postfix-2.3-20060124

2025-08-31 14:17:41 +00:00 · 2006-01-24 00:00:00 -05:00
parent 99a79e64b2
commit 941f189e65
13 changed files with 86 additions and 33 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -11873,6 +11873,9 @@ Apologies for any names omitted.
 	options are specified.  Files: postmap/postmap.c,
 	postalias/postalias.c.

+	Safety: don't allow $number substitution in transport maps
+	or sender-dependent relayhost maps.
+
 	Cleanup: smtp_sasl_passwd_maps lookup keys are folded to
 	lowercase before searching tables such as btree:, dbm: or
 	hash: that have fixed-case fields. File: smtp/smtp_sasl_glue.c.
@@ -11920,6 +11923,12 @@ Apologies for any names omitted.
 	Bugfix: change 20051208 broke when a connection could not
 	be established. File: util/auto_clnt.c.

+20060124
+
+	Bugfix: the virtual(8) delivery agent did not insist on
+	privileged operation; this broke change 20060117. File:
+	virtual/virtual.c.
+
 Open problems:

 	Centralize main.cf parameter input so that defaults work
--- a/postfix/README_FILES/SMTPD_PROXY_README
+++ b/postfix/README_FILES/SMTPD_PROXY_README
@@ -145,8 +145,8 @@ master.cf file:

  * Postfix 2.3 supports both TCP and UNIX-domain filters. The above filter
    could be specified as "inet:127.0.0.1:10025". To specify a UNIX-domain
-    filter, specify "unix:pathame". A relative pathname is interpreted relative
-    to the Postfix queue directory.
+    filter, specify "unix:pathname". A relative pathname is interpreted
+    relative to the Postfix queue directory.

 The after-filter SMTP server is a new master.cf entry:

--- a/postfix/README_FILES/TLS_README
+++ b/postfix/README_FILES/TLS_README
@@ -784,10 +784,12 @@ summarized as follows:

 CClloossiinngg aa DDNNSS lloooopphhoollee wwiitthh  ppeerr--ssiittee TTLLSS ppoolliicciieess

-As long as no secure DNS lookup mechanism is available, false hostnames may
-appear in MX or CNAME responses. Even with a perfect match between the server
-hostname and the server certificate, there is no guarantee that Postfix is
-connected to the right server. To avoid this loophole take the following steps:
+As long as no secure DNS lookup mechanism is available, false hostnames in MX
+or CNAME responses can change the server hostname that Postfix uses for TLS
+policy lookup and server certificate verification. Even with a perfect match
+between the server hostname and the server certificate, there is no guarantee
+that Postfix is connected to the right server. To avoid this loophole take the
+following steps:

  * Eliminate MX lookups. Specify local transport(5) table entries for
    sensitive domains with explicit smtp:[mailhost] or smtp:[mailhost]:port
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -22,8 +22,9 @@ Incompatibility with snapshot 20060123

 Postfix now preserves uppercase information while mapping addresses
 with canonical, virtual, relocated or generic maps; this happens
-even with lookups from regular expression maps. However, the local(8)
-and virtual(8) delivery agents still fold addresses to lower case.
+even with $number substitutions in regular expression maps. However,
+the local(8) and virtual(8) delivery agents still fold addresses
+to lower case.

 By default, Postfix now folds the search string to lowercase only
 with tables that have fixed-case lookup fields such as btree:,
@@ -48,7 +49,7 @@ better job at being case insensitive where it should, for example
 while searching per-host TLS policies or SASL passwords.

 Some obscure behavior was eliminated from the smtp_tls_per_site
-feature, without changes to the user interface. some Postfix internals
+feature, without changes to the user interface. Some Postfix internals
 had to be re-structured in preparation for a more general TLS policy
 mechanism; this required that smtp_tls_per_site be re-implemented
 from scratch.
--- a/postfix/html/SMTPD_PROXY_README.html
+++ b/postfix/html/SMTPD_PROXY_README.html
@@ -220,11 +220,11 @@ PERL/SMTP content filtering framework. See:

 </blockquote>

-<p> This is configured by editing the master.cf file: </p>
+<p> This is configured by editing the <a href="master.5.html">master.cf</a> file: </p>

 <blockquote>
 <pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
    # =============================================================
    # service type  private unpriv  chroot  wakeup  maxproc command
    #               (yes)   (yes)   (yes)   (never) (100)
@@ -256,7 +256,7 @@ PERL/SMTP content filtering framework. See:

