconf(5) for more details including examples. smtp_generics_maps Address mapping lookup table for envelope and - header sender and recipient addresses while deliv- + header sender and recipient addresses while deliv- ering mail via SMTP. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, + A list of address rewriting or forwarding mecha- + nisms that propagate an address extension from the + original address to the result. Specify zero or + more of canonical, virtual, alias, forward, include, or generics. Other parameters of interest: - append_at_myorigin - Do or don't append "@$myorigin" to addresses with- - out domain. This must be turned on in Postfix. - - append_dot_mydomain - Do or don't append ".$mydomain" to addresses with- - out "." on the right-hand side of the @. - inet_interfaces - The network interface addresses that this system + The network interface addresses that this system receives mail on. You need to stop and start Post- fix when this parameter changes. @@ -205,7 +200,7 @@ GENERICS(5) GENERICS(5) tor. mydestination - List of domains that this mail system considers + List of domains that this mail system considers local. myorigin @@ -225,7 +220,7 @@ GENERICS(5) GENERICS(5) ADDRESS_REWRITING_README, address rewriting guide LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. HISTORY diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index 4b9f30bb5..c5f42cdd5 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -109,34 +109,37 @@ VIRTUAL(5) VIRTUAL(5) works only for the first address in a multi-address lookup result. - o The result is rewritten as specified with - append_at_myorigin or with append_dot_mydomain. + o When "append_at_myorigin=yes", append "@$myorigin" + to addresses without "@domain". + + o When "append_dot_mydomain=yes", append ".$mydomain" + to addresses without ".domain". ADDRESS EXTENSION When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order + ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- + The propagate_unmatched_extensions parameter controls + whether an unmatched address extension (+foo) is propa- gated to the result of table lookup. VIRTUAL ALIAS DOMAINS - Besides virtual aliases, the virtual alias table can also + Besides virtual aliases, the virtual alias table can also be used to implement virtual alias domains. With a virtual - alias domain, all recipient addresses are aliased to + alias domain, all recipient addresses are aliased to addresses in other domains. Virtual alias domains are not to be confused with the vir- tual mailbox domains that are implemented with the Postfix virtual(8) mail delivery agent. With virtual mailbox - domains, each recipient address can have its own mailbox. + domains, each recipient address can have its own mailbox. - With a virtual alias domain, the virtual domain has its - own user name space. Local (i.e. non-virtual) usernames - are not visible in a virtual alias domain. In particular, - local aliases(5) and local mailing lists are not visible + With a virtual alias domain, the virtual domain has its + own user name space. Local (i.e. non-virtual) usernames + are not visible in a virtual alias domain. In particular, + local aliases(5) and local mailing lists are not visible as localname@virtual-alias.domain. Support for a virtual alias domain looks like: @@ -144,7 +147,7 @@ VIRTUAL(5) VIRTUAL(5) /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual - Note: some systems use dbm databases instead of hash. + Note: some systems use dbm databases instead of hash. See the output from "postconf -m" for available database types. @@ -154,103 +157,95 @@ VIRTUAL(5) VIRTUAL(5) user1@virtual-alias.domain address1 user2@virtual-alias.domain address2, address3 - The virtual-alias.domain anything entry is required for a + The virtual-alias.domain anything entry is required for a virtual alias domain. Without this entry, mail is rejected - with "relay access denied", or bounces with "mail loops + with "relay access denied", or bounces with "mail loops back to myself". - Do not specify virtual alias domain names in the main.cf + Do not specify virtual alias domain names in the main.cf mydestination or