From bcce9ba4be56f3b07bc5650bf2d808314e38bd4c Mon Sep 17 00:00:00 2001
From: Wietse Venema <wietse@porcupine.org>
Date: Wed, 4 Apr 2012 00:00:00 -0500
Subject: [PATCH] postfix-2.10-20120404

---
 postfix/HISTORY                        | 20 ++++++
 postfix/WISHLIST                       | 94 +++-----------------------
 postfix/html/postconf.5.html           |  4 +-
 postfix/man/man5/postconf.5            |  4 +-
 postfix/proto/postconf.proto           |  4 +-
 postfix/src/global/mail_params.h       |  1 +
 postfix/src/global/mail_version.h      |  2 +-
 postfix/src/postconf/postconf_edit.c   |  2 +-
 postfix/src/proxymap/proxymap.c        |  2 +
 postfix/src/smtp/smtp_reuse.c          |  4 ++
 postfix/src/smtpd/smtpd_proxy.c        | 15 ++++
 postfix/src/tls/tls.h                  |  2 -
 postfix/src/xsasl/xsasl_cyrus.h        |  5 ++
 postfix/src/xsasl/xsasl_cyrus_client.c |  8 +--
 postfix/src/xsasl/xsasl_cyrus_server.c |  2 +-
 15 files changed, 74 insertions(+), 95 deletions(-)

diff --git a/postfix/HISTORY b/postfix/HISTORY
index cd821774e..1329451ca 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -17697,3 +17697,23 @@ Apologies for any names omitted.
 	template to suppress the line break between the reply text
 	and the footer text. Files: global/smtp_reply_footer.c,
 	proto/postconf.proto.
+
+20120401
+
+	Bugfix (introduced Postfix 2.6): irrelevant memory leak
+	that was introduced with postconf -#. File:
+	postconf/postconf_edit.c.
+
+	Bitrot: shut up useless warnings about Cyrus SASL call-back
+	function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
+	xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.
+
+20120404
+
+	Cleanup: added smtpd_sender_login_maps to the default
+	proxy_read_maps value. Files: global/mail_params.h,
+	proxymap/proxymap.c.
+
+	Cleanup: weed out stale TODO's from the WISHLIST, and moved
+	some CYA text from WISHLIST into the code. Files: WISHLIST,
+	smtpd/smtpd_proxy.c.
diff --git a/postfix/WISHLIST b/postfix/WISHLIST
index 177c81f0e..d14932296 100644
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -6,13 +6,8 @@ Wish list:
 
 	Things to do after the stable release:
 
-	Connection cache protocol: avoid mixing mail streams
-	with different source IP address reputations. For example,
-	allow additional tags upon store operations that can be
-	specified in requests.
- 
-	smtpd: make implicit sender/recipient checks play along
-	with defer_if_reject.
+	Don't forget Apple's code donation for fetching mail from
+	IMAP server.
 
 	postscreen: in the dummy SMTP engine, log the protocol state
 	at time of violation (like smtpd, set state->where initially
@@ -23,10 +18,14 @@ Wish list:
 	wrong place (how whitelisting works). Move it to the section
 	about configuring postscreen.
 
-	Before proxymap can be exposed to the network to share,
-	e.g., postscreen or verify caches, need to enforce limits
-	on attribute string length in IPC protocols.  10-20KB seems
-	OK. The VSTREAM library already supports read/write deadlines.
+	Before proxymap can be exposed to the network (primarily
+	to share postscreen or verify caches), need to enforce
+	limits on attribute string name and value length in IPC
+	protocols.  10-20KB seems OK. We need to enforce content
+	sanity checks (for example, no control characters; Postfix
+	does not pass around multi-line data in table lookups). The
+	VSTREAM library already supports read/write deadlines.  We
+	need to use attack-resistant code for numeric conversion.
 
 	move flush_init() etc. from defer service clients to the
 	bounce daemon?
@@ -81,8 +80,7 @@ Wish list:
 	of the performance gain of a queue based on append/truncate
 	instead of the much more expensive create/delete.
 
