postfix-2.5.0-RC2

2025-08-31 06:05:37 +00:00 · 2008-01-16 00:00:00 -05:00
parent dfbdd7de35
commit b5f31bd3e8
7 changed files with 27 additions and 391 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -14265,3 +14265,8 @@ Apologies for any names omitted.
 	The text is automatically generated from bits and pieces of
 	information that are scattered across other documents.
 	File: mantools/make_soho_readme.
 20080116
 	Bugfix (introduced 20080112): missing #ifdef for the SASL
 	login failure cache. File: smtp/smtp_sasl_auth_cache.h.
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -12,7 +12,7 @@ The mail_release_date configuration parameter (format: yyyymmdd)
 specifies the release date of a stable release or snapshot release.
 Incompatibility with Postfix 2.3 and earlier
-============================================
+--------------------------------------------
 If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
 before proceeding.
@@ -200,16 +200,16 @@ New configuration parameters: destination_concurrency_feedback_debug,
 default_destination_concurrency_positive_feedback,
 default_destination_concurrency_negative_feedback,
 default_destination_concurrency_failed_cohort_limit, as well as
-transport-specific versions of the same.  See postconf(5) for
+transport-specific versions of the same.
 extensive descriptions, and SCHEDULER_README for background information
 on the theory and practice of how these settings work.
 The default parameter settings are backwards compatible with older
 Postfix versions. This may change after better defaults are field
 tested.
-The SCHEDULER_README document describes the new concurrency scheduler,
+The updated SCHEDULER_README document describes the theory behind
-as well as Patrik Rak's preemptive job scheduler.
+the new concurrency scheduler, as well as Patrik Rak's preemptive
 job scheduler. See postconf(5) for more extensive descriptions of
 the configuration parameters.
 Major changes - small/home office
 ---------------------------------
--- a/postfix/TLS_TODO
+++ b/postfix/TLS_TODO
@@ -1,39 +0,0 @@
 This list does not really follow priority.
 * Code cleanup: split smtp_session.c into generic SMTP, legacy TLS,
  and current TLS.  The amount of TLS code now dominates the file.
  Do this after all other code revisions stabilize, to avoid
  complicating code reviews.
 * Code cleanup: TLS_LEV_NOTFOUND no longer belongs in the TLS
  library. It is an SMTP-client only feature. To fix, change the
  policy lookup API and use a different method to indicate if a
  policy was found. At the same time, fix policy lookup to initialize
  session->tls_level.
 * Code cleanup: see if multiple consecutive switches can be aggregated
  (set_cipher_grade() and session_tls_init()).
 * Implement support of CRL checking. OpenSSL 0.9.7 finally supports CRLs,
  so Postfix/TLS should support loading CRLs.
 * Cleanup the "pfixtls" special logging, so that it fits Wietses original
  "per site" decision to make debugging easier.
 * Move TLS based information from separate lines into Postfix's smtpd
  logging lines to make logfile analysis easier.
 * Check the "info_callback" for sensitive use. I already had to remove the
  "warning alert" issued on normal shutdown. Why is a warning issued for
  a normal shutdown??
 * Introduce new tls_per_client table to achieve the same selective behaviour
  for incoming connections.
 * Introduce better support for "opportunistic" encryption: collect information
  about peers connecting; log warnings when the key changed etc.
  [I am not sure that I already have the best answers available.]
 * Find a way to use the certificates themselves instead of the fingerprints
  to allow certificate based relaying. The maintenance of the fingerprints
  is a nightmare.
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -1,330 +0,0 @@
 Wish list:
 	Collect random bits and pieces in one SOHO_README document:
 	smtp_generic_maps, sender_dependent_mumble,
 	smtp_sasl_auth_cache_name/time.
 	See if "pickup =o content_filter=smtp:127.0.0.1" can be
 	made a viable alternative to the use of non_smtpd_milters.
 	Consolidate duplicated code *_server_accept_{pass,inet}().
 	Consolidate duplicated code in {inet,unix,upass}_trigger.c.
