postfix-2.3-20051121

2025-08-30 05:38:06 +00:00 · 2005-11-21 00:00:00 -05:00 · 2005-11-21 00:00:00 -05:00 · c6d6830caf
commit c6d6830caf
parent 9e9cfc29e9
8 changed files with 94 additions and 61 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -11424,6 +11424,18 @@ Apologies for any names omitted.
 	code that handles unavailable transports or destinations.
 	Files: *qmgr/qmgr_deliver.c.

+20051121
+
+	Workaround: do not build the bounce.cf.default template
+	while compiling Postfix  - it breaks when the default
+	mail_owner etc. accounts don't exist.  Reported by Liviu
+	Daia.
+
+	Compatibility: added permit_auth_destination emulation to
+	the permit_mx_backup feature. This avoids surprises with
+	sites that used permit_mx_backup to authorize all their
+	incoming mail.
+
 Open problems:

 	"postsuper -r" no longer resets the message arrival time,
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -17,6 +17,14 @@ Incompatibility with Postfix 2.1 and earlier
 If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
 before proceeding.

+Incompatibility with snapshot 20051121
+======================================
+
+For compatibility reasons, the permit_mx_backup feature will accept
+mail for authorized destinations (see permit_mx_backup for definition).
+Only with other destinations will it require that the local MTA is
+listed as non-primary MX.
+
 Incompatibility with snapshot 20051120
 ======================================

--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -8299,22 +8299,28 @@ contains no sender-specified routing (user@elsewhere@domain).

 <dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>

-<dd>Permit the request when the local mail system is MX host for
-the RCPT TO address. This includes the case that the local mail
-system is the final destination. However, the SMTP server will not
-forward mail with addresses that have sender-specified routing
-information (example: user@elsewhere@domain).  Use the optional
-<a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> parameter to require that the primary
-MX hosts match a list of network blocks. <br> NOTE: prior to
-Postfix version 2.0, use of <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> is not recommended;
-mail may be rejected in case of a temporary DNS lookup problem.
+<dd>Permit the request when the local mail system is backup MX for
+the RCPT TO address, or when the address is an authorized destination
+(see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition).

-<br> NOTE: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> requires
-that the local MTA is not listed as primary MX for the recipient
-domain.  This is for safety reasons.
+<ul>

-<br> NOTE: use of <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> is not recommended without
-restricting its use with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>. </dd>
+<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> does not accept addresses that have
+sender-specified routing information (example: user@elsewhere@domain).
+
+<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> can be vulnerable to mis-use when
+access is not restricted with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>.
+
+<li> Safety: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> no longer
+accepts the address when the local mail system is primary MX for
+the recipient domain.  Exception: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> accepts the address
+when it specifies an authorized destination (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a>
+for definition).
+
+<li> Limitation: mail may be rejected in case of a temporary DNS
+lookup problem with Postfix prior to version 2.0.
+
+</ul></dd>

 <dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt>

--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -4769,24 +4769,24 @@ matches $mydestination, $inet_interfaces, $proxy_interfaces,
 $virtual_alias_domains, or $virtual_mailbox_domains, and the address
 contains no sender-specified routing (user@elsewhere@domain).
 .IP "\fBpermit_mx_backup\fR"
-Permit the request when the local mail system is MX host for
-the RCPT TO address. This includes the case that the local mail
-system is the final destination. However, the SMTP server will not
-forward mail with addresses that have sender-specified routing
-information (example: user@elsewhere@domain).  Use the optional
-permit_mx_backup_networks parameter to require that the primary
-MX hosts match a list of network blocks.
-.br
-NOTE: prior to
-Postfix version 2.0, use of permit_mx_backup is not recommended;
-mail may be rejected in case of a temporary DNS lookup problem.
-.br
-NOTE: as of Postfix version 2.3, permit_mx_backup requires
-that the local MTA is not listed as primary MX for the recipient
-domain.  This is for safety reasons.
-.br
-NOTE: use of permit_mx_backup is not recommended without
-restricting its use with permit_mx_backup_networks.
+Permit the request when the local mail system is backup MX for
+the RCPT TO address, or when the address is an authorized destination
+(see permit_auth_destination for definition).
+.IP \(bu
+Safety: permit_mx_backup does not accept addresses that have
+sender-specified routing information (example: user@elsewhere@domain).
+.IP \(bu
+Safety: permit_mx_backup can be vulnerable to mis-use when
+access is not restricted with permit_mx_backup_networks.
+.IP \(bu
+Safety: as of Postfix version 2.3, permit_mx_backup no longer
+accepts the address when the local mail system is primary MX for
+the recipient domain.  Exception: permit_mx_backup accepts the address
+when it specifies an authorized destination (see permit_auth_destination
+for definition).
+.IP \(bu
+Limitation: mail may be rejected in case of a temporary DNS
+lookup problem with Postfix prior to version 2.0.
 .IP "\fBreject_non_fqdn_recipient\fR"
 Reject the request when the RCPT TO address is not in
 fully-qualified domain form, as required by the RFC.
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -5192,22 +5192,28 @@ contains no sender-specified routing (user@elsewhere@domain).

