mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 18:07:41 +00:00
Code Issues Releases Wiki Activity

postfix-3.9-20231210

Browse Source
This commit is contained in:
Wietse Venema 2023-12-10 00:00:00 -05:00 committed by Viktor Dukhovni
parent 17dbfb9b8b
commit 984278aadf
29 changed files with 774 additions and 601 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
postfix/HISTORY
View File

@ -27529,8 +27529,8 @@ Apologies for any names omitted.
Bugfix (defect introduced: Postfix 2.3, date 20051222): the Bugfix (defect introduced: Postfix 2.3, date 20051222): the
Dovecot auth client did not reset the 'reason' from a Dovecot auth client did not reset the 'reason' from a
previous Dovecot auth service response, before parsing the previous Dovecot auth service response, before parsing the
next Dovecot auth server response. Reported by Stephan next Dovecot auth server response in the same SMTP session.
Bosch, File: xsasl/xsasl_dovecot_server.c. Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c.
20231105 20231105
@ -27553,3 +27553,53 @@ Apologies for any names omitted.
Robustness: don't loop on an 'unfinished' queue file that Robustness: don't loop on an 'unfinished' queue file that
still has its all-zero SIZE record. File: postcat/postcat.c. still has its all-zero SIZE record. File: postcat/postcat.c.
20231126
Cleanup: implementation and documentation for the selection
of SMTP versus LMTP client protocol and parameters, based
on process name. Files: smtp/smtp.c, global/mail_proto.h,
proto/postconf.proto.
Cleanup: documented (in proxymap source code) the complexities
of determining the optimal proxywrite service process limit,
and make the 'invalid' proxymap service name error message
more similar to the error message for an invalid SMTP/LMTP
client process name. File: proxymap/proxymap.c.
20231127
Documentation: in the stock main.cf file, mailbox_command
uses $default_privs, not $default_user. Vijay Sarvepalli,
Cert/CC. File: conf/main.cf.
20231202
Bugfix: posttls-finger certificate match expectations for
opportunistic DANE incorrectly defaulted to ("nexthop",
"hostname") instead of ("nexthop", "dot-nexthop"), when no
TLSA records were found. Viktor Dukhovni. File: posttls-finger.c.
20231204
Documentation: updated comments on address validation in
smtpd_check.c, making them consistent with the implementation.
File: smtpd/smtpd_check.c.
20231208
Bugfix (defect introduced: Postfix 3.1, date: 20151128):
"postqueue -j" produced broken JSON when escaping a control
character as \uXXXX. Found during code maintenance. File:
postqueue/showq_json.c.
20231209
Feature: the local(8) delivery agent exports an ENVID
environment variable with the RFC 3461 envelope ID if
available. Files: local/command.c, local/local.c,
proto/postconf.proto.
Feature: the pipe(8) delivery agent supports an ${envid}
command-line attribute that expands to the RFC 3461 envelope
ID if available. File: pipe/pipe.c.

8
postfix/WISHLIST
View File

@ -8,10 +8,10 @@ Wish list:
postfix-install should mention makedefs.out. postfix-install should mention makedefs.out.
Propagate information about parsed daemon command-line In documentation and configuration file examples, replace
options to service callback functions. With this, a proxywrite IPv4 address prefixes from Cloud9 with 192.168.* from RFC
server can enforce a process limit of 1 without duplicating 1918, and replace IPv6 address prefixes with unique local
libmaster's command-line parsing code. IPv6 address prefixes fd00:* from RFC 4193.
Add a pre-release check for '.' instead of ','. Generalize Add a pre-release check for '.' instead of ','. Generalize
from grep '[a-zA-Z0-9]\. *[a-z]' proto/*|egrep -v from grep '[a-zA-Z0-9]\. *[a-z]' proto/*|egrep -v

2
postfix/conf/main.cf
View File

@ -452,7 +452,7 @@ unknown_local_recipient_reject_code = 550
# The mailbox_command parameter specifies the optional external # The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as # command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings. # the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user. # Exception: delivery for root is done as $default_privs.
# #
# Other environment variables of interest: USER (recipient username), # Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address), # EXTENSION (address extension), DOMAIN (domain part of address),