-	Investigate viability of Sendmail socket maps (the moral
-	equivalent of tcp_table(5)), and dns maps.
+	Investigate viability of Sendmail dns maps.
 
 	Check if FILTER_README has the "postsuper -r" workaround
 
@@ -148,9 +146,6 @@ Wish list:
 	whitelisting database before the primary MX connection is
 	closed, because a client may still make a mistake.
 
-	Don't forget Apple's code donation for fetching mail from
-	IMAP server.
-
 	Simplify postscreen logic. Individual "fail" flags help to
 	avoid repeated testing/logging the same mistake.  Individual
 	"pass" flags provide evidence that the client didn't skip
@@ -262,24 +257,6 @@ Wish list:
 
 	IF/ENDIF support for CIDR tables.
 
-	Make postconf aware of local_, smtp_, etc. parameter names
-	that have prefixes derived from mail delivery transport
-	names, LDAP/SQL table names, spawn(8) services, and so on.
-	Clearly, it is wrong to assume that all "unix" master.cf
-	entries are delivery agents (though it may be OK for postconf
-	to peek in master.cf when given a parameter with an unknown
-	prefix). This requires a new main.cf parameter (delivery_prefixes?)
-	that lists all known mail delivery transport names. postconf
-	can safely ignore names that don't exist in master.cf, and
-	qmgr_transport_create() can safely warn about a name that
-	isn't listed in that new main.cf parameter. A similar
-	parameter would be needed for spawn(8) services (spawn_prefixes?)
-	and for legacy-style database "sources" (database_prefixes?).
-	The spawn(8) daemon could warn if the service name is not
-	listed in main.cf, and the LDAP/SQL/etc.  drivers could
-	warn if a legacy-style database source is not listed in
-	main.cf.
-
 	Need a regular expression table to translate address
 	verification responses into hard/soft/accept reply codes.
 
@@ -315,12 +292,6 @@ Wish list:
 	to the error or retry mailer; and bounce-after-delivery is
 	asynchrounous so it can't block the queue manager, either.
 
-	Add smtpd_sender_login_maps to proxy_read_maps, and make
-	sure that defaults are set before proxy_read_maps is
-	evaluated. What other parameters are worthy of being
-	whitelisted for proxy access?  Is there a way to automate
-	this decision?
-
 	How to ensure that proxy_read_maps is processed after all
 	its dependencies are initialized, or just bite the bullet
 	and rewrite the parameter initialization code.
@@ -381,22 +352,10 @@ Wish list:
 	SMTP connection caching without storing connections, to
 	improve TLS mail delivery performance.
 
-	postscreen has separate socket budgets for whitelisted
-	clients and for other clients. If we add a dummy SMTP engine
-	then we extend the session length for non-whitelisted clients
-	and need to increase the socket budget (or create a new
-	budget class, which complicates the user interface).
-
 	Should not milter8_mail_event() unset the "hold" default
 	reply? Better, the default reply should not be used for
 	this purpose.
 
-	Unescape the pregreeter's HELO command argument so that
-	<CR><LF> don't show up as ??.
-
-	Make postscreen logging easier. Always log connect, then log
-	why the connection is or is not forwarded.
-
 	Don't send MASTER_STAT_TAKEN/MASTER_STAT_AVAIL when a server
 	runs with process limit of 1. But this means the master
 	never learns that the process is successful and will always
@@ -407,21 +366,6 @@ Wish list:
 	lockfile is to avoid thundering herd problems when the kernel
 	wakes up multiple processes for each new client connection.
 
