postfix-2.0.16-20030915

2025-09-01 22:55:29 +00:00 · 2003-09-15 00:00:00 -05:00
parent 61fb4506a8
commit b7fe5bb669
17 changed files with 265 additions and 210 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -8467,6 +8467,13 @@ Apologies for any names omitted.
 	networks. Based on code by Ben Rosengart, Panix. Files:
 	conf/sample-auth.cf, smtpd/smtpd.c.
 20030902
 	Portability: the Postfix master resets the file size to
 	the largest possible off_t value when the actual limit
 	appears to overflow the off_t range. Files: util/sys_defs.h,
 	util/file_limit.c. A fine sample of bit banging.
 20030905
 	Workaround: Solaris 8 select() claims that a non-blocking
@@ -8494,9 +8501,9 @@ Apologies for any names omitted.
 20030908
-	The 20030905 workaround triggers too many warnings. TCP
+	The 20030905 Solaris workaround triggers too many warnings.
-	sockets are back to blocking, and keepalives are turned on
+	TCP sockets are back to blocking, and keepalives are turned
-	to kill off dead sockets, as suggested by Leandro Santi.
+	on to kill off dead sockets, as suggested by Leandro Santi.
 	Files: master/{single,multi}_server.c, smtpd/smtpd.c,
 	util/sys_defs.h.
@@ -8507,6 +8514,14 @@ Apologies for any names omitted.
 	was working poorly.  Fix by Victor Duchovni, Morgan Stanley.
 	Files: lmtp/lmtp.c, lmtp/lmtp_proto.c.
 20030912
 	Workaround: besides SMTP server sockets, SMTP client sockets
 	can also hang on Solaris, as reported by Leandro Santi. In
 	order to deal with this at the root, all connection management
 	is now done by sane_accept() and sane_connect().  Both turn
 	on keepalives on Solaris.
 20030913
 	Safety: set-gid commands don't trust TZ.  File: msg_syslog.c.
@@ -8520,7 +8535,8 @@ Apologies for any names omitted.
 	Dean Gibson.
 	In header/body_checks, DUNNO is now the preferred action
-	instead of the now deprecated OK.
+	instead of the now deprecated OK. This may confuse fewer
 	people.
 	In header/body_checks, allow text after IGNORE and DUNNO,
 	suggested by Victor Duchovni, Morgan Stanley.  File:
@@ -8528,14 +8544,21 @@ Apologies for any names omitted.
 	Feature: reject_rhsbl_helo. File: smtpd/smtpd_check.c.
-	Cleanup: the LMTP and SMTP clients now send "MAIL FROM:<sender>
+	Bugfix? The LMTP and SMTP clients now send "MAIL FROM:<sender>
 	AUTH=<>" when SASL authenticated. Suggested by by Victor
 	Duchovni, Morgan Stanley. Files: smtp/smtp_proto.c,
 	lmtp/lmtp_proto.c.
-Open problems:
+20030915
-	Med: do not list myorigin in virtual_alias_maps.
+	Bugfix: mail rejected by the before-queue content filter
 	was mis-labeled as a software error; it should be labeled
 	as a policy error instead. File: smtpd/smtpd.c.
 	Cleanup: postcat is now null-byte transparent. File:
 	postcat/postcat.c.
 Open problems:
 	High: when virtual aliasing is turned off after content
 	filtering, local submissions may escape virtual aliasing.
@@ -8544,8 +8567,6 @@ Open problems:
 	request is in progress; this can result in multiple
 	non-delivery notifications.
 	Low: postcat should be null byte transparent.
 	Low: qmgr_move should not reset time stamps on queue files
 	without shared lock (i.e. not open by a delivery agent).
--- a/postfix/README_FILES/SMTPD_PROXY_README
+++ b/postfix/README_FILES/SMTPD_PROXY_README
@@ -1,9 +1,9 @@
-Purpose of the SMTP-based before-queue proxy filter feature
+Purpose of the before-queue content filter feature
-===========================================================
+==================================================
 Normally, Postfix receives mail, stores it in the mail queue and
 then delivers it.  The Postfix SMTP server can be configured to
-forward all incoming mail through a proxy filter (for example, a
+forward all incoming mail to a content filter (for example, a
 real-time SPAM filter) that inspects all mail BEFORE it is stored
 in the Postfix mail queue.
@@ -11,7 +11,7 @@ in the Postfix mail queue.