relay_domains configuration parameters. - With a virtual alias domain, the Postfix SMTP server - accepts mail for known-user@virtual-alias.domain, and - rejects mail for unknown-user@virtual-alias.domain as + With a virtual alias domain, the Postfix SMTP server + accepts mail for known-user@virtual-alias.domain, and + rejects mail for unknown-user@virtual-alias.domain as undeliverable. - Instead of specifying the virtual alias domain name via - the virtual_alias_maps table, you may also specify it via + Instead of specifying the virtual alias domain name via + the virtual_alias_maps table, you may also specify it via the main.cf virtual_alias_domains configuration parameter. - This latter parameter uses the same syntax as the main.cf + This latter parameter uses the same syntax as the main.cf mydestination configuration parameter. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain + addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Results are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when lookups are directed to a TCP-based server. For a descrip- - tion of the TCP client/server lookup protocol, see - tcp_table(5). This feature is not available up to and + tion of the TCP client/server lookup protocol, see + tcp_table(5). This feature is not available up to and including Postfix version 2.2. Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their + user@domain mail addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this topic. See the Postfix main.cf file for syntax - details and for default values. Use the "postfix reload" + The following main.cf parameters are especially relevant + to this topic. See the Postfix main.cf file for syntax + details and for default values. Use the "postfix reload" command after a configuration change. virtual_alias_maps List of virtual aliasing tables. virtual_alias_domains - List of virtual alias domains. This uses the same + List of virtual alias domains. This uses the same syntax as the mydestination parameter. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, + A list of address rewriting or forwarding mecha- + nisms that propagate an address extension from the + original address to the result. Specify zero or + more of canonical, virtual, alias, forward, include, or generics. Other parameters of interest: - append_at_myorigin - Do or don't append "@$myorigin" to addresses with- - out domain. This must be turned on in Postfix. - - append_dot_mydomain - Do or don't append ".$mydomain" to addresses with- - out "." on the right-hand side of the @. - inet_interfaces - The network interface addresses that this system + The network interface addresses that this system receives mail on. You need to stop and start Post- fix when this parameter changes. mydestination - List of domains that this mail system considers + List of domains that this mail system considers local. myorigin - The domain that is appended to any address that + The domain that is appended to any address that does not have a domain. owner_request_special @@ -274,7 +269,7 @@ VIRTUAL(5) VIRTUAL(5) VIRTUAL_README, domain hosting guide LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/canonical.5 b/postfix/man/man5/canonical.5 index fb7163057..8dd791b49 100644 --- a/postfix/man/man5/canonical.5 +++ b/postfix/man/man5/canonical.5 @@ -104,8 +104,11 @@ The lookup result is subject to address rewriting: When the result has the form @\fIotherdomain\fR, the result becomes the same \fIuser\fR in \fIotherdomain\fR. .IP \(bu -The result is rewritten as specified with \fBappend_at_myorigin\fR -or with \fBappend_dot_mydomain\fR. +When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +to addresses without "@domain". +.IP \(bu +When "\fBappend_dot_mydomain=yes\fR", append +"\fB.$mydomain\fR" to addresses without ".domain". .SH "ADDRESS EXTENSION" .na .nf @@ -185,12 +188,6 @@ Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR. .PP Other parameters of interest: -.IP \fBappend_at_myorigin\fR -Do or don't append "\fB@$myorigin\fR" to addresses without domain. -This must be turned on in Postfix. -.IP \fBappend_dot_mydomain\fR -Do or don't append "\fB.