-	Concurrency/speed-matching: invoke a before-queue (smtpd_proxy)
-	filter after the entire message is received, so that fewer
-	filter processes will be running simultaneously.  In some
-	parts of the world, after-queue filtering is problematic.
-
-	This is different than the MailChannels patented solution
-	to multiplex many slow SMTP connections over a few fast
-	SMTP connections. We simply postpone opening the connection
-	to the filter, and rely on the before-filter SMTP server
-	to reject invalid recipients. MailChannels uses one
-	connection-to-MTA to discover invalid recipients, receives
-	the email message with a potentially reduced bitrate, and
-	then uses another connection-to-MTA to deliver the message
-	quickly.
-
 	Implement PREPEND action for milter_header_checks. Save the
 	to-be-prepended text to buffer, then emit it along with the
 	new header.
@@ -441,10 +385,6 @@ Wish list:
 	Either document or remove the internal_mail_filter_classes
 	feature (it's disabled by default).
 
-	"postconf -N" option to print user-defined parameter names
-	(these have no defaults, since they exist only when 
-	specified in main.cf or with "-o name=value").
-
 	Make the "unknown recipient" test configurable as
 	first|last|never, with "yes"=="last" for backwards
 	compatibility. The "first" setting is good for performance
@@ -534,9 +474,6 @@ Wish list:
 	pieces of code when a client attribute is added. Ditto for
 	SASL and TLS context.
 
-	Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof
-	Postfix for remote connections with MSS > 8 kbytes.
-
 	Don't log "warning: XXXXX: undeliverable postmaster
 	notification discarded" for spam from outside.
 
@@ -575,16 +512,9 @@ Wish list:
 
 	Need scache size limit.
 
-	Make postcat header/body aware so people can grep headers.
-	What headers? primary, mime, nested? What body? Does it
-	include the mime and attached headers?
-
 	REDIRECT should override original recipient info, and
 	probably override DSN as well.
 
-	Find out if with Sendmail, a Milter "add recipient" request
-	results in NOTIFY=NONE as Postfix does now.
-
 	Update FILTER_README with mailing list suggestions to tag
 	with a badness indicator and then filter down-stream.
 
@@ -792,8 +722,6 @@ Wish list:
 	This should be documented, or better, the code should warn
 	about attempts to set read-only parameters.
 
-	Low: postconf -e edits parameters that postconf won't list.
-
 	Low: while converting 8bit text to quoted-printable, perhaps
 	use =46rom to avoid having to produce >From when delivering
 	to mailbox.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 11696d673..fd7778a28 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -13538,7 +13538,9 @@ server
 
 <p> The following example uses "\c" at the start of the template
 (supported in Postfix 2.10 and later) to suppress the line break
-between the reply text and the footer text. </p>
+between the reply text and the footer text. With earlier Postfix
+versions, the footer text always begins on a new line, and the "\c"
+is output literally. </p>
 
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index f2e329bae..7c7daaff5 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -8551,7 +8551,9 @@ server
 .PP
 The following example uses "\ec" at the start of the template
 (supported in Postfix 2.10 and later) to suppress the line break
-between the reply text and the footer text.
+between the reply text and the footer text. With earlier Postfix
+versions, the footer text always begins on a new line, and the "\ec"
+is output literally.
 .PP
 .nf
 .na
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index cf5fdfed0..6e54e3a59 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -14158,7 +14158,9 @@ server
 
 <p> The following example uses "\c" at the start of the template
 (supported in Postfix 2.10 and later) to suppress the line break
-between the reply text and the footer text. </p>
+between the reply text and the footer text. With earlier Postfix
+versions, the footer text always begins on a new line, and the "\c"
+is output literally. </p>
 