19
postfix/html/lmtp.8.html
View File

@ -5,20 +5,24 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'> <link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title> <title> Postfix manual - smtp(8) </title>
</head> <body> <pre> </head> <body> <pre>
SMTP(8) SMTP(8) SMTP,(LMTP) SMTP,(LMTP)
<b>NAME</b> <b>NAME</b>
smtp - Postfix SMTP+LMTP client smtp, lmtp - Postfix SMTP+LMTP client
<b>SYNOPSIS</b> <b>SYNOPSIS</b>
<b>smtp</b> [generic Postfix daemon options] [flags=DORX] <b>smtp</b> [generic Postfix daemon options] [flags=DORX]
<b>lmtp</b> [generic Postfix daemon options] [flags=DORX]
<b>DESCRIPTION</b> <b>DESCRIPTION</b>
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
protocols. It processes message delivery requests from the queue man- protocols. It processes message delivery requests from the queue man-
ager. Each request specifies a queue file, a sender address, a domain ager. Each request specifies a queue file, a sender address, a domain
or host to deliver to, and recipient information. This program expects or host to deliver to, and recipient information. This program expects
to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. The process name, <b>smtp</b> or
<b>lmtp</b>, controls the protocol, and the names of the configuration parame-
ters that will be used.
The SMTP+LMTP client updates the queue file and marks recipients as The SMTP+LMTP client updates the queue file and marks recipients as
finished, or it informs the queue manager that delivery should be tried finished, or it informs the queue manager that delivery should be tried
@ -180,10 +184,9 @@ SMTP(8) SMTP(8)
for all destinations that map onto the same IP address and TCP port. for all destinations that map onto the same IP address and TCP port.
<b>CONFIGURATION PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
Before Postfix version 2.3, the LMTP client is a separate program that Postfix versions 2.3 and later implement the SMTP and LMTP client with
implements only a subset of the functionality available with SMTP: the same program, and choose the protocol and configuration parameters
there is no support for TLS, and connections are cached in-process, based on the process name, <b>smtp</b> or <b>lmtp</b>.
making it ineffective when the client is used for multiple domains.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param- Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
eter for the equivalent LMTP feature. This document describes only eter for the equivalent LMTP feature. This document describes only
@ -1131,5 +1134,5 @@ SMTP(8) SMTP(8)
Victor Duchovni Victor Duchovni
Morgan Stanley Morgan Stanley
SMTP(8) 8 SMTP,(LMTP)
</pre> </body> </html> </pre> </body> </html>

26
postfix/html/local.8.html
View File

@ -178,31 +178,33 @@ LOCAL(8) LOCAL(8)
replaced with underscores. The list of acceptable characters is speci- replaced with underscores. The list of acceptable characters is speci-
fied with the <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a></b> configuration parameter. fied with the <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a></b> configuration parameter.
<b>SHELL</b> The recipient user's login shell. <b>SHELL</b> The envelope recipient user's login shell.
<b>HOME</b> The recipient user's home directory. <b>HOME</b> The envelope recipient user's home directory.
<b>USER</b> The bare recipient name. <b>USER</b> The bare envelope recipient name.
<b>EXTENSION</b> <b>EXTENSION</b>
The optional recipient address extension. The optional envelope recipient address extension.
<b>DOMAIN</b> The recipient address domain part. <b>DOMAIN</b> The envelope recipient address domain part.
<b>LOGNAME</b> <b>LOGNAME</b>
The bare recipient name. The bare envelope recipient name.
<b>LOCAL</b> The entire recipient address localpart (text to the left of the <b>LOCAL</b> The entire envelope recipient address localpart (text to the
rightmost @ character). left of the rightmost @ character).
<b>ORIGINAL_RECIPIENT</b> <b>ORIGINAL_RECIPIENT</b>
The entire recipient address, before any address rewriting or The entire envelope recipient address, before any address
aliasing (Postfix 2.5 and later). rewriting or aliasing (Postfix 2.5 and later).
<b>RECIPIENT</b> <b>RECIPIENT</b>
The entire recipient address. The entire envelope recipient address.
<b>SENDER</b> The entire sender address. <b>SENDER</b> The entire envelope sender address.
<b>ENVID</b> The optional <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID. Available as of Postfix 3.9.
Additional remote client information is made available via the follow- Additional remote client information is made available via the follow-
ing environment variables: ing environment variables:

6
postfix/html/pipe.8.html
View File

@ -242,6 +242,12 @@ PIPE(8) PIPE(8)
This feature is available as of Postfix 2.5. This feature is available as of Postfix 2.5.
<b>${envid}</b>
This macro expands to the <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID if avail-
able, otherwise the empty string.
This feature is available as of Postfix 3.9.
<b>${extension}</b> <b>${extension}</b>
This macro expands to the extension part of a recipient This macro expands to the extension part of a recipient
address. For example, with an address <i>user+foo@domain</i> address. For example, with an address <i>user+foo@domain</i>

5
postfix/html/postconf.5.html
View File

@ -6498,6 +6498,11 @@ and later.</dd>
<dd>The domain part of the recipient address. </dd> <dd>The domain part of the recipient address. </dd>
<dt><b>ENVID</b></dt>
<dd>The optional <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID. Available in Postfix version
3.9 and later</dd>
<dt><b>EXTENSION</b></dt> <dt><b>EXTENSION</b></dt>
<dd>The optional address extension. </dd> <dd>The optional address extension. </dd>