 FILTER_README document, where all mail is inspected AFTER it is
 stored in the Postfix mail queue]
-The SMTP-based before-queue proxy filter is meant to be used as follows:
+The before-queue content filter is meant to be used as follows:
                        before                               / smtp
    Internet -> smtpd -> queue -> smtpd -> cleanup -> queue -> local
@@ -34,14 +34,14 @@ after-queue content filter:
                              queue <-
 			      filter
-The SMTP-based before-queue proxy filter receives unfiltered mail
+The before-queue content filter receives unfiltered SMTP mail from
-from Postfix and does one of the following:
+Postfix and does one of the following:
 1 - Re-inject the mail back into Postfix via SMTP, perhaps after
    changing content.
-2 - Reject the mail (by sending a suitable status code back to
+2 - Reject the mail by sending a suitable SMTP status code back
-    Postfix). Postfix passes the status back to the remote SMTP
+    to Postfix. Postfix passes the status back to the remote SMTP
    client. This way, Postfix does not have to send a bounce message.
 3 - Send the mail somewhere else.
@@ -49,45 +49,36 @@ from Postfix and does one of the following:
 Limitations
 ===========
-The SMTP-based before-queue proxy filter allows Postfix to reject
+The before-queue content filter allows Postfix to reject mail before
-mail before the incoming SMTP mail transfer completes, so that
+the incoming SMTP mail transfer completes, so that Postfix does
-Postfix does not have to send rejected mail back to the sender.
+not have to send rejected mail back to the sender.  Mail that is
-Mail that is not accepted remains the responsibility of the client.
+not accepted remains the responsibility of the remote SMTP client.
 In all other respects this content filtering approach is inferior
 to the existing content filter (see FILTER_README) which processes
 mail AFTER it is queued, because that gives you full control over
 how many filtering processes can be run in parallel.
 The problem with before-queue content filtering is that the remote
 SMTP client expects an SMTP reply within a deadline. As the system
 load increases, fewer and fewer CPU cycles remain available to
 answer within the deadline, and eventually you either have to stop
-accepting mail or you have to accept unfiltered mail.
+accepting mail or you have to stop filtering the mail.
-A possible workaround is to have the proxy take special action when
+How Postfix talks to the before-queue content filter
 the deadline is reached: add a distinctive message header that
 triggers a Postfix header_checks FILTER action, or send the mail
 into Postfix via an alternative Postfix SMTP server that always
 turns on content filtering.
 How Postfix talks to the before-queue proxy filter
 ==================================================
-When passing mail to the SMTP-based before-queue filter, Postfix
+Postfix makes one connection per email message.  Postfix speaks
-generates its own EHLO, DATA and QUIT commands, and forwards
+ESMTP, but uses no command pipelining. Postfix generates its own
-unmodified copies of the MAIL FROM and RCPT TO commands that the
+EHLO, DATA and QUIT commands, and forwards unmodified copies of
-Postfix SMTP server has approved.  All commands are sent without
+all the MAIL FROM and RCPT TO commands that the Postfix SMTP server
-using ESMTP command pipelining. The SMTP proxy server should accept
+didn't reject itself. The SMTP proxy server should accept the same
-the same MAIL FROM and RCPT TO command syntax as the Postfix SMTP
+MAIL FROM and RCPT TO command syntax as the Postfix SMTP server.
-server.
+Postfix sends no other SMTP commands.
-The before-queue proxy filter is expected literally pass on the
+The content filter is expected to pass on unmodified SMTP commands
-SMTP commands that it receives from Postfix to an after-filter
+from a before-filter Postfix SMTP server to an after-filter Postfix
-Postfix SMTP server that listens on a non-standard port.  When the
+SMTP server that listens on a non-standard port.  When the filter
-filter rejects content, it should send a negative response back to
+rejects content, it should send a negative SMTP response back to
-Postfix, and it should abort any connection with the after-filter
+the before-filter Postfix SMTP server, and it should abort any
-Postfix SMTP server without completing the SMTP dialog.
+connection with the after-filter Postfix SMTP server without
 completing the SMTP conversation with the after-filter Postfix SMTP
 server.
 Configuration parameters 
 ========================
@@ -96,12 +87,12 @@ Parameters that control proxying:
 smtpd_proxy_filter (syntax: host:port)
-    The host and TCP port of the before-queue proxy filter.  When
+    The host and TCP port of the before-queue content filter.  When
    no host or host:  is specified, localhost is assumed.
 smtpd_proxy_timeout (default: 100s)
-    Timeout for connecting to the before-queue proxy filter and
+    Timeout for connecting to the before-queue content filter and
    for sending and receiving commands and data.  All proxy errors
    are logged to the maillog file. For privacy reasons, all the
    remote SMTP client sees is "451 Error:  queue file write error".
