postfix-2.5.0-RC2

postfix/HISTORY

@@ -14265,3 +14265,8 @@ Apologies for any names omitted.
 	The text is automatically generated from bits and pieces of
 	information that are scattered across other documents.
 	File: mantools/make_soho_readme.
+
+20080116
+
+	Bugfix (introduced 20080112): missing #ifdef for the SASL
+	login failure cache. File: smtp/smtp_sasl_auth_cache.h.

postfix/RELEASE_NOTES

@@ -12,7 +12,7 @@ The mail_release_date configuration parameter (format: yyyymmdd)
 specifies the release date of a stable release or snapshot release.
 
 Incompatibility with Postfix 2.3 and earlier
-============================================
+--------------------------------------------
 
 If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
 before proceeding.
@@ -200,16 +200,16 @@ New configuration parameters: destination_concurrency_feedback_debug,
 default_destination_concurrency_positive_feedback,
 default_destination_concurrency_negative_feedback,
 default_destination_concurrency_failed_cohort_limit, as well as
-transport-specific versions of the same.  See postconf(5) for
-extensive descriptions, and SCHEDULER_README for background information
-on the theory and practice of how these settings work.
+transport-specific versions of the same.
 
 The default parameter settings are backwards compatible with older
 Postfix versions. This may change after better defaults are field
 tested.
 
-The SCHEDULER_README document describes the new concurrency scheduler,
-as well as Patrik Rak's preemptive job scheduler.
+The updated SCHEDULER_README document describes the theory behind
+the new concurrency scheduler, as well as Patrik Rak's preemptive
+job scheduler. See postconf(5) for more extensive descriptions of
+the configuration parameters.
 
 Major changes - small/home office
 ---------------------------------

postfix/TLS_TODO

@@ -1,39 +0,0 @@
-This list does not really follow priority.
-
-* Code cleanup: split smtp_session.c into generic SMTP, legacy TLS,
-  and current TLS.  The amount of TLS code now dominates the file.
-  Do this after all other code revisions stabilize, to avoid
-  complicating code reviews.
-
-* Code cleanup: TLS_LEV_NOTFOUND no longer belongs in the TLS
-  library. It is an SMTP-client only feature. To fix, change the
-  policy lookup API and use a different method to indicate if a
-  policy was found. At the same time, fix policy lookup to initialize
-  session->tls_level.
-
-* Code cleanup: see if multiple consecutive switches can be aggregated
-  (set_cipher_grade() and session_tls_init()).
-
-* Implement support of CRL checking. OpenSSL 0.9.7 finally supports CRLs,
-  so Postfix/TLS should support loading CRLs.
-
-* Cleanup the "pfixtls" special logging, so that it fits Wietses original
-  "per site" decision to make debugging easier.
-
-* Move TLS based information from separate lines into Postfix's smtpd
-  logging lines to make logfile analysis easier.
-
-* Check the "info_callback" for sensitive use. I already had to remove the
-  "warning alert" issued on normal shutdown. Why is a warning issued for
-  a normal shutdown??
-
-* Introduce new tls_per_client table to achieve the same selective behaviour
-  for incoming connections.
-
-* Introduce better support for "opportunistic" encryption: collect information
-  about peers connecting; log warnings when the key changed etc.
-  [I am not sure that I already have the best answers available.]
-
-* Find a way to use the certificates themselves instead of the fingerprints
-  to allow certificate based relaying. The maintenance of the fingerprints
-  is a nightmare.

