diff --git a/postfix/HISTORY b/postfix/HISTORY
index da3b242d2..fd640a950 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -19548,3 +19548,25 @@ Apologies for any names omitted.
Testbed: unsupported HANGUP access map action that drops
the connection without responding to the remote SMTP client.
File: smtpd/smtpd_check.c.
+
+20140214
+
+ Workaround: apparently some buggy kernels report WIFSTOPPED
+ events to the parent process (master daemon) instead of the
+ tracing process (e.g., gdb). File: master/master_spawn.c.
+
+20140218
+
+ Workaround: require that a queue file is older than
+ $minimal_backoff_time, before falling back from failed TLS
+ (both during or after the TLS handshake) to plaintext
+ delivery. Viktor Dukhovni. Files: smtp/smtp.h, smtp/smtp.c,
+ smtp/lmtp_params.c, smtp/smtp_params.c.
+
+20140219
+
+ Workaround: disable the fallback to plaintext when all
+ recipients have already been bounced or deferred. This
+ happens for example when TLS breaks after the TLS handshake
+ while talking to the "final" SMTP server. Wietse and Viktor.
+ Files: smtp/smtp.h.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 592ea1daa..2f40f9541 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -14070,7 +14070,8 @@ non-permanent error code. This feature is available in Postfix
reject_unknown_recipient_domain
Reject the request when Postfix is not final destination for
-the recipient domain, and the RCPT TO domain has 1) no DNS A or MX
+the recipient domain, and the RCPT TO domain has 1) no DNS MX and
+no DNS address
record or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later).
The
unknown_address_reject_code parameter specifies the numerical
@@ -14803,7 +14804,8 @@ Postfix version 2.1 and later.
reject_unknown_sender_domain
Reject the request when Postfix is not final destination for
-the sender address, and the MAIL FROM domain has 1) no DNS A or MX
+the sender address, and the MAIL FROM domain has 1) no DNS MX and
+no DNS address
record, or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later).
The
unknown_address_reject_code parameter specifies the numerical
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 1d77ad54e..4e83b67b9 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -9320,7 +9320,8 @@ non-permanent error code. This feature is available in Postfix
.br
.IP "\fBreject_unknown_recipient_domain\fR"
Reject the request when Postfix is not final destination for
-the recipient domain, and the RCPT TO domain has 1) no DNS A or MX
+the recipient domain, and the RCPT TO domain has 1) no DNS MX and
+no DNS address
record or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later).
.br
@@ -9893,7 +9894,8 @@ Postfix version 2.1 and later.
.br
.IP "\fBreject_unknown_sender_domain\fR"
Reject the request when Postfix is not final destination for
-the sender address, and the MAIL FROM domain has 1) no DNS A or MX
+the sender address, and the MAIL FROM domain has 1) no DNS MX and
+no DNS address
record, or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later).
.br
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index f62ce69c1..937a454bd 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -5896,7 +5896,8 @@ non-permanent error code. This feature is available in Postfix
reject_unknown_recipient_domain
Reject the request when Postfix is not final destination for
-the recipient domain, and the RCPT TO domain has 1) no DNS A or MX
+the recipient domain, and the RCPT TO domain has 1) no DNS MX and
+no DNS address
record or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later).
The
unknown_address_reject_code parameter specifies the numerical
@@ -6354,7 +6355,8 @@ Postfix version 2.1 and later.
reject_unknown_sender_domain
Reject the request when Postfix is not final destination for
-the sender address, and the MAIL FROM domain has 1) no DNS A or MX
+the sender address, and the MAIL FROM domain has 1) no DNS MX and
+no DNS address
record, or 2) a malformed MX record such as a record with
a zero-length MX hostname (Postfix version 2.3 and later).
The
unknown_address_reject_code parameter specifies the numerical
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 459a55f99..e933d4b8f 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20140209"
+#define MAIL_RELEASE_DATE "20140219"
#define MAIL_VERSION_NUMBER "2.12"
#ifdef SNAPSHOT
diff --git a/postfix/src/master/master_spawn.c b/postfix/src/master/master_spawn.c
index 6318e6bc2..57baddc97 100644
--- a/postfix/src/master/master_spawn.c
+++ b/postfix/src/master/master_spawn.c
@@ -310,7 +310,21 @@ void master_reap_child(void)
(MASTER_MARKED_FOR_DELETION(serv) \
&& WTERMSIG(status) == MASTER_KILL_SIGNAL)
+ /*
+ * XXX The code for WIFSTOPPED() is here in case some buggy kernel
+ * reports WIFSTOPPED() events to a Postfix daemon's parent process
+ * (the master(8) daemon) instead of the tracing process (e.g., gdb).
+ *
+ * The WIFSTOPPED() test prevents master(8) from deleting its record of
+ * a child process that is stopped. That would cause a master(8)
+ * panic (unknown child) when the child terminates.