$mydomain\fR" to addresses without "." on -the right-hand side of the @. .IP \fBinet_interfaces\fR The network interface addresses that this system receives mail on. You need to stop and start Postfix when this parameter changes. diff --git a/postfix/man/man5/generics.5 b/postfix/man/man5/generics.5 index 881ec4716..633a2a11f 100644 --- a/postfix/man/man5/generics.5 +++ b/postfix/man/man5/generics.5 @@ -94,8 +94,11 @@ The lookup result is subject to address rewriting: When the result has the form @\fIotherdomain\fR, the result becomes the same \fIuser\fR in \fIotherdomain\fR. .IP \(bu -The result is rewritten as specified with \fBappend_at_myorigin\fR -or with \fBappend_dot_mydomain\fR. +When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +to addresses without "@domain". +.IP \(bu +When "\fBappend_dot_mydomain=yes\fR", append +"\fB.$mydomain\fR" to addresses without ".domain". .SH "ADDRESS EXTENSION" .na .nf @@ -202,12 +205,6 @@ Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR. .PP Other parameters of interest: -.IP \fBappend_at_myorigin\fR -Do or don't append "\fB@$myorigin\fR" to addresses without domain. -This must be turned on in Postfix. -.IP \fBappend_dot_mydomain\fR -Do or don't append "\fB.$mydomain\fR" to addresses without "." on -the right-hand side of the @. .IP \fBinet_interfaces\fR The network interface addresses that this system receives mail on. You need to stop and start Postfix when this parameter changes. diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5 index 2f6b868a8..c83ea011f 100644 --- a/postfix/man/man5/virtual.5 +++ b/postfix/man/man5/virtual.5 @@ -102,8 +102,11 @@ result becomes the same \fIuser\fR in \fIotherdomain\fR. This works only for the first address in a multi-address lookup result. .IP \(bu -The result is rewritten as specified with \fBappend_at_myorigin\fR -or with \fBappend_dot_mydomain\fR. +When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +to addresses without "@domain". +.IP \(bu +When "\fBappend_dot_mydomain=yes\fR", append +"\fB.$mydomain\fR" to addresses without ".domain". .SH "ADDRESS EXTENSION" .na .nf @@ -238,12 +241,6 @@ Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR. .PP Other parameters of interest: -.IP \fBappend_at_myorigin\fR -Do or don't append "\fB@$myorigin\fR" to addresses without domain. -This must be turned on in Postfix. -.IP \fBappend_dot_mydomain\fR -Do or don't append "\fB.$mydomain\fR" to addresses without "." on -the right-hand side of the @. .IP \fBinet_interfaces\fR The network interface addresses that this system receives mail on. You need to stop and start Postfix when this parameter changes. diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html index a6573ad72..4c7315a3d 100644 --- a/postfix/proto/SMTPD_POLICY_README.html +++ b/postfix/proto/SMTPD_POLICY_README.html @@ -386,7 +386,7 @@ http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in. 5 reject_unauth_destination 6 check_sender_access hash:/etc/postfix/sender_access 7 ... - 8 restriction_classes = greylist + 8 smtpd_restriction_classes = greylist 9 greylist = check_policy_service unix:private/policy 10 11 /etc/postfix/sender_access: diff --git a/postfix/proto/canonical b/postfix/proto/canonical index 71fb2b2e0..81d3ad381 100644 --- a/postfix/proto/canonical +++ b/postfix/proto/canonical @@ -92,8 +92,11 @@ # When the result has the form @\fIotherdomain\fR, the # result becomes the same \fIuser\fR in \fIotherdomain\fR. # .IP \(bu -# The result is rewritten as specified with \fBappend_at_myorigin\fR -# or with \fBappend_dot_mydomain\fR. +# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +# to addresses without "@domain". +# .IP \(bu +# When "\fBappend_dot_mydomain=yes\fR", append +# "\fB.$mydomain\fR" to addresses without ".domain". # ADDRESS EXTENSION # .fi # .ad @@ -163,12 +166,6 @@ # \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR. # .PP # Other parameters of interest: -# .IP \fBappend_at_myorigin\fR -# Do or don't append "\fB@$myorigin\fR" to addresses without domain. -# This must be turned on in Postfix. -# .IP \fBappend_dot_mydomain\fR -# Do or don't append "\fB.