postfix/WISHLIST

@@ -1,330 +0,0 @@
-Wish list:
-
-	Collect random bits and pieces in one SOHO_README document:
-	smtp_generic_maps, sender_dependent_mumble,
-	smtp_sasl_auth_cache_name/time.
-
-	See if "pickup =o content_filter=smtp:127.0.0.1" can be
-	made a viable alternative to the use of non_smtpd_milters.
-
-	Consolidate duplicated code *_server_accept_{pass,inet}().
-
-	Consolidate duplicated code in {inet,unix,upass}_trigger.c.
-
-	In the SMTP client, handle 421 replies in smtp_loop() by
-	having the input function raise a flag after detecting 421
-	(kill connection caching and be sure to do the right thing
-	with RSET probes), leave the smtp_loop() per-command reply
-	handlers unchanged, and have the smtp_loop() reader loop
-	bail out with smtp_site_fail("server disconnected after
-	%s", where), but only in the case that it isn't already in
-	the final state. But first we need to clean up the handling
-	of do/don't cache, expired, bad and dead sessions.
-
-	Make event_drain() a proper event loop; update the zero mask,
-	and don't ignore a non-empty timer queue.
-
-	Combine smtpd_peer.c and qmqpd_peer.c into a single function
-	that produces a client context object, and provide attribute
-	print/scan routines that pass these client context objects
-	around. With this, we no longer have to update a multiple
-	pieces of code when a client attribute is added. Ditto for
-	SASL and TLS context.
-
-	Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof
-	Postfix for remote connections with MSS > 8 kbytes.
-
-	Absent a formal spec, model IPv6 RBL lookups after the IPv6
-	PTR lookups (one zone per hex nibble, nibbles in reversed
-	order). How to specify whether to query an RBL server for
-	status info about an IPv6 address? One could argue that as
-	long as IPv6 traffic is small an unsupported lookup doesn't
-	matter; and once IPv6 takes off, the RBL servers better
-	start supporting IPv6 client status information.
-
-	Don't log "warning: XXXXX: undeliverable postmaster
-	notification discarded" for spam from outside.
-
-	Really need a cleanup driver that allows testing against
-	Milter applications instead of synthetic events. This would
-	have to provide stubs for clients that talk to Postfix
-	daemon processes. See if this approach can also be used for
-	other daemons.
-
-	smtpd(8) exempts $address_verify_sender from access controls,
-	but it doesn't know whether cleanup(8) or delivery agents
-	modify the sender. Would it be possible to "calibrate" this
-	exemption, perhaps by having delivery agents pass the probe
-	sender to the verify server, keeping in mind that the probe
-	sender may differ per delivery agent due to output rewriting.
-
-	Update attr_print/scan() so they can send/receive file
-	descriptors. This simplifies kludgy code in many daemons.
-
-	Make adding date/from/etc. conditional. Perhaps on header
-	rewrite context? Do we need a more powerful concept than
-	local_header_rewrite_clients/remote_header_rewrite_domain?
-
-	Would there be a problem adding $smtpd_mumble_restrictions
-	and $smtpd_sender_login_maps to the default proxy_read_maps
-	settings?
-
-	Remove defer(8) and trace(8) references and man pages. These
-	are services not program names. On the other hand we have
-	man pages for lmtp(8) and smtp(8), but not for relay(8).
-	Likewise, retry(8) does not have a man page.
-
-	Bind all deliveries to the same local delivery process,
-	making Postfix perform as poorly as monolithic mailers, but
-	giving a possibility to eliminate duplicate deliveries.
-
-	Maybe declare loop when resolve_local(mxhost) is true?
-
-	Update message content length when adding/removing headers.
-
-	Need scache size limit.
-
-	Make postcat header/body aware so people can grep headers.
-	What headers? primary, mime, nested? What body? Does it
-	include the mime and attached headers?
-
-	Make postmap header/body aware so people can test multi-line
-	header checks. What headers? primary, mime, nested? What
-	body? Does it include the mime and attached headers?
-
-	REDIRECT should override original recipient info, and
-	probably override DSN as well.
-
-	Find out if with Sendmail, a Milter "add recipient" request
-	results in NOTIFY=NONE as Postfix does now.
-
-	Update FILTER_README with mailing list suggestions to tag
-	with a badness indicator and then filter down-stream.
-
