mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-01 14:45:32 +00:00
Code Issues Releases Wiki Activity

postfix-2.3-20051121

Browse Source
This commit is contained in:
Wietse Venema
2005-11-21 00:00:00 -05:00
committed by Viktor Dukhovni
parent 9e9cfc29e9
commit c6d6830caf
8 changed files with 94 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
postfix/HISTORY
View File

@@ -11424,6 +11424,18 @@ Apologies for any names omitted.
code that handles unavailable transports or destinations. code that handles unavailable transports or destinations.
Files: *qmgr/qmgr_deliver.c. Files: *qmgr/qmgr_deliver.c.
20051121
Workaround: do not build the bounce.cf.default template
while compiling Postfix - it breaks when the default
mail_owner etc. accounts don't exist. Reported by Liviu
Daia.
Compatibility: added permit_auth_destination emulation to
the permit_mx_backup feature. This avoids surprises with
sites that used permit_mx_backup to authorize all their
incoming mail.
Open problems: Open problems:
"postsuper -r" no longer resets the message arrival time, "postsuper -r" no longer resets the message arrival time,

8
postfix/RELEASE_NOTES
View File

@@ -17,6 +17,14 @@ Incompatibility with Postfix 2.1 and earlier
If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2 If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
before proceeding. before proceeding.
Incompatibility with snapshot 20051121
======================================
For compatibility reasons, the permit_mx_backup feature will accept
mail for authorized destinations (see permit_mx_backup for definition).
Only with other destinations will it require that the local MTA is
listed as non-primary MX.
Incompatibility with snapshot 20051120 Incompatibility with snapshot 20051120
====================================== ======================================

34
postfix/html/postconf.5.html
View File

@@ -8299,22 +8299,28 @@ contains no sender-specified routing (user@elsewhere@domain).
<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt> <dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>
<dd>Permit the request when the local mail system is MX host for <dd>Permit the request when the local mail system is backup MX for
the RCPT TO address. This includes the case that the local mail the RCPT TO address, or when the address is an authorized destination
system is the final destination. However, the SMTP server will not (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition).
forward mail with addresses that have sender-specified routing
information (example: user@elsewhere@domain). Use the optional
<a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> parameter to require that the primary
MX hosts match a list of network blocks. <br> NOTE: prior to
Postfix version 2.0, use of <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> is not recommended;
mail may be rejected in case of a temporary DNS lookup problem.
<br> NOTE: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> requires <ul>
that the local MTA is not listed as primary MX for the recipient
domain. This is for safety reasons.
<br> NOTE: use of <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> is not recommended without <li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> does not accept addresses that have
restricting its use with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>. </dd> sender-specified routing information (example: user@elsewhere@domain).
<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> can be vulnerable to mis-use when
access is not restricted with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>.
<li> Safety: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> no longer
accepts the address when the local mail system is primary MX for
the recipient domain. Exception: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> accepts the address
when it specifies an authorized destination (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a>
for definition).
<li> Limitation: mail may be rejected in case of a temporary DNS
lookup problem with Postfix prior to version 2.0.
</ul></dd>
<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt> <dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt>

36
postfix/man/man5/postconf.5
View File

@@ -4769,24 +4769,24 @@ matches $mydestination, $inet_interfaces, $proxy_interfaces,
$virtual_alias_domains, or $virtual_mailbox_domains, and the address $virtual_alias_domains, or $virtual_mailbox_domains, and the address
contains no sender-specified routing (user@elsewhere@domain). contains no sender-specified routing (user@elsewhere@domain).
.IP "\fBpermit_mx_backup\fR" .IP "\fBpermit_mx_backup\fR"
Permit the request when the local mail system is MX host for Permit the request when the local mail system is backup MX for
the RCPT TO address. This includes the case that the local mail the RCPT TO address, or when the address is an authorized destination
system is the final destination. However, the SMTP server will not (see permit_auth_destination for definition).
forward mail with addresses that have sender-specified routing .IP \(bu
information (example: user@elsewhere@domain). Use the optional Safety: permit_mx_backup does not accept addresses that have
permit_mx_backup_networks parameter to require that the primary sender-specified routing information (example: user@elsewhere@domain).
MX hosts match a list of network blocks. .IP \(bu
.br Safety: permit_mx_backup can be vulnerable to mis-use when
NOTE: prior to access is not restricted with permit_mx_backup_networks.
Postfix version 2.0, use of permit_mx_backup is not recommended; .IP \(bu
mail may be rejected in case of a temporary DNS lookup problem. Safety: as of Postfix version 2.3, permit_mx_backup no longer
.br accepts the address when the local mail system is primary MX for
NOTE: as of Postfix version 2.3, permit_mx_backup requires the recipient domain. Exception: permit_mx_backup accepts the address
that the local MTA is not listed as primary MX for the recipient when it specifies an authorized destination (see permit_auth_destination
domain. This is for safety reasons. for definition).
.br .IP \(bu
NOTE: use of permit_mx_backup is not recommended without Limitation: mail may be rejected in case of a temporary DNS
restricting its use with permit_mx_backup_networks. lookup problem with Postfix prior to version 2.0.
.IP "\fBreject_non_fqdn_recipient\fR" .IP "\fBreject_non_fqdn_recipient\fR"
Reject the request when the RCPT TO address is not in Reject the request when the RCPT TO address is not in
fully-qualified domain form, as required by the RFC. fully-qualified domain form, as required by the RFC.