@@ -109,15 +100,15 @@ smtpd_proxy_timeout (default: 100s)
 smtpd_proxy_ehlo (default: $myhostname)
    The hostname to use when sending an EHLO command to the
-    before-queue proxy filter.
+    before-queue content filter.
 Testing the SMTP pass-through proxy feature
 ===========================================
-The following example sets up a null proxy, that is, the Postfix
+The following example sets up a null content filter, that is, the
-SMTP server gives the mail directly to another Postfix SMTP server
+Postfix SMTP server gives the mail directly to another Postfix SMTP
-process without intervening content filter. This useful only for
+server process without intervening content filter. This useful only
-testing, of course.
+for testing, of course.
 /etc/postfix/master.cf
    smtp      inet  n       -       n       -       -       smtpd 
--- a/postfix/conf/access
+++ b/postfix/conf/access
@@ -66,9 +66,10 @@
 #               The pattern domain.tld also matches subdomains, but
 #               only when the string smtpd_access_maps is listed in
 #               the  Postfix  parent_domain_matches_subdomains con-
-#               figuration setting.  Otherwise, specify .domain.tld
+#               figuration setting (note that this is  the  default
-#               (note  the  initial  dot)  in order to match subdo-
+#               for  some versions of Postfix).  Otherwise, specify
-#               mains.
+#               .domain.tld (note the  initial  dot)  in  order  to
 #               match subdomains.
 # 
 #        user@  Matches  all mail addresses with the specified user
 #               part.
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@@ -1,4 +1,4 @@
-<html> <head> </head> <body> <pre>
+<html> <body> <pre>
 ACCESS(5)                                               ACCESS(5)
 <b>NAME</b>
@@ -67,9 +67,10 @@ ACCESS(5)                                               ACCESS(5)
              The pattern <i>domain.tld</i> also matches subdomains, but
              only when the string <b>smtpd_access_maps</b> is listed in
              the  Postfix  <b>parent_domain_matches_subdomains</b> con-
-              figuration setting.  Otherwise, specify <i>.domain.tld</i>
+              figuration setting (note that this is  the  default
-              (note  the  initial  dot)  in order to match subdo-
+              for  some versions of Postfix).  Otherwise, specify
-              mains.
+              <i>.domain.tld</i> (note the  initial  dot)  in  order  to
              match subdomains.
       <i>user</i>@  Matches  all mail addresses with the specified user
              part.
--- a/postfix/html/postcat.1.html
+++ b/postfix/html/postcat.1.html
@@ -1,11 +1,11 @@
-<html> <head> </head> <body> <pre>
+<html> <body> <pre>
 POSTCAT(1)                                             POSTCAT(1)
 <b>NAME</b>
       postcat - show Postfix queue file contents
 <b>SYNOPSIS</b>
-       <b>postcat</b> [<b>-vq</b>] [<b>-c</b> <i>config_dir</i>] [<i>files</i>...]
+       <b>postcat</b> [<b>-vq</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>files</i>...]
 <b>DESCRIPTION</b>
       The <b>postcat</b> command prints the contents of the named <i>files</i>
@@ -15,7 +15,7 @@ POSTCAT(1)                                             POSTCAT(1)
       Options:
-       <b>-c</b> <i>config_dir</i>
+       <b>-c</b> <i>config</i><b>_</b><i>dir</i>
              The <b>main.cf</b> configuration  file  is  in  the  named
              directory  instead  of  the  default  configuration
              directory.
@@ -31,7 +31,7 @@ POSTCAT(1)                                             POSTCAT(1)
       Problems are reported to the standard error stream.
 <b>ENVIRONMENT</b>
-       <b>MAIL</b><i>_</i><b>CONFIG</b>
+       <b>MAIL_CONFIG</b>
              Directory with Postfix configuration files.
 <b>CONFIGURATION PARAMETERS</b>
@@ -39,7 +39,7 @@ POSTCAT(1)                                             POSTCAT(1)
       default values. Use the <b>postfix  reload</b>  command  after  a
       configuration change.
-       <b>queue</b><i>_</i><b>directory</b>
+       <b>queue_directory</b>
              Top-level  directory  of the Postfix queue. This is
              also the root directory of Postfix daemons that run
              chrooted.
--- a/postfix/man/man5/access.5
+++ b/postfix/man/man5/access.5
@@ -66,7 +66,8 @@ Matches \fIdomain.tld\fR as the domain part of an email address.
 .sp
 The pattern \fIdomain.tld\fR also matches subdomains, but only
 when the string \fBsmtpd_access_maps\fR is listed in the Postfix
-\fBparent_domain_matches_subdomains\fR configuration setting.
+\fBparent_domain_matches_subdomains\fR configuration setting
 (note that this is the default for some versions of Postfix).
