mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20250107

Browse Source
This commit is contained in:
Wietse Z Venema 2025-01-07 00:00:00 -05:00 committed by Viktor Dukhovni
parent 1fc2dbae37
commit a98bc4ee9b
23 changed files with 305 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
postfix/HISTORY
View File

@ -28723,19 +28723,60 @@ Apologies for any names omitted.
to use SMTPUTF8, and therefore can avoid incompatibility
with sites that do not support SMTPUTF8.
The encoded result looks like "=?charset?Q?gibberish?=" for
quoted-printable encoding, or "=?charset?B?gibberish?=" for
base64 encoding. Postfix uses quoted-printable for a full
name that is short or mostly ASCII, and uses base64 otherwise.
The new parameter "full_name_encoding_charset" (default:
"utf-8") specifies the character set of the full name in
the Postfix sendmail "-F" option, in the Postfix sendmail
"NAME" environment variable, or in the GECOS field of the
UNIX password database.
The encoded result looks like "=?charset?Q?gibberish?= for
quoted-printable encoding, or "=?charset?B?gibberish?= for
base64 encoding. Postfix uses quoted-printable for a full
name that is short or mostly ASCII, and uses base64 otherwise.
UNIX password database. The parameter value is also part
of the encoded full name, and informs a Mail User Agent how
to display the decoded gibberish.
Files: mantools/postlink, proto/postconf.proto, cleanup/cleanup.c,
cleanup/cleanup_init.c, cleanup/cleanup_message.c,
global/ascii_header_text.c, global/ascii_header_text.h,
global/mail_params.h, global/rfc2047_code.c, global/rfc2047_code.h,
util/clean_ascii_cntrl_space.c, util/clean_ascii_cntrl_space.h.
20250106
Cleanup: the Postfix Milter implementation now logs the
reason for a quarantine request. If a quarantine action is
requested by a Milter application, Postfix will log the
reason given by the application. If the quarantine action
is requested with the "milter_default_action" parameter
setting or with a per-Milter "default_action" property,
Postfix will log "default_action". Files: smtpd/smtp_milter.c,
cleanup/cleanup_milter.c, milter/milter8.c, milter/test-milter.c.
Cleanup: suppress repeated logging of a Milter "quarantine",
"discard", or "shutdown" request. Files: cleanup/cleanup_milter.c,
smtpd/smtpd.c.
Documentation: cleanup_replace_stray_cr_lf is disabled
with "receive_override_options = no_header_body_checks".
File: proto/postconf.proto.
20250107
Re-worded the documentation for RFC 2047 full name encoding.
Files: HISTORY, RELEASE_NOTES, proto/postconf.proto.
Cleanup: eliminated a bogus warning "unexpected SMFIC_UNKNOWN
response" when a Milter default action is "quarantine", the
milter is unavailable, and a remote SMTP client sends a
command that is unknown or known-but-disabled. File:
smtpd/smtpd.c.
Cleanup: the maximum netstring reply size is now configurable
with the socketmap_max_reply_size configuration parameter.
Code by Christian Roessner. Files: util/dict_sockmap.[hc],
global/mail_params.[hc], proto/postconf.proto,
proto/socketmap_table.
Cleanup: the netstring client sets or clears errno to improve
error messages from its callers. File: util/netstring.c.