$mydomain\fR" to addresses without "." on -# the right-hand side of the @. # .IP \fBinet_interfaces\fR # The network interface addresses that this system receives mail on. # You need to stop and start Postfix when this parameter changes. diff --git a/postfix/proto/generics b/postfix/proto/generics index b63b5383b..648815d1d 100644 --- a/postfix/proto/generics +++ b/postfix/proto/generics @@ -82,8 +82,11 @@ # When the result has the form @\fIotherdomain\fR, the # result becomes the same \fIuser\fR in \fIotherdomain\fR. # .IP \(bu -# The result is rewritten as specified with \fBappend_at_myorigin\fR -# or with \fBappend_dot_mydomain\fR. +# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +# to addresses without "@domain". +# .IP \(bu +# When "\fBappend_dot_mydomain=yes\fR", append +# "\fB.$mydomain\fR" to addresses without ".domain". # ADDRESS EXTENSION # .fi # .ad @@ -178,12 +181,6 @@ # \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR. # .PP # Other parameters of interest: -# .IP \fBappend_at_myorigin\fR -# Do or don't append "\fB@$myorigin\fR" to addresses without domain. -# This must be turned on in Postfix. -# .IP \fBappend_dot_mydomain\fR -# Do or don't append "\fB.$mydomain\fR" to addresses without "." on -# the right-hand side of the @. # .IP \fBinet_interfaces\fR # The network interface addresses that this system receives mail on. # You need to stop and start Postfix when this parameter changes. diff --git a/postfix/proto/virtual b/postfix/proto/virtual index 987c7e650..b4e7cf30a 100644 --- a/postfix/proto/virtual +++ b/postfix/proto/virtual @@ -90,8 +90,11 @@ # This works only for the first address in a multi-address # lookup result. # .IP \(bu -# The result is rewritten as specified with \fBappend_at_myorigin\fR -# or with \fBappend_dot_mydomain\fR. +# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +# to addresses without "@domain". +# .IP \(bu +# When "\fBappend_dot_mydomain=yes\fR", append +# "\fB.$mydomain\fR" to addresses without ".domain". # ADDRESS EXTENSION # .fi # .ad @@ -214,12 +217,6 @@ # \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR. # .PP # Other parameters of interest: -# .IP \fBappend_at_myorigin\fR -# Do or don't append "\fB@$myorigin\fR" to addresses without domain. -# This must be turned on in Postfix. -# .IP \fBappend_dot_mydomain\fR -# Do or don't append "\fB.$mydomain\fR" to addresses without "." on -# the right-hand side of the @. # .IP \fBinet_interfaces\fR # The network interface addresses that this system receives mail on. # You need to stop and start Postfix when this parameter changes. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index a5b3b3755..5cfbb0730 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only. */ -#define MAIL_RELEASE_DATE "20050209" +#define MAIL_RELEASE_DATE "20050210" #define MAIL_VERSION_NUMBER "2.2" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index f712ac089..ecaa2ebfa 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -558,7 +558,7 @@ int smtp_connect(SMTP_STATE *state) * getting lost in the complexity. */ #define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \ - ((cpp) >= (sites)->argv + (non_fallback_sites)) + (*(cpp) && (cpp) >= (sites)->argv + (non_fallback_sites)) for (cpp = sites->argv; SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0; cpp++) { if (i_am_mx && IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites)) diff --git a/postfix/src/smtp/smtp_map11.c b/postfix/src/smtp/smtp_map11.c index 11ec50d03..fe3244df0 100644 --- a/postfix/src/smtp/smtp_map11.c +++ b/postfix/src/smtp/smtp_map11.c @@ -162,6 +162,7 @@ int main(int argc, char **argv) msg_info("-- end %s --", *argv); } vstring_free(buf); + maps_free(maps); return (0); } diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in index 37aa5a5dc..0ef0419d4 100644 --- a/postfix/src/tls/Makefile.in +++ b/postfix/src/tls/Makefile.in @@ -25,7 +25,7 @@ MAKES = all: $(LIB) Makefile: Makefile.in - (echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@ + (echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@ test: $(TESTPROG) diff --git a/postfix/src/tls/tls_scache.c b/postfix/src/tls/tls_scache.c index 1788cd077..e679d049e 100644 --- a/postfix/src/tls/tls_scache.c +++ b/postfix/src/tls/tls_scache.c @@ -372,7 +372,8 @@ int tls_scache_lookup(TLS_SCACHE *cp, const char *cache_id, /* * Initialize. Don't leak data. */ - VSTRING_RESET(session); + if (session) + VSTRING_RESET(session); /* * Search the cache database. @@ -446,30 +447,66 @@ int tls_scache_sequence(TLS_SCACHE *cp, int first_next, { const char *member; const char *value; - char *saved_member; + char *saved_cursor; + int seq_status; + + /* + * XXX Deleting entries while enumerating a map can he tricky. Some map + * types have a concept of cursor and support a "delete the current + * element" operation. Some map types without cursors don't behave well + * when the current first/next entry is deleted (example: Berkeley DB < + * 2). To avoid trouble, we delete an expired entry after advancing the + * current first/next position beyond it, and ignore client requests to + * delete the current entry. + */ /* * Find the first or next database entry. */ - if (dict_seq(cp->db, first_next, &member, &value) != 0) + seq_status = dict_seq(cp->db, first_next, &member, &value); + + /* + * Delete behind. This is a no-op if an expired cache entry was updated + * in the mean time. + */ + if (cp->flags & TLS_SCACHE_FLAG_DEL_CURSOR) { + cp->flags &= ~TLS_SCACHE_FLAG_DEL_CURSOR; + saved_cursor = cp->saved_cursor; + cp->saved_cursor = 0; + tls_scache_lookup(cp, saved_cursor, TLS_SCACHE_ANY_OPENSSL_VSN, + TLS_SCACHE_ANY_FLAGS, (long *) 0, (int *) 0, + (VSTRING *) 0); + myfree(saved_cursor); + } else { + if (cp->saved_cursor) + myfree(cp->saved_cursor); + cp->saved_cursor = 0; + } + + /* + * Did we find a first or next database entry? + */ + if (seq_status != 0) return (0); /* End of list reached */ + /* + * Safety against client requests to delete the current first/next entry. + */ + cp->saved_cursor = mystrdup(member); + /* * Activate the passivated cache entry and check the version and time - * stamp information. + * stamp information. Schedule it for deletion if it is bad or too old. */ if (tls_scache_decode(cp, member, value, strlen(value), openssl_version, flags, out_openssl_version, out_flags, out_session) == 0) { - saved_member = mystrdup(member); - tls_scache_delete(cp, saved_member); - myfree(saved_member); - return (0); + cp->flags |= TLS_SCACHE_FLAG_DEL_CURSOR; } else { if (out_cache_id) *out_cache_id = mystrdup(member); - return (1); } + return (1); } /* tls_scache_delete - delete session from cache */ @@ -484,9 +521,12 @@ int tls_scache_delete(TLS_SCACHE *cp, const char *cache_id) msg_info("delete %s session id=%s", cp->cache_label, cache_id); /* - * Do it. + * Do it, unless we would delete the current first/next entry. Some map + * types don't have cursors, and some of those don't behave when the + * "current" entry is deleted. */ - return (dict_del(cp->db, cache_id) == 0); + return ((cp->saved_cursor != 0 && strcmp(cp->saved_cursor, cache_id) == 0) + || dict_del(cp->db, cache_id) == 0); } /* tls_scache_open - open TLS session cache file */ @@ -537,10 +577,12 @@ TLS_SCACHE *tls_scache_open(const char *dbname, const char *cache_label, * Create the TLS_SCACHE object. */ cp = (TLS_SCACHE *) mymalloc(sizeof(*cp)); + cp->flags = 0; cp->db = dict; cp->cache_label = mystrdup(cache_label); cp->log_level = log_level; cp->timeout = timeout; + cp->saved_cursor = 0; return (cp); } @@ -561,6 +603,8 @@ void tls_scache_close(TLS_SCACHE *cp) */ dict_close(cp->db); myfree(cp->cache_label); + if (cp->saved_cursor) + myfree(cp->saved_cursor); myfree((char *) cp); } diff --git a/postfix/src/tls/tls_scache.h b/postfix/src/tls/tls_scache.h index 66025c280..2c828e9cc 100644 --- a/postfix/src/tls/tls_scache.h +++ b/postfix/src/tls/tls_scache.h @@ -21,12 +21,16 @@ * External interface. */ typedef struct { + int flags; /* see below */ DICT *db; /* database handle */ char *cache_label; /* "client" or "server" */ int log_level; /* smtp(d)_tls_log_level */ int timeout; /* smtp(d)_tls_session_cache_timeout */ + char *saved_cursor; /* cursor cache ID */ } TLS_SCACHE; +#define TLS_SCACHE_FLAG_DEL_CURSOR (1<<0) + extern TLS_SCACHE *tls_scache_open(const char *, const char *, int, int); extern void tls_scache_close(TLS_SCACHE *); extern int