 Otherwise, specify \fI.domain.tld\fR (note the initial dot) in
 order to match subdomains.
 .IP \fIuser\fR@
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
  * Patches change the patchlevel and the release date. Snapshots change the
  * release date only, unless they include the same bugfix as a patch release.
  */
-#define MAIL_RELEASE_DATE	"20030812"
+#define MAIL_RELEASE_DATE	"20030915"
 #define VAR_MAIL_VERSION	"mail_version"
 #define DEF_MAIL_VERSION	"2.0.14-" MAIL_RELEASE_DATE
--- a/postfix/src/global/post_mail.c
+++ b/postfix/src/global/post_mail.c
@@ -294,7 +294,6 @@ static void post_mail_open_event(int event, char *context)
 	    event_disable_readwrite(vstream_fileno(state->stream));
 	    vstream_fclose(state->stream);
 	} else {
    case EVENT_XCPT:
 	    msg_warn("connect to service: %s: %m", var_cleanup_service);
 	}
 	myfree(state->sender);
@@ -303,6 +302,20 @@ static void post_mail_open_event(int event, char *context)
 	myfree((char *) state);
 	return;
 	/*
 	 * Some exception.
 	 */
    case EVENT_XCPT:
 	msg_warn("error connecting to service: %s", var_cleanup_service);
 	event_cancel_timer(post_mail_open_event, context);
 	event_disable_readwrite(vstream_fileno(state->stream));
 	vstream_fclose(state->stream);
 	myfree(state->sender);
 	myfree(state->recipient);
 	state->notify((VSTREAM *) 0, state->context);
 	myfree((char *) state);
 	return;
 	/*
 	 * Broken software or hardware.
 	 */
--- a/postfix/src/lmtp/lmtp_proto.c
+++ b/postfix/src/lmtp/lmtp_proto.c
@@ -385,7 +385,7 @@ static int lmtp_loop(LMTP_STATE *state, int send_state, int recv_state)
 	    }
 	    /*
-	     * We authenticate the client, not the sender.
+	     * We authenticate the local MTA only, but not the sender.
 	     */
 #ifdef USE_SASL_AUTH
 	    if (var_lmtp_sasl_enable
--- a/postfix/src/postcat/postcat.c
+++ b/postfix/src/postcat/postcat.c
@@ -80,6 +80,7 @@
 #define PC_FLAG_QUEUE	(1<<0)		/* search queue */
 #define STR	vstring_str
 #define LEN	VSTRING_LEN
 /* postcat - visualize Postfix queue file contents */
@@ -129,17 +130,16 @@ static void postcat(VSTREAM *fp, VSTRING *buffer)
 	    break;
 	case REC_TYPE_CONT:
 	    if (msg_verbose)
-		vstream_printf("%s: %s\n", rec_type_name(rec_type),
+		vstream_printf("%s: ", rec_type_name(rec_type));
-			       STR(buffer));
+	    vstream_fwrite(VSTREAM_OUT, STR(buffer), LEN(buffer));
-	    else
+	    if (msg_verbose)
-		vstream_printf("%s", STR(buffer));
+		VSTREAM_PUTCHAR('\n');
 	    break;
 	case REC_TYPE_NORM:
 	    if (msg_verbose)
-		vstream_printf("%s: %s\n", rec_type_name(rec_type),
+		vstream_printf("%s: ", rec_type_name(rec_type));
-			       STR(buffer));
+	    vstream_fwrite(VSTREAM_OUT, STR(buffer), LEN(buffer));
-	    else
+	    VSTREAM_PUTCHAR('\n');
 		vstream_printf("%s\n", STR(buffer));
 	    break;
 	case REC_TYPE_MESG:
 	    vstream_printf("*** MESSAGE CONTENTS %s ***\n", VSTREAM_PATH(fp));
--- a/postfix/src/smtp/smtp_proto.c
+++ b/postfix/src/smtp/smtp_proto.c
@@ -506,7 +506,7 @@ int     smtp_xfer(SMTP_STATE *state)
 	    }
 	    /*
-	     * We authenticate the client, not the sender.
+	     * We authenticate the local MTA only, but not the sender.
 	     */
 #ifdef USE_SASL_AUTH
 	    if (var_smtp_sasl_enable
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -555,6 +555,8 @@ static void mail_reset(SMTPD_STATE *);
 static void rcpt_reset(SMTPD_STATE *);
 static void chat_reset(SMTPD_STATE *, int);
 #ifdef USE_SASL_AUTH
 /*
  * SASL exceptions.
