diff --git a/postfix/HISTORY b/postfix/HISTORY
index a0d8abad1..7a37c64a1 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -5436,15 +5436,16 @@ Apologies for any names omitted.
20010907
Workaround: the Postfix qmqp-source program produced mail
- not ending in newline that qmail-qmqpd accepts but that
- qmail-remote was unable to deliver. Matthias Andree,
+ not ending in newline. qmail-qmqpd accepts such mail, but
+ qmail-remote is unable to deliver it. Matthias Andree,
uni-dortmund.de. File: smtpstone/qmqp-source.c.
20010910
- Bugfix: smtp-sink broke when RCPT TO commands crossed a
- network packet boundary. Problem reported by Matthias
- Andree, uni-dortmund.de. File: smtpstone/smtp-sink.c.
+ Bugfix: the smtp-sink stress test program broke when RCPT
+ TO commands crossed network packet boundaries. Problem
+ reported by Matthias Andree, uni-dortmund.de. File:
+ smtpstone/smtp-sink.c.
20010917
@@ -5453,7 +5454,7 @@ Apologies for any names omitted.
additional restriction via the permit_mx_backup_networks
parameter (accept mail only if the primary MX hosts match
the specified list of network blocks). This second restriction
- is now entirely optional, for backwards compatiblity.
+ is now entirely optional, for backwards compatibility.
Bugfix: an address extension could be appended multiple
times to the result of a canonical or virtual map lookup.
@@ -5469,21 +5470,27 @@ Apologies for any names omitted.
20010918
Bugfix: the mail_addr_map() fix was almost but not quite
- right. It took two really clever people and several iterations
- of email to really fix the mail_addr_map() problem. Thanks
+ right. It took two clever people and several iterations of
+ email to really fix the mail_addr_map() problem. Thanks
to Victor Duchovni and Liviu Daia.
20011006
Cleanup: Postfix no longer flushes the whole deferred queue
- after an ETRN request for a random domain name; the SMTP
+ after an ETRN request for a random domain name (i.e. a
+ domain name not matched by $fast_flush_domains); the SMTP
server instead replies with "459 service unavailable".
Files: smtpd/smtpd.c, global/flush_clnt.c, flush/flush.c.
+20011008
+
+ Bugfix: there was a minute memory leak when an smtpd access
+ restriction is misconfigured. File: smtpd/smtpd_check.c.
+
Open problems:
Minor: The $process_id_directory setting is not used anywhere
in Postfix. Problem reported by Michael Smith, texas.net.
- Medium: address rewriting should be configurable for envelopes
- and headers.
+ Medium: address rewriting should be on/off configurable
+ for envelopes and/or headers.
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 8f2adc18a..e7a70b177 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,16 +1,24 @@
-Incompatible changes with snapshot-20011007
+Incompatible changes with snapshot-20011008
===========================================
-Postfix no longer flushes the whole queue after an ETRN request
-for a random domain name. Requests for random domain names are now
+The Postfix SMTP server now rejects requests with a generic "try
+again later" status (451 Server configuration error) when it detects
+an error in smtp_{client,helo,sender,recipient,etrn}_restrictions
+settings. More details about the problem are logged to the syslogd;
+sending such information to random clients would be inappropriate.
+
+Postfix no longer flushes the entire mail queue after receiving an
+ETRN request for a random domain name. Requests for random domain
+names (i.e. names that do not match $fast_flush_domains) are now
rejected instead.
-The permit_mx_backup feature has changed. It accepts mail when the
-local machine is listed in the DNS as MX relay host for the given
-destination. The optional permit_mx_backup_networks parameter can
-further require that the primary MX hosts for the given destinations
-match specific network blocks. This optional restriction is off by
-default.
+The permit_mx_backup behavior is back to the behavior before snapshot
+20010808. It accepts mail whenever the local MTA is listed in the
+DNS as an MX relay host for a destination, even when you never gave
+permission to do so. To restrict use of this feature, specify
+network address blocks via the permit_mx_backup_networks parameter.
+This requires that the primary MX hosts for the given destination
+match the specified network blocks.
