From b3a48ba3a818f96d9a01b9822bbed6e5d4b8fc33 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sun, 5 Jan 2014 00:00:00 -0500 Subject: [PATCH] postfix-2.12-20140105 --- postfix/README_FILES/LMDB_README | 9 +- postfix/RELEASE_NOTES | 262 +-------------------------- postfix/RELEASE_NOTES-2.11 | 256 ++++++++++++++++++++++++++ postfix/WISHLIST | 33 ++-- postfix/html/LMDB_README.html | 9 +- postfix/html/POSTSCREEN_README.html | 3 +- postfix/html/lmdb_table.5.html | 43 +++-- postfix/html/postconf.5.html | 7 +- postfix/man/man5/lmdb_table.5 | 6 + postfix/man/man5/postconf.5 | 7 +- postfix/proto/LMDB_README.html | 9 +- postfix/proto/POSTSCREEN_README.html | 3 +- postfix/proto/lmdb_table | 6 + postfix/proto/postconf.proto | 7 +- postfix/src/global/mail_version.h | 4 +- postfix/src/util/lmdb_cache_test.sh | 19 ++ postfix/src/util/slmdb.c | 14 +- 17 files changed, 383 insertions(+), 314 deletions(-) create mode 100644 postfix/RELEASE_NOTES-2.11 create mode 100644 postfix/src/util/lmdb_cache_test.sh diff --git a/postfix/README_FILES/LMDB_README b/postfix/README_FILES/LMDB_README index 2ce6b726d..851621710 100644 --- a/postfix/README_FILES/LMDB_README +++ b/postfix/README_FILES/LMDB_README @@ -2,6 +2,13 @@ PPoossttffiixx OOppeennLLDDAAPP LLMMDDBB HHoowwttoo ------------------------------------------------------------------------------- +NNoottee + +LMDB is not supported in the stable Postfix release. It will spontaneously +terminate a Postfix daemon process without allowing Postfix to 1) report the +problem to the maillog file, and to 2) provide reduced service where this is +appropriate. + IInnttrroodduuccttiioonn Postfix uses databases of various kinds to store and look up information. @@ -72,7 +79,7 @@ NNoonn--oobbvviioouuss rreeccoovveerryy wwiitthh ppoos ccoorrrruupptteedd ddaattaabbaassee.. Problem: - A corrupted LMDB database cann't be rebuilt simply by re-running postmap(1) + A corrupted LMDB database can't be rebuilt simply by re-running postmap(1) or postalias(1), or by waiting until a tlsmgr(8) daemon restarts. This problem does not exist with other Postfix databases. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 23fef36bd..a89e883f5 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,269 +1,17 @@ -This is the Postfix 2.11 (experimental) branch. +This is the Postfix 2.12 (experimental) branch. -The stable Postfix release is called postfix-2.10.x where 2=major -release number, 10=minor release number, x=patchlevel. The stable +The stable Postfix release is called postfix-2.11.x where 2=major +release number, 11=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called -postfix-2.11-yyyymmdd where yyyymmdd is the release date (yyyy=year, +postfix-2.12-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. -If you upgrade from Postfix 2.9 or earlier, read RELEASE_NOTES-2.10 +If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11 before proceeding. - -Incompatible changes with snapshot 20131217 -=========================================== - -The master_service_disable syntax has changed: use "service/type" -instead of "service.type". The new form is consistent with master.cf -parameter namespaces. The old form is still supported to avoid -breaking existing configurations. - -Major changes with with snapshot 20131217 -========================================= - -Support for advanced master.cf query and update operations. This -was implemented primarily to support automated system management -tools. - -The goal is to make all Postfix master.cf details accessible as -lists of "name=value" pairs, where the names are organized into -structured name spaces. This allows other programs to query -information or request updates, without having to worry about the -exact layout of master.cf files. - -Managing master.cf service attributes -------------------------------------- - -First, an example that shows the smtp/inet service in the traditional -form: - - $ postconf -M smtp/inet - smtp inet n - n - - smtpd - -Different variants of this command show different amounts of output. -For example, "postconf -M smtp" enumerates all services that have -a name "smtp" and any service type ("inet", "unix", etc.), and -"postconf -M" enumerates all master.cf services. - -General rule: each name component that is not present becomes a "*" -wildcard. - -Coming back to the above example, the postconf -F option can now -enumerate the smtp/inet service fields as follows: - - $ postconf -F smtp/inet - smtp/inet/service = smtp - smtp/inet/type = inet - smtp/inet/private = n - smtp/inet/unprivileged = - - smtp/inet/chroot = n - smtp/inet/wakeup = - - smtp/inet/process_limit = - - smtp/inet/command = smtpd - -This form makes it very easy to change one field in master.cf. -For example to turn on chroot on the smtp/inet service you use: - - $ postconf -F smtp/inet/chroot=y - $ postfix reload - -Moreover, with "-F" you can specify "*" for service name or service -type to get a wild-card match. For example, to turn off chroot on -all Postfix daemons, use this: - - $ postconf -F '*/*/chroot=n' - $ postfix reload - -Managing master.cf service "-o parameter=value" settings --------------------------------------------------------- - -For a second example, let's look at the submission service. This -service typically has multiple "-o parameter=value" overrides. First -the traditional view: - - $ postconf -Mf submission - submission inet n - n - - smtpd - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - ... - -The postconf -P option can now enumerate these parameters as follows: - - $ postconf -P submission - submission/inet/smtpd_sasl_auth_enable = yes - submission/inet/smtpd_tls_security_level = encrypt - ... - -Again, this form makes it very easy to modify one parameter -setting. For example, to change the smtpd_tls_security_level setting -for the submission/inet service: - - $ postconf -P 'submission/inet/smtpd_tls_security_level=may' - -You can create or remove a parametername=parametervalue setting: - -Create: - $ postconf -P 'submission/inet/parametername=parametervalue' - -Remove: - $ postconf -PX submission/inet/parametername - -Finally, always execute "postfix reload" after updating master.cf. - -Managing master.cf service entries ----------------------------------- - -Finally, adding master.cf entries is possible, but currently this -does not yet have "advanced" support. It can only be done at the -level of the traditional master.cf file format. - -Suppose that you need to configure a Postfix SMTP client that will -handle slow email deliveries. To implement this you need to clone -the smtp/unix service settings and create a new delay/unix service. - -First, you would enumerate the smtp/unix service like this: - - $ postconf -M smtp/unix - smtp unix - - n - - smtp - -Then you would copy those fields (except the first field) by hand -to create the delay/unix service: - - $ postconf -M delay/unix="delay unix - - n - - smtp" - -To combine the above steps in one command: - - $ postconf -M delay/unix="`postconf -M smtp/unix|awk '{$1 = "delay"}'`" - -This is perhaps not super-convenient for manual cloning, but it -should be sufficient for programmatic configuration management. - -Again, always execute "postfix reload" after updating master.cf. - -Deleting or commenting out master.cf entries --------------------------------------------- - -The -X (delete entry) and -# (comment out entry) options already -exist for main.cf, and they now also work work for entire master.cf -entries: - -Remove main.cf or master.cf entry: - $ postconf -X parametername - $ postconf -MX delay/unix - -Comment out main.cf or master.cf entry: - $ postconf -# parametername - $ postconf -M# delay/unix - -As with main.cf, there is no support to "undo" master.cf changes -that are made with -X or -#. - -Again, always execute "postfix reload" after updating master.cf. - -Major changes with snapshot 20131031 -==================================== - -LMDB support is enabled after changes to LMDB lock management. This -includes creating databases with postmap(1) and postalias(1); -read/write access by postscreen(8), proxymap(8), verify(8), and -tlsmgr(8); and database sharing between privileged writer processes -and unprivileged reader processes without world-writable files. - -Major changes with snapshot 20130929 -==================================== - -Support to create LMDB databases is no longer available for the -postmap(1) and postalias(1) commands. Instead, consider using cdb: -to manage root-owned databases under the root-owned config_directory -(default: /etc/postfix) such as access(5), virtual(5), transport(5). - -The reason is that LMDB applications require write access even when -the application itself is read-only. This violates the principle -of least privilege, and causes all kinds of problems when a non-root -process needs to query a root-owned database. - -Support to create LMDB databases is available only for unprivileged -Postfix daemon processes such as postscreen(8), tlsmgr(8) and -verify(8) that manage postfix-owned databases under the postfix-owned -data_directory (default: /var/lib/postfix). - -Major changes with snapshot 20130927 -==================================== - -Postfix now handles LMDB "database full" errors automatically. When -a database becomes full, its size limit is doubled, and other -processes automatically pick up the new size limit. The lmdb_map_size -parameter is now mostly irrelevant, and may be removed in the future. - -Major changes with snapshot 20130602 -==================================== - -Support for PKI-less TLS server certificate verification, where the -CA