28
postfix/RELEASE_NOTES
View File

@ -26,6 +26,26 @@ now also distributed with the more recent Eclipse Public License
license of their choice. Those who are more comfortable with the
IPL can continue with that license.
[Incompat 20250106]
The logging of the Milter 'quarantine' action has changed. Instead
of logging "milter triggers HOLD action", it logs the reason given
by a Milter application, or "default_action" if a Milter application
was unavailable and the milter_default_action parameter or Milter
"default_action" property specifies "quarantine".
[Feature 20250106]
The Postfix Milter implementation now logs the reason for a
'quarantine' action, instead of "milter triggers HOLD action".
- If the quarantine action was requested by a Milter application,
Postfix will log the reason given by the application.
- If the quarantine action was requested with the "milter_default_action"
parameter setting or with a Milter "default_action" property,
Postfix will log "default_action".
[Feature 20250105]
Support for automatic RFC 2047 encoding of non-ASCII "full name"
@ -33,6 +53,11 @@ information in Postfix-generated From: message headers. Encoding
non-ASCII full names can avoid the need to use SMTPUTF8, and therefore
can avoid incompatibility with sites that do not support SMTPUTF8.
The encoded result looks like "=?charset?Q?gibberish?=: for
quoted-printable encoding, or "=?charset?B?gibberish?=" for base64
encoding. Postfix uses quoted-printable for a full name that is
short or mostly ASCII, and uses base64 otherwise.
Background: when a message without a From: header is submitted with the
Postfix sendmail(1) command, Postfix will add a From: header and will
try to use the sender's full name specified with the Postfix sendmail(1)
@ -43,7 +68,8 @@ This introduces a new configuration parameter "full_name_encoding_charset"
(default: utf8) which specifies the character set of the full name
information in the Postfix sendmail(1) "-F" option or "NAME"
environment variable, or in the GECOS field in the UNIX password
database.
database. The parameter value is also part of the encoded full name,
and informs a Mail User Agent how to display the decoded gibberish.
[Incompat 20250105]

8
postfix/WISHLIST
View File

@ -2,7 +2,8 @@ Wish list:
Things to do before the stable release:
Make the spawn_command fix conditional on compatibility_level.
For the stable releases, make the spawn_command fix conditional
on compatibility_level.
make pre-release-check, HTML validator check.
@ -18,7 +19,10 @@ Wish list:
relay_recipient_maps empty should default to 'no valid
recipients'. Subject to compatibility level.
Make a reason available for messages placed on 'hold'.
The Milter 'quarantine' action should be reported with a
call-back function, instead of setting the Milter default
reply. However, we still need the existing 'reply' based
channel to support "milter_default_action = quarantine".
In pipe_command() and spawn_command(), the child process
should call initgroups() to corrrectly the access rights

25
postfix/html/postconf.5.html
View File

@ -1520,6 +1520,9 @@ signature validation by later mail system will not depend on how
that mail system handles those stray characters in an
implementation-dependent manner. </p>
<p> Note: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a> =
<a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p>
<p> This feature is available in Postfix &ge; 3.9, 3.8.5, 3.7.10,
3.6.14, and 3.5.24. </p>
@ -3963,10 +3966,13 @@ in the UNIX password database. In the latter case, Postfix will
replace the "&amp;" character with the login name, with a lowercase
ASCII first character converted to uppercase. </p>
<p> NOTE: Postfix does not convert between character sets; it simply
encodes the raw bytes in a full name as printable ASCII gibberish.
The <a href="postconf.5.html#full_name_encoding_charset">full_name_encoding_charset</a> value specifies how a mail reader
program should display the decoded gibberish. </p>
<p> NOTE: Postfix does not convert between character sets. The
<a href="postconf.5.html#full_name_encoding_charset">full_name_encoding_charset</a> parameter specifies the character set
of the full name in the Postfix sendmail "-F" option, in the Postfix
sendmail "NAME" environment variable, or in the GECOS field of the
UNIX password database. The parameter value is also part of the
encoded full name, and informs a Mail User Agent how to display the
decoded gibberish. </p>
<p> Specify a valid character set name such as "utf-8" or "iso-8859-1
(specify the latter for full names that use the Latin1 encoding).
@ -19602,6 +19608,17 @@ built to support these protocols. </p>
<p> This feature is available in Postfix 3.0 and later. </p>
</DD>
<DT><b><a name="socketmap_max_reply_size">socketmap_max_reply_size</a>
(default: 100000)</b></DT><DD>
<p> The maximum allowed reply size from a socketmap server, not
including the netstring encapsulation. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>
</DD>
<DT><b><a name="soft_bounce">soft_bounce</a>