-	Either document or remove the internal_mail_filter_classes
-	feature (it's disabled by default).
-
-	Build a command-line test driver for the cleanup engine.
-	This allows us to test it with arbitrary record sequences
-	without having to use a live mail queue.
-
-	Make null local-part handling configurable: either expand
-	into mailer-daemon (current bahavior) or disallow (strict
-	behavior, currently implemented only in the SMTP server).
-
-	Plan for time_t larger than long, or wait for LP64 to
-	dominate the world?
-
-	The type of var_message_limit (and other file size/offset
-	configuration parameters or internal protocol attributes)
-	should be changed from int to off_t.  This also requires
-	checking all expressions in which var_message_limit etc.
-	appears: qmqpd, netstring, deliver_request, ...
-
-	Add M flag (enable multi-recipient delivery) to pipe daemon.
-
-	The usage of TLScontext->cache_type is unclear. It specifies
-	a TLS session cache type (smtpd, smtp, or lmtp), but it is
-	sometimes used as an indicator that TLS session caching is
-	unavailable.  In reality, that decision is made by not
-	registering call-back functions for cache maintenance.
-
-	Postfix TLS library code should copy any strings that it
-	receives from the application, instead of passing them
-	around as pointers. TLScontext->cache_type is a case in
-	point.
-
-	Are transport:nexthop null fields the same as in the case
-	of default_transport etc. parameters?
-
-	Don't lose bits when converting st_dev into maildir file
-	name. It's 64 bits on Linux. Found with the BEAM source
-	code analyzer. Is this really a problem, or are they just
-	using 64 bits for upwards compatibility with LP64 systems?
-
-	Do or don't introduce unknown_reverse_client_reject_code.
-
-	Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
-	UNIX).
-
-	Tempfail when a Milter application wants content access,
-	while it is configured in an SMTP server that runs before
-	the smtpd_proxy filter.
-
-	Log DSN original recipient when rejecting mail.
-
-	Keep whitespace between label and ":"?
-
-	Make the map case folding/locking options configurable, if
-	not at run-time then at least at compile time so we get
-	consistent behavior across applications.
-
-	Investigate what it would take to eliminate oqmgr, and to
-	make the old behavior configurable in a unified queue
-	manager.  This would shave another 2.7 KLOC from the source
-	footprint.
-
-	Document the case folding strategy for match_list like
-	features.
-
-	Eliminate the (incoming,deferred)->active rename operation.
-
-	Softbounce fallback-to-ISP for SOHO users. This requires
-	playing with the soft_error test in the smtp_trouble.c
-	module, and avoiding delivery to backup MX hosts.
-
-	In the SMTP server, set a "pipelining detected" flag at the
-	start of a session and at protocol synchronization points,
-	so that reject_unauth_pipelining can be specified in any
-	access rule.
-
-	Centralize main.cf parameter input so that defaults work
-	consistently. What about parameter names that are prefixed
-	with mail delivery transport names?
-
-	Fix default time unit handling so that we can have a default
-	bounce lifetime of $maximal_queue_lifetime, without causing
-	panics when a non-default maximal_queue_lifetime setting
-	includes no time unit.
-
-	After the 20051222 ISASCII paranoia, lowercase() lowercases
-	ASCII text only.
-
-	Privacy: remove local command/pathname details from remote
-	delivery status reports, and log them via local msg_warn().
-
-	Is it safe to cache a connection after it has been used for
-	more than some number of address verification probes?
-
-	Try to recognize that Resent- headers appear in blocks,
-	newest block first. But don't break on incorrect header
-	block organization.
-
-	Hard limits on cache sizes (anvil, specifically).
-
-	Laptop friendliness: make the qmgr remember when the next
-	deferred queue scan needs to be done, and have the pickup
-	server stat() the maildrop directory before searching it.
-
-	Low: replace_sender/replace_recipient actions in access
-	maps?
-
-	Low: configurable order of local(8) delivery methods.
-
-	Med: local and remote source port and IP address for smtpd
-	policy hook.
-
-	Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
-	to limit the total time spent trying to connect.
-
-	Med: transform IPv4-in-IPv6 address literals to IPv4 form