public key is identified via DNSSEC lookup. - -This feature introduces a new TLS security level called "dane" -(DNS-based Authentication of Named Entities) that uses DNSSEC to -look up CA information for a server TLS certificate. The details -of DANE core protocols are still evolving, as are the details of -how DANE should be used in the context of SMTP. Postfix implements -what appears to be a "rational" subset of the DANE profiles. - -The problem with PKI is that there are literally hundreds of -organizations world-wide that can provide a certificate in anyone's -name. There have been widely-published incidents in recent history -where a certificate authority gave out an inappropriate certificate -(e.g., a certificate in the name of Microsoft to someone who did -not represent Microsoft), where a CA was compromised (e.g., DigiNotar, -Comodo), or where a CA made operational mistakes (e.g., TURKTRUST). -Another concern is that a legitimate CA might be coerced to provide -a certificate that allows its government to play man-in-the-middle -on TLS traffic and observe the plaintext. - -Major changes with snapshot 20130512 -==================================== - -Allow an SMTP client to skip postscreen(8) tests based on its -postscreen_dnsbl_sites score. - -Specify a negative "postscreen_dnsbl_whitelist_threshold" to enable -this feature. When a client passes the threshold value without -having failed other tests, all pending or disabled tests are flagged -as completed. - -Major changes with snapshot 20130405 -==================================== - -The recipient_delimiter parameter can now specify a set of characters. -A user name is now separated from its address extension by the first -character that matches the recipient_delimiter set. - -For example, specify "recipient_delimiter = +-" to support both the -Postfix-style "+" and the qmail-style "-" extension delimiter. - -As before, this implementation recognizes one delimiter character -per email address, and one address extension per email address. - -Major changes with snapshot 20130319 -==================================== - -Postfix support for LMDB databases is suspended due to the existence -of a hard limit (an "out of storage" failure mode that cannot be -resolved by increasing the database size). - -Postfix may support LMDB again when it no longer limits the size -of Postfix transactions, whether the limit is built into LMDB itself, -or implicit by requiring an unbounded amount of memory to handle a -large transaction. - -Major changes with snapshot 20130315 -==================================== - -LMDB support by Howard Chu. This implementation has unexpected -failure modes that don't exist with other Postfix databases, so -don't just yet abandon CDB. See LMDB_README for details. diff --git a/postfix/RELEASE_NOTES-2.11 b/postfix/RELEASE_NOTES-2.11 new file mode 100644 index 000000000..4931a94e7 --- /dev/null +++ b/postfix/RELEASE_NOTES-2.11 @@ -0,0 +1,256 @@ +The stable Postfix release is called postfix-2.11.x where 2=major +release number, 11=minor release number, x=patchlevel. The stable +release never changes except for patches that address bugs or +emergencies. Patches change the patchlevel and the release date. + +New features are developed in snapshot releases. These are called +postfix-2.12-yyyymmdd where yyyymmdd is the release date (yyyy=year, +mm=month, dd=day). Patches are never issued for snapshot releases; +instead, a new snapshot is released. + +The mail_release_date configuration parameter (format: yyyymmdd) +specifies the release date of a stable release or snapshot release. + +If you upgrade from Postfix 2.9 or earlier, read RELEASE_NOTES-2.10 +before proceeding. + +Major changes - tls +------------------- + +[Documentation 20131218] The new FORWARD_SECRECY_README document +conveniently presents all information about Postfix "perfect" forward +secrecy support in one place: what forward secrecy is, how to tweak +settings, and what you can expect to see when Postfix uses ciphers +with forward secrecy. + +[Feature 20130602] Support for PKI-less TLS server certificate +verification, where the CA public key or the server certificate is +identified via DNSSEC lookup. + +This feature introduces a new TLS security level called "dane" +(DNS-based Authentication of Named Entities) that uses DNSSEC to +look up CA information for a server TLS certificate. The details +of DANE core protocols are still evolving, as are the details of +how DANE should be used in the context of SMTP. Postfix implements +what appears to be a "rational" subset of the DANE profiles. + +The problem with PKI is that there are literally hundreds of +organizations world-wide that can provide a certificate in anyone's +name. There have been widely-published incidents in recent history +where a