diff --git a/postfix/HISTORY b/postfix/HISTORY index e0a09f1c8..29af59cdd 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14265,3 +14265,8 @@ Apologies for any names omitted. The text is automatically generated from bits and pieces of information that are scattered across other documents. File: mantools/make_soho_readme. + +20080116 + + Bugfix (introduced 20080112): missing #ifdef for the SASL + login failure cache. File: smtp/smtp_sasl_auth_cache.h. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 3f487f3e6..a8730c4b4 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -12,7 +12,7 @@ The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. Incompatibility with Postfix 2.3 and earlier -============================================ +-------------------------------------------- If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4 before proceeding. @@ -200,16 +200,16 @@ New configuration parameters: destination_concurrency_feedback_debug, default_destination_concurrency_positive_feedback, default_destination_concurrency_negative_feedback, default_destination_concurrency_failed_cohort_limit, as well as -transport-specific versions of the same. See postconf(5) for -extensive descriptions, and SCHEDULER_README for background information -on the theory and practice of how these settings work. +transport-specific versions of the same. The default parameter settings are backwards compatible with older Postfix versions. This may change after better defaults are field tested. -The SCHEDULER_README document describes the new concurrency scheduler, -as well as Patrik Rak's preemptive job scheduler. +The updated SCHEDULER_README document describes the theory behind +the new concurrency scheduler, as well as Patrik Rak's preemptive +job scheduler. See postconf(5) for more extensive descriptions of +the configuration parameters. Major changes - small/home office --------------------------------- diff --git a/postfix/TLS_TODO b/postfix/TLS_TODO deleted file mode 100644 index 05590100c..000000000 --- a/postfix/TLS_TODO +++ /dev/null @@ -1,39 +0,0 @@ -This list does not really follow priority. - -* Code cleanup: split smtp_session.c into generic SMTP, legacy TLS, - and current TLS. The amount of TLS code now dominates the file. - Do this after all other code revisions stabilize, to avoid - complicating code reviews. - -* Code cleanup: TLS_LEV_NOTFOUND no longer belongs in the TLS - library. It is an SMTP-client only feature. To fix, change the - policy lookup API and use a different method to indicate if a - policy was found. At the same time, fix policy lookup to initialize - session->tls_level. - -* Code cleanup: see if multiple consecutive switches can be aggregated - (set_cipher_grade() and session_tls_init()). - -* Implement support of CRL checking. OpenSSL 0.9.7 finally supports CRLs, - so Postfix/TLS should support loading CRLs. - -* Cleanup the "pfixtls" special logging, so that it fits Wietses original - "per site" decision to make debugging easier. - -* Move TLS based information from separate lines into Postfix's smtpd - logging lines to make logfile analysis easier. - -* Check the "info_callback" for sensitive use. I already had to remove the - "warning alert" issued on normal shutdown. Why is a warning issued for - a normal shutdown?? - -* Introduce new tls_per_client table to achieve the same selective behaviour - for incoming connections. - -* Introduce better support for "opportunistic" encryption: collect information - about peers connecting; log warnings when the key changed etc. - [I am not sure that I already have the best answers available.] - -* Find a way to use the certificates themselves instead of the fingerprints - to allow certificate based relaying. The maintenance of the fingerprints - is a nightmare. diff --git a/postfix/WISHLIST b/postfix/WISHLIST deleted file mode 100644 index 51524c890..000000000 --- a/postfix/WISHLIST +++ /dev/null @@ -1,330 +0,0 @@ -Wish list: - - Collect random bits and pieces in one SOHO_README document: - smtp_generic_maps, sender_dependent_mumble, - smtp_sasl_auth_cache_name/time. - - See if "pickup =o content_filter=smtp:127.0.0.1" can be - made a viable alternative to the use of non_smtpd_milters. - - Consolidate duplicated code *_server_accept_{pass,inet}(). - - Consolidate duplicated code in {inet,unix,upass}_trigger.c. - - In the SMTP client, handle 421 replies in smtp_loop() by - having the input function raise a flag after detecting 421 - (kill connection caching and be sure to do the right thing - with RSET probes), leave the smtp_loop() per-command reply - handlers unchanged, and have the smtp_loop() reader loop - bail out with smtp_site_fail("server disconnected after - %s", where), but only in the case that it isn't already in - the final state. But first we need to clean up the handling - of do/don't cache, expired, bad and dead sessions. - - Make event_drain() a proper event loop; update the zero mask, - and don't ignore a non-empty timer queue. - - Combine smtpd_peer.c and qmqpd_peer.c into a single function - that produces a client context object, and provide attribute - print/scan routines that pass these client context objects - around. With this, we no longer have to update a multiple - pieces of code when a client attribute is added. Ditto for - SASL and TLS context. - - Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof - Postfix for remote connections with MSS > 8 kbytes. - - Absent a formal spec, model IPv6 RBL lookups after the IPv6 - PTR lookups (one zone per hex nibble, nibbles in reversed - order). How to specify whether to query an RBL server for - status info about an IPv6 address? One could argue that as - long as IPv6 traffic is small an unsupported lookup doesn't - matter; and once IPv6 takes off, the RBL servers better - start supporting IPv6 client status information. - - Don't log "warning: XXXXX: undeliverable postmaster - notification discarded" for spam from outside. - - Really need a cleanup driver that allows testing against - Milter applications instead of synthetic events. This would - have to provide stubs for clients that talk to Postfix - daemon processes. See if this approach can also be used for - other daemons. - - smtpd(8) exempts $address_verify_sender from access controls, - but it doesn't know whether cleanup(8) or delivery agents - modify the sender. Would it be possible to "calibrate" this - exemption, perhaps by having delivery agents pass the probe - sender to the verify server, keeping in mind that the probe - sender may differ per delivery agent due to output rewriting. - - Update attr_print/scan() so they can send/receive file - descriptors. This simplifies kludgy code in many daemons. - - Make adding date/from/etc. conditional. Perhaps on header - rewrite context? Do we need a more powerful concept than - local_header_rewrite_clients/remote_header_rewrite_domain? - - Would there be a problem adding $smtpd_mumble_restrictions - and $smtpd_sender_login_maps to the default proxy_read_maps - settings? - - Remove defer(8) and trace(8) references and man pages. These - are services not program names. On the other hand we have - man pages for lmtp(8) and smtp(8), but not for relay(8). - Likewise, retry(8) does not have a man page. - - Bind all deliveries to the same local delivery process, - making Postfix perform as poorly as monolithic mailers, but - giving a possibility to eliminate duplicate deliveries. - - Maybe declare loop when resolve_local(mxhost) is true? - - Update message content length when adding/removing headers. - - Need scache size limit. - - Make postcat header/body aware so people can grep headers. - What headers? primary, mime, nested? What body? Does it - include the mime and attached headers? - - Make postmap header/body aware so people can test multi-line - header checks. What headers? primary, mime, nested? What - body? Does it include the mime and attached headers? - - REDIRECT should override original recipient info, and - probably override DSN as well. - - Find out if with Sendmail, a Milter "add recipient" request - results in NOTIFY=NONE as Postfix does now. - - Update FILTER_README with mailing list suggestions to tag - with a badness indicator and then filter down-stream. - - Either document or remove the internal_mail_filter_classes - feature (it's disabled by default). - - Build a command-line test driver for the cleanup engine. - This allows us to test it with arbitrary record sequences - without having to use a live mail queue. - - Make