-	when comparing against local IP addresses?
-
-	Med: transform IPv4-in-IPv6 address literals to IPv4 form
-	when eliminating MX mailer loops?
-
-	Med: Postfix requires [] around IPv6 address information
-	in match lists such as mynetworks, debug_peer_list etc.,
-	but the [] must not be specified in access(5) maps. Other
-	places don't care.  For now, this gotcha is documented in
-	IPV6_README and in postconf(5) with each feature that may
-	use IPv6 address information. The general recommendation
-	is not to use [] unless absolutely necessary.
-
-	Med: the partial address matching of IPv6 addresses in
-	access(5) maps is a bit lame: it repeatedly truncates the
-	last ":octetpair" from the printable address representation
-	until a match is found or until truncation is no longer
-	possible.  Since one or more ":" are usually omitted from
-	the printable IPv6 address representation, this does not
-	really try all the possibilities that one might expect to
-	be tried. For now, this gotcha is documented in access(5).
-
-	Med: the TLS certificate verification depth parameters never
-	worked.
-
-	Low: reject HELO with any domain name or IP address that
-	this MTA is the final destination for.
-
-	Low: should the Delivered-To: test in local(8) be configurable?
-
-	Low: make mail_addr_find() lookup configurable.
-
-	Low: update events.c so that 1-second timer requests do not
-	suffer from rounding errors. This is needed for 1-second
-	SMTP session caching time limits. A 1-second interval would
-	become arbitrarily short when an event is scheduled just
-	before the current second rolls over.
-
-	Low: configurable internal/system locking method.
-
-	Low: add INSTALL section for pre-existing Postfix systems.
-
-	Low: add INSTALL section for pre-existing RPM Postfixes.
-
-	Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
-
-	Low: noise filter: allow smtp(8) to retry immediately if
-	all MXes return a quick ECONNRESET or 4xx reply during the
-	initial handshake. Retry once? How many times?
-
-	Low: make post-install a "postfix-only script" so it can
-	take data from the environment instead of main.cf.
-
-	Low: randomize deferred mail backoff.
-
-	Med: separate ulimit for delivery to command?
-
-	Med: postsuper -r should do something with recipients in
-	bounce logfiles, to make sure the sender will be notified.
-	To be perfectly safe, no process other than the queue manager
-	should move a queue file away from the active queue.
-
-	This could involve tagging a queue file, and use up another
-	permission bit (postsuper tags a "hot" file, qmgr requeues it).
-
-	Low: postsuper re-run after renaming files, but only a
-	limited number of times.
-
-	Low: smtp-source may block when sending large test messages.
-
-	Med: find a way to log the sender address when MAIL FROM
-	is rejected due to lack of disk space.
-
-	Low: revise other local delivery agent duplicate filters.
-
-	Low: all table lookups should consistently use internalized
-	(unquoted) or externalized (quoted) forms as lookup keys.
-	smtpd, qmgr, local, etc. use unquoted address forms as keys.
-	cleanup uses quoted forms.
-
-	Low: have a configurable list of errno values for mailbox
-	or maildir delivery that result in deferral rather than
-	bouncing mail. What about "killed by signal" exits?
-
-	Low: after reorganizing configuration parameters, add flags
-	to all parameters whose value can be read from file.
-
-	Medium: need in-process caching for map lookups. LDAP servers
-	seem to need this in particular. Need a way to expire cached
-	results that are too old.
-
-	Low: generic showq protocol, to allow for more intelligent
-	processing than just mailq. Maybe marry this with postsuper.
-
-	Low: default domain for appending to unqualified recipients,
-	so that unqualified names can be delivered locally.
-
-	Low: The $process_id_directory setting is not used anywhere
-	in Postfix. Problem reported by Michael Smith, texas.net.
-	This should be documented, or better, the code should warn
-	about attempts to set read-only parameters.
-
-	Low: postconf -e edits parameters that postconf won't list.
-
-	Low: while converting 8bit text to quoted-printable, perhaps
-	use =46rom to avoid having to produce >From when delivering
-	to mailbox.
-
-	virtual_mailbox_path expression like forward_path, so that
-	people can specify prefix and suffix.