31
postfix/html/socketmap_table.5.html
View File

@ -45,9 +45,7 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5)
<a href="cidr_table.5.html">cidr</a>:, <a href="pcre_table.5.html">pcre</a>:, and <a href="regexp_table.5.html">regexp</a>: tables.
<b><a name="reply_format">REPLY FORMAT</a></b>
The Postfix socketmap client requires that replies are not longer than
100000 characters (not including the netstring encapsulation). Replies
must have the following form:
Replies must have the following form:
<b>OK</b> &lt;<b>space</b>&gt; <i>data</i>
The requested data was found.
@ -63,9 +61,25 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5)
The request failed. The reason, if non-empty, is descriptive
text.
<b><a name="protocol_limits">PROTOCOL LIMITS</a></b>
The Postfix socketmap client requires that replies are no longer than
100000 bytes (not including the netstring encapsulation). This limit
can be changed with the <a href="postconf.5.html#socketmap_max_reply_size">socketmap_max_reply_size</a> configuration parame-
ter (Postfix 3.10 and later).
The Postfix socketmap client enforces a 100s time limit to connect to a
socketmap server, to send a request, and to receive a reply. It closes
an idle connection after 10s, and closes an active connection after
100s. These limits are not (yet) configurable.
<b><a name="security">SECURITY</a></b>
This map cannot be used for security-sensitive information,
because neither the connection nor the server are authenticated.
This map cannot be used for security-sensitive information, because
neither the connection nor the server are authenticated.
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
<b><a href="postconf.5.html#socketmap_max_reply_size">socketmap_max_reply_size</a> (100000)</b>
The maximum allowed reply size from a socketmap server, not
including the netstring encapsulation.
<b><a name="see_also">SEE ALSO</a></b>
<a href="https://cr.yp.to/proto/netstrings.txt">https://cr.yp.to/proto/netstrings.txt</a>, netstring definition
@ -79,7 +93,7 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5)
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b><a name="bugs">BUGS</a></b>
The protocol limits are not yet configurable.
The protocol time limits are not yet configurable.
<b><a name="license">LICENSE</a></b>
The Secure Mailer license must be distributed with this software.
@ -87,6 +101,8 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5)
<b><a name="history">HISTORY</a></b>
Socketmap support was introduced with Postfix version 2.10.
The socketmap protocol was published with Sendmail v8.13.
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
@ -98,5 +114,8 @@ SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5)
111 8th Avenue
New York, NY 10011, USA
Wietse Venema
porcupine.org
SOCKETMAP_TABLE(5)
</pre> </body> </html>

19
postfix/man/man5/postconf.5
View File

@ -893,6 +893,9 @@ signature validation by later mail system will not depend on how
that mail system handles those stray characters in an
implementation\-dependent manner.
.PP
Note: this feature is disabled with "receive_override_options =
no_header_body_checks".
.PP
This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10,
3.6.14, and 3.5.24.
.SH cleanup_service_name (default: cleanup)
@ -2477,10 +2480,13 @@ in the UNIX password database. In the latter case, Postfix will
replace the "&" character with the login name, with a lowercase
ASCII first character converted to uppercase.
.PP
NOTE: Postfix does not convert between character sets; it simply
encodes the raw bytes in a full name as printable ASCII gibberish.
The full_name_encoding_charset value specifies how a mail reader
program should display the decoded gibberish.
NOTE: Postfix does not convert between character sets. The
full_name_encoding_charset parameter specifies the character set
of the full name in the Postfix sendmail "\-F" option, in the Postfix
sendmail "NAME" environment variable, or in the GECOS field of the
UNIX password database. The parameter value is also part of the
encoded full name, and informs a Mail User Agent how to display the
decoded gibberish.
.PP
Specify a valid character set name such as "utf\-8" or "iso\-8859\-1
(specify the latter for full names that use the Latin1 encoding).
@ -13621,6 +13627,11 @@ in RFC 6531, RFC 6532, and RFC 6533. This requires that Postfix is
built to support these protocols.
.PP
This feature is available in Postfix 3.0 and later.
.SH socketmap_max_reply_size (default: 100000)
The maximum allowed reply size from a socketmap server, not
including the netstring encapsulation.
.PP
This feature is available in Postfix >= 3.10.
.SH soft_bounce (default: no)
Safety net to keep mail queued that would otherwise be returned to
the sender. This parameter disables locally\-generated bounces,

