postfix-2.12-20140219

postfix/HISTORY

@@ -19548,3 +19548,25 @@ Apologies for any names omitted.
 	Testbed: unsupported HANGUP access map action that drops
 	the connection without responding to the remote SMTP client.
 	File: smtpd/smtpd_check.c.
+
+20140214
+
+	Workaround: apparently some buggy kernels report WIFSTOPPED
+	events to the parent process (master daemon) instead of the
+	tracing process (e.g., gdb). File: master/master_spawn.c.
+
+20140218
+
+	Workaround: require that a queue file is older than
+	$minimal_backoff_time, before falling back from failed TLS
+	(both during or after the TLS handshake) to plaintext
+	delivery.  Viktor Dukhovni. Files: smtp/smtp.h, smtp/smtp.c,
+	smtp/lmtp_params.c, smtp/smtp_params.c.
+
+20140219
+
+	Workaround: disable the fallback to plaintext when all
+	recipients have already been bounced or deferred. This
+	happens for example when TLS breaks after the TLS handshake
+	while talking to the "final" SMTP server.  Wietse and Viktor.
+	Files: smtp/smtp.h.

postfix/html/postconf.5.html

@@ -14070,7 +14070,8 @@ non-permanent error code.  This feature is available in Postfix
 <dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt>
 
 <dd>Reject the request when Postfix is not final destination for
-the recipient domain, and the RCPT TO domain has 1) no DNS A or MX
+the recipient domain, and the RCPT TO domain has 1) no DNS MX and
+no DNS address
 record or 2) a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later). <br> The
 <a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical
@@ -14803,7 +14804,8 @@ Postfix version 2.1 and later. </dd>
 <dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>
 
 <dd>Reject the request when Postfix is not final destination for
-the sender address, and the MAIL FROM domain has 1) no DNS A or MX
+the sender address, and the MAIL FROM domain has 1) no DNS MX and
+no DNS address
 record, or 2) a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later). <br> The
 <a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the numerical

postfix/man/man5/postconf.5

@@ -9320,7 +9320,8 @@ non-permanent error code.  This feature is available in Postfix
 .br
 .IP "\fBreject_unknown_recipient_domain\fR"
 Reject the request when Postfix is not final destination for
-the recipient domain, and the RCPT TO domain has 1) no DNS A or MX
+the recipient domain, and the RCPT TO domain has 1) no DNS MX and
+no DNS address
 record or 2) a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later).
 .br
@@ -9893,7 +9894,8 @@ Postfix version 2.1 and later.
 .br
 .IP "\fBreject_unknown_sender_domain\fR"
 Reject the request when Postfix is not final destination for
-the sender address, and the MAIL FROM domain has 1) no DNS A or MX
+the sender address, and the MAIL FROM domain has 1) no DNS MX and
+no DNS address
 record, or 2) a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later).
 .br

postfix/proto/postconf.proto

@@ -5896,7 +5896,8 @@ non-permanent error code.  This feature is available in Postfix
 <dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt>
 
 <dd>Reject the request when Postfix is not final destination for
-the recipient domain, and the RCPT TO domain has 1) no DNS A or MX
+the recipient domain, and the RCPT TO domain has 1) no DNS MX and
+no DNS address
 record or 2) a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later). <br> The
 unknown_address_reject_code parameter specifies the numerical
@@ -6354,7 +6355,8 @@ Postfix version 2.1 and later. </dd>
 <dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>
 
 <dd>Reject the request when Postfix is not final destination for
-the sender address, and the MAIL FROM domain has 1) no DNS A or MX
+the sender address, and the MAIL FROM domain has 1) no DNS MX and
+no DNS address
 record, or 2) a malformed MX record such as a record with
 a zero-length MX hostname (Postfix version 2.3 and later). <br> The
 unknown_address_reject_code parameter specifies the numerical

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20140209"
+#define MAIL_RELEASE_DATE	"20140219"
 #define MAIL_VERSION_NUMBER	"2.12"
 
 #ifdef SNAPSHOT

postfix/src/master/master_spawn.c

@@ -310,7 +310,21 @@ void    master_reap_child(void)
 	(MASTER_MARKED_FOR_DELETION(serv) \
 	    && WTERMSIG(status) == MASTER_KILL_SIGNAL)
 