certificate authority gave out an inappropriate certificate +(e.g., a certificate in the name of Microsoft to someone who did +not represent Microsoft), where a CA was compromised (e.g., DigiNotar, +Comodo), or where a CA made operational mistakes (e.g., TURKTRUST). +Another concern is that a legitimate CA might be coerced to provide +a certificate that allows its government to play man-in-the-middle +on TLS traffic and observe the plaintext. + +Major changes - postscreen whitelisting +--------------------------------------- + +[Feature 20130512] Allow an SMTP client to skip postscreen(8) tests +based on its postscreen_dnsbl_sites score. + +Specify a negative "postscreen_dnsbl_whitelist_threshold" to enable +this feature. When a client passes the threshold value without +having failed other tests, all pending or disabled tests are flagged +as completed. + +Major changes - recipient_delimiter +----------------------------------- + +[Feature 20130405] The recipient_delimiter parameter can now specify +a set of characters. A user name is now separated from its address +extension by the first character that matches the recipient_delimiter +set. + +For example, specify "recipient_delimiter = +-" to support both the +Postfix-style "+" and the qmail-style "-" extension delimiter. + +As before, this implementation recognizes one delimiter character +per email address, and one address extension per email address. + +Major changes - smtpd access control +------------------------------------ + +[Feature 20131031] The check_sasl_access feature can be used to +block hijacked logins. Like other check_mumble_acces features it +queries a lookup table (in this case with the SASL login name), and +it supports the same actions as any Postfix access(5) table. + +[Feature 20130924] The reject_known_sender_login_mismatch feature +applies reject_sender_login_mismatch only to MAIL FROM addresses +that are known in $smtpd_sender_login_maps. + +Major changes - MacOS X +----------------------- + +[Feature 20130325] Full support for kqueue() event handling which +scales better with large numbers of file handles, plus a workaround +for timeout handling on file handles (such as /dev/urandom) that +still do not correctly support poll(). + +Major changes - master +---------------------- + +[Incompat 20131217] The master_service_disable parameter value +syntax has changed: use "service/type" instead of "service.type". +The new form is consistent with postconf(1) namespaces for master.cf. +The old form is still supported to avoid breaking existing +configurations. + +Major changes - milter +---------------------- + +[Feature 20131126] Support for ESMTP parameters NOTIFY and ORCPT +in the SMFIR_ADDRCPT_PAR (add recipient) request. Credits: Andrew +Ayer. + +Major changes - mysql +--------------------- + +[Feature 20131117] MySQL client support for option_file, option_group, +tls_cert_file, tls_key_file, tls_CAfile, tls_CApath, tls_verify_cert. +Credits: Gareth Palmer. + +Major changes - postconf +------------------------ + +[Feature 20131217] Support for advanced master.cf query and update +operations. This was implemented primarily to support automated +system management tools. + +The goal is to make all Postfix master.cf details accessible as +lists of "name=value" pairs, where the names are organized into +structured name spaces. This allows other programs to query +information or request updates, without having to worry about the +exact layout of master.cf files. + +Managing master.cf service attributes +------------------------------------- + +First, an example that shows the smtp/inet service in the traditional +form: + + $ postconf -M smtp/inet + smtp inet n - n - - smtpd + +Different variants of this command show different amounts of output. +For example, "postconf -M smtp" enumerates all services that have +a name "smtp" and any service type ("inet", "unix", etc.), and +"postconf -M" enumerates all master.cf services. + +General rule: each name component that is not present becomes a "*" +wildcard. + +Coming back to the above example, the postconf -F option can now +enumerate the smtp/inet service fields as follows: + + $ postconf -F smtp/inet + smtp/inet/service = smtp + smtp/inet/type = inet + smtp/inet/private = n + smtp/inet/unprivileged = - + smtp/inet/chroot = n + smtp/inet/wakeup = - + smtp/inet/process_limit = - + smtp/inet/command = smtpd + +This form makes it very easy to change one field in master.cf. +For example to turn on chroot on the smtp/inet service you use: + + $ postconf -F smtp/inet/chroot=y + $ postfix reload + +Moreover, with "-F" you can specify "*" for service name or service +type to get a wild-card match. For example, to turn off chroot on +all Postfix daemons, use this: + + $ postconf -F '*/*/chroot=n' + $ postfix reload + +Managing