 	In the SMTP client, handle 421 replies in smtp_loop() by
 	having the input function raise a flag after detecting 421
 	(kill connection caching and be sure to do the right thing
 	with RSET probes), leave the smtp_loop() per-command reply
 	handlers unchanged, and have the smtp_loop() reader loop
 	bail out with smtp_site_fail("server disconnected after
 	%s", where), but only in the case that it isn't already in
 	the final state. But first we need to clean up the handling
 	of do/don't cache, expired, bad and dead sessions.
 	Make event_drain() a proper event loop; update the zero mask,
 	and don't ignore a non-empty timer queue.
 	Combine smtpd_peer.c and qmqpd_peer.c into a single function
 	that produces a client context object, and provide attribute
 	print/scan routines that pass these client context objects
 	around. With this, we no longer have to update a multiple
 	pieces of code when a client attribute is added. Ditto for
 	SASL and TLS context.
 	Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof
 	Postfix for remote connections with MSS > 8 kbytes.
 	Absent a formal spec, model IPv6 RBL lookups after the IPv6
 	PTR lookups (one zone per hex nibble, nibbles in reversed
 	order). How to specify whether to query an RBL server for
 	status info about an IPv6 address? One could argue that as
 	long as IPv6 traffic is small an unsupported lookup doesn't
 	matter; and once IPv6 takes off, the RBL servers better
 	start supporting IPv6 client status information.
 	Don't log "warning: XXXXX: undeliverable postmaster
 	notification discarded" for spam from outside.
 	Really need a cleanup driver that allows testing against
 	Milter applications instead of synthetic events. This would
 	have to provide stubs for clients that talk to Postfix
 	daemon processes. See if this approach can also be used for
 	other daemons.
 	smtpd(8) exempts $address_verify_sender from access controls,
 	but it doesn't know whether cleanup(8) or delivery agents
 	modify the sender. Would it be possible to "calibrate" this
 	exemption, perhaps by having delivery agents pass the probe
 	sender to the verify server, keeping in mind that the probe
 	sender may differ per delivery agent due to output rewriting.
 	Update attr_print/scan() so they can send/receive file
 	descriptors. This simplifies kludgy code in many daemons.
 	Make adding date/from/etc. conditional. Perhaps on header
 	rewrite context? Do we need a more powerful concept than
 	local_header_rewrite_clients/remote_header_rewrite_domain?
 	Would there be a problem adding $smtpd_mumble_restrictions
 	and $smtpd_sender_login_maps to the default proxy_read_maps
 	settings?
 	Remove defer(8) and trace(8) references and man pages. These
 	are services not program names. On the other hand we have
 	man pages for lmtp(8) and smtp(8), but not for relay(8).
 	Likewise, retry(8) does not have a man page.
 	Bind all deliveries to the same local delivery process,
 	making Postfix perform as poorly as monolithic mailers, but
 	giving a possibility to eliminate duplicate deliveries.
 	Maybe declare loop when resolve_local(mxhost) is true?
 	Update message content length when adding/removing headers.
 	Need scache size limit.
 	Make postcat header/body aware so people can grep headers.
 	What headers? primary, mime, nested? What body? Does it
 	include the mime and attached headers?
 	Make postmap header/body aware so people can test multi-line
 	header checks. What headers? primary, mime, nested? What
 	body? Does it include the mime and attached headers?
 	REDIRECT should override original recipient info, and
 	probably override DSN as well.
 	Find out if with Sendmail, a Milter "add recipient" request
 	results in NOTIFY=NONE as Postfix does now.
 	Update FILTER_README with mailing list suggestions to tag
 	with a badness indicator and then filter down-stream.
 	Either document or remove the internal_mail_filter_classes
 	feature (it's disabled by default).
 	Build a command-line test driver for the cleanup engine.
 	This allows us to test it with arbitrary record sequences
 	without having to use a live mail queue.
 	Make null local-part handling configurable: either expand
 	into mailer-daemon (current bahavior) or disallow (strict
 	behavior, currently implemented only in the SMTP server).
 	Plan for time_t larger than long, or wait for LP64 to
 	dominate the world?
 	The type of var_message_limit (and other file size/offset
 	configuration parameters or internal protocol attributes)
 	should be changed from int to off_t.  This also requires
 	checking all expressions in which var_message_limit etc.
 	appears: qmqpd, netstring, deliver_request, ...
 	Add M flag (enable multi-recipient delivery) to pipe daemon.