Incompatible changes with snapshot-20010808
===========================================
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index 923af8b0c..511567d6f 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -58,9 +58,9 @@ SMTPD(8) SMTPD(8)
Compatibility controls
strict_rfc821_envelopes
- Disallow non-RFC 821 style addresses in envelopes.
- For example, allow RFC822-style address forms with
- comments, like Sendmail does.
+ Disallow non-RFC 821 style addresses in SMTP com-
+ mands. For example, the RFC822-style address forms
+ with comments that Sendmail allows.
broken_sasl_auth_clients
Support older Microsoft clients that mis-implement
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index b69bb2132..182338e7f 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -70,8 +70,8 @@ a configuration change.
.ad
.fi
.IP \fBstrict_rfc821_envelopes\fR
-Disallow non-RFC 821 style addresses in envelopes. For example,
-allow RFC822-style address forms with comments, like Sendmail does.
+Disallow non-RFC 821 style addresses in SMTP commands. For example,
+the RFC822-style address forms with comments that Sendmail allows.
.IP \fBbroken_sasl_auth_clients\fR
Support older Microsoft clients that mis-implement the AUTH
protocol, and that expect an EHLO response of "250 AUTH=list"
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 93a957b2a..f6824de79 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20011007"
+#define DEF_MAIL_VERSION "Snapshot-20011008"
extern char *var_mail_version;
/* LICENSE
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index 113a6c30c..58fcdbe29 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -56,8 +56,8 @@
/* .ad
/* .fi
/* .IP \fBstrict_rfc821_envelopes\fR
-/* Disallow non-RFC 821 style addresses in envelopes. For example,
-/* allow RFC822-style address forms with comments, like Sendmail does.
+/* Disallow non-RFC 821 style addresses in SMTP commands. For example,
+/* the RFC822-style address forms with comments that Sendmail allows.
/* .IP \fBbroken_sasl_auth_clients\fR
/* Support older Microsoft clients that mis-implement the AUTH
/* protocol, and that expect an EHLO response of "250 AUTH=list"
diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c
index a781fd320..afbe44e62 100644
--- a/postfix/src/smtpd/smtpd_check.c
+++ b/postfix/src/smtpd/smtpd_check.c
@@ -1380,6 +1380,7 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
char *myname = "check_table_result";
int code;
ARGV *restrictions;
+ jmp_buf savebuf;
int status;
if (msg_verbose)
@@ -1456,8 +1457,21 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
* Recursively evaluate the restrictions given in the right-hand side. In
* the dark ages, an empty right-hand side meant OK. Make some
* discouraging comments.
+ *
+ * XXX Jump some hoops to avoid a minute memory leak in case of a file
+ * configuration error.
*/
+#define ADDROF(x) ((char *) &(x))
+
restrictions = argv_split(value, " \t\r\n,");
+ memcpy(ADDROF(savebuf), ADDROF(smtpd_check_buf), sizeof(savebuf));
+ status = setjmp(smtpd_check_buf);
+ if (status != 0) {
+ argv_free(restrictions);
+ memcpy(ADDROF(smtpd_check_buf), ADDROF(savebuf),
+ sizeof(smtpd_check_buf));
+ longjmp(smtpd_check_buf, status);
+ }
if (restrictions->argc == 0) {
msg_warn("SMTPD access map %s entry %s has empty value",
table, value);
@@ -1776,7 +1790,7 @@ static int reject_maps_rbl(SMTPD_STATE *state)
/* is_map_command - restriction has form: check_xxx_access type:name */
static int is_map_command(SMTPD_STATE *state, const char *name,
- const char *command, char ***argp)
+ const char *command, char ***argp)
{
/*
@@ -2324,6 +2338,13 @@ char *smtpd_check_size(SMTPD_STATE *state, off_t size)
{
char *myname = "smtpd_check_size";
struct fsspace fsbuf;
+ int status;
+
+ /*
+ * Return here in case of serious trouble.