 <p> The before-filter SMTP server entry is a modified version of the
 default Postfix SMTP server entry that is normally configured at
-the top of the master.cf file: </p>
+the top of the <a href="master.5.html">master.cf</a> file: </p>

 <ul>

@@ -279,13 +279,13 @@ the top of the master.cf file: </p>

    <li> <p> Postfix 2.3 supports both TCP and UNIX-domain filters.
    The above filter could be specified as "inet:127.0.0.1:10025".
-    To specify a UNIX-domain filter, specify "unix:<i>pathame</i>".
+    To specify a UNIX-domain filter, specify "unix:<i>pathname</i>".
    A relative pathname is interpreted relative to the Postfix queue
    directory. </p>

 </ul>

-<p> The after-filter SMTP server is a new master.cf entry: </p>
+<p> The after-filter SMTP server is a new <a href="master.5.html">master.cf</a> entry: </p>

 <ul>

--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -1165,10 +1165,12 @@ parameter.  </p>
 <!-- legacy --> per-site TLS policies </a> </h3>

 <p> As long as no secure DNS lookup mechanism is available, false
-hostnames may appear in MX or CNAME responses. Even with a perfect
-match between the server hostname and the server certificate, there
-is no guarantee that Postfix is connected to the right server.  To
-avoid this loophole take the following steps: </p>
+hostnames in MX or CNAME responses can change the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. Even with a perfect match between the server hostname
+and the server certificate, there is no guarantee that Postfix is
+connected to the right server.  To avoid this loophole take the
+following steps: </p>

 <ul>

--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -2386,6 +2386,9 @@ is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">ma
 <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
 <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>.  </p>

+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
 <p> This feature is available in Postfix 2.3 and later. </p>


@@ -3543,7 +3546,7 @@ to the remote host.
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>

 <p> This feature is available in Postfix 2.3 and later. </p>

@@ -4412,6 +4415,9 @@ is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">ma
 <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
 <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>.  </p>

+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
 <p> This feature is available in Postfix 2.3 and later. </p>


@@ -6266,6 +6272,9 @@ setting. The tables are searched by the sender address and by the
@domain. This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
 <a href="postconf.5.html#default_transport">default_transport</a> and with the <a href="transport.5.html">transport(5)</a> table. </p>

+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
 <p>
 This feature is available in Postfix 2.3 and later.
 </p>
@@ -7167,7 +7176,7 @@ chroot jail, so you can leave the password file in /etc/postfix.
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>

 <p> This feature is available in Postfix 2.3 and later. </p>

@@ -9308,7 +9317,7 @@ Examples:
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>

 <p> This feature is available in Postfix 2.3 and later. </p>

@@ -10319,6 +10328,9 @@ Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tabl
 feature with local files, run "<b>postmap /etc/postfix/transport</b>"
 after making a change.  </p>

+<p> For safety reasons, as of Postfix 2.3 this feature does not
+allow $number substitutions in regular expression maps. </p>
+
 <p>
 Examples:
 </p>
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1287,6 +1287,9 @@ is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
 mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
 fallback_transport_maps, fallback_transport and luser_relay.
 .PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
 This feature is available in Postfix 2.3 and later.
 .SH fast_flush_domains (default: $relay_domains)
 Optional list of destinations that are eligible for per-destination
@@ -1886,7 +1889,7 @@ to the remote host.
 Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 \fBlmtp_sasl_type\fR.  Typically this specifies the name of a
-configuration file or rendez-vous point.
+configuration file or rendezvous point.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH lmtp_sasl_security_options (default: noplaintext, noanonymous)
@@ -2398,6 +2401,9 @@ is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
 mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
 fallback_transport_maps, fallback_transport and luser_relay.
 .PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
 This feature is available in Postfix 2.3 and later.
 .SH mailq_path (default: see "postconf -d" output)
 Sendmail compatibility feature that specifies where the Postfix
@@ -3496,6 +3502,9 @@ setting. The tables are searched by the sender address and by the
@domain. This information is overruled with relay_transport,
 default_transport and with the \fBtransport\fR(5) table.
 .PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
 This feature is available in Postfix 2.3 and later.
 .SH sendmail_path (default: see "postconf -d" output)
 A Sendmail compatibility feature that specifies the location of
@@ -4000,7 +4009,7 @@ chroot jail, so you can leave the password file in /etc/postfix.
 Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 \fBsmtp_sasl_type\fR.  Typically this specifies the name of a
-configuration file or rendez-vous point.
+configuration file or rendezvous point.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtp_sasl_security_options (default: noplaintext, noanonymous)
@@ -5391,7 +5400,7 @@ smtpd_sasl_local_domain = $myhostname
 Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 \fBsmtpd_sasl_type\fR.  Typically this specifies the name of a
-configuration file or rendez-vous point.
+configuration file or rendezvous point.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtpd_sasl_security_options (default: noanonymous)
@@ -6019,6 +6028,9 @@ Specify zero or more "type:table" lookup tables.  If you use this
 feature with local files, run "\fBpostmap /etc/postfix/transport\fR"
 after making a change.
 .PP
+For safety reasons, as of Postfix 2.3 this feature does not
+allow $number substitutions in regular expression maps.
+.PP
 Examples:
 .PP
 .nf
--- a/postfix/proto/SMTPD_PROXY_README.html
+++ b/postfix/proto/SMTPD_PROXY_README.html
@@ -279,7 +279,7 @@ the top of the master.cf file: </p>

