mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-23 02:17:44 +00:00
Code Issues Releases Wiki Activity

postfix-2.7-20090803

Browse Source
This commit is contained in:
Wietse Venema 2009-08-03 00:00:00 -05:00 committed by Viktor Dukhovni
parent e35ad99081
commit d42f0b6b3f
8 changed files with 83 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
postfix/HISTORY
View File

@ -15324,3 +15324,20 @@ Apologies for any names omitted.
Cleanup: ${multi_instance_name:postfix}${multi_instance_name Cleanup: ${multi_instance_name:postfix}${multi_instance_name
?$multi_instance_name} garbage in Postfix logging is now ?$multi_instance_name} garbage in Postfix logging is now
hopefully gone. File: global/mail_task.c. hopefully gone. File: global/mail_task.c.
20090715
Documentation: as of Postfix 2.6, the reject_unauth_pipelining
feature can be used meaningfully at any protocol stage.
File: proto/postconf.proto.
20090803
Workaround: with some local DNS servers including BIND, it
is possible that A or MX lookups succeed, while NS lookups
for the same domains time out. Spammers use this to avoid
access restrictions. To deal with future variations of
this, check_{client,helo,sender,etc}_{mx,ns,etc}_access no
longer tolerate any lookup failures. Instead, they reply
with $access_map_defer_code or $access_map_reject_code as
appropriate. File: smtpd/smtpd_check.c.

16
postfix/RELEASE_NOTES
View File

@ -14,6 +14,22 @@ specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 2.5 or earlier, read RELEASE_NOTES-2.6 If you upgrade from Postfix 2.5 or earlier, read RELEASE_NOTES-2.6
before proceeding. before proceeding.
Incompatibility with snapshot 20090803-nonprod
==============================================
The check_{client,helo,sender,etc}_{mx,ns,etc}_access features no
longer tolerate any lookup failures. Instead, they now reply with
$access_map_defer_code or $access_map_reject_code as appropriate.
The reason for this change is that spammers are using tricks where
A or MX lookups succeed while NS lookups for the same domains fail,
depending local DNS infrastructure details. The change deals with
future variants of this anomalous behavior.
As a side effect, non-existent domain names in HELO commands will
now trigger a REJECT action with check_helo_{mx,ns}_access, where
previously such commands were silently permitted.
Incompatibility with snapshot 20090606 Incompatibility with snapshot 20090606
====================================== ======================================

13
postfix/conf/postmulti-script
View File

@ -229,15 +229,10 @@ deport)
destroy) destroy)
# "postmulti -e destroy" will remove an entire instance only # "postmulti -e destroy" will remove an entire instance only when
# when invoked immediately after "postmulti -e create". Trying # invoked immediately after "postmulti -e create" (i.e. before
# to remove more files is too dangerous. # other files are added to the instance). We delete only known
# # safe names without "/".
# By design, postfix-owned directory trees are not trusted, and
# any action within those directory trees must not affect files
# outside those trees (e.g. via symlink race attacks). Therefore
# we use only known-to-be-safe names and nothing with a / because
# that could be subject to races.
# #
QUEUE_SUBDIRS="active bounce corrupt defer deferred flush hold \ QUEUE_SUBDIRS="active bounce corrupt defer deferred flush hold \
incoming maildrop pid private public saved trace" incoming maildrop pid private public saved trace"

14
postfix/html/postconf.5.html
View File

@ -10735,11 +10735,15 @@ of time where it is not allowed, or when the client sends SMTP
commands ahead of time without knowing that Postfix actually supports commands ahead of time without knowing that Postfix actually supports
ESMTP command pipelining. This stops mail from bulk mail software ESMTP command pipelining. This stops mail from bulk mail software
that improperly uses ESMTP command pipelining in order to speed up that improperly uses ESMTP command pipelining in order to speed up
deliveries. <br> Note: <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> is not useful deliveries.
outside <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> when 1) the client uses ESMTP (EHLO <br> With Postfix 2.6 and later, the SMTP server sets a per-session
instead of HELO) and 2) with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (the flag whenever it detects illegal pipelining, including pipelined
default). The use of <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> in the other EHLO or HELO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply
restriction contexts is therefore not recommended. </dd> tests whether the flag was set at any point in time during the
session.
<br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks
the current status of the input read queue, and its usage is not
recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>. </dd>
<dt><b><a name="reject">reject</a></b></dt> <dt><b><a name="reject">reject</a></b></dt>