 <dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>

-<dd>Permit the request when the local mail system is MX host for
-the RCPT TO address. This includes the case that the local mail
-system is the final destination. However, the SMTP server will not
-forward mail with addresses that have sender-specified routing
-information (example: user@elsewhere@domain).  Use the optional
-permit_mx_backup_networks parameter to require that the primary
-MX hosts match a list of network blocks. <br> NOTE: prior to
-Postfix version 2.0, use of permit_mx_backup is not recommended;
-mail may be rejected in case of a temporary DNS lookup problem.
+<dd>Permit the request when the local mail system is backup MX for
+the RCPT TO address, or when the address is an authorized destination
+(see permit_auth_destination for definition).

-<br> NOTE: as of Postfix version 2.3, permit_mx_backup requires
-that the local MTA is not listed as primary MX for the recipient
-domain.  This is for safety reasons.
+<ul>

-<br> NOTE: use of permit_mx_backup is not recommended without
-restricting its use with permit_mx_backup_networks. </dd>
+<li> Safety: permit_mx_backup does not accept addresses that have
+sender-specified routing information (example: user@elsewhere@domain).
+
+<li> Safety: permit_mx_backup can be vulnerable to mis-use when
+access is not restricted with permit_mx_backup_networks.
+
+<li> Safety: as of Postfix version 2.3, permit_mx_backup no longer
+accepts the address when the local mail system is primary MX for
+the recipient domain.  Exception: permit_mx_backup accepts the address
+when it specifies an authorized destination (see permit_auth_destination
+for definition).
+
+<li> Limitation: mail may be rejected in case of a temporary DNS
+lookup problem with Postfix prior to version 2.0.
+
+</ul></dd>

 <dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt>

--- a/postfix/src/bounce/Makefile.in
+++ b/postfix/src/bounce/Makefile.in
@ -19,16 +19,19 @@ LIBS	= ../../lib/libmaster.a ../../lib/libglobal.a ../../lib/libutil.a

 .c.o:;  $(CC) $(CFLAGS) -c $*.c

+all:	$(PROG) ../../conf/bounce.cf.default
+
 $(PROG):	$(OBJS) $(LIBS)
 	$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)

-# Avoid dependency on installed Postfix.
-../../conf/bounce.cf.default: $(PROG) annotate.pl main.cf
+# Eliminate dependency on installed Postfix.
+../../conf/bounce.cf.default: template_test.ref annotate.pl
 	rm -f $@
-	MAIL_CONFIG=. ./$(PROG) -SVzndump_templates | perl annotate.pl >$@
+	perl annotate.pl <template_test.ref >$@

 main.cf:
 	echo queue_directory=. >main.cf
+	echo myhostname=example.com >>main.cf

 $(OBJS): ../../conf/makedefs.out

@ -62,6 +65,7 @@ clean:
 tidy:	clean

 # Avoid dependency on installed Postfix.
+# XXX This still requires that default_privs, mail_owner etc. accounts exist.
 template_test: $(PROG) main.cf template_test.ref
 	MAIL_CONFIG=. ./$(PROG) -SVzndump_templates >template_test.tmp
 	diff template_test.ref template_test.tmp
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20051120"
+#define MAIL_RELEASE_DATE	"20051121"
 #define MAIL_VERSION_NUMBER	"2.3"

 #ifdef SNAPSHOT
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@ -1560,26 +1560,23 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
 	reject_dict_retry(state, recipient);

    /*
-     * If the destination is local, it is acceptable, because we are
-     * supposedly MX for our own address.
+     * For backwards compatibility, emulate permit_auth_destination. However,
+     * old permit_mx_backup implementations allow source routing with local
+     * address class.
     */
    if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
 	return (SMTPD_CHECK_OK);
    domain += 1;
+#if 0
    if (reply->flags & RESOLVE_CLASS_LOCAL)
 	return (SMTPD_CHECK_OK);
-
-    /*
-     * Skip source-routed non-local or virtual mail (uncertain destination).
-     */
+#endif
    if (var_allow_untrust_route == 0 && (reply->flags & RESOLVE_FLAG_ROUTED))
 	return (SMTPD_CHECK_DUNNO);
-
-    /*
-     * The destination is local, or it is a local virtual destination.
-     */
    if (reply->flags & RESOLVE_CLASS_FINAL)
 	return (SMTPD_CHECK_OK);
+    if (reply->flags & RESOLVE_CLASS_RELAY)
+	return (SMTPD_CHECK_OK);

    if (msg_verbose)
 	msg_info("%s: not local: %s", myname, recipient);
@ -1617,7 +1614,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
     */
    mx_list = dns_rr_sort(mx_list, dns_rr_compare_pref);
    for (middle = mx_list; /* see below */ ; middle = rest) {
-	rest = middle->next; 
+	rest = middle->next;
 	if (rest == 0)
 	    break;
 	if (rest->pref != mx_list->pref) {