 	The usage of TLScontext->cache_type is unclear. It specifies
 	a TLS session cache type (smtpd, smtp, or lmtp), but it is
 	sometimes used as an indicator that TLS session caching is
 	unavailable.  In reality, that decision is made by not
 	registering call-back functions for cache maintenance.
 	Postfix TLS library code should copy any strings that it
 	receives from the application, instead of passing them
 	around as pointers. TLScontext->cache_type is a case in
 	point.
 	Are transport:nexthop null fields the same as in the case
 	of default_transport etc. parameters?
 	Don't lose bits when converting st_dev into maildir file
 	name. It's 64 bits on Linux. Found with the BEAM source
 	code analyzer. Is this really a problem, or are they just
 	using 64 bits for upwards compatibility with LP64 systems?
 	Do or don't introduce unknown_reverse_client_reject_code.
 	Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
 	UNIX).
 	Tempfail when a Milter application wants content access,
 	while it is configured in an SMTP server that runs before
 	the smtpd_proxy filter.
 	Log DSN original recipient when rejecting mail.
 	Keep whitespace between label and ":"?
 	Make the map case folding/locking options configurable, if
 	not at run-time then at least at compile time so we get
 	consistent behavior across applications.
 	Investigate what it would take to eliminate oqmgr, and to
 	make the old behavior configurable in a unified queue
 	manager.  This would shave another 2.7 KLOC from the source
 	footprint.
 	Document the case folding strategy for match_list like
 	features.
 	Eliminate the (incoming,deferred)->active rename operation.
 	Softbounce fallback-to-ISP for SOHO users. This requires
 	playing with the soft_error test in the smtp_trouble.c
 	module, and avoiding delivery to backup MX hosts.
 	In the SMTP server, set a "pipelining detected" flag at the
 	start of a session and at protocol synchronization points,
 	so that reject_unauth_pipelining can be specified in any
 	access rule.
 	Centralize main.cf parameter input so that defaults work
 	consistently. What about parameter names that are prefixed
 	with mail delivery transport names?
 	Fix default time unit handling so that we can have a default
 	bounce lifetime of $maximal_queue_lifetime, without causing
 	panics when a non-default maximal_queue_lifetime setting
 	includes no time unit.
 	After the 20051222 ISASCII paranoia, lowercase() lowercases
 	ASCII text only.
 	Privacy: remove local command/pathname details from remote
 	delivery status reports, and log them via local msg_warn().
 	Is it safe to cache a connection after it has been used for
 	more than some number of address verification probes?
 	Try to recognize that Resent- headers appear in blocks,
 	newest block first. But don't break on incorrect header
 	block organization.
 	Hard limits on cache sizes (anvil, specifically).
 	Laptop friendliness: make the qmgr remember when the next
 	deferred queue scan needs to be done, and have the pickup
 	server stat() the maildrop directory before searching it.
 	Low: replace_sender/replace_recipient actions in access
 	maps?
 	Low: configurable order of local(8) delivery methods.
 	Med: local and remote source port and IP address for smtpd
 	policy hook.
 	Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
 	to limit the total time spent trying to connect.
 	Med: transform IPv4-in-IPv6 address literals to IPv4 form
 	when comparing against local IP addresses?
 	Med: transform IPv4-in-IPv6 address literals to IPv4 form
 	when eliminating MX mailer loops?
 	Med: Postfix requires [] around IPv6 address information
 	in match lists such as mynetworks, debug_peer_list etc.,
 	but the [] must not be specified in access(5) maps. Other
 	places don't care.  For now, this gotcha is documented in
 	IPV6_README and in postconf(5) with each feature that may
 	use IPv6 address information. The general recommendation
 	is not to use [] unless absolutely necessary.
 	Med: the partial address matching of IPv6 addresses in
 	access(5) maps is a bit lame: it repeatedly truncates the
 	last ":octetpair" from the printable address representation
 	until a match is found or until truncation is no longer
 	possible.  Since one or more ":" are usually omitted from
 	the printable IPv6 address representation, this does not
 	really try all the possibilities that one might expect to
 	be tried. For now, this gotcha is documented in access(5).
 	Med: the TLS certificate verification depth parameters never
 	worked.