 <pre>
 /etc/postfix/main.cf:
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 791694897..d1ddd919d 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -2232,6 +2232,7 @@ extern int var_local_rcpt_code;
 				" $" VAR_RELOCATED_MAPS \
 				" $" VAR_TRANSPORT_MAPS \
 				" $" VAR_MYNETWORKS \
+				" $" VAR_SMTPD_SND_AUTH_MAPS \
 				" $" VAR_SEND_BCC_MAPS \
 				" $" VAR_RCPT_BCC_MAPS \
 				" $" VAR_SMTP_GENERIC_MAPS \
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 8ddfcbb4c..4adf80252 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20120330"
+#define MAIL_RELEASE_DATE	"20120404"
 #define MAIL_VERSION_NUMBER	"2.10"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/postconf/postconf_edit.c b/postfix/src/postconf/postconf_edit.c
index fcfe76338..54852d1fe 100644
--- a/postfix/src/postconf/postconf_edit.c
+++ b/postfix/src/postconf/postconf_edit.c
@@ -101,7 +101,7 @@ void    edit_parameters(int mode, int argc, char **argv)
 		msg_fatal("-X or -# requires non-blank parameter names");
 	    if (strchr(cp, '=') != 0)
 		msg_fatal("-X or -# requires parameter names only");
-	    edit_key = mystrdup(cp);
+	    edit_key = cp;
 	    trimblanks(edit_key, 0);
 	    edit_val = 0;
 	} else {
diff --git a/postfix/src/proxymap/proxymap.c b/postfix/src/proxymap/proxymap.c
index cf4e3929b..b0110c3cc 100644
--- a/postfix/src/proxymap/proxymap.c
+++ b/postfix/src/proxymap/proxymap.c
@@ -256,6 +256,7 @@ char   *var_rcpt_canon_maps;
 char   *var_relocated_maps;
 char   *var_transport_maps;
 char   *var_verify_map;
+char   *var_smtpd_snd_auth_maps;
 char   *var_psc_cache_map;
 char   *var_proxy_read_maps;
 char   *var_proxy_write_maps;
@@ -730,6 +731,7 @@ int     main(int argc, char **argv)
 	VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0,
 	VAR_TRANSPORT_MAPS, DEF_TRANSPORT_MAPS, &var_transport_maps, 0, 0,
 	VAR_VERIFY_MAP, DEF_VERIFY_MAP, &var_verify_map, 0, 0,
+	VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0,
 	VAR_PSC_CACHE_MAP, DEF_PSC_CACHE_MAP, &var_psc_cache_map, 0, 0,
 	/* The following two must be last for $mapname to work as expected. */
 	VAR_PROXY_READ_MAPS, DEF_PROXY_READ_MAPS, &var_proxy_read_maps, 0, 0,
diff --git a/postfix/src/smtp/smtp_reuse.c b/postfix/src/smtp/smtp_reuse.c
index 0eb989f18..9737025df 100644
--- a/postfix/src/smtp/smtp_reuse.c
+++ b/postfix/src/smtp/smtp_reuse.c
@@ -24,6 +24,10 @@
 /*	This module implements the SMTP client specific interface to
 /*	the generic session cache infrastructure.
 /*
+/*	Each cached connection identifier includes the name of the
+/*	mail delivery service. Thus, cached connections are not
+/*	shared between different services.
+/*
 /*	smtp_save_session() stores the current session under the
 /*	next-hop logical destination (if available) and under the
 /*	remote server address.  The SMTP_SESSION object is destroyed.
diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c
index 03a3aa837..f77885436 100644
--- a/postfix/src/smtpd/smtpd_proxy.c
+++ b/postfix/src/smtpd/smtpd_proxy.c
@@ -581,6 +581,21 @@ static int smtpd_proxy_replay_send(SMTPD_STATE *state)
      * Replay the speed-match log. We do sanity check record content, but we
      * don't implement a protocol state engine here, since we are reading
      * from a file that we just wrote ourselves.
+     * 
+     * This is different than the MailChannels patented solution that
+     * multiplexes a large number of slowed-down inbound connections over a
+     * small number of fast connections to a local MTA.
+     * 
+     * - MailChannels receives mail directly from the Internet. It uses one
+     * connection to the local MTA to reject invalid recipients before
+     * receiving the entire email message at reduced bit rates, and then uses
+     * a different connection to quickly deliver the message to the local
+     * MTA.
+     * 
+     * - Postfix receives mail directly from the Internet. The Postfix SMTP
+     * server rejects invalid recipients before receiving the entire message
+     * over the Internet, and then delivers the message quickly to a local
+     * SMTP-based content filter.
      */
     if (replay_buf == 0)
 	replay_buf = vstring_alloc(100);
diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h
index 0ae91c839..da52fd8f3 100644
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@@ -63,8 +63,6 @@ extern const NAME_CODE tls_level_table[];
 #include <name_mask.h>
 #include <name_code.h>
 