37
postfix/man/man5/socketmap_table.5
View File

@ -56,9 +56,7 @@ regexp: tables.
.nf
.ad
.fi
The Postfix socketmap client requires that replies are not
longer than 100000 characters (not including the netstring
encapsulation). Replies must have the following form:
Replies must have the following form:
.IP "\fBOK <space> \fIdata\fR"
The requested data was found.
.IP "\fBNOTFOUND <space>"
@ -68,11 +66,37 @@ The requested data was not found.
.IP "\fBPERM <space> \fIreason\fR"
The request failed. The reason, if non\-empty, is descriptive
text.
.SH "PROTOCOL LIMITS"
.na
.nf
.ad
.fi
The Postfix socketmap client requires that replies are no
longer than 100000 bytes (not including the netstring
encapsulation). This limit can be changed with the
socketmap_max_reply_size configuration parameter (Postfix 3.10
and later).
The Postfix socketmap client enforces a 100s time limit to
connect to a socketmap server, to send a request, and to receive
a reply. It closes an idle connection after 10s, and closes
an active connection after 100s. These limits are not (yet)
configurable.
.SH "SECURITY"
.na
.nf
.ad
.fi
This map cannot be used for security\-sensitive information,
because neither the connection nor the server are authenticated.
.SH "CONFIGURATION PARAMETERS"
.na
.nf
.ad
.fi
.IP "\fBsocketmap_max_reply_size (100000)\fR"
The maximum allowed reply size from a socketmap server, not
including the netstring encapsulation.
.SH "SEE ALSO"
.na
.nf
@ -95,7 +119,7 @@ DATABASE_README, Postfix lookup table overview
.SH BUGS
.ad
.fi
The protocol limits are not yet configurable.
The protocol time limits are not yet configurable.
.SH "LICENSE"
.na
.nf
@ -106,6 +130,8 @@ The Secure Mailer license must be distributed with this software.
.ad
.fi
Socketmap support was introduced with Postfix version 2.10.
The socketmap protocol was published with Sendmail v8.13.
.SH "AUTHOR(S)"
.na
.nf
@ -118,3 +144,6 @@ Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
Wietse Venema
porcupine.org

1
postfix/mantools/postlink
View File

@ -405,6 +405,7 @@ while (<>) {
s;\bqmqpd_authorized_clients\b;<a href="postconf.5.html#qmqpd_authorized_clients">$&</a>;g;
s;\bservice_name\b;<a href="postconf.5.html#service_name">$&</a>;g;
s;\bsocket[-</Bb>]*\n* *[<Bb>]*map_max_reply_size\b;<a href="postconf.5.html#socketmap_max_reply_size">$&</a>;g;
s;\bdefault_desti[-</Bb>]*\n* *[<Bb>]*na[-</Bb>]*\n* *[<Bb>]*tion_con[-</Bb>]*\n* *[<Bb>]*cur[-</Bb>]*\n* *[<Bb>]*rency_negative_feedback\b;<a href="postconf.5.html#default_destination_concurrency_negative_feedback">$&</a>;g;
s;\bdefault_desti[-</Bb>]*\n* *[<Bb>]*na[-</Bb>]*\n* *[<Bb>]*tion_con[-</Bb>]*\n* *[<Bb>]*cur[-</Bb>]*\n* *[<Bb>]*rency_positive_feedback\b;<a href="postconf.5.html#default_destination_concurrency_positive_feedback">$&</a>;g;
s;\bdefault_desti[-</Bb>]*\n* *[<Bb>]*na[-</Bb>]*\n* *[<Bb>]*tion_con[-</Bb>]*\n* *[<Bb>]*cur[-</Bb>]*\n* *[<Bb>]*rency_failed_cohort_limit\b;<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">$&</a>;g;