2
postfix/html/proxymap.8.html
View File

@ -41,7 +41,7 @@ PROXYMAP(8) PROXYMAP(8)
<b>o</b> To provide single-updater functionality for lookup tables that <b>o</b> To provide single-updater functionality for lookup tables that
do not reliably support multiple writers (i.e. all file-based do not reliably support multiple writers (i.e. all file-based
tables). tables that are not based on <b>lmdb</b>).
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests: The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:

19
postfix/html/smtp.8.html
View File

@ -5,20 +5,24 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'> <link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title> <title> Postfix manual - smtp(8) </title>
</head> <body> <pre> </head> <body> <pre>
SMTP(8) SMTP(8) SMTP,(LMTP) SMTP,(LMTP)
<b>NAME</b> <b>NAME</b>
smtp - Postfix SMTP+LMTP client smtp, lmtp - Postfix SMTP+LMTP client
<b>SYNOPSIS</b> <b>SYNOPSIS</b>
<b>smtp</b> [generic Postfix daemon options] [flags=DORX] <b>smtp</b> [generic Postfix daemon options] [flags=DORX]
<b>lmtp</b> [generic Postfix daemon options] [flags=DORX]
<b>DESCRIPTION</b> <b>DESCRIPTION</b>
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
protocols. It processes message delivery requests from the queue man- protocols. It processes message delivery requests from the queue man-
ager. Each request specifies a queue file, a sender address, a domain ager. Each request specifies a queue file, a sender address, a domain
or host to deliver to, and recipient information. This program expects or host to deliver to, and recipient information. This program expects
to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. The process name, <b>smtp</b> or
<b>lmtp</b>, controls the protocol, and the names of the configuration parame-
ters that will be used.
The SMTP+LMTP client updates the queue file and marks recipients as The SMTP+LMTP client updates the queue file and marks recipients as
finished, or it informs the queue manager that delivery should be tried finished, or it informs the queue manager that delivery should be tried
@ -180,10 +184,9 @@ SMTP(8) SMTP(8)
for all destinations that map onto the same IP address and TCP port. for all destinations that map onto the same IP address and TCP port.
<b>CONFIGURATION PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
Before Postfix version 2.3, the LMTP client is a separate program that Postfix versions 2.3 and later implement the SMTP and LMTP client with
implements only a subset of the functionality available with SMTP: the same program, and choose the protocol and configuration parameters
there is no support for TLS, and connections are cached in-process, based on the process name, <b>smtp</b> or <b>lmtp</b>.
making it ineffective when the client is used for multiple domains.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param- Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
eter for the equivalent LMTP feature. This document describes only eter for the equivalent LMTP feature. This document describes only
@ -1131,5 +1134,5 @@ SMTP(8) SMTP(8)
Victor Duchovni Victor Duchovni
Morgan Stanley Morgan Stanley
SMTP(8) 8 SMTP,(LMTP)
</pre> </body> </html> </pre> </body> </html>

4
postfix/man/man5/postconf.5
View File

@ -4023,6 +4023,10 @@ Remote client protocol. Available in Postfix version 2.2 and later.
.IP "\fBDOMAIN\fR" .IP "\fBDOMAIN\fR"
The domain part of the recipient address. The domain part of the recipient address.
.br .br
.IP "\fBENVID\fR"
The optional RFC 3461 envelope ID. Available in Postfix version
3.9 and later
.br
.IP "\fBEXTENSION\fR" .IP "\fBEXTENSION\fR"
The optional address extension. The optional address extension.
.br .br

27
postfix/man/man8/local.8
View File

@ -223,27 +223,30 @@ are replaced with underscores. The list of acceptable characters
is specified with the \fBcommand_expansion_filter\fR configuration is specified with the \fBcommand_expansion_filter\fR configuration
parameter. parameter.
.IP \fBSHELL\fR .IP \fBSHELL\fR
The recipient user's login shell. The envelope recipient user's login shell.
.IP \fBHOME\fR .IP \fBHOME\fR
The recipient user's home directory. The envelope recipient user's home directory.
.IP \fBUSER\fR .IP \fBUSER\fR
The bare recipient name. The bare envelope recipient name.
.IP \fBEXTENSION\fR .IP \fBEXTENSION\fR
The optional recipient address extension. The optional envelope recipient address extension.
.IP \fBDOMAIN\fR .IP \fBDOMAIN\fR
The recipient address domain part. The envelope recipient address domain part.
.IP \fBLOGNAME\fR .IP \fBLOGNAME\fR
The bare recipient name. The bare envelope recipient name.
.IP \fBLOCAL\fR .IP \fBLOCAL\fR
The entire recipient address localpart (text to the left of the The entire envelope recipient address localpart (text to
rightmost @ character). the left of the rightmost @ character).
.IP \fBORIGINAL_RECIPIENT\fR .IP \fBORIGINAL_RECIPIENT\fR
The entire recipient address, before any address rewriting The entire envelope recipient address, before any address
or aliasing (Postfix 2.5 and later). rewriting or aliasing (Postfix 2.5 and later).
.IP \fBRECIPIENT\fR .IP \fBRECIPIENT\fR
The entire recipient address. The entire envelope recipient address.
.IP \fBSENDER\fR .IP \fBSENDER\fR
The entire sender address. The entire envelope sender address.
.IP \fBENVID\fR
The optional RFC 3461 envelope ID. Available as of Postfix
3.9.
.PP .PP
Additional remote client information is made available via Additional remote client information is made available via
the following environment variables: the following environment variables:

5
postfix/man/man8/pipe.8
View File

@ -240,6 +240,11 @@ the domain is \fIdomain\fR.
This information is modified by the \fBh\fR flag for case folding. This information is modified by the \fBh\fR flag for case folding.
.sp .sp
This feature is available as of Postfix 2.5. This feature is available as of Postfix 2.5.
.IP \fB${envid}\fR
This macro expands to the RFC 3461 envelope ID if available,
otherwise the empty string.
.sp
This feature is available as of Postfix 3.9.
.IP \fB${extension}\fR .IP \fB${extension}\fR
This macro expands to the extension part of a recipient address. This macro expands to the extension part of a recipient address.
For example, with an address \fIuser+foo@domain\fR the extension is For example, with an address \fIuser+foo@domain\fR the extension is

2
postfix/man/man8/proxymap.8
View File

@ -43,7 +43,7 @@ proxymap server processes.
.IP \(bu .IP \(bu
To provide single\-updater functionality for lookup tables To provide single\-updater functionality for lookup tables
that do not reliably support multiple writers (i.e. all that do not reliably support multiple writers (i.e. all
file\-based tables). file\-based tables that are not based on \fBlmdb\fR).
.PP .PP
The \fBproxymap\fR(8) server implements the following requests: The \fBproxymap\fR(8) server implements the following requests:
.IP "\fBopen\fR \fImaptype:mapname flags\fR" .IP "\fBopen\fR \fImaptype:mapname flags\fR"

19
postfix/man/man8/smtp.8
View File

@ -1,14 +1,16 @@
.TH SMTP 8 .TH SMTP, LMTP 8
.ad .ad
.fi .fi
.SH NAME .SH NAME
smtp smtp, lmtp
\- \-
Postfix SMTP+LMTP client Postfix SMTP+LMTP client
.SH "SYNOPSIS" .SH "SYNOPSIS"
.na .na
.nf .nf
\fBsmtp\fR [generic Postfix daemon options] [flags=DORX] \fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
\fBlmtp\fR [generic Postfix daemon options] [flags=DORX]
.SH DESCRIPTION .SH DESCRIPTION
.ad .ad
.fi .fi
@ -17,7 +19,9 @@ delivery protocols. It processes message delivery requests from
the queue manager. Each request specifies a queue file, a sender the queue manager. Each request specifies a queue file, a sender
address, a domain or host to deliver to, and recipient information. address, a domain or host to deliver to, and recipient information.
This program expects to be run from the \fBmaster\fR(8) process This program expects to be run from the \fBmaster\fR(8) process
manager. manager. The process name, \fBsmtp\fR or \fBlmtp\fR, controls
the protocol, and the names of the configuration parameters
that will be used.
The SMTP+LMTP client updates the queue file and marks recipients The SMTP+LMTP client updates the queue file and marks recipients
as finished, or it informs the queue manager that delivery should as finished, or it informs the queue manager that delivery should
@ -199,11 +203,10 @@ address and TCP port.
.nf .nf
.ad .ad
.fi .fi
Before Postfix version 2.3, the LMTP client is a separate Postfix versions 2.3 and later implement the SMTP and LMTP
program that implements only a subset of the functionality client with the same program, and choose the protocol and
available with SMTP: there is no support for TLS, and configuration parameters based on the process name, \fBsmtp\fR
connections are cached in\-process, making it ineffective or \fBlmtp\fR.
when the client is used for multiple domains.
Most smtp_\fIxxx\fR configuration parameters have an Most smtp_\fIxxx\fR configuration parameters have an
lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP

5
postfix/proto/postconf.proto
View File

@ -2733,6 +2733,11 @@ and later.</dd>
<dd>The domain part of the recipient address. </dd> <dd>The domain part of the recipient address. </dd>
<dt><b>ENVID</b></dt>
<dd>The optional RFC 3461 envelope ID. Available in Postfix version
3.9 and later</dd>
<dt><b>EXTENSION</b></dt> <dt><b>EXTENSION</b></dt>
<dd>The optional address extension. </dd> <dd>The optional address extension. </dd>

1
postfix/proto/stop
View File

@ -1587,3 +1587,4 @@ rpk
sni sni
Amawalk Amawalk
resychronization resychronization
ENVID