 	Low: reject HELO with any domain name or IP address that
 	this MTA is the final destination for.
 	Low: should the Delivered-To: test in local(8) be configurable?
 	Low: make mail_addr_find() lookup configurable.
 	Low: update events.c so that 1-second timer requests do not
 	suffer from rounding errors. This is needed for 1-second
 	SMTP session caching time limits. A 1-second interval would
 	become arbitrarily short when an event is scheduled just
 	before the current second rolls over.
 	Low: configurable internal/system locking method.
 	Low: add INSTALL section for pre-existing Postfix systems.
 	Low: add INSTALL section for pre-existing RPM Postfixes.
 	Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
 	Low: noise filter: allow smtp(8) to retry immediately if
 	all MXes return a quick ECONNRESET or 4xx reply during the
 	initial handshake. Retry once? How many times?
 	Low: make post-install a "postfix-only script" so it can
 	take data from the environment instead of main.cf.
 	Low: randomize deferred mail backoff.
 	Med: separate ulimit for delivery to command?
 	Med: postsuper -r should do something with recipients in
 	bounce logfiles, to make sure the sender will be notified.
 	To be perfectly safe, no process other than the queue manager
 	should move a queue file away from the active queue.
 	This could involve tagging a queue file, and use up another
 	permission bit (postsuper tags a "hot" file, qmgr requeues it).
 	Low: postsuper re-run after renaming files, but only a
 	limited number of times.
 	Low: smtp-source may block when sending large test messages.
 	Med: find a way to log the sender address when MAIL FROM
 	is rejected due to lack of disk space.
 	Low: revise other local delivery agent duplicate filters.
 	Low: all table lookups should consistently use internalized
 	(unquoted) or externalized (quoted) forms as lookup keys.
 	smtpd, qmgr, local, etc. use unquoted address forms as keys.
 	cleanup uses quoted forms.
 	Low: have a configurable list of errno values for mailbox
 	or maildir delivery that result in deferral rather than
 	bouncing mail. What about "killed by signal" exits?
 	Low: after reorganizing configuration parameters, add flags
 	to all parameters whose value can be read from file.
 	Medium: need in-process caching for map lookups. LDAP servers
 	seem to need this in particular. Need a way to expire cached
 	results that are too old.
 	Low: generic showq protocol, to allow for more intelligent
 	processing than just mailq. Maybe marry this with postsuper.
 	Low: default domain for appending to unqualified recipients,
 	so that unqualified names can be delivered locally.
 	Low: The $process_id_directory setting is not used anywhere
 	in Postfix. Problem reported by Michael Smith, texas.net.
 	This should be documented, or better, the code should warn
 	about attempts to set read-only parameters.
 	Low: postconf -e edits parameters that postconf won't list.
 	Low: while converting 8bit text to quoted-printable, perhaps
 	use =46rom to avoid having to produce >From when delivering
 	to mailbox.
 	virtual_mailbox_path expression like forward_path, so that
 	people can specify prefix and suffix.
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20080115"
+#define MAIL_RELEASE_DATE	"20080116"
-#define MAIL_VERSION_NUMBER	"2.5"
+#define MAIL_VERSION_NUMBER	"2.5.0-RC2"
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
--- a/postfix/src/smtp/smtp_sasl_auth_cache.c
+++ b/postfix/src/smtp/smtp_sasl_auth_cache.c
@@ -141,8 +141,8 @@ SMTP_SASL_AUTH_CACHE *smtp_sasl_auth_cache_init(const char *map, int ttl)
    auth_cache = (SMTP_SASL_AUTH_CACHE *) mymalloc(sizeof(*auth_cache));
    auth_cache->dict = dict_open(map, O_CREAT | O_RDWR, CACHE_DICT_OPEN_FLAGS);
    auth_cache->ttl = ttl;
-    auth_cache->dsn = mymalloc(100);
+    auth_cache->dsn = mystrdup("");
-    auth_cache->text = mymalloc(100);
+    auth_cache->text = mystrdup("");
    return (auth_cache);
 }
@@ -154,9 +154,9 @@ SMTP_SASL_AUTH_CACHE *smtp_sasl_auth_cache_init(const char *map, int ttl)
  * password has changed.