21
postfix/proto/postconf.proto
View File

@ -19365,6 +19365,9 @@ signature validation by later mail system will not depend on how
that mail system handles those stray characters in an
implementation-dependent manner. </p>
<p> Note: this feature is disabled with "receive_override_options =
no_header_body_checks". </p>
<p> This feature is available in Postfix &ge; 3.9, 3.8.5, 3.7.10,
3.6.14, and 3.5.24. </p>
@ -19448,10 +19451,13 @@ in the UNIX password database. In the latter case, Postfix will
replace the "&amp;" character with the login name, with a lowercase
ASCII first character converted to uppercase. </p>
<p> NOTE: Postfix does not convert between character sets; it simply
encodes the raw bytes in a full name as printable ASCII gibberish.
The full_name_encoding_charset value specifies how a mail reader
program should display the decoded gibberish. </p>
<p> NOTE: Postfix does not convert between character sets. The
full_name_encoding_charset parameter specifies the character set
of the full name in the Postfix sendmail "-F" option, in the Postfix
sendmail "NAME" environment variable, or in the GECOS field of the
UNIX password database. The parameter value is also part of the
encoded full name, and informs a Mail User Agent how to display the
decoded gibberish. </p>
<p> Specify a valid character set name such as "utf-8" or "iso-8859-1
(specify the latter for full names that use the Latin1 encoding).
@ -19460,3 +19466,10 @@ name violates RFC 2047 syntax, Postfix will log a warning and will
skip the full name. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>
%PARAM socketmap_max_reply_size 100000
<p> The maximum allowed reply size from a socketmap server, not
including the netstring encapsulation. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>

33
postfix/proto/socketmap_table
View File

@ -44,9 +44,7 @@
# REPLY FORMAT
# .ad
# .fi
# The Postfix socketmap client requires that replies are not
# longer than 100000 characters (not including the netstring
# encapsulation). Replies must have the following form:
# Replies must have the following form:
# .IP "\fBOK <space> \fIdata\fR"
# The requested data was found.
# .IP "\fBNOTFOUND <space>"
@ -56,9 +54,31 @@
# .IP "\fBPERM <space> \fIreason\fR"
# The request failed. The reason, if non-empty, is descriptive
# text.
# PROTOCOL LIMITS
# .ad
# .fi
# The Postfix socketmap client requires that replies are no
# longer than 100000 bytes (not including the netstring
# encapsulation). This limit can be changed with the
# socketmap_max_reply_size configuration parameter (Postfix 3.10
# and later).
#
# The Postfix socketmap client enforces a 100s time limit to
# connect to a socketmap server, to send a request, and to receive
# a reply. It closes an idle connection after 10s, and closes
# an active connection after 100s. These limits are not (yet)
# configurable.
# SECURITY
# .ad
# .fi
# This map cannot be used for security-sensitive information,
# because neither the connection nor the server are authenticated.
# CONFIGURATION PARAMETERS
# .ad
# .fi
# .IP "\fBsocketmap_max_reply_size (100000)\fR"
# The maximum allowed reply size from a socketmap server, not
# including the netstring encapsulation.
# SEE ALSO
# https://cr.yp.to/proto/netstrings.txt, netstring definition
# postconf(1), Postfix supported lookup tables
@ -75,13 +95,15 @@
# .nf
# DATABASE_README, Postfix lookup table overview
# BUGS
# The protocol limits are not yet configurable.
# The protocol time limits are not yet configurable.
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# HISTORY
# Socketmap support was introduced with Postfix version 2.10.
#
# The socketmap protocol was published with Sendmail v8.13.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
@ -92,5 +114,8 @@
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# Wietse Venema
# porcupine.org
#--

2
postfix/proto/stop.double-history
View File

@ -150,3 +150,5 @@ proto proto socketmap_table qmqpd qmqpd c tls tls_misc c
logging to the standard error stream File postlog postlog c
Files mantools postlink proto postconf proto cleanup cleanup c
many errors I O timeout lost connection File smtpd smtpd c
that is unknown or known but disabled File smtpd smtpd c
proto proto socketmap_table