tls_scache_lookup(TLS_SCACHE *, const char *, long, int, long *, int *, VSTRING *); diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c index acdaf4e41..cf0bbefb3 100644 --- a/postfix/src/util/dict_db.c +++ b/postfix/src/util/dict_db.c @@ -393,17 +393,19 @@ static int dict_db_sequence(DICT *dict, int function, dict_errno = 0; memset(&db_key, 0, sizeof(db_key)); memset(&db_value, 0, sizeof(db_value)); - if (dict_db->cursor == 0) - db->cursor(db, NULL, &(dict_db->cursor), 0); /* * Determine the function. */ switch (function) { case DICT_SEQ_FUN_FIRST: + if (dict_db->cursor == 0) + db->cursor(db, NULL, &(dict_db->cursor), 0); db_function = DB_FIRST; break; case DICT_SEQ_FUN_NEXT: + if (dict_db->cursor == 0) + msg_panic("%s: no cursor", myname); db_function = DB_NEXT; break; default: @@ -421,7 +423,7 @@ static int dict_db_sequence(DICT *dict, int function, * Database lookup. */ status = - dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value, DB_NEXT); + dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value, db_function); if (status != 0 && status != DB_NOTFOUND) msg_fatal("error [%d] seeking %s: %m", status, dict_db->dict.name); diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c index fc892f05b..079c51ee3 100644 --- a/postfix/src/util/dict_open.c +++ b/postfix/src/util/dict_open.c @@ -84,7 +84,7 @@ /* With file-based maps, flush I/O buffers to file after each update. /* Thus feature is not supported with some file-based dictionaries. /* .IP DICT_FLAG_NO_REGSUB -/* Disallow regular expression substitution from left-hand side data +/* Disallow regular expression substitution from left-hand side data /* into the right-hand side. /* .IP DICT_FLAG_NO_PROXY /* Disallow access through the \fBproxymap\fR service. @@ -143,7 +143,7 @@ /* /* dict_open_register() adds support for a new dictionary type. /* -/* dict_mapnames() returns a sorted list with the names of all available +/* dict_mapnames() returns a sorted list with the names of all available /* dictionary types. /* DIAGNOSTICS /* Fatal error: open error, unsupported dictionary type, attempt to @@ -380,7 +380,7 @@ int main(int argc, char **argv) int open_flags; char *bufp; char *cmd; - char *key; + const char *key; const char *value; int ch; @@ -408,18 +408,24 @@ int main(int argc, char **argv) else msg_fatal("unknown access mode: %s", argv[2]); dict_name = argv[optind]; - dict = dict_open(dict_name, open_flags, DICT_FLAG_LOCK); + dict = dict_open(dict_name, open_flags, DICT_FLAG_LOCK | DICT_FLAG_DUP_REPLACE); dict_register(dict_name, dict); while (vstring_fgets_nonl(inbuf, VSTREAM_IN)) { bufp = vstring_str(inbuf); - if ((cmd = mystrtok(&bufp, " ")) == 0 || *bufp == 0) { - vstream_printf("usage: del key|get key|put key=value\n"); + if (!isatty(0)) { + vstream_printf("> %s\n", bufp); + vstream_fflush(VSTREAM_OUT); + } + if (*bufp == '#') + continue; + if ((cmd = mystrtok(&bufp, " ")) == 0) { + vstream_printf("usage: del key|get key|put key=value|first|next\n"); vstream_fflush(VSTREAM_OUT); continue; } if (dict_changed_name()) msg_warn("dictionary has changed"); - key = vstring_str(unescape(keybuf, mystrtok(&bufp, " ="))); + key = *bufp ? vstring_str(unescape(keybuf, mystrtok(&bufp, " ="))) : 0; value = mystrtok(&bufp, " ="); if (strcmp(cmd, "del") == 0 && key && !value) { if (dict_del(dict, key)) @@ -437,8 +443,22 @@ int main(int argc, char **argv) } else if (strcmp(cmd, "put") == 0 && key && value) { dict_put(dict, key, value); vstream_printf("%s=%s\n", key, value); + } else if (strcmp(cmd, "first") == 0 && !key && !value) { + if (dict_seq(dict, DICT_SEQ_FUN_FIRST, &key, &value) == 0) + vstream_printf("%s=%s\n", key, value); + else + vstream_printf("%s\n", + dict_errno == DICT_ERR_RETRY ? + "soft error" : "not found"); + } else if (strcmp(cmd, "next") == 0 && !key && !value) { + if (dict_seq(dict, DICT_SEQ_FUN_NEXT, &key, &value) == 0) + vstream_printf("%s=%s\n", key, value); + else + vstream_printf("%s\n", + dict_errno == DICT_ERR_RETRY ? + "soft error" : "not found"); } else { - vstream_printf("usage: del key|get key|put key=value\n"); + vstream_printf("usage: del key|get key|put key=value|first|next\n"); } vstream_fflush(VSTREAM_OUT); }