  */
-/* smtp_sasl_make_auth_cache_key - format auth failure cache lookup key */
+/* smtp_sasl_auth_cache_make_key - format auth failure cache lookup key */
-static char *smtp_sasl_make_auth_cache_key(const char *host, const char *user)
+static char *smtp_sasl_auth_cache_make_key(const char *host, const char *user)
 {
    VSTRING *buf = vstring_alloc(100);
@@ -164,9 +164,9 @@ static char *smtp_sasl_make_auth_cache_key(const char *host, const char *user)
    return (vstring_export(buf));
 }
-/* smtp_sasl_make_auth_cache_pass - hash the auth failure cache password */
+/* smtp_sasl_auth_cache_make_pass - hash the auth failure cache password */
-static char *smtp_sasl_make_auth_cache_pass(const char *password)
+static char *smtp_sasl_auth_cache_make_pass(const char *password)
 {
    VSTRING *buf = vstring_alloc(2 * SHA_DIGEST_LENGTH);
@@ -176,9 +176,9 @@ static char *smtp_sasl_make_auth_cache_pass(const char *password)
    return (vstring_export(buf));
 }
-/* smtp_sasl_make_auth_cache_value - format auth failure cache value */
+/* smtp_sasl_auth_cache_make_value - format auth failure cache value */
-static char *smtp_sasl_make_auth_cache_value(const char *password,
+static char *smtp_sasl_auth_cache_make_value(const char *password,
 					             const char *dsn,
 					             const char *rep_str)
 {
@@ -186,7 +186,7 @@ static char *smtp_sasl_make_auth_cache_value(const char *password,
    char   *pwd_hash;
    unsigned long now = (unsigned long) time((time_t *) 0);
-    pwd_hash = smtp_sasl_make_auth_cache_pass(password);
+    pwd_hash = smtp_sasl_auth_cache_make_pass(password);
    vstring_sprintf(val_buf, "%lu;%s;%s;%s", now, pwd_hash, dsn, rep_str);
    myfree(pwd_hash);
    return (vstring_export(val_buf));
@@ -216,7 +216,7 @@ static int smtp_sasl_auth_cache_valid(SMTP_SASL_AUTH_CACHE *auth_cache,
    } else if (time_stamp + auth_cache->ttl < now) {
 	valid = 0;
    } else {
-	curr_hash = smtp_sasl_make_auth_cache_pass(password);
+	curr_hash = smtp_sasl_auth_cache_make_pass(password);
 	valid = (strcmp(cache_hash, curr_hash) == 0);
 	myfree(curr_hash);
    }
@@ -233,7 +233,7 @@ int     smtp_sasl_auth_cache_find(SMTP_SASL_AUTH_CACHE *auth_cache,
    const char *entry;
    int     valid = 0;
-    key = smtp_sasl_make_auth_cache_key(session->host, session->sasl_username);
+    key = smtp_sasl_auth_cache_make_key(session->host, session->sasl_username);
    if ((entry = dict_get(auth_cache->dict, key)) != 0)
 	if ((valid = smtp_sasl_auth_cache_valid(auth_cache, entry,
 						session->sasl_passwd)) == 0)
@@ -254,8 +254,8 @@ void    smtp_sasl_auth_cache_store(SMTP_SASL_AUTH_CACHE *auth_cache,
    char   *key;
    char   *value;
-    key = smtp_sasl_make_auth_cache_key(session->host, session->sasl_username);
+    key = smtp_sasl_auth_cache_make_key(session->host, session->sasl_username);
-    value = smtp_sasl_make_auth_cache_value(session->sasl_passwd,
+    value = smtp_sasl_auth_cache_make_value(session->sasl_passwd,
 					    resp->dsn, resp->str);
    dict_put(auth_cache->dict, key, value);
--- a/postfix/src/smtp/smtp_sasl_auth_cache.h
+++ b/postfix/src/smtp/smtp_sasl_auth_cache.h
@@ -20,7 +20,7 @@
 /*
  * This code stores hashed passwords which requires OpenSSL.
  */
-#ifdef USE_TLS
+#if defined(USE_TLS) && defined(USE_SASL_AUTH)
 #define HAVE_SASL_AUTH_CACHE
 /*