    <li> <p> Postfix 2.3 supports both TCP and UNIX-domain filters.
    The above filter could be specified as "inet:127.0.0.1:10025".
-    To specify a UNIX-domain filter, specify "unix:<i>pathame</i>".
+    To specify a UNIX-domain filter, specify "unix:<i>pathname</i>".
    A relative pathname is interpreted relative to the Postfix queue
    directory. </p>

--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -1165,10 +1165,12 @@ parameter.  </p>
 <!-- legacy --> per-site TLS policies </a> </h3>

 <p> As long as no secure DNS lookup mechanism is available, false
-hostnames may appear in MX or CNAME responses. Even with a perfect
-match between the server hostname and the server certificate, there
-is no guarantee that Postfix is connected to the right server.  To
-avoid this loophole take the following steps: </p>
+hostnames in MX or CNAME responses can change the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. Even with a perfect match between the server hostname
+and the server certificate, there is no guarantee that Postfix is
+connected to the right server.  To avoid this loophole take the
+following steps: </p>

 <ul>

--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -5842,6 +5842,9 @@ Specify zero or more "type:table" lookup tables.  If you use this
 feature with local files, run "<b>postmap /etc/postfix/transport</b>"
 after making a change.  </p>

+<p> For safety reasons, as of Postfix 2.3 this feature does not
+allow $number substitutions in regular expression maps. </p>
+
 <p>
 Examples:
 </p>
@@ -8819,6 +8822,9 @@ setting. The tables are searched by the sender address and by the
@domain. This information is overruled with relay_transport,
 default_transport and with the transport(5) table. </p>

+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
 <p>
 This feature is available in Postfix 2.3 and later.
 </p>
@@ -9130,7 +9136,7 @@ for authentication.  The available types are listed with the
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b>smtpd_sasl_type</b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>

 <p> This feature is available in Postfix 2.3 and later. </p>

@@ -9139,7 +9145,7 @@ configuration file or rendez-vous point. </p>
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b>smtp_sasl_type</b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>

 <p> This feature is available in Postfix 2.3 and later. </p>

@@ -9148,7 +9154,7 @@ configuration file or rendez-vous point. </p>
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b>lmtp_sasl_type</b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>

 <p> This feature is available in Postfix 2.3 and later. </p>

@@ -9178,6 +9184,9 @@ recipients are found in the UNIX passwd database. </p>
 is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
 mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
 fallback_transport_maps, fallback_transport and luser_relay.  </p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>

@@ -9191,6 +9200,9 @@ not find in the aliases(5) or UNIX password database. </p>
 is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
 mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
 fallback_transport_maps, fallback_transport and luser_relay.  </p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>

--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20060123"
+#define MAIL_RELEASE_DATE	"20060124"
 #define MAIL_VERSION_NUMBER	"2.3"

 #ifdef SNAPSHOT
--- a/postfix/src/virtual/virtual.c
+++ b/postfix/src/virtual/virtual.c
@@ -501,5 +501,6 @@ int     main(int argc, char **argv)
 		       MAIL_SERVER_PRE_INIT, pre_init,
 		       MAIL_SERVER_POST_INIT, post_init,
 		       MAIL_SERVER_PRE_ACCEPT, pre_accept,
+		       MAIL_SERVER_PRIVILEGED,
 		       0);
 }