master.cf service "-o parameter=value" settings +-------------------------------------------------------- + +For a second example, let's look at the submission service. This +service typically has multiple "-o parameter=value" overrides. First +the traditional view: + + $ postconf -Mf submission + submission inet n - n - - smtpd + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + ... + +The postconf -P option can now enumerate these parameters as follows: + + $ postconf -P submission + submission/inet/smtpd_sasl_auth_enable = yes + submission/inet/smtpd_tls_security_level = encrypt + ... + +Again, this form makes it very easy to modify one parameter +setting. For example, to change the smtpd_tls_security_level setting +for the submission/inet service: + + $ postconf -P 'submission/inet/smtpd_tls_security_level=may' + +You can create or remove a parametername=parametervalue setting: + +Create: + $ postconf -P 'submission/inet/parametername=parametervalue' + +Remove: + $ postconf -PX submission/inet/parametername + +Finally, always execute "postfix reload" after updating master.cf. + +Managing master.cf service entries +---------------------------------- + +Finally, adding master.cf entries is possible, but currently this +does not yet have "advanced" support. It can only be done at the +level of the traditional master.cf file format. + +Suppose that you need to configure a Postfix SMTP client that will +handle slow email deliveries. To implement this you need to clone +the smtp/unix service settings and create a new delay/unix service. + +First, you would enumerate the smtp/unix service like this: + + $ postconf -M smtp/unix + smtp unix - - n - - smtp + +Then you would copy those fields (except the first field) by hand +to create the delay/unix service: + + $ postconf -M delay/unix="delay unix - - n - - smtp" + +To combine the above steps in one command: + + $ postconf -M delay/unix="`postconf -M smtp/unix|awk '{$1 = "delay"}'`" + +This is perhaps not super-convenient for manual cloning, but it +should be sufficient for programmatic configuration management. + +Again, always execute "postfix reload" after updating master.cf. + +Deleting or commenting out master.cf entries +-------------------------------------------- + +The -X (delete entry) and -# (comment out entry) options already +exist for main.cf, and they now also work work for entire master.cf +entries: + +Remove main.cf or master.cf entry: + $ postconf -X parametername + $ postconf -MX delay/unix + +Comment out main.cf or master.cf entry: + $ postconf -# parametername + $ postconf -M# delay/unix + +As with main.cf, there is no support to "undo" master.cf changes +that are made with -X or -#. + +Again, always execute "postfix reload" after updating master.cf. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 6ec562349..8908a5e3e 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,13 +1,22 @@ Wish list: + Things to do before the stable release: + + Spell-check, double-word check, and HTML validator check. + + Remove this file from the stable release. + + Things to do after the stable release: + + Discourage the use of "after 220" tests in POSTSCREEN_README + and the documentation of individual parameter settings. + To un-break "make tests" under src/smtpd, make tests independent from the DNS and native routines for host name/address lookup. Incorporate 3rd-party code such as dynamic_maps. - Support 3rd-party extension with /etc/postfix/postfix-files.d - Make been_here flag BH_FLAG_FOLD configurable for masochists. Replace some redundant TLS_README sections with pointers @@ -15,24 +24,18 @@ Wish list: Move html/index.html source to proto/. + How hard is it to follow canonical or virtual mapping + for the purpose of address validation? We must never + reject a valid address. + Preserve case in smtpd_resolve_addr() and add a structure - member for the case-folded address. + member for the case-folded address. IIRC some Milter macro + needs to show the unfolded address. Per SASL account rate limits. This requires new infrastructure that maintains stats by SASL account. - Watchdog timer to postmap/postalias. - - Things to do before the stable release: - - Spell-check, double-word check, and HTML validator check. - - Discourage the use of "after 220" tests in POSTSCREEN_README - and the documentation of individual parameter settings. - - Remove this file from the stable release. - - Things to do after the stable release: + Watchdog timer in postmap/postalias. Begin code revision, after DANE support stabilizes. This should be one pass that changes only names and no code. diff --git a/postfix/html/LMDB_README.html b/postfix/html/LMDB_README.html index 9f7c64c2a..56f468f2d 100644 --- a/postfix/html/LMDB_README.html +++ b/postfix/html/LMDB_README.html @@ -17,6 +17,13 @@
+