9
postfix/proto/stop.double-history
View File

@ -72,3 +72,12 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
src postalias postalias c src postmap postmap c src postalias postalias c src postmap postmap c
src postalias postalias c src postmap postmap c src postalias postalias c src postmap postmap c
src smtpd smtpd c src smtpd smtpd_check c src smtpd smtpd c src smtpd smtpd_check c
not proxymap or proxywrite File proxymap proxymap c
still has its all zero SIZE record File postcat postcat c
manpage text File smtp smtp c
manpage text Files smtp smtp c global mail_proto h
File proxymap proxymap c
on process name Files smtp smtp c global mail_proto h
client process name File proxymap proxymap c
available Files local command c local local c
ID if available File pipe pipe c

2
postfix/proto/stop.spell-cc
View File

@ -1812,3 +1812,5 @@ rpk
ep ep
inlined inlined
stringz stringz
Sarvepalli
uXXXX

3
postfix/proto/stop.spell-history
View File

@ -63,3 +63,6 @@ Serg
Kinzler Kinzler
smtpstone smtpstone
spammy spammy
Birta
Levente
MariaDB

7
postfix/src/global/mail_proto.h
View File

@ -62,6 +62,13 @@
#define MAIL_SERVICE_TLSPROXY "tlsproxy" #define MAIL_SERVICE_TLSPROXY "tlsproxy"
#define MAIL_SERVICE_POSTLOG "postlog" #define MAIL_SERVICE_POSTLOG "postlog"
/*
* Process names: convention is to use the basename of an executable file,
* but there is nothing to enforce that.
*/
#define MAIL_PROC_NAME_SMTP "smtp"
#define MAIL_PROC_NAME_LMTP "lmtp"
/* /*
* Mail source classes. Used to specify policy decisions for content * Mail source classes. Used to specify policy decisions for content
* inspection and SMTPUTF8 detection. * inspection and SMTPUTF8 detection.

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20231112" #define MAIL_RELEASE_DATE "20231210"
#define MAIL_VERSION_NUMBER "3.9" #define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT #ifdef SNAPSHOT

5
postfix/src/local/command.c
View File

@ -17,7 +17,8 @@
/* Duplicate commands for the same recipient are suppressed. /* Duplicate commands for the same recipient are suppressed.
/* A limited amount of information is exported via the environment: /* A limited amount of information is exported via the environment:
/* HOME, SHELL, LOGNAME, USER, EXTENSION, DOMAIN, RECIPIENT (entire /* HOME, SHELL, LOGNAME, USER, EXTENSION, DOMAIN, RECIPIENT (entire
/* address) LOCAL (just the local part) and SENDER. The exported /* address) LOCAL (just the local part), SENDER, and ENVID
/* (see RFC 3461). The exported
/* information is censored with var_cmd_filter. /* information is censored with var_cmd_filter.
/* /*
/* Arguments: /* Arguments:
@ -169,6 +170,8 @@ int deliver_command(LOCAL_STATE state, USER_ATTR usr_attr, const char *comma
if (state.msg_attr.rcpt.orig_addr && state.msg_attr.rcpt.orig_addr[0]) if (state.msg_attr.rcpt.orig_addr && state.msg_attr.rcpt.orig_addr[0])
argv_add(env, "ORIGINAL_RECIPIENT", state.msg_attr.rcpt.orig_addr, argv_add(env, "ORIGINAL_RECIPIENT", state.msg_attr.rcpt.orig_addr,
ARGV_END); ARGV_END);
if (state.request->dsn_envid[0])
argv_add(env, "ENVID", state.request->dsn_envid, ARGV_END);
#define EXPORT_REQUEST(name, value) \ #define EXPORT_REQUEST(name, value) \
if ((value)[0]) argv_add(env, (name), (value), ARGV_END); if ((value)[0]) argv_add(env, (name), (value), ARGV_END);