+ */
+ if ((status = setjmp(smtpd_check_buf)) != 0)
+ return (status == SMTPD_CHECK_REJECT ? STR(error_text) : 0);
/*
* Avoid overflow/underflow when comparing message size against available
@@ -2399,6 +2420,7 @@ char *var_virtual_maps;
char *var_virt_mailbox_maps;
char *var_relocated_maps;
char *var_local_rcpt_maps;
+char *var_perm_mx_networks;
typedef struct {
char *name;
@@ -2420,6 +2442,7 @@ static STRING_TABLE string_table[] = {
VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps,
VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps,
VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps,
+ VAR_PERM_MX_NETWORKS, DEF_PERM_MX_NETWORKS, &var_perm_mx_networks, 0, 0,
0,
};
diff --git a/postfix/src/smtpstone/smtp-sink.c b/postfix/src/smtpstone/smtp-sink.c
index f94594cda..5ff346b88 100644
--- a/postfix/src/smtpstone/smtp-sink.c
+++ b/postfix/src/smtpstone/smtp-sink.c
@@ -5,11 +5,10 @@
/* multi-threaded SMTP/LMTP test server
/* SYNOPSIS
/* .fi
-/* \fBsmtp-sink\fR [\fB-cLpv\fR] [\fB-n \fIcount\fR] [\fB-w \fIdelay\fR]
-/* [\fBinet:\fR][\fIhost\fR]:\fIport\fR \fIbacklog\fR
+/* \fBsmtp-sink\fR [\fIoptions\fR] [\fBinet:\fR][\fIhost\fR]:\fIport\fR
+/* \fIbacklog\fR
/*
-/* \fBsmtp-sink\fR [\fB-cLpv\fR] [\fB-n \fIcount\fR] [\fB-w \fIdelay\fR]
-/* \fBunix:\fR\fIpathname\fR \fIbacklog\fR
+/* \fBsmtp-sink\fR [\fIoptions\fR] \fBunix:\fR\fIpathname\fR \fIbacklog\fR
/* DESCRIPTION
/* \fIsmtp-sink\fR listens on the named host (or address) and port.
/* It takes SMTP messages from the network and throws them away.
@@ -26,8 +25,7 @@
/* .IP \fB-L\fR
/* Speak LMTP rather than SMTP.
/* .IP "\fB-n \fIcount\fR"
-/* Terminate after \fIcount\fR sessions. This is for memory leak
-/* testing purposes.
+/* Terminate after \fIcount\fR sessions. This is for testing purposes.
/* .IP \fB-p\fR
/* Disable ESMTP command pipelining.
/* .IP \fB-v\fR
@@ -36,11 +34,13 @@
/* Wait \fIdelay\fR seconds before responding to a DATA command.
/* .IP [\fBinet:\fR][\fIhost\fR]:\fIport\fR
/* Listen on network interface \fIhost\fR (default: any interface)
-/* TCP port \fIport\fR.
+/* TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be
+/* specified in numeric or symbolic form.
/* .IP \fBunix:\fR\fIpathname\fR
/* Listen on the UNIX-domain socket at \fIpathname\fR.
/* .IP \fIbacklog\fR
-/* The maximum length the queue of pending connections.
+/* The maximum length the queue of pending connections,
+/* as defined by the listen(2) call.
/* SEE ALSO
/* smtp-source, SMTP/LMTP test message generator
/* LICENSE
diff --git a/postfix/src/smtpstone/smtp-source.c b/postfix/src/smtpstone/smtp-source.c
index c12b0f430..d315c9429 100644
--- a/postfix/src/smtpstone/smtp-source.c
+++ b/postfix/src/smtpstone/smtp-source.c
@@ -9,7 +9,8 @@
/*
/* \fBsmtp-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR
/* DESCRIPTION
-/* smtp-source connects to the named host and TCP port (default port 25)
+/* smtp-source connects to the named \fIhost\fR and TCP \fIport\fR
+/* (default: port 25)
/* and sends one or more messages to it, either sequentially
/* or in parallel. The program speaks either SMTP (default) or
/* LMTP. Connections can be made to UNIX-domain and IPV4 servers.