Note

+ +

LMDB is not supported in the stable Postfix release. It will +spontaneously terminate a Postfix daemon process without allowing +Postfix to 1) report the problem to the maillog file, and to 2) +provide reduced service where this is appropriate.

+

Introduction

Postfix uses databases of various kinds to store and look up @@ -294,7 +301,7 @@ sure that lmdb_map_size > 3x the

-
Problem:

A corrupted LMDB database cann't be +

Problem:

A corrupted LMDB database can't be rebuilt simply by re-running postmap(1) or postalias(1), or by waiting until a tlsmgr(8) daemon restarts. This problem does not exist with other Postfix databases.

diff --git a/postfix/html/POSTSCREEN_README.html b/postfix/html/POSTSCREEN_README.html index fe1435f91..1c37148fe 100644 --- a/postfix/html/POSTSCREEN_README.html +++ b/postfix/html/POSTSCREEN_README.html @@ -1071,7 +1071,8 @@ of the following options:

key_format = postscreen:%s -

  • A persistent lmdb: temporary whitelist can be shared between +

  • + A persistent lmdb: temporary whitelist can be shared between postscreen(8) daemons that run under the same master(8) daemon, or under different master(8) daemons on the same host. Disable cache cleanup (postscreen_cache_cleanup_interval = 0) in all diff --git a/postfix/html/lmdb_table.5.html b/postfix/html/lmdb_table.5.html index b627ded68..31acc6ac0 100644 --- a/postfix/html/lmdb_table.5.html +++ b/postfix/html/lmdb_table.5.html @@ -20,38 +20,43 @@ LMDB_TABLE(5) LMDB_TABLE(5) postmap -q - lmdb:/etc/postfix/filename <inputfile DESCRIPTION - The Postfix LMDB adapter provides access to a persistent, memory- + LMDB is not supported in the stable Postfix release. It will sponta- + neously terminate a Postfix daemon process without allowing Postfix to + 1) report the problem to the maillog file, and to 2) provide reduced + service where this is appropriate. + + The Postfix LMDB adapter provides access to a persistent, memory- mapped, key-value store. The database size is limited only by the size of the memory address space and file system. REQUESTS - The LMDB adapter supports all Postfix lookup table operations. This - makes LMDB suitable for Postfix address rewriting, routing, access - policies, caches, or any information that can be stored under a fixed + The LMDB adapter supports all Postfix lookup table operations. This + makes LMDB suitable for Postfix address rewriting, routing, access + policies, caches, or any information that can be stored under a fixed lookup key. - When a transaction fails due to a full database, Postfix resizes the + When a transaction fails due to a full database, Postfix resizes the database and retries the transaction. - Postfix access, address mapping and routing table lookups may generate - partial search keys such as domain names without one or more subdo- - mains, network addresses without one or more least-significant octets, - or email addresses without the localpart, address extension or domain - portion. This behavior is also found with btree:, hash:, or ldap: + Postfix access, address mapping and routing table lookups may generate + partial search keys such as domain names without one or more subdo- + mains, network addresses without one or more least-significant octets, + or email addresses without the localpart, address extension or domain + portion. This behavior is also found with btree:, hash:, or ldap: tables. - Unlike other flat-file based Postfix databases, changes to an LMDB + Unlike other flat-file based Postfix databases, changes to an LMDB database do not trigger automatic daemon program restart. RELIABILITY - LMDB's copy-on-write architecture achieves reliable updates, at the - cost of using more space than some other flat-file databases. Read - operations are memory-mapped for speed. Write operations are not mem- + LMDB's copy-on-write architecture achieves reliable updates, at the + cost of using more space than some other flat-file databases. Read + operations are memory-mapped for speed. Write operations are not mem- ory-mapped to avoid silent curruption due stray pointer bugs. - The Postfix LMDB adapter implements locking with fcntl(2) locks at - whole-file granularity. LMDB's native locking scheme would require - world-writable lockfiles and would therefore violate the Postfix secu- + The Postfix LMDB adapter implements locking with fcntl(2) locks at + whole-file granularity. LMDB's native locking scheme would require + world-writable lockfiles and would therefore violate the Postfix secu- rity model. Multiple processes can safely update an LMDB database without serializ- @@ -59,8 +64,8 @@ LMDB_TABLE(5) LMDB_TABLE(5) as a shared cache for verify(8) or postscreen(8) services. CONFIGURATION PARAMETERS - Short-lived programs automatically pick up changes to main.cf. With - long-running daemon programs, Use the command "postfix reload" after a + Short-lived programs automatically pick up changes to main.cf. With + long-running daemon programs, Use the command "postfix reload" after a configuration change. lmdb_map_size (default: 16777216) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index e28df07cb..888d885e5 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -5888,7 +5888,7 @@ Examples:

    Selectively disable master(8) listener ports by service type or by service name and type. Specify a list of service types -("inet", "unix", "fifo", or "pass") or "name.type" tuples, where +("inet", "unix", "fifo", or "pass") or "name/type" tuples, where "name" is the first field of a master.cf entry and "type" is a service type. As with other Postfix matchlists, a search stops at the first match. Specify "!pattern" to exclude a service from the @@ -5901,14 +5901,15 @@ is intentional.