14
postfix/man/man5/postconf.5
View File

@ -6574,11 +6574,15 @@ ESMTP command pipelining. This stops mail from bulk mail software
that improperly uses ESMTP command pipelining in order to speed up that improperly uses ESMTP command pipelining in order to speed up
deliveries. deliveries.
.br .br
Note: reject_unauth_pipelining is not useful With Postfix 2.6 and later, the SMTP server sets a per-session
outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO flag whenever it detects illegal pipelining, including pipelined
instead of HELO) and 2) with "smtpd_delay_reject = yes" (the EHLO or HELO commands. The reject_unauth_pipelining feature simply
default). The use of reject_unauth_pipelining in the other tests whether the flag was set at any point in time during the
restriction contexts is therefore not recommended. session.
.br
With older Postfix versions, reject_unauth_pipelining checks
the current status of the input read queue, and its usage is not
recommended in contexts other than smtpd_data_restrictions.
.IP "\fBreject\fR" .IP "\fBreject\fR"
Reject the request. This restriction is useful at the end of Reject the request. This restriction is useful at the end of
a restriction list, to make the default policy explicit. The a restriction list, to make the default policy explicit. The

14
postfix/proto/postconf.proto
View File

@ -4939,11 +4939,15 @@ of time where it is not allowed, or when the client sends SMTP
commands ahead of time without knowing that Postfix actually supports commands ahead of time without knowing that Postfix actually supports
ESMTP command pipelining. This stops mail from bulk mail software ESMTP command pipelining. This stops mail from bulk mail software
that improperly uses ESMTP command pipelining in order to speed up that improperly uses ESMTP command pipelining in order to speed up
deliveries. <br> Note: reject_unauth_pipelining is not useful deliveries.
outside smtpd_data_restrictions when 1) the client uses ESMTP (EHLO <br> With Postfix 2.6 and later, the SMTP server sets a per-session
instead of HELO) and 2) with "smtpd_delay_reject = yes" (the flag whenever it detects illegal pipelining, including pipelined
default). The use of reject_unauth_pipelining in the other EHLO or HELO commands. The reject_unauth_pipelining feature simply
restriction contexts is therefore not recommended. </dd> tests whether the flag was set at any point in time during the
session.
<br> With older Postfix versions, reject_unauth_pipelining checks
the current status of the input read queue, and its usage is not
recommended in contexts other than smtpd_data_restrictions. </dd>
<dt><b><a name="reject">reject</a></b></dt> <dt><b><a name="reject">reject</a></b></dt>

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20090712" #define MAIL_RELEASE_DATE "20090803"
#define MAIL_VERSION_NUMBER "2.7" #define MAIL_VERSION_NUMBER "2.7"
#ifdef SNAPSHOT #ifdef SNAPSHOT

20
postfix/src/smtpd/smtpd_check.c
View File

@ -2575,7 +2575,14 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
if (dns_status != DNS_OK) { if (dns_status != DNS_OK) {
msg_warn("Unable to look up %s host for %s: %s", dns_strtype(type), msg_warn("Unable to look up %s host for %s: %s", dns_strtype(type),
domain && domain[1] ? domain : name, dns_strerror(h_errno)); domain && domain[1] ? domain : name, dns_strerror(h_errno));
return (SMTPD_CHECK_DUNNO); /* No mercy for DNS failure. */
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
dns_status == DNS_NOTFOUND ?
var_map_reject_code : var_map_defer_code,
smtpd_dsn_fix("4.1.8", reply_class),
"<%s>: %s rejected: %s",
reply_name, reply_class,
"Domain not found"));
} }
/* /*
@ -2600,7 +2607,16 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
msg_warn("Unable to look up %s host %s for %s %s: %s", msg_warn("Unable to look up %s host %s for %s %s: %s",
dns_strtype(type), (char *) server->data, dns_strtype(type), (char *) server->data,
reply_class, reply_name, MAI_STRERROR(aierr)); reply_class, reply_name, MAI_STRERROR(aierr));
continue; /* No mercy for DNS failure. */
status = smtpd_check_reject(state,
MAIL_ERROR_POLICY,
aierr == EAI_NONAME ?
var_map_reject_code : var_map_defer_code,
smtpd_dsn_fix("4.1.8", reply_class),
"<%s>: %s rejected: %s",
reply_name, reply_class,
"Domain not found");
CHECK_SERVER_RETURN(status);
} }
/* Now we must also free the addrinfo result. */ /* Now we must also free the addrinfo result. */
if (msg_verbose) if (msg_verbose)