1
postfix/proto/stop.spell-history
View File

@ -96,3 +96,4 @@ v'expr
roff
diffs
CLOSEFROM
Roessner

7
postfix/src/cleanup/cleanup_milter.c
View File

@ -2063,19 +2063,22 @@ static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *event,
return (0);
switch (resp[0]) {
case 'H':
/* XXX Should log the reason here. */
if (state->flags & CLEANUP_FLAG_HOLD)
return (0);
state->flags |= CLEANUP_FLAG_HOLD;
action = "milter-hold";
text = "milter triggers HOLD action";
text = resp[1] ? resp + 1 : "milter triggers HOLD action";
break;
case 'D':
if (state->flags & CLEANUP_FLAG_DISCARD)
return (0);
state->flags |= CLEANUP_FLAG_DISCARD;
action = "milter-discard";
text = "milter triggers DISCARD action";
break;
case 'S':
if (state->flags & CLEANUP_STAT_CONT)
return (0);
/* XXX Can this happen after end-of-message? */
state->flags |= CLEANUP_STAT_CONT;
action = "milter-reject";

1
postfix/src/global/Makefile.in
View File

@ -1943,6 +1943,7 @@ mail_params.o: ../../include/check_arg.h
mail_params.o: ../../include/dict.h
mail_params.o: ../../include/dict_db.h
mail_params.o: ../../include/dict_lmdb.h
mail_params.o: ../../include/dict_sockmap.h
mail_params.o: ../../include/get_hostname.h
mail_params.o: ../../include/htable.h
mail_params.o: ../../include/inet_addr_list.h

4
postfix/src/global/mail_params.c
View File

@ -223,6 +223,7 @@
#include <dict.h>
#include <dict_db.h>
#include <dict_lmdb.h>
#include <dict_sockmap.h>
#include <inet_proto.h>
#include <vstring_vstream.h>
#include <iostuff.h>
@ -352,6 +353,7 @@ int var_strict_encoding;
int var_verify_neg_cache;
int var_oldlog_compat;
int var_delay_max_res;
int var_sockmap_max_reply;
char *var_int_filt_classes;
int var_cyrus_sasl_authzid;
@ -838,6 +840,7 @@ void mail_params_init()
VAR_MIME_BOUND_LEN, DEF_MIME_BOUND_LEN, &var_mime_bound_len, 1, 0,
VAR_DELAY_MAX_RES, DEF_DELAY_MAX_RES, &var_delay_max_res, MIN_DELAY_MAX_RES, MAX_DELAY_MAX_RES,
VAR_INET_WINDOW, DEF_INET_WINDOW, &var_inet_windowsize, 0, 0,
VAR_SOCKMAP_MAX_REPLY, DEF_SOCKMAP_MAX_REPLY, &var_sockmap_max_reply, 1, 0,
0,
};
static const CONFIG_LONG_TABLE long_defaults[] = {
@ -986,6 +989,7 @@ void mail_params_init()
check_overlap();
dict_db_cache_size = var_db_read_buf;
dict_lmdb_map_size = var_lmdb_map_size;
dict_sockmap_max_reply = var_sockmap_max_reply;
inet_windowsize = var_inet_windowsize;
if (set_logwriter_create_perms(var_maillog_file_perms) < 0)
msg_warn("ignoring bad permissions: %s = %s",

7
postfix/src/global/mail_params.h
View File

@ -4488,6 +4488,13 @@ extern int var_smtp_tlsrpt_skip_reused_hs;
#define DEF_FULL_NAME_ENCODING_CHARSET "utf-8"
extern char *var_full_name_encoding_charset;
/*
* Limit for the sockmap reply size
*/
#define VAR_SOCKMAP_MAX_REPLY "socketmap_max_reply_size"
#define DEF_SOCKMAP_MAX_REPLY 100000 /* reply size limit */
extern int var_sockmap_max_reply;
/* LICENSE
/* .ad
/* .fi

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20250105"
#define MAIL_RELEASE_DATE "20250107"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT

30
postfix/src/milter/milter8.c
View File

@ -524,7 +524,7 @@ static int milter8_conf_error(MILTER8 *milter)
if (strcasecmp(milter->def_action, "accept") == 0) {
reply = 0;
} else if (strcasecmp(milter->def_action, "quarantine") == 0) {
reply = "H";
reply = "Hdefault_action";
} else {
reply = "451 4.3.5 Server configuration problem - try again later";
}
@ -558,7 +558,7 @@ static int milter8_comm_error(MILTER8 *milter)
} else if (strcasecmp(milter->def_action, "tempfail") == 0) {
reply = "451 4.7.1 Service unavailable - try again later";
} else if (strcasecmp(milter->def_action, "quarantine") == 0) {
reply = "H";
reply = "Hdefault_action";
} else {
msg_warn("milter %s: unrecognized default action: %s",
milter->m.name, milter->def_action);
@ -1332,14 +1332,24 @@ static const char *milter8_event(MILTER8 *milter, int event,
* accept, discard). We should not transition, either, otherwise
* we get out of sync.
*/
case SMFIR_QUARANTINE:
/* XXX What to do with the "reason" text? */
if (milter8_read_data(milter, &data_size,
MILTER8_DATA_BUFFER, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
milter8_def_reply(milter, "H");
continue;
case SMFIR_QUARANTINE:{
VSTRING *reply;
ssize_t saved_size = data_size;
if (milter8_read_data(milter, &data_size,
MILTER8_DATA_BUFFER, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
/* XXX This should be reported with a call-back. */
reply = vstring_alloc(100);
if (saved_size > 100)
saved_size=100;
vstring_sprintf(reply, "H%.*s", (int) saved_size,
STR(milter->buf));
milter8_def_reply(milter, STR(reply));
vstring_free(reply);
continue;
}
/*
* Decision: skip further events of this type.

25
postfix/src/milter/test-milter.c
View File

@ -16,7 +16,7 @@
/* to maintain compatibility between successive versions.
/*
/* Arguments (multiple alternatives are separated by "\fB|\fR"):
/* .IP "\fB-a accept|tempfail|reject|discard|skip|\fIddd x.y.z text\fR"
/* .IP "\fB-a accept|tempfail|reject|discard|skip|quarantine \fItext\fR|\fIddd x.y.z text\fR"
/* Specifies a non-default reply for the MTA command specified
/* with \fB-c\fR. The default is \fBtempfail\fR. The \fItext\fR
/* is repeated once, to produce multi-line reply text.
@ -139,6 +139,8 @@ static const struct command_map command_map[] = {
0, 0,
};
static char *quarantine_reason;
static char *reply_code;
static char *reply_dsn;
static char *reply_message;
@ -385,6 +387,11 @@ static sfsistat test_eom(SMFICTX *ctx)
if (smfi_delrcpt(ctx, del_rcpt[count]) == MI_FAILURE)
fprintf(stderr, "smfi_delrcpt `%s' failed\n", del_rcpt[count]);
}
if (quarantine_reason) {
if (smfi_quarantine(ctx, quarantine_reason) == MI_FAILURE)
fprintf(stderr, "smfi_quarantine failed\n");
printf("quarantine '%s'\n", quarantine_reason);
}
return (test_reply(ctx, test_eom_reply));
}
@ -445,7 +452,7 @@ static struct smfiDesc smfilter =
{
"test-milter",
SMFI_VERSION,
SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_ADDHDRS | SMFIF_CHGHDRS | SMFIF_CHGBODY | SMFIF_CHGFROM,
SMFIF_ADDRCPT | SMFIF_DELRCPT | SMFIF_ADDHDRS | SMFIF_CHGHDRS | SMFIF_CHGBODY | SMFIF_CHGFROM | SMFIF_QUARANTINE,
test_connect,
test_helo,
test_mail,
@ -570,7 +577,10 @@ int main(int argc, char **argv)
while ((ch = getopt(argc, argv, "a:A:b:c:C:d:D:f:h:i:lm:M:n:N:p:rv")) > 0) {
switch (ch) {
case 'a':
action = optarg;
if (action != 0)
fprintf(stderr, "ignoring extra -a option\n");
else
action = optarg;
break;
case 'A':
if (add_rcpt_count >= MAX_RCPT) {
@ -758,6 +768,13 @@ int main(int argc, char **argv)
cp->reply[0] = SMFIS_ACCEPT;
} else if (strcmp(action, "discard") == 0) {
cp->reply[0] = SMFIS_DISCARD;
} else if (strncmp(action, "quarantine ", 11) == 0) {
if (strcmp(command, "eom") != 0) {
fprintf(stderr, "quarantine action requires '-c eom'\n");
exit(1);
}
quarantine_reason = action + 11;
quarantine_reason += strspn(quarantine_reason, " ");
#ifdef SMFIS_SKIP
} else if (strcmp(action, "skip") == 0) {
cp->reply[0] = SMFIS_SKIP;
@ -793,6 +810,8 @@ int main(int argc, char **argv)
printf("reply code %s dsn %s message %s\n",
reply_code, reply_dsn ? reply_dsn : "(null)",
reply_message ? reply_message : "(null)");
if (quarantine_reason)
printf("quarantine reason %s\n", quarantine_reason);
}
}
#if SMFI_VERSION > 5