    Examples: 

    +# With Postfix 2.6..2.10 use '.' instead of '/'.
 # Turn on all master(8) listener ports (the default).
 master_service_disable =
 # Turn off only the main SMTP listener port.
-master_service_disable = smtp.inet
+master_service_disable = smtp/inet
 # Turn off all TCP/IP listener ports.
 master_service_disable = inet
 # Turn off all TCP/IP listener ports except "foo".
-master_service_disable = !foo.inet, inet
+master_service_disable = !foo/inet, inet

    This feature is available in Postfix 2.6 and later.

    diff --git a/postfix/man/man5/lmdb_table.5 b/postfix/man/man5/lmdb_table.5 index 45b9a4441..9768ecb91 100644 --- a/postfix/man/man5/lmdb_table.5 +++ b/postfix/man/man5/lmdb_table.5 @@ -22,6 +22,12 @@ Postfix LMDB adapter .SH DESCRIPTION .ad .fi +LMDB is not supported in the stable Postfix release. It +will spontaneously terminate a Postfix daemon process without +allowing Postfix to 1) report the problem to the maillog +file, and to 2) provide reduced service where this is +appropriate. + The Postfix LMDB adapter provides access to a persistent, memory-mapped, key-value store. The database size is limited only by the size of the memory address space and file system. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 7a1310199..baf8ac93f 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3430,7 +3430,7 @@ masquerade_exceptions = root .SH master_service_disable (default: empty) Selectively disable \fBmaster\fR(8) listener ports by service type or by service name and type. Specify a list of service types -("inet", "unix", "fifo", or "pass") or "name.type" tuples, where +("inet", "unix", "fifo", or "pass") or "name/type" tuples, where "name" is the first field of a master.cf entry and "type" is a service type. As with other Postfix matchlists, a search stops at the first match. Specify "!pattern" to exclude a service from the @@ -3445,14 +3445,15 @@ Examples: .nf .na .ft C +# With Postfix 2.6..2.10 use '.' instead of '/'. # Turn on all \fBmaster\fR(8) listener ports (the default). master_service_disable = # Turn off only the main SMTP listener port. -master_service_disable = smtp.inet +master_service_disable = smtp/inet # Turn off all TCP/IP listener ports. master_service_disable = inet # Turn off all TCP/IP listener ports except "foo". -master_service_disable = !foo.inet, inet +master_service_disable = !foo/inet, inet .fi .ad .ft R diff --git a/postfix/proto/LMDB_README.html b/postfix/proto/LMDB_README.html index 91e3a7fc4..ca5e35b62 100644 --- a/postfix/proto/LMDB_README.html +++ b/postfix/proto/LMDB_README.html @@ -17,6 +17,13 @@
    +

    Note

    + +

    LMDB is not supported in the stable Postfix release. It will +spontaneously terminate a Postfix daemon process without allowing +Postfix to 1) report the problem to the maillog file, and to 2) +provide reduced service where this is appropriate.

    +

    Introduction

    Postfix uses databases of various kinds to store and look up @@ -294,7 +301,7 @@ tlsmgr(8) from a corrupted database.

    -
    Problem:

    A corrupted LMDB database cann't be +

    Problem:

    A corrupted LMDB database can't be rebuilt simply by re-running postmap(1) or postalias(1), or by waiting until a tlsmgr(8) daemon restarts. This problem does not exist with other Postfix databases.

    diff --git a/postfix/proto/POSTSCREEN_README.html b/postfix/proto/POSTSCREEN_README.html index 8be94cbc4..75d6a816e 100644 --- a/postfix/proto/POSTSCREEN_README.html +++ b/postfix/proto/POSTSCREEN_README.html @@ -1071,7 +1071,8 @@ of the following options:

    key_format = postscreen:%s -

  • A persistent lmdb: temporary whitelist can be shared between +

  • + A persistent lmdb: temporary whitelist can be shared between postscreen(8) daemons that run under the same master(8) daemon, or under different master(8) daemons on the same host. Disable cache cleanup (postscreen_cache_cleanup_interval = 0) in all diff --git a/postfix/proto/lmdb_table b/postfix/proto/lmdb_table index 8f2829753..46a27917b 100644 --- a/postfix/proto/lmdb_table +++ b/postfix/proto/lmdb_table @@ -16,6 +16,12 @@ # .br # \fBpostmap -q - lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR # DESCRIPTION +# LMDB is not supported in the stable Postfix release. It +# will spontaneously terminate a Postfix daemon process without +# allowing Postfix to 1) report the problem to the maillog +# file, and to 2) provide reduced service where this is +# appropriate. +# # The Postfix LMDB adapter provides access to a persistent, # memory-mapped, key-value store. The database size is limited # only by the size of the memory address space and file system. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 40e948c7a..9fff7cc53 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -13020,7 +13020,7 @@ This service is normally implemented by the proxymap(8) daemon.