  */
@@ -584,6 +586,8 @@ static int sasl_client_exception(SMTPD_STATE *state)
    return (match);
 }
 #endif
 /* collapse_args - put arguments together again */
 static void collapse_args(int argc, SMTPD_TOKEN *argv)
@@ -1299,8 +1303,9 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
    if (state->proxy) {
 	if (state->err == CLEANUP_STAT_OK) {
 	    (void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, ".");
-	    if (*STR(state->proxy_buffer) != '2')
+	    if (state->err == CLEANUP_STAT_OK &&
-		state->err = CLEANUP_STAT_PROXY;
+		*STR(state->proxy_buffer) != '2')
 		state->err = CLEANUP_STAT_CONT;
 	}
 	smtpd_proxy_close(state);
    }
@@ -1350,6 +1355,9 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 	smtpd_chat_reply(state, "554 Error: too many hops");
    } else if ((state->err & CLEANUP_STAT_CONT) != 0) {
 	state->error_mask |= MAIL_ERROR_POLICY;
 	if (state->proxy_buffer)
 	    smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
 	else
 	    smtpd_chat_reply(state, "550 Error: %s", LEN(why) ?
 			     STR(why) : "content rejected");
    } else if ((state->err & CLEANUP_STAT_WRITE) != 0) {
--- a/postfix/src/smtpd/smtpd_check.in4
+++ b/postfix/src/smtpd/smtpd_check.in4
@@ -5,7 +5,7 @@
 #msg_verbose 1
 smtpd_delay_reject 0
 #
-# Test the nex access map features
+# Test the new access map features
 #
 sender_restrictions hash:./smtpd_check_access
 mail rejecttext@bad.domain
--- a/postfix/src/smtpd/smtpd_exp.in
+++ b/postfix/src/smtpd/smtpd_exp.in
@@ -53,3 +53,10 @@ client spike.porcupine.org 168.100.189.2
 mail sname@sdomain
 rcpt rname@rdomain
 rcpt rname@example.tld
 #
 # RHSBL helo domain name
 #
 recipient_restrictions reject_rhsbl_helo,abuse.rfc-ignorant.org
 helo example.tld
 mail sname@sdomain
 rcpt rname@rdomain
--- a/postfix/src/smtpd/smtpd_exp.ref
+++ b/postfix/src/smtpd/smtpd_exp.ref
@@ -97,3 +97,15 @@ OK
 >>> rcpt rname@example.tld
 ./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar  sender=sname@sdomain sender_name=sname  sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=rname@example.tld rbl_class=Recipient address; from=<sname@sdomain> to=<rname@example.tld> proto=SMTP helo=<foobar>
 554 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar  sender=sname@sdomain sender_name=sname  sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=rname@example.tld rbl_class=Recipient address
 >>> #
 >>> # RHSBL helo domain name
 >>> #
 >>> recipient_restrictions reject_rhsbl_helo,abuse.rfc-ignorant.org
 OK
 >>> helo example.tld
 OK
 >>> mail sname@sdomain
 OK
 >>> rcpt rname@rdomain
 ./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<example.tld>
 554 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain
--- a/postfix/src/smtpstone/smtp-sink.c
+++ b/postfix/src/smtpstone/smtp-sink.c
@@ -434,13 +434,13 @@ static int command_read(SINK_STATE *state)
     * Got a complete command line. Parse it.
     */
    ptr = vstring_str(state->buffer);
    if (msg_verbose)
 	msg_info("%s", ptr);
    if ((command = mystrtok(&ptr, " \t")) == 0) {
 	smtp_printf(state->stream, "500 Error: unknown command");
 	smtp_flush(state->stream);
 	return (0);
    }
    if (msg_verbose)
 	msg_info("%s", command);
    for (cmdp = command_table; cmdp->name != 0; cmdp++)
 	if (strcasecmp(command, cmdp->name) == 0)
 	    break;
--- a/postfix/src/trivial-rewrite/resolve.c
+++ b/postfix/src/trivial-rewrite/resolve.c
@@ -410,8 +410,8 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr,
 			     rcpt_domain, VAR_VIRT_ALIAS_DOMS,
 			     VAR_RELAY_DOMAINS);
 		if (strcasecmp(rcpt_domain, var_myorigin) == 0)
-		    msg_warn("do not list $%s in %s",
+		    msg_warn("do not list $%s (%s) in %s",
-			     VAR_MYORIGIN, VAR_VIRT_ALIAS_DOMS);
+			     VAR_MYORIGIN, var_myorigin, VAR_VIRT_ALIAS_DOMS);
 	    }
 	    vstring_strcpy(channel, MAIL_SERVICE_ERROR);
 	    vstring_sprintf(nexthop, "User unknown%s",