postfix/src/global/mail_version.h

@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20080115"
-#define MAIL_VERSION_NUMBER	"2.5"
+#define MAIL_RELEASE_DATE	"20080116"
+#define MAIL_VERSION_NUMBER	"2.5.0-RC2"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE

postfix/src/smtp/smtp_sasl_auth_cache.c

@@ -141,8 +141,8 @@ SMTP_SASL_AUTH_CACHE *smtp_sasl_auth_cache_init(const char *map, int ttl)
     auth_cache = (SMTP_SASL_AUTH_CACHE *) mymalloc(sizeof(*auth_cache));
     auth_cache->dict = dict_open(map, O_CREAT | O_RDWR, CACHE_DICT_OPEN_FLAGS);
     auth_cache->ttl = ttl;
-    auth_cache->dsn = mymalloc(100);
-    auth_cache->text = mymalloc(100);
+    auth_cache->dsn = mystrdup("");
+    auth_cache->text = mystrdup("");
     return (auth_cache);
 }
 
@@ -154,9 +154,9 @@ SMTP_SASL_AUTH_CACHE *smtp_sasl_auth_cache_init(const char *map, int ttl)
   * password has changed.
   */
 
-/* smtp_sasl_make_auth_cache_key - format auth failure cache lookup key */
+/* smtp_sasl_auth_cache_make_key - format auth failure cache lookup key */
 
-static char *smtp_sasl_make_auth_cache_key(const char *host, const char *user)
+static char *smtp_sasl_auth_cache_make_key(const char *host, const char *user)
 {
     VSTRING *buf = vstring_alloc(100);
 
@@ -164,9 +164,9 @@ static char *smtp_sasl_make_auth_cache_key(const char *host, const char *user)
     return (vstring_export(buf));
 }
 
-/* smtp_sasl_make_auth_cache_pass - hash the auth failure cache password */
+/* smtp_sasl_auth_cache_make_pass - hash the auth failure cache password */
 
-static char *smtp_sasl_make_auth_cache_pass(const char *password)
+static char *smtp_sasl_auth_cache_make_pass(const char *password)
 {
     VSTRING *buf = vstring_alloc(2 * SHA_DIGEST_LENGTH);
 
@@ -176,9 +176,9 @@ static char *smtp_sasl_make_auth_cache_pass(const char *password)
     return (vstring_export(buf));
 }
 
-/* smtp_sasl_make_auth_cache_value - format auth failure cache value */
+/* smtp_sasl_auth_cache_make_value - format auth failure cache value */
 
-static char *smtp_sasl_make_auth_cache_value(const char *password,
+static char *smtp_sasl_auth_cache_make_value(const char *password,
 					             const char *dsn,
 					             const char *rep_str)
 {
@@ -186,7 +186,7 @@ static char *smtp_sasl_make_auth_cache_value(const char *password,
     char   *pwd_hash;
     unsigned long now = (unsigned long) time((time_t *) 0);
 
-    pwd_hash = smtp_sasl_make_auth_cache_pass(password);
+    pwd_hash = smtp_sasl_auth_cache_make_pass(password);
     vstring_sprintf(val_buf, "%lu;%s;%s;%s", now, pwd_hash, dsn, rep_str);
     myfree(pwd_hash);
     return (vstring_export(val_buf));
@@ -216,7 +216,7 @@ static int smtp_sasl_auth_cache_valid(SMTP_SASL_AUTH_CACHE *auth_cache,
     } else if (time_stamp + auth_cache->ttl < now) {
 	valid = 0;
     } else {
-	curr_hash = smtp_sasl_make_auth_cache_pass(password);
+	curr_hash = smtp_sasl_auth_cache_make_pass(password);
 	valid = (strcmp(cache_hash, curr_hash) == 0);
 	myfree(curr_hash);
     }
@@ -233,7 +233,7 @@ int     smtp_sasl_auth_cache_find(SMTP_SASL_AUTH_CACHE *auth_cache,
     const char *entry;
     int     valid = 0;
 
-    key = smtp_sasl_make_auth_cache_key(session->host, session->sasl_username);
+    key = smtp_sasl_auth_cache_make_key(session->host, session->sasl_username);
     if ((entry = dict_get(auth_cache->dict, key)) != 0)
 	if ((valid = smtp_sasl_auth_cache_valid(auth_cache, entry,
 						session->sasl_passwd)) == 0)
@@ -254,8 +254,8 @@ void    smtp_sasl_auth_cache_store(SMTP_SASL_AUTH_CACHE *auth_cache,
     char   *key;
     char   *value;
 
-    key = smtp_sasl_make_auth_cache_key(session->host, session->sasl_username);
-    value = smtp_sasl_make_auth_cache_value(session->sasl_passwd,
+    key = smtp_sasl_auth_cache_make_key(session->host, session->sasl_username);
+    value = smtp_sasl_auth_cache_make_value(session->sasl_passwd,
 					    resp->dsn, resp->str);
     dict_put(auth_cache->dict, key, value);
 

postfix/src/smtp/smtp_sasl_auth_cache.h

@@ -20,7 +20,7 @@
  /*
   * This code stores hashed passwords which requires OpenSSL.
   */
-#ifdef USE_TLS
+#if defined(USE_TLS) && defined(USE_SASL_AUTH)
 #define HAVE_SASL_AUTH_CACHE
 
  /*