null local-part handling configurable: either expand - into mailer-daemon (current bahavior) or disallow (strict - behavior, currently implemented only in the SMTP server). - - Plan for time_t larger than long, or wait for LP64 to - dominate the world? - - The type of var_message_limit (and other file size/offset - configuration parameters or internal protocol attributes) - should be changed from int to off_t. This also requires - checking all expressions in which var_message_limit etc. - appears: qmqpd, netstring, deliver_request, ... - - Add M flag (enable multi-recipient delivery) to pipe daemon. - - The usage of TLScontext->cache_type is unclear. It specifies - a TLS session cache type (smtpd, smtp, or lmtp), but it is - sometimes used as an indicator that TLS session caching is - unavailable. In reality, that decision is made by not - registering call-back functions for cache maintenance. - - Postfix TLS library code should copy any strings that it - receives from the application, instead of passing them - around as pointers. TLScontext->cache_type is a case in - point. - - Are transport:nexthop null fields the same as in the case - of default_transport etc. parameters? - - Don't lose bits when converting st_dev into maildir file - name. It's 64 bits on Linux. Found with the BEAM source - code analyzer. Is this really a problem, or are they just - using 64 bits for upwards compatibility with LP64 systems? - - Do or don't introduce unknown_reverse_client_reject_code. - - Check that "UINT32 == unsigned int" choice is ok (i.e. LP64 - UNIX). - - Tempfail when a Milter application wants content access, - while it is configured in an SMTP server that runs before - the smtpd_proxy filter. - - Log DSN original recipient when rejecting mail. - - Keep whitespace between label and ":"? - - Make the map case folding/locking options configurable, if - not at run-time then at least at compile time so we get - consistent behavior across applications. - - Investigate what it would take to eliminate oqmgr, and to - make the old behavior configurable in a unified queue - manager. This would shave another 2.7 KLOC from the source - footprint. - - Document the case folding strategy for match_list like - features. - - Eliminate the (incoming,deferred)->active rename operation. - - Softbounce fallback-to-ISP for SOHO users. This requires - playing with the soft_error test in the smtp_trouble.c - module, and avoiding delivery to backup MX hosts. - - In the SMTP server, set a "pipelining detected" flag at the - start of a session and at protocol synchronization points, - so that reject_unauth_pipelining can be specified in any - access rule. - - Centralize main.cf parameter input so that defaults work - consistently. What about parameter names that are prefixed - with mail delivery transport names? - - Fix default time unit handling so that we can have a default - bounce lifetime of $maximal_queue_lifetime, without causing - panics when a non-default maximal_queue_lifetime setting - includes no time unit. - - After the 20051222 ISASCII paranoia, lowercase() lowercases - ASCII text only. - - Privacy: remove local command/pathname details from remote - delivery status reports, and log them via local msg_warn(). - - Is it safe to cache a connection after it has been used for - more than some number of address verification probes? - - Try to recognize that Resent- headers appear in blocks, - newest block first. But don't break on incorrect header - block organization. - - Hard limits on cache sizes (anvil, specifically). - - Laptop friendliness: make the qmgr remember when the next - deferred queue scan needs to be done, and have the pickup - server stat() the maildrop directory before searching it. - - Low: replace_sender/replace_recipient actions in access - maps? - - Low: configurable order of local(8) delivery methods. - - Med: local and remote source port and IP address for smtpd - policy hook. - - Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout) - to limit the total time spent trying to connect. - - Med: transform IPv4-in-IPv6 address literals to IPv4 form - when comparing against local IP addresses? - - Med: transform IPv4-in-IPv6 address literals to IPv4 form - when eliminating MX mailer