34
postfix/proto/postconf.proto
View File

@@ -5192,22 +5192,28 @@ contains no sender-specified routing (user@elsewhere@domain).
<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt> <dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>
<dd>Permit the request when the local mail system is MX host for <dd>Permit the request when the local mail system is backup MX for
the RCPT TO address. This includes the case that the local mail the RCPT TO address, or when the address is an authorized destination
system is the final destination. However, the SMTP server will not (see permit_auth_destination for definition).
forward mail with addresses that have sender-specified routing
information (example: user@elsewhere@domain). Use the optional
permit_mx_backup_networks parameter to require that the primary
MX hosts match a list of network blocks. <br> NOTE: prior to
Postfix version 2.0, use of permit_mx_backup is not recommended;
mail may be rejected in case of a temporary DNS lookup problem.
<br> NOTE: as of Postfix version 2.3, permit_mx_backup requires <ul>
that the local MTA is not listed as primary MX for the recipient
domain. This is for safety reasons.
<br> NOTE: use of permit_mx_backup is not recommended without <li> Safety: permit_mx_backup does not accept addresses that have
restricting its use with permit_mx_backup_networks. </dd> sender-specified routing information (example: user@elsewhere@domain).
<li> Safety: permit_mx_backup can be vulnerable to mis-use when
access is not restricted with permit_mx_backup_networks.
<li> Safety: as of Postfix version 2.3, permit_mx_backup no longer
accepts the address when the local mail system is primary MX for
the recipient domain. Exception: permit_mx_backup accepts the address
when it specifies an authorized destination (see permit_auth_destination
for definition).
<li> Limitation: mail may be rejected in case of a temporary DNS
lookup problem with Postfix prior to version 2.0.
</ul></dd>
<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt> <dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt>

10
postfix/src/bounce/Makefile.in
View File

@@ -19,16 +19,19 @@ LIBS = ../../lib/libmaster.a ../../lib/libglobal.a ../../lib/libutil.a
.c.o:; $(CC) $(CFLAGS) -c $*.c .c.o:; $(CC) $(CFLAGS) -c $*.c
all: $(PROG) ../../conf/bounce.cf.default
$(PROG): $(OBJS) $(LIBS) $(PROG): $(OBJS) $(LIBS)
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS) $(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
# Avoid dependency on installed Postfix. # Eliminate dependency on installed Postfix.
../../conf/bounce.cf.default: $(PROG) annotate.pl main.cf ../../conf/bounce.cf.default: template_test.ref annotate.pl
rm -f $@ rm -f $@
MAIL_CONFIG=. ./$(PROG) -SVzndump_templates | perl annotate.pl >$@ perl annotate.pl <template_test.ref >$@
main.cf: main.cf:
echo queue_directory=. >main.cf echo queue_directory=. >main.cf
echo myhostname=example.com >>main.cf
$(OBJS): ../../conf/makedefs.out $(OBJS): ../../conf/makedefs.out
@@ -62,6 +65,7 @@ clean:
tidy: clean tidy: clean
# Avoid dependency on installed Postfix. # Avoid dependency on installed Postfix.
# XXX This still requires that default_privs, mail_owner etc. accounts exist.
template_test: $(PROG) main.cf template_test.ref template_test: $(PROG) main.cf template_test.ref
MAIL_CONFIG=. ./$(PROG) -SVzndump_templates >template_test.tmp MAIL_CONFIG=. ./$(PROG) -SVzndump_templates >template_test.tmp
diff template_test.ref template_test.tmp diff template_test.ref template_test.tmp

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20051120" #define MAIL_RELEASE_DATE "20051121"
#define MAIL_VERSION_NUMBER "2.3" #define MAIL_VERSION_NUMBER "2.3"
#ifdef SNAPSHOT #ifdef SNAPSHOT

17
postfix/src/smtpd/smtpd_check.c
View File

@@ -1560,26 +1560,23 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
reject_dict_retry(state, recipient); reject_dict_retry(state, recipient);
/* /*
* If the destination is local, it is acceptable, because we are * For backwards compatibility, emulate permit_auth_destination. However,
* supposedly MX for our own address. * old permit_mx_backup implementations allow source routing with local
* address class.
*/ */
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0) if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_OK);
domain += 1; domain += 1;
#if 0
if (reply->flags & RESOLVE_CLASS_LOCAL) if (reply->flags & RESOLVE_CLASS_LOCAL)
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_OK);
#endif
/*
* Skip source-routed non-local or virtual mail (uncertain destination).
*/
if (var_allow_untrust_route == 0 && (reply->flags & RESOLVE_FLAG_ROUTED)) if (var_allow_untrust_route == 0 && (reply->flags & RESOLVE_FLAG_ROUTED))
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
/*
* The destination is local, or it is a local virtual destination.
*/
if (reply->flags & RESOLVE_CLASS_FINAL) if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_OK);
if (reply->flags & RESOLVE_CLASS_RELAY)
return (SMTPD_CHECK_OK);
if (msg_verbose) if (msg_verbose)
msg_info("%s: not local: %s", myname, recipient); msg_info("%s: not local: %s", myname, recipient);