27
postfix/src/local/local.c
View File

@ -207,27 +207,30 @@
/* is specified with the \fBcommand_expansion_filter\fR configuration /* is specified with the \fBcommand_expansion_filter\fR configuration
/* parameter. /* parameter.
/* .IP \fBSHELL\fR /* .IP \fBSHELL\fR
/* The recipient user's login shell. /* The envelope recipient user's login shell.
/* .IP \fBHOME\fR /* .IP \fBHOME\fR
/* The recipient user's home directory. /* The envelope recipient user's home directory.
/* .IP \fBUSER\fR /* .IP \fBUSER\fR
/* The bare recipient name. /* The bare envelope recipient name.
/* .IP \fBEXTENSION\fR /* .IP \fBEXTENSION\fR
/* The optional recipient address extension. /* The optional envelope recipient address extension.
/* .IP \fBDOMAIN\fR /* .IP \fBDOMAIN\fR
/* The recipient address domain part. /* The envelope recipient address domain part.
/* .IP \fBLOGNAME\fR /* .IP \fBLOGNAME\fR
/* The bare recipient name. /* The bare envelope recipient name.
/* .IP \fBLOCAL\fR /* .IP \fBLOCAL\fR
/* The entire recipient address localpart (text to the left of the /* The entire envelope recipient address localpart (text to
/* rightmost @ character). /* the left of the rightmost @ character).
/* .IP \fBORIGINAL_RECIPIENT\fR /* .IP \fBORIGINAL_RECIPIENT\fR
/* The entire recipient address, before any address rewriting /* The entire envelope recipient address, before any address
/* or aliasing (Postfix 2.5 and later). /* rewriting or aliasing (Postfix 2.5 and later).
/* .IP \fBRECIPIENT\fR /* .IP \fBRECIPIENT\fR
/* The entire recipient address. /* The entire envelope recipient address.
/* .IP \fBSENDER\fR /* .IP \fBSENDER\fR
/* The entire sender address. /* The entire envelope sender address.
/* .IP \fBENVID\fR
/* The optional RFC 3461 envelope ID. Available as of Postfix
/* 3.9.
/* .PP /* .PP
/* Additional remote client information is made available via /* Additional remote client information is made available via
/* the following environment variables: /* the following environment variables:

9
postfix/src/pipe/pipe.c
View File

@ -230,6 +230,11 @@
/* This information is modified by the \fBh\fR flag for case folding. /* This information is modified by the \fBh\fR flag for case folding.
/* .sp /* .sp
/* This feature is available as of Postfix 2.5. /* This feature is available as of Postfix 2.5.
/* .IP \fB${envid}\fR
/* This macro expands to the RFC 3461 envelope ID if available,
/* otherwise the empty string.
/* .sp
/* This feature is available as of Postfix 3.9.
/* .IP \fB${extension}\fR /* .IP \fB${extension}\fR
/* This macro expands to the extension part of a recipient address. /* This macro expands to the extension part of a recipient address.
/* For example, with an address \fIuser+foo@domain\fR the extension is /* For example, with an address \fIuser+foo@domain\fR the extension is
@ -544,6 +549,7 @@
#define PIPE_DICT_SASL_USERNAME "sasl_username" /* key */ #define PIPE_DICT_SASL_USERNAME "sasl_username" /* key */
#define PIPE_DICT_SASL_SENDER "sasl_sender" /* key */ #define PIPE_DICT_SASL_SENDER "sasl_sender" /* key */
#define PIPE_DICT_QUEUE_ID "queue_id" /* key */ #define PIPE_DICT_QUEUE_ID "queue_id" /* key */
#define PIPE_DICT_ENVID "envid" /* key */
/* /*
* Flags used to pass back the type of special parameter found by * Flags used to pass back the type of special parameter found by
@ -649,6 +655,7 @@ static int parse_callback(int type, VSTRING *buf, void *context)
PIPE_DICT_SASL_USERNAME, 0, PIPE_DICT_SASL_USERNAME, 0,
PIPE_DICT_SASL_SENDER, 0, PIPE_DICT_SASL_SENDER, 0,
PIPE_DICT_QUEUE_ID, 0, PIPE_DICT_QUEUE_ID, 0,
PIPE_DICT_ENVID, 0,
0, 0, 0, 0,
}; };
struct cmd_flags *p; struct cmd_flags *p;
@ -1278,6 +1285,8 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
request->sasl_sender); request->sasl_sender);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_QUEUE_ID, dict_update(PIPE_DICT_TABLE, PIPE_DICT_QUEUE_ID,
request->queue_id); request->queue_id);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_ENVID,
request->dsn_envid);
vstring_free(buf); vstring_free(buf);
if ((expanded_argv = expand_argv(service, attr.command, if ((expanded_argv = expand_argv(service, attr.command,

2
postfix/src/postqueue/showq_json.c
View File

@ -96,7 +96,7 @@ static char *json_quote(VSTRING *result, const char *text)
VSTRING_ADDCH(result, 't'); VSTRING_ADDCH(result, 't');
break; break;
default: default:
vstring_sprintf(result, "\\u%04X", ch); vstring_sprintf_append(result, "\\u%04X", ch);
break; break;
} }
} else { } else {

13
postfix/src/posttls-finger/posttls-finger.c
View File

@ -2138,7 +2138,15 @@ static void parse_match(STATE *state, int argc, char *argv[])
#ifdef USE_TLS #ifdef USE_TLS
int smtp_mode = 1; int smtp_mode = 1;
/*
* DANE match names are configured late, once the TLSA records are in hand.
* For now, prepare to fall back to "secure".
*/
switch (state->level) { switch (state->level) {
default:
state->match = 0;
break;
case TLS_LEV_DANE:
case TLS_LEV_SECURE: case TLS_LEV_SECURE:
state->match = argv_alloc(2); state->match = argv_alloc(2);
while (*argv) while (*argv)
@ -2159,11 +2167,6 @@ static void parse_match(STATE *state, int argc, char *argv[])
tls_dane_add_fpt_digests(state->dane, state->options.enable_rpk, tls_dane_add_fpt_digests(state->dane, state->options.enable_rpk,
*argv++, "", smtp_mode); *argv++, "", smtp_mode);
break; break;
case TLS_LEV_DANE:
case TLS_LEV_DANE_ONLY:
state->match = argv_alloc(2);
argv_add(state->match, "nexthop", "hostname", ARGV_END);
break;
} }
#endif #endif
} }