+ */
if (!NORMAL_EXIT_STATUS(status)) {
+ if (WIFSTOPPED(status)) {
+ msg_warn("process %s pid %d stopped by signal %d",
+ serv->path, pid, WSTOPSIG(status));
+ continue;
+ }
if (WIFEXITED(status))
msg_warn("process %s pid %d exit status %d",
serv->path, pid, WEXITSTATUS(status));
diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c
index 68a2739ac..fdd11868e 100644
--- a/postfix/src/smtp/lmtp_params.c
+++ b/postfix/src/smtp/lmtp_params.c
@@ -71,6 +71,7 @@
VAR_LMTP_RSET_TMOUT, DEF_LMTP_RSET_TMOUT, &var_smtp_rset_tmout, 1, 0,
VAR_LMTP_QUIT_TMOUT, DEF_LMTP_QUIT_TMOUT, &var_smtp_quit_tmout, 1, 0,
VAR_LMTP_PIX_THRESH, DEF_LMTP_PIX_THRESH, &var_smtp_pix_thresh, 0, 0,
+ VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0,
VAR_LMTP_PIX_DELAY, DEF_LMTP_PIX_DELAY, &var_smtp_pix_delay, 1, 0,
VAR_LMTP_CACHE_CONNT, DEF_LMTP_CACHE_CONNT, &var_smtp_cache_conn, 1, 0,
VAR_LMTP_REUSE_TIME, DEF_LMTP_REUSE_TIME, &var_smtp_reuse_time, 1, 0,
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index 9067bb730..768b57647 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -797,6 +797,7 @@ char *var_smtp_bind_addr;
char *var_smtp_bind_addr6;
bool var_smtp_rand_addr;
int var_smtp_pix_thresh;
+int var_min_backoff_time;
int var_smtp_pix_delay;
int var_smtp_line_limit;
char *var_smtp_helo_name;
diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h
index 99ab7391f..66e891024 100644
--- a/postfix/src/smtp/smtp.h
+++ b/postfix/src/smtp/smtp.h
@@ -462,19 +462,27 @@ extern HBC_CALL_BACKS smtp_hbc_callbacks[];
#define HAVE_SASL_CREDENTIALS (0)
#endif
+#define PREACTIVE_DELAY \
+ (session->state->request->msg_stats.active_arrival.tv_sec - \
+ session->state->request->msg_stats.incoming_arrival.tv_sec)
+
#define PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE \
(session->tls_context == 0 \
&& session->tls->level == TLS_LEV_MAY \
+ && PREACTIVE_DELAY >= var_min_backoff_time \
&& !HAVE_SASL_CREDENTIALS)
#define PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE \
(session->tls_context != 0 \
+ && SMTP_RCPT_LEFT(state) > 0 \
&& session->tls->level == TLS_LEV_MAY \
+ && PREACTIVE_DELAY >= var_min_backoff_time \
&& !HAVE_SASL_CREDENTIALS)
/*
* XXX The following will not retry recipients that were deferred while the
- * SMTP_MISC_FLAG_FINAL_SERVER flag was already set.
+ * SMTP_MISC_FLAG_FINAL_SERVER flag was already set. This includes the case
+ * when TLS fails in the middle of a delivery.
*/
#define RETRY_AS_PLAINTEXT do { \
session->tls_retry_plain = 1; \
diff --git a/postfix/src/smtp/smtp_params.c b/postfix/src/smtp/smtp_params.c
index c8478b5ef..55a6e7153 100644
--- a/postfix/src/smtp/smtp_params.c
+++ b/postfix/src/smtp/smtp_params.c
@@ -73,6 +73,7 @@
VAR_SMTP_QUIT_TMOUT, DEF_SMTP_QUIT_TMOUT, &var_smtp_quit_tmout, 1, 0,
VAR_SMTP_PIX_THRESH, DEF_SMTP_PIX_THRESH, &var_smtp_pix_thresh, 0, 0,
VAR_SMTP_PIX_DELAY, DEF_SMTP_PIX_DELAY, &var_smtp_pix_delay, 1, 0,
+ VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0,
VAR_SMTP_CACHE_CONNT, DEF_SMTP_CACHE_CONNT, &var_smtp_cache_conn, 1, 0,
VAR_SMTP_REUSE_TIME, DEF_SMTP_REUSE_TIME, &var_smtp_reuse_time, 1, 0,
#ifdef USE_TLS
diff --git a/postfix/src/smtpd/Makefile.in b/postfix/src/smtpd/Makefile.in
index d3607e23f..87160dc28 100644
--- a/postfix/src/smtpd/Makefile.in
+++ b/postfix/src/smtpd/Makefile.in
@@ -306,6 +306,7 @@ smtpd_check.o: ../../include/recipient_list.h
smtpd_check.o: ../../include/record.h
smtpd_check.o: ../../include/resolve_clnt.h
smtpd_check.o: ../../include/resolve_local.h
+smtpd_check.o: ../../include/smtp_stream.h
smtpd_check.o: ../../include/sock_addr.h
smtpd_check.o: ../../include/split_at.h
smtpd_check.o: ../../include/string_list.h