-#define TLS_BIO_BUFSIZE	8192
-
  /*
   * Names of valid tlsmgr(8) session caches.
   */
diff --git a/postfix/src/xsasl/xsasl_cyrus.h b/postfix/src/xsasl/xsasl_cyrus.h
index 5e78dcd2b..ad8557ed5 100644
--- a/postfix/src/xsasl/xsasl_cyrus.h
+++ b/postfix/src/xsasl/xsasl_cyrus.h
@@ -26,6 +26,11 @@
 extern XSASL_SERVER_IMPL *xsasl_cyrus_server_init(const char *, const char *);
 extern XSASL_CLIENT_IMPL *xsasl_cyrus_client_init(const char *, const char *);
 
+ /*
+  * Internal definitions for client and server module.
+  */
+typedef int (*XSASL_CYRUS_CB) (void);
+
 #endif
 
 /* LICENSE
diff --git a/postfix/src/xsasl/xsasl_cyrus_client.c b/postfix/src/xsasl/xsasl_cyrus_client.c
index 16a098c07..5ba1c4bae 100644
--- a/postfix/src/xsasl/xsasl_cyrus_client.c
+++ b/postfix/src/xsasl/xsasl_cyrus_client.c
@@ -223,7 +223,7 @@ XSASL_CLIENT_IMPL *xsasl_cyrus_client_init(const char *unused_client_type,
      * Global callbacks. These have no per-session context.
      */
     static sasl_callback_t callbacks[] = {
-	{SASL_CB_LOG, &xsasl_cyrus_log, 0},
+	{SASL_CB_LOG, (XSASL_CYRUS_CB) &xsasl_cyrus_log, 0},
 	{SASL_CB_LIST_END, 0, 0}
     };
 
@@ -302,9 +302,9 @@ XSASL_CLIENT *xsasl_cyrus_client_create(XSASL_CLIENT_IMPL *unused_impl,
 {
     XSASL_CYRUS_CLIENT *client = 0;
     static sasl_callback_t callbacks[] = {
-	{SASL_CB_USER, &xsasl_cyrus_client_get_user, 0},
-	{SASL_CB_AUTHNAME, &xsasl_cyrus_client_get_user, 0},
-	{SASL_CB_PASS, &xsasl_cyrus_client_get_passwd, 0},
+	{SASL_CB_USER, (XSASL_CYRUS_CB) &xsasl_cyrus_client_get_user, 0},
+	{SASL_CB_AUTHNAME, (XSASL_CYRUS_CB) &xsasl_cyrus_client_get_user, 0},
+	{SASL_CB_PASS, (XSASL_CYRUS_CB) &xsasl_cyrus_client_get_passwd, 0},
 	{SASL_CB_LIST_END, 0, 0}
     };
     sasl_conn_t *sasl_conn = 0;
diff --git a/postfix/src/xsasl/xsasl_cyrus_server.c b/postfix/src/xsasl/xsasl_cyrus_server.c
index 78bb4df17..202e8db45 100644
--- a/postfix/src/xsasl/xsasl_cyrus_server.c
+++ b/postfix/src/xsasl/xsasl_cyrus_server.c
@@ -170,7 +170,7 @@ static const char *xsasl_cyrus_server_get_username(XSASL_SERVER *);
 #define NO_CALLBACK_CONTEXT	0
 
 static sasl_callback_t callbacks[] = {
-    {SASL_CB_LOG, &xsasl_cyrus_log, NO_CALLBACK_CONTEXT},
+    {SASL_CB_LOG, (XSASL_CYRUS_CB) &xsasl_cyrus_log, NO_CALLBACK_CONTEXT},
     {SASL_CB_LIST_END, 0, 0}
 };