38
postfix/src/proxymap/proxymap.c
View File

@ -37,7 +37,7 @@
/* .IP \(bu /* .IP \(bu
/* To provide single-updater functionality for lookup tables /* To provide single-updater functionality for lookup tables
/* that do not reliably support multiple writers (i.e. all /* that do not reliably support multiple writers (i.e. all
/* file-based tables). /* file-based tables that are not based on \fBlmdb\fR).
/* .PP /* .PP
/* The \fBproxymap\fR(8) server implements the following requests: /* The \fBproxymap\fR(8) server implements the following requests:
/* .IP "\fBopen\fR \fImaptype:mapname flags\fR" /* .IP "\fBopen\fR \fImaptype:mapname flags\fR"
@ -752,8 +752,10 @@ static void post_jail_init(char *service_name, char **unused_argv)
if (strcmp(service_name, MAIL_SERVICE_PROXYWRITE) == 0) if (strcmp(service_name, MAIL_SERVICE_PROXYWRITE) == 0)
proxy_writer = 1; proxy_writer = 1;
else if (strcmp(service_name, MAIL_SERVICE_PROXYMAP) != 0) else if (strcmp(service_name, MAIL_SERVICE_PROXYMAP) != 0)
msg_fatal("service name must be one of %s or %s", msg_fatal("invalid service name: \"%s\" - "
MAIL_SERVICE_PROXYWRITE, MAIL_SERVICE_PROXYMAP); "service name must be \"%s\" or \"%s\"",
service_name, MAIL_SERVICE_PROXYWRITE,
MAIL_SERVICE_PROXYMAP);
/* /*
* Pre-allocate buffers. * Pre-allocate buffers.
@ -841,6 +843,36 @@ int main(int argc, char **argv)
*/ */
MAIL_VERSION_STAMP_ALLOCATE; MAIL_VERSION_STAMP_ALLOCATE;
/*
* XXX When invoked with the master.cf service name "proxywrite", the
* proxymap daemon will allow update requests. To update a table that is
* not multi-writer safe (for example, some versions of Berkeley DB), the
* "proxywrite" service should run as a single updater (i.e. a process
* limit of 1, which could be enforced below by requesting
* CA_MAIL_SERVER_SOLITARY).
*
* In the default master.cf file, the "proxywrite" service has a process
* limit of 1. Assuming that updates will be rare, this process limit
* will suffice. Latency-sensitive services such as postscreen must not
* use the proxywrite service (in fact, postscreen has a latency check
* built-in).
*
* Optimizing for multi-writer operation would suffer from all kinds of
* complexity that would make it hard to use:
*
* - The master daemon specifies the "proxywrite" service name with the -n
* command-line option. This information is not known here, before the
* multi_server_main() call. The multi_server_main() function could
* reveal process limit information to its call-back functions, and leave
* single-updater enforcement to its call-back functions.
*
* - If we really want multi-writer update support, the "proxywrite" service
* would have to parse the $proxy_write_maps value, and permit
* multi-writer operation only if all tables are multi-writer safe. That
* would require a new dict(3) method, to query each lookup table
* implementation if it is multi-writer safe, without instantiating a
* lookup table client.
*/
multi_server_main(argc, argv, proxymap_service, multi_server_main(argc, argv, proxymap_service,
CA_MAIL_SERVER_STR_TABLE(str_table), CA_MAIL_SERVER_STR_TABLE(str_table),
CA_MAIL_SERVER_POST_INIT(post_jail_init), CA_MAIL_SERVER_POST_INIT(post_jail_init),