+	/*
+	 * XXX The code for WIFSTOPPED() is here in case some buggy kernel
+	 * reports WIFSTOPPED() events to a Postfix daemon's parent process
+	 * (the master(8) daemon) instead of the tracing process (e.g., gdb).
+	 * 
+	 * The WIFSTOPPED() test prevents master(8) from deleting its record of
+	 * a child process that is stopped. That would cause a master(8)
+	 * panic (unknown child) when the child terminates.
+	 */
 	if (!NORMAL_EXIT_STATUS(status)) {
+	    if (WIFSTOPPED(status)) {
+		msg_warn("process %s pid %d stopped by signal %d",
+			 serv->path, pid, WSTOPSIG(status));
+		continue;
+	    }
 	    if (WIFEXITED(status))
 		msg_warn("process %s pid %d exit status %d",
 			 serv->path, pid, WEXITSTATUS(status));

postfix/src/smtp/lmtp_params.c

@@ -71,6 +71,7 @@
 	VAR_LMTP_RSET_TMOUT, DEF_LMTP_RSET_TMOUT, &var_smtp_rset_tmout, 1, 0,
 	VAR_LMTP_QUIT_TMOUT, DEF_LMTP_QUIT_TMOUT, &var_smtp_quit_tmout, 1, 0,
 	VAR_LMTP_PIX_THRESH, DEF_LMTP_PIX_THRESH, &var_smtp_pix_thresh, 0, 0,
+	VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0,
 	VAR_LMTP_PIX_DELAY, DEF_LMTP_PIX_DELAY, &var_smtp_pix_delay, 1, 0,
 	VAR_LMTP_CACHE_CONNT, DEF_LMTP_CACHE_CONNT, &var_smtp_cache_conn, 1, 0,
 	VAR_LMTP_REUSE_TIME, DEF_LMTP_REUSE_TIME, &var_smtp_reuse_time, 1, 0,

postfix/src/smtp/smtp.c

@@ -797,6 +797,7 @@ char   *var_smtp_bind_addr;
 char   *var_smtp_bind_addr6;
 bool    var_smtp_rand_addr;
 int     var_smtp_pix_thresh;
+int     var_min_backoff_time;
 int     var_smtp_pix_delay;
 int     var_smtp_line_limit;
 char   *var_smtp_helo_name;

postfix/src/smtp/smtp.h

@@ -462,19 +462,27 @@ extern HBC_CALL_BACKS smtp_hbc_callbacks[];
 #define HAVE_SASL_CREDENTIALS	(0)
 #endif
 
+#define PREACTIVE_DELAY \
+	(session->state->request->msg_stats.active_arrival.tv_sec - \
+	 session->state->request->msg_stats.incoming_arrival.tv_sec)
+
 #define PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE \
 	(session->tls_context == 0 \
 	    && session->tls->level == TLS_LEV_MAY \
+	    && PREACTIVE_DELAY >= var_min_backoff_time \
 	    && !HAVE_SASL_CREDENTIALS)
 
 #define PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE \
 	(session->tls_context != 0 \
+	    && SMTP_RCPT_LEFT(state) > 0 \
 	    && session->tls->level == TLS_LEV_MAY \
+	    && PREACTIVE_DELAY >= var_min_backoff_time \
 	    && !HAVE_SASL_CREDENTIALS)
 
  /*
   * XXX The following will not retry recipients that were deferred while the
-  * SMTP_MISC_FLAG_FINAL_SERVER flag was already set.
+  * SMTP_MISC_FLAG_FINAL_SERVER flag was already set. This includes the case
+  * when TLS fails in the middle of a delivery.
   */
 #define RETRY_AS_PLAINTEXT do { \
 	session->tls_retry_plain = 1; \

postfix/src/smtp/smtp_params.c

@@ -73,6 +73,7 @@
 	VAR_SMTP_QUIT_TMOUT, DEF_SMTP_QUIT_TMOUT, &var_smtp_quit_tmout, 1, 0,
 	VAR_SMTP_PIX_THRESH, DEF_SMTP_PIX_THRESH, &var_smtp_pix_thresh, 0, 0,
 	VAR_SMTP_PIX_DELAY, DEF_SMTP_PIX_DELAY, &var_smtp_pix_delay, 1, 0,
+	VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0,
 	VAR_SMTP_CACHE_CONNT, DEF_SMTP_CACHE_CONNT, &var_smtp_cache_conn, 1, 0,
 	VAR_SMTP_REUSE_TIME, DEF_SMTP_REUSE_TIME, &var_smtp_reuse_time, 1, 0,
 #ifdef USE_TLS

postfix/src/smtpd/Makefile.in

@@ -306,6 +306,7 @@ smtpd_check.o: ../../include/recipient_list.h
 smtpd_check.o: ../../include/record.h
 smtpd_check.o: ../../include/resolve_clnt.h
 smtpd_check.o: ../../include/resolve_local.h
+smtpd_check.o: ../../include/smtp_stream.h
 smtpd_check.o: ../../include/sock_addr.h
 smtpd_check.o: ../../include/split_at.h
 smtpd_check.o: ../../include/string_list.h