From d46974e0688fd3b0969a4187be9626a5b51e19e1 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Wed, 23 Jan 2008 00:00:00 -0500 Subject: [PATCH] postfix-2.5.1-RC1 --- postfix/HISTORY | 23 +++++++++++++++++ postfix/README_FILES/QSHAPE_README | 2 +- postfix/conf/master.cf | 2 +- postfix/conf/post-install | 33 +++++++++++++++++------- postfix/html/QSHAPE_README.html | 2 +- postfix/proto/QSHAPE_README.html | 2 +- postfix/src/global/dict_ldap.c | 41 +++++++++++++++++------------- postfix/src/global/mail_version.h | 2 +- 8 files changed, 75 insertions(+), 32 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 59862c25a..4d830a156 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14277,3 +14277,26 @@ Apologies for any names omitted. to mumble_destination_rate_delay, because it really is a per-destination feature. With this change we keep the option of implementing a future per-transport rate delay. + +20080125 + + Bugfix (introduced 20071216): missing {} in the LDAP client + broke OpenLDAP TLS. The setting tls_require_cert=no was + further broken because Postfix used OpenLDAP incorrectly. + Victor Duchovni. This broke tls_require_cert=no File: + global/dict_ldap.c. + +20080130 + + Bugfix (introduced 20071204): wrong proxywrite process limit + in the default master.cf file. File: conf/master.cf. + +20080201 + + Workaround: pick up a missing data_directory setting from + main.cf when "postfix start" is invoked with an obsolete + postfix command. File: conf/post-install. + + Workaround (introduced 20071204): update the wrong proxywrite + process limit when upgrading an already installed default + master.cf file. File: conf/post-install. diff --git a/postfix/README_FILES/QSHAPE_README b/postfix/README_FILES/QSHAPE_README index 3e8877caa..4a56b6166 100644 --- a/postfix/README_FILES/QSHAPE_README +++