loops? - - Med: Postfix requires [] around IPv6 address information - in match lists such as mynetworks, debug_peer_list etc., - but the [] must not be specified in access(5) maps. Other - places don't care. For now, this gotcha is documented in - IPV6_README and in postconf(5) with each feature that may - use IPv6 address information. The general recommendation - is not to use [] unless absolutely necessary. - - Med: the partial address matching of IPv6 addresses in - access(5) maps is a bit lame: it repeatedly truncates the - last ":octetpair" from the printable address representation - until a match is found or until truncation is no longer - possible. Since one or more ":" are usually omitted from - the printable IPv6 address representation, this does not - really try all the possibilities that one might expect to - be tried. For now, this gotcha is documented in access(5). - - Med: the TLS certificate verification depth parameters never - worked. - - Low: reject HELO with any domain name or IP address that - this MTA is the final destination for. - - Low: should the Delivered-To: test in local(8) be configurable? - - Low: make mail_addr_find() lookup configurable. - - Low: update events.c so that 1-second timer requests do not - suffer from rounding errors. This is needed for 1-second - SMTP session caching time limits. A 1-second interval would - become arbitrarily short when an event is scheduled just - before the current second rolls over. - - Low: configurable internal/system locking method. - - Low: add INSTALL section for pre-existing Postfix systems. - - Low: add INSTALL section for pre-existing RPM Postfixes. - - Low: disallow smtpd_recipient_limit < 100 (the RFC minimum). - - Low: noise filter: allow smtp(8) to retry immediately if - all MXes return a quick ECONNRESET or 4xx reply during the - initial handshake. Retry once? How many times? - - Low: make post-install a "postfix-only script" so it can - take data from the environment instead of main.cf. - - Low: randomize deferred mail backoff. - - Med: separate ulimit for delivery to command? - - Med: postsuper -r should do something with recipients in - bounce logfiles, to make sure the sender will be notified. - To be perfectly safe, no process other than the queue manager - should move a queue file away from the active queue. - - This could involve tagging a queue file, and use up another - permission bit (postsuper tags a "hot" file, qmgr requeues it). - - Low: postsuper re-run after renaming files, but only a - limited number of times. - - Low: smtp-source may block when sending large test messages. - - Med: find a way to log the sender address when MAIL FROM - is rejected due to lack of disk space. - - Low: revise other local delivery agent duplicate filters. - - Low: all table lookups should consistently use internalized - (unquoted) or externalized (quoted) forms as lookup keys. - smtpd, qmgr, local, etc. use unquoted address forms as keys. - cleanup uses quoted forms. - - Low: have a configurable list of errno values for mailbox - or maildir delivery that result in deferral rather than - bouncing mail. What about "killed by signal" exits? - - Low: after reorganizing configuration parameters, add flags - to all parameters whose value can be read from file. - - Medium: need in-process caching for map lookups. LDAP servers - seem to need this in particular. Need a way to expire cached - results that are too old. - - Low: generic showq protocol, to allow for more intelligent - processing than just mailq. Maybe marry this with postsuper. - - Low: default domain for appending to unqualified recipients, - so that unqualified names can be delivered locally. - - Low: The $process_id_directory setting is not used anywhere - in Postfix. Problem reported by Michael Smith, texas.net. - This should be documented, or better, the code should warn - about attempts to set read-only parameters. - - Low: postconf -e edits parameters that postconf won't list. - - Low: while converting 8bit text to quoted-printable, perhaps - use =46rom to avoid having to produce >From when delivering - to mailbox. - - virtual_mailbox_path expression like forward_path, so that - people can specify prefix and suffix. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 70761f178..563ab40d8 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20080115" -#define MAIL_VERSION_NUMBER "2.5" +#define MAIL_RELEASE_DATE "20080116" +#define MAIL_VERSION_NUMBER "2.5.0-RC2" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtp/smtp_sasl_auth_cache.c b/postfix/src/smtp/smtp_sasl_auth_cache.c index 33f308f1e..9920850a1 100644 --- a/postfix/src/smtp/smtp_sasl_auth_cache.c +++ b/postfix/src/smtp/smtp_sasl_auth_cache.c @@ -141,8 +141,8 @@ SMTP_SASL_AUTH_CACHE *smtp_sasl_auth_cache_init(const char *map, int ttl) auth_cache = (SMTP_SASL_AUTH_CACHE *) mymalloc(sizeof(*auth_cache)); auth_cache->dict = dict_open(map, O_CREAT | O_RDWR, CACHE_DICT_OPEN_FLAGS); auth_cache->ttl = ttl; - auth_cache->dsn = mymalloc(100); - auth_cache->text = mymalloc(100); + auth_cache->dsn = mystrdup(""); + auth_cache->text = mystrdup(""); return (auth_cache); } @@ -154,9 +154,9 @@ SMTP_SASL_AUTH_CACHE *smtp_sasl_auth_cache_init(const char *map, int ttl) * password has changed. */ -/* smtp_sasl_make_auth_cache_key - format auth failure cache lookup key */ +/* smtp_sasl_auth_cache_make_key - format auth failure cache lookup key */ -static char *smtp_sasl_make_auth_cache_key(const char *host, const char *user) +static char *smtp_sasl_auth_cache_make_key(const char *host, const char *user) { VSTRING *buf = vstring_alloc(100); @@ -164,9 +164,9 @@ static char *smtp_sasl_make_auth_cache_key(const char *host, const char *user) return (vstring_export(buf)); } -/* smtp_sasl_make_auth_cache_pass - hash the auth failure cache password */ +/* smtp_sasl_auth_cache_make_pass - hash the auth failure cache password */ -static char *smtp_sasl_make_auth_cache_pass(const char *password) +static char *smtp_sasl_auth_cache_make_pass(const char *password) { VSTRING *buf = vstring_alloc(2 * SHA_DIGEST_LENGTH); @@ -176,9 +176,9 @@ static char *smtp_sasl_make_auth_cache_pass(const char *password) return (vstring_export(buf)); } -/* smtp_sasl_make_auth_cache_value - format auth failure cache value */ +/* smtp_sasl_auth_cache_make_value - format auth failure cache value */ -static char *smtp_sasl_make_auth_cache_value(const char *password, +static char *smtp_sasl_auth_cache_make_value(const char *password, const char *dsn, const char *rep_str) { @@ -186,7 +186,7 @@ static char *smtp_sasl_make_auth_cache_value(const char *password, char *pwd_hash; unsigned long now = (unsigned long) time((time_t *) 0); - pwd_hash = smtp_sasl_make_auth_cache_pass(password); + pwd_hash = smtp_sasl_auth_cache_make_pass(password); vstring_sprintf(val_buf, "%lu;%s;%s;%s", now, pwd_hash, dsn, rep_str); myfree(pwd_hash); return (vstring_export(val_buf)); @@ -216,7 +216,7 @@ static int smtp_sasl_auth_cache_valid(SMTP_SASL_AUTH_CACHE *auth_cache, } else if (time_stamp + auth_cache->ttl < now) { valid = 0; } else { - curr_hash = smtp_sasl_make_auth_cache_pass(password); + curr_hash = smtp_sasl_auth_cache_make_pass(password); valid = (strcmp(cache_hash, curr_hash) == 0); myfree(curr_hash); } @@ -233,7 +233,7 @@ int smtp_sasl_auth_cache_find(SMTP_SASL_AUTH_CACHE *auth_cache, const char *entry; int valid = 0; - key = smtp_sasl_make_auth_cache_key(session->host, session->sasl_username); + key = smtp_sasl_auth_cache_make_key(session->host, session->sasl_username); if ((entry = dict_get(auth_cache->dict, key)) != 0) if ((valid = smtp_sasl_auth_cache_valid(auth_cache, entry, session->sasl_passwd)) == 0) @@ -254,8 +254,8 @@ void smtp_sasl_auth_cache_store(SMTP_SASL_AUTH_CACHE *auth_cache, char *key; char *value; - key = smtp_sasl_make_auth_cache_key(session->host, session->sasl_username); - value = smtp_sasl_make_auth_cache_value(session->sasl_passwd, + key = smtp_sasl_auth_cache_make_key(session->host, session->sasl_username); + value = smtp_sasl_auth_cache_make_value(session->sasl_passwd, resp->dsn, resp->str); dict_put(auth_cache->dict, key, value); diff --git a/postfix/src/smtp/smtp_sasl_auth_cache.h b/postfix/src/smtp/smtp_sasl_auth_cache.h index 71271a21e..cbbdb0d53 100644 --- a/postfix/src/smtp/smtp_sasl_auth_cache.h +++ b/postfix/src/smtp/smtp_sasl_auth_cache.h @@ -20,7 +20,7 @@ /* * This code stores hashed passwords which requires OpenSSL. */ -#ifdef USE_TLS +#if defined(USE_TLS) && defined(USE_SASL_AUTH) #define HAVE_SASL_AUTH_CACHE /*