48
postfix/src/smtp/smtp.c
View File

@ -1,17 +1,21 @@
/*++ /*++
/* NAME /* NAME
/* smtp 8 /* smtp, lmtp 8
/* SUMMARY /* SUMMARY
/* Postfix SMTP+LMTP client /* Postfix SMTP+LMTP client
/* SYNOPSIS /* SYNOPSIS
/* \fBsmtp\fR [generic Postfix daemon options] [flags=DORX] /* \fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
/*
/* \fBlmtp\fR [generic Postfix daemon options] [flags=DORX]
/* DESCRIPTION /* DESCRIPTION
/* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail /* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail
/* delivery protocols. It processes message delivery requests from /* delivery protocols. It processes message delivery requests from
/* the queue manager. Each request specifies a queue file, a sender /* the queue manager. Each request specifies a queue file, a sender
/* address, a domain or host to deliver to, and recipient information. /* address, a domain or host to deliver to, and recipient information.
/* This program expects to be run from the \fBmaster\fR(8) process /* This program expects to be run from the \fBmaster\fR(8) process
/* manager. /* manager. The process name, \fBsmtp\fR or \fBlmtp\fR, controls
/* the protocol, and the names of the configuration parameters
/* that will be used.
/* /*
/* The SMTP+LMTP client updates the queue file and marks recipients /* The SMTP+LMTP client updates the queue file and marks recipients
/* as finished, or it informs the queue manager that delivery should /* as finished, or it informs the queue manager that delivery should
@ -175,11 +179,10 @@
/* CONFIGURATION PARAMETERS /* CONFIGURATION PARAMETERS
/* .ad /* .ad
/* .fi /* .fi
/* Before Postfix version 2.3, the LMTP client is a separate /* Postfix versions 2.3 and later implement the SMTP and LMTP
/* program that implements only a subset of the functionality /* client with the same program, and choose the protocol and
/* available with SMTP: there is no support for TLS, and /* configuration parameters based on the process name, \fBsmtp\fR
/* connections are cached in-process, making it ineffective /* or \fBlmtp\fR.
/* when the client is used for multiple domains.
/* /*
/* Most smtp_\fIxxx\fR configuration parameters have an /* Most smtp_\fIxxx\fR configuration parameters have an
/* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP /* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
@ -1470,6 +1473,19 @@ static void pre_init(char *unused_name, char **unused_argv)
0, -1, 0, -1,
}; };
/*
* The process name, "smtp" or "lmtp", determines the configuration
* parameters to use, protocol, DSN server reply type, SASL service
* information lookup, and more. We peeked at the name in the main()
* function before logging was initialized. Here, we detect and report an
* invalid process name.
*/
if (strcmp(var_procname, MAIL_PROC_NAME_SMTP) != 0
&& strcmp(var_procname, MAIL_PROC_NAME_LMTP) != 0)
msg_fatal("unexpected process name \"%s\" - "
"specify \"%s\" or \"%s\"", var_procname,
MAIL_PROC_NAME_SMTP, MAIL_PROC_NAME_LMTP);
/* /*
* Turn on per-peer debugging. * Turn on per-peer debugging.
*/ */
@ -1661,21 +1677,15 @@ int main(int argc, char **argv)
MAIL_VERSION_STAMP_ALLOCATE; MAIL_VERSION_STAMP_ALLOCATE;
/* /*
* XXX At this point, var_procname etc. are not initialized. * XXX The process name, "smtp" or "lmtp", determines what configuration
* * parameter settings to use, and more. However, at this point, logging
* The process name, "smtp" or "lmtp", determines the protocol, the DSN * and var_procname are not initialized. Here, we peek at the process
* server reply type, SASL service information lookup, and more. Prepare * name to determine what configuration parameter settings to use. Later,
* for the possibility there may be another personality. * we detect and report an invalid process name.
*/ */
sane_procname = sane_basename((VSTRING *) 0, argv[0]); sane_procname = sane_basename((VSTRING *) 0, argv[0]);
if (strcmp(sane_procname, "smtp") == 0) if (strcmp(sane_procname, MAIL_PROC_NAME_SMTP) == 0)
smtp_mode = 1; smtp_mode = 1;
else if (strcmp(sane_procname, "lmtp") == 0)
smtp_mode = 0;
else
/* TODO: logging is not initialized. */
msg_fatal("unexpected process name \"%s\" - "
"specify \"smtp\" or \"lmtp\"", var_procname);
/* /*
* Initialize with the LMTP or SMTP parameter name space. * Initialize with the LMTP or SMTP parameter name space.

10
postfix/src/smtpd/smtpd_check.c
View File

@ -5274,8 +5274,9 @@ static int check_recipient_rcpt_maps(SMTPD_STATE *state, const char *recipient)
{ {
/* /*
* Duplicate suppression. There's an implicit check_recipient_maps * Duplicate suppression. With "smtpd_reject_unlisted_recipient = yes",
* restriction at the end of all recipient restrictions. * there's an implicit reject_unlisted_recipient restriction at the end
* of all recipient restrictions.
*/ */
if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT) if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT)
return (0); return (0);
@ -5294,8 +5295,9 @@ static int check_sender_rcpt_maps(SMTPD_STATE *state, const char *sender)
{ {
/* /*
* Duplicate suppression. There's an implicit check_sender_maps * Duplicate suppression. With "smtpd_reject_unlisted_sender = yes",
* restriction at the end of all sender restrictions. * there's an implicit reject_unlisted_sender restriction at the end of
* all sender restrictions.
*/ */
if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT) if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT)
return (0); return (0);