diff --git a/postfix/HISTORY b/postfix/HISTORY index 56d3ee3c1..71bdbd73c 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -25553,3 +25553,22 @@ Apologies for any names omitted. Cleanup: in the Postfix SMTP and LMTP client, prepend Return-Path and other headers in the same order as in other Postfix delivery agents. Adi Prasaja. File: smtp/smtp_proto.c. + +20210428 + + Documentation: update by Paul Menzel. File: proto/SASL_README.html. + +20210529 + + Cleanup: simplified master.cf stanzas for the submission + and submissions (formerly: smtps) services, to avoid + surprising warnings for undefined mua_smtpd_xxx_restrictions + parameters. File: conf/master.cf. + + Bugfix (introduced: Postfix 2.11): "postmap lmdb:/file/name" + handled duplicate keys ungracefully, with a dangling pointer + resulting in a double free() call with lmdb versions 0.9.17 + and later. Reported by Adi Prasaja, root cause analysis by + Howard Chu. In addition, "postmap lmdb:/file/name" forgot + entries stored up to and including the duplicate key. File: + util/slmdb.c. diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index c0e42ad67..0feebc7f5 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -1313,7 +1313,7 @@ BBuuiillddiinngg CCyyrruuss SSAASSLL ssuuppppoorrtt BBuuiillddiinngg tthhee CCyyrruuss SSAASSLL lliibbrraarryy Postfix works with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x, which are available -from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/. +from https://github.com/cyrusimap/cyrus-sasl/releases. IImmppoorrttaanntt diff --git a/postfix/RELEASE_NOTES-3.6 b/postfix/RELEASE_NOTES-3.6 index 887464104..d8ac90cc7 100644 --- a/postfix/RELEASE_NOTES-3.6 +++ b/postfix/RELEASE_NOTES-3.6 @@ -25,6 +25,54 @@ more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. +Major changes - internal protocol identification +------------------------------------------------ + +[Incompat 20200920] Internal protocols have changed. You need to +"postfix stop" before updating, or before backing out to an earlier +release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, +postscreen) may fail to communicate with the rest of Postfix, causing +mail delivery delays until Postfix is restarted. + +This change does not affect message files in Postfix queue directories, +only the communication between running Postfix programs. + +With this change, every Postfix internal service, including the postdrop +command, announces the name of its protocol before doing any other I/O. +Every Postfix client program, including the Postfix sendmail command, +will verify that the protocol name matches what it is supposed to be. + +The purpose of this change is to produce better error messages, for +example, when someone configures the discard daemon as a bounce +service in master.cf, or vice versa. + +This change may break third-party programs that implement a +Postfix-internal protocol such as qpsmtpd. Such programs have never +been supported. Fortunately, this will be an easy fix: look at the +first data from the cleanup daemon: if it is a protocol announcement, +you're talking to Postfix 3.6 or later. That's the only real change. + +Major changes - tls +------------------- + +[Incompat 20200705] The minimum supported OpenSSL version is 1.1.1, +which will reach the end of life by 2023-09-11. Postfix 3.6 is +expected to reach the end of support in 2025. Until then, Postfix +will be updated as needed for compatibility with OpenSSL. + +The default fingerprint digest has changed from md5 to sha256 (Postfix +3.6 with compatibility_level >= 3.6). With a lower compatibility_level +setting, Postfix defaults to using md5, and logs a warning when a Postfix +configuration specifies no explicit digest type. + +Export-grade Diffie-Hellman key exchange is no longer supported, +and the tlsproxy_tls_dh512_param_file parameter is ignored, + +[Feature 20200906] The tlstype.pl helper script by Viktor Dukhovni +reports TLS information per message delivery. This processes output +from the collate.pl script. See auxiliary/collate/README.tlstype and +auxiliary/collate/tlstype.pl. + Major changes - compatibility level ----------------------------------- @@ -37,75 +85,17 @@ omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2. This also introduces main.cf and master.cf support for the <=level, to transport=local - -This will usually be followed by logging for an actual delivery: - - postfix/local[pid]: queueid: to=, relay=local, ... - -Other examples: the local delivery agent defers mailbox delivery -through mailbox_transport or through fallback_transport. - -Major changes - dns lookups ---------------------------- - -[Feature 20200509] The threadsafe resolver API (res_nxxx() calls) is now -the default, not because the API is threadsafe, but because new features -are being added there. - -To build old style, build with: - - make makefiles CCARGS="-DNO_RES_NCALLS..." - -This is also the default for systems that are known not to support -the threadsafe resolver API. - -Major changes - error logging ------------------------------ - -[Incompat 20200531] Postfix programs will now log "Application error" -instead of "Success" or "Unknown error: 0" when an operation fails with -errno == 0. - -Major changes - internal protocol identification ------------------------------------------------- - -[Incompat 20200920] Internal protocols have changed. You need to -"postfix stop" before updating, or before backing out to an earlier -release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, -postscreen) may fail to communicate with the rest of Postfix, causing -warnings or timeouts. - -The purpose of this change is to produce better error messages, for -example, when someone configures the discard daemon as a bounce -service in master.cf, or vice versa. - -This change will break third-party programs that implement a -Postfix-internal protocol such as qpsmtpd. This is not a Postfix bug: -programs that depend on Postfix internal details have never been -supported. - -Major changes - known tcp ports -------------------------------- - -[Feature 20210418] The new "known_tcp_ports" configuration parameter -reduces Postfix dependency on the services(5) database. On some systems -the port 465 service is called "smtps", and on other systems it is called -"submissions". The default known_tcp_ports value is "lmtp=24, smtp=25, -smtps=submissions=465, submission=587". +[Feature 20210418] Postfix no longer uses the services(5) database +to look up the TCP ports for SMTP and LMTP services. Instead, this +information is configured with the new known_tcp_ports configuration +parameter (default: lmtp=24, smtp=25, smtps=submissions=465, +submission=587). When a service is not specified in known_tcp_ports, +Postfix will still query the services(5) database. Major changes - local_login_sender_maps --------------------------------------- @@ -120,8 +110,8 @@ space or comma. The default is backwards-compatible: every user may specify any sender envelope address. This feature is enforced by the postdrop command. When no UNIX login -name is available, the Postfix postdrop command will prepend "uid:" -to the numerical UID and use that instead. +name is available, the postdrop command will prepend "uid:" to the +numerical UID and use that instead. This feature ignores address extensions in the user-specified envelope sender address. @@ -223,19 +213,13 @@ no" permanent in main.cf, for example: To stop the reminder, configure the respectful_logging parameter to "yes" or "no", or configure "compatibility_level = 3.6". -Major changes - smtpd_sasl_mechanism_list ------------------------------------------ - -[Feature 20200906] The smtpd_sasl_mechanism_list parameter (default: -!external, static:rest) prevents confusing errors when a SASL backend -announces EXTERNAL support which Postfix does not support. - Major changes - threaded bounces -------------------------------- -[Feature 20201205] Support for threaded bounces. This allows mail readers -to present a bounce, delay, or success delivery notification in the same -email thread as the original message. +[Feature 20201205] Support for threaded bounces. This allows mail +readers to present a non-delivery, delayed delivery, or successful +delivery notification in the same email thread as the original +message. Unfortunately, this also makes it easy for users to mistakenly delete the whole email thread (all related messages), instead of deleting @@ -243,22 +227,51 @@ only the delivery status notification. To enable, specify "enable_threaded_bounces = yes". -Major changes - tls -------------------- +Other changes - smtpd_sasl_mechanism_list +----------------------------------------- -[Incompat 20200705] The minimum OpenSSL version is 1.1.1, which will -reach the end of life by 2023-09-11. +[Feature 20200906] The smtpd_sasl_mechanism_list parameter (default: +!external, static:rest) prevents confusing errors when a SASL backend +announces EXTERNAL support which Postfix does not support. -The default digest has changed from md5 to sha256 (Postfix 3.6 with -compatibility_level >= 3). With a lower compatibility_level setting, -Postfix defaults to using md5, and logs a warning when a Postfix -configuration specifies no explicit digest type. +Other changes - delivery logging +-------------------------------- -Export-grade Diffie-Hellman key exchange is no longer supported, -and the tlsproxy_tls_dh512_param_file parameter is ignored, +[Incompat 20200531] Postfix delivery agents now log an explicit record +when delegating delivery to a different Postfix delivery agent. -[Feature 20200906] The tlstype.pl helper script by Viktor Dukhovni -reports TLS information per message delivery. This processes output -from the collate.pl script. See auxiliary/collate/README.tlstype and -auxiliary/collate/tlstype.pl. +For example, with "best_mx_transport = local", an SMTP delivery +agent will now log when a recipient will be delivered locally. This +makes the delegating delivery agent visible, where it would otherwise +have remained invisible, which would complicate troubleshooting. + postfix/smtp[pid]: queueid: passing to transport=local + +This will usually be followed by logging for an actual delivery: + + postfix/local[pid]: queueid: to=, relay=local, ... + +Other examples: the local delivery agent will log a record that it +defers mailbox delivery through mailbox_transport or through +fallback_transport. + +Other changes - error logging +----------------------------- + +[Incompat 20200531] Postfix programs will now log "Application error" +instead of "Success" or "Unknown error: 0" when an operation fails with +errno == 0, i.e., the error originates from non-kernel code. + +Other changes - dns lookups +--------------------------- + +[Feature 20200509] The threadsafe resolver API (res_nxxx() calls) +is now the default, not because the API is threadsafe, but because +this is the API where new features are being added. + +To build old style, build with: + + make makefiles CCARGS="-DNO_RES_NCALLS..." + +This is the default for systems that are known not to support the +threadsafe resolver API. diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 68543440f..4220165db 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -22,24 +22,32 @@ smtp inet n - n - - smtpd # -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes # -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -# Choose one: enable smtps for loopback clients only, or for any client. -#127.0.0.1:smtps inet n - n - - smtpd -#smtps inet n - n - - smtpd -# -o syslog_name=postfix/smtps +# Choose one: enable submssions for loopback clients only, or for any client. +#127.0.0.1:submssions inet n - n - - smtpd +#submssions inet n - n - - smtpd +# -o syslog_name=postfix/submissions # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# Instead of specifying complex smtpd__restrictions here, +# specify "smtpd__restrictions=$mua__restrictions" +# here, and specify mua__restrictions in main.cf (where +# "" is "client", "helo", "sender", "relay", or "recipient"). +# -o smtpd_client_restrictions= +# -o smtpd_helo_restrictions= +# -o smtpd_sender_restrictions= +# -o smtpd_relay_restrictions= +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html index 8fe305110..82407e7fa 100644 --- a/postfix/html/SASL_README.html +++ b/postfix/html/SASL_README.html @@ -2077,7 +2077,7 @@ options into the above command line; see the LDAP_REA