11
postfix/src/smtpd/smtpd.c
View File

@ -1787,12 +1787,16 @@ static const char *check_milter_reply(SMTPD_STATE *state, const char *reply)
switch (reply[0]) {
case 'H':
if (state->saved_flags & CLEANUP_FLAG_HOLD)
return (0);
state->saved_flags |= CLEANUP_FLAG_HOLD;
action = "milter-hold";
text = reply[1] ? reply + 1 : "milter triggers HOLD action";
reply = 0;
text = "milter triggers HOLD action";
break;
case 'D':
if (state->saved_flags & CLEANUP_FLAG_DISCARD)
return (0);
state->saved_flags |= CLEANUP_FLAG_DISCARD;
action = "milter-discard";
reply = 0;
@ -5524,6 +5528,9 @@ static int milter_unknown_reply_override(SMTPD_STATE *state)
*
* As a compromise, we will not override the Postfix SMTP server's specific
* "5XX Unknown command" etc. reply.
*
* We're not calling check_milter_reply() because that has unwanted side
* effects including logging and replying with 421.
*/
if (state->milters != 0
&& (err = milter_unknown_event(state->milters,
@ -5531,7 +5538,7 @@ static int milter_unknown_reply_override(SMTPD_STATE *state)
if (err[0] == '4') {
smtpd_chat_reply(state, "%s", err);
return (1);
} else if (err[0] != '5') {
} else if (strchr("HDS5", err[0]) == 0) {
msg_warn("unexpected SMFIC_UNKNOWN response: %s", err);
}
}

2
postfix/src/util/dict_sockmap.c
View File

@ -119,7 +119,7 @@ typedef struct {
* Class variables.
*/
static int dict_sockmap_timeout = DICT_SOCKMAP_DEF_TIMEOUT;
static int dict_sockmap_max_reply = DICT_SOCKMAP_DEF_MAX_REPLY;
int dict_sockmap_max_reply = DICT_SOCKMAP_DEF_MAX_REPLY;
static int dict_sockmap_max_idle = DICT_SOCKMAP_DEF_MAX_IDLE;
static int dict_sockmap_max_ttl = DICT_SOCKMAP_DEF_MAX_TTL;

1
postfix/src/util/dict_sockmap.h
View File

@ -22,6 +22,7 @@
#define DICT_TYPE_SOCKMAP "socketmap"
extern DICT *dict_sockmap_open(const char *, int, int);
extern int dict_sockmap_max_reply;
/* LICENSE
/* .ad

10
postfix/src/util/netstring.c
View File

@ -156,6 +156,9 @@
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
/*
/* Wietse Venema
/* porcupine.org
/*--*/
/* System library. */
@ -163,6 +166,7 @@
#include <sys_defs.h>
#include <stdarg.h>
#include <ctype.h>
#include <errno.h>
/* Utility library. */
@ -367,12 +371,18 @@ const char *netstring_strerror(int err)
case NETSTRING_ERR_EOF:
return ("unexpected disconnect");
case NETSTRING_ERR_TIME:
errno = ETIMEDOUT;
return ("time limit exceeded");
case NETSTRING_ERR_FORMAT:
errno = 0;
return ("input format error");
case NETSTRING_ERR_SIZE:
#ifdef EMSGSIZE
errno = EMSGSIZE;
#endif
return ("input exceeds size limit");
default:
errno = 0;
return ("unknown netstring error");
}
}