    Selectively disable master(8) listener ports by service type or by service name and type. Specify a list of service types -("inet", "unix", "fifo", or "pass") or "name.type" tuples, where +("inet", "unix", "fifo", or "pass") or "name/type" tuples, where "name" is the first field of a master.cf entry and "type" is a service type. As with other Postfix matchlists, a search stops at the first match. Specify "!pattern" to exclude a service from the @@ -13033,14 +13033,15 @@ is intentional.

    Examples: 

    +# With Postfix 2.6..2.10 use '.' instead of '/'.
 # Turn on all master(8) listener ports (the default).
 master_service_disable =
 # Turn off only the main SMTP listener port.
-master_service_disable = smtp.inet
+master_service_disable = smtp/inet
 # Turn off all TCP/IP listener ports.
 master_service_disable = inet
 # Turn off all TCP/IP listener ports except "foo".
-master_service_disable = !foo.inet, inet
+master_service_disable = !foo/inet, inet

    This feature is available in Postfix 2.6 and later.

    diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 8254d0187..f55e582f4 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20140104" -#define MAIL_VERSION_NUMBER "2.11" +#define MAIL_RELEASE_DATE "20140105" +#define MAIL_VERSION_NUMBER "2.12" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/util/lmdb_cache_test.sh b/postfix/src/util/lmdb_cache_test.sh new file mode 100644 index 000000000..8dfc72d4c --- /dev/null +++ b/postfix/src/util/lmdb_cache_test.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +rm -f foo.lmdb + +./dict_cache <saved_key.mv_data = 0; + slmdb->saved_key.mv_size = 0; slmdb->saved_key_size = 0; } @@ -296,8 +297,7 @@ static void slmdb_saved_key_init(SLMDB *slmdb) static void slmdb_saved_key_free(SLMDB *slmdb) { free(slmdb->saved_key.mv_data); - slmdb->saved_key.mv_data = 0; - slmdb->saved_key_size = 0; + slmdb_saved_key_init(slmdb); } #define HAVE_SLMDB_SAVED_KEY(s) ((s)->saved_key.mv_data != 0) @@ -318,7 +318,7 @@ static int slmdb_saved_key_assign(SLMDB *slmdb, MDB_val *key_val) slmdb->saved_key.mv_data = realloc(slmdb->saved_key.mv_data, key_val->mv_size); if (slmdb->saved_key.mv_data == 0) { - slmdb->saved_key_size = 0; + slmdb_saved_key_init(slmdb); return (ENOMEM); } else { slmdb->saved_key_size = key_val->mv_size; @@ -374,7 +374,7 @@ static int slmdb_recover(SLMDB *slmdb, int status) /* * Close the cursor and its read transaction before changing the memory - * map size. We can restore it later with the saved key information. + * map size. We can restore it later from the saved key information. */ if (slmdb->cursor != 0) slmdb_cursor_close(slmdb); @@ -588,7 +588,7 @@ int slmdb_del(SLMDB *slmdb, MDB_val *mdb_key) /* * Before doing a non-bulk write transaction in MDB_NOLOCK mode, close a - * cursor and its read transaction. We can restore it later with the + * cursor and its read transaction. We can restore it later from the * saved key information. */ if (slmdb->cursor != 0 && slmdb->txn == 0 @@ -639,7 +639,7 @@ int slmdb_cursor_get(SLMDB *slmdb, MDB_val *mdb_key, } /* - * Restore the cursor to the saved key position. + * Restore the cursor position from the saved key information. */ if (HAVE_SLMDB_SAVED_KEY(slmdb) && op != MDB_FIRST) { if ((status = mdb_cursor_get(slmdb->cursor, &slmdb->saved_key, @@ -740,7 +740,7 @@ int slmdb_close(SLMDB *slmdb) mdb_env_close(slmdb->env); /* - * Clean up the saved key position. + * Clean up the saved key information. */ if (HAVE_SLMDB_SAVED_KEY(slmdb)) slmdb_saved_key_free(slmdb);