Building the Cyrus SASL library

Postfix works with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x, which are -available from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/.

+available from https://github.com/cyrusimap/cyrus-sasl/releases.

diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 1b8f72f16..4cce2fbd1 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -7676,7 +7676,8 @@ separator. See the MILTER_README document for d (default: resource, software)

-The list of error classes that are reported to the postmaster. The +The list of error classes that are reported to the postmaster. These +postmaster notifications do not replace user notifications. The default is to report only the most serious problems. The paranoid may wish to turn on the policy (UCE and mail relaying) and protocol error (broken mail software) reports. @@ -11330,7 +11331,7 @@ href="https://tools.ietf.org/html/rfc7672">DANE is not applicable to hosts resolved via "native" lookups.

As mentioned above, Postfix is not a validating stub +href="https://tools.ietf.org/html/rfc4035#section-4.9">stub resolver; it relies on the system's configured DNSSEC-validating recursive nameserver to perform all DNSSEC validation. Since this @@ -18768,7 +18769,7 @@ whitespace. Each digest name may be followed by an optional "=<number>" suffix. For example, "sha512" may instead be specified as "sha512=2" and "sha256" may instead be specified as "sha256=1". The optional number must match the https://www.iana.org/assignments/dane-parameters/dane-parameters.xhtml#matching-types" >IANA assigned TLSA matching type number the algorithm in question. Postfix will check this constraint for the algorithms it knows about. Additional matching type algorithms registered with IANA can be added @@ -18935,7 +18936,7 @@ is unwise to choose an "bleeding-edge" curve supported by only a small subset of clients.

The default "strong" curve is rated in NSA Suite +href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite B for information classified up to SECRET.

Note: elliptic curve names are poorly standardized; different @@ -18976,7 +18977,7 @@ curve must be implemented by OpenSSL (as reported by ecparam(1) with the of RFC 4492. You should not generally change this setting.

This default "ultra" curve is rated in NSA Suite +href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite B for information classified up to TOP SECRET.

If you want to take maximal advantage of ciphers that offer ) { # Hyperlink URLs and RFC documents - s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; + s/(https?:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; s/\bRFC\s*([1-9]\d*)/$&<\/a>/g; diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html index 89a9162a6..932ef727b 100644 --- a/postfix/proto/SASL_README.html +++ b/postfix/proto/SASL_README.html @@ -2077,7 +2077,7 @@ TLS_README for details.

Building the Cyrus SASL library

Postfix works with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x, which are -available from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/.

+available from https://github.com/cyrusimap/cyrus-sasl/releases.

diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 12e1cc5c7..9a0420848 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -3149,7 +3149,8 @@ myorigin = $mydomain %PARAM notify_classes resource, software

-The list of error classes that are reported to the postmaster. The +The list of error classes that are reported to the postmaster. These +postmaster notifications do not replace user notifications. The default is to report only the most serious problems. The paranoid may wish to turn on the policy (UCE and mail relaying) and protocol error (broken mail software) reports. diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b5edc1513..bf8a0fa72 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20210424" +#define MAIL_RELEASE_DATE "20210529" #define MAIL_VERSION_NUMBER "3.7" #ifdef SNAPSHOT diff --git a/postfix/src/util/slmdb.c b/postfix/src/util/slmdb.c index cee054619..f817f8f4b 100644 --- a/postfix/src/util/slmdb.c +++ b/postfix/src/util/slmdb.c @@ -582,11 +582,15 @@ int slmdb_put(SLMDB *slmdb, MDB_val *mdb_key, * Do the update. */ if ((status = mdb_put(txn, slmdb->dbi, mdb_key, mdb_value, flags)) != 0) { - mdb_txn_abort(txn); if (status != MDB_KEYEXIST) { + mdb_txn_abort(txn); if ((status = slmdb_recover(slmdb, status)) == 0) status = slmdb_put(slmdb, mdb_key, mdb_value, flags); SLMDB_API_RETURN(slmdb, status); + } else { + /* Key exists, abort non-bulk transaction only. */ + if (slmdb->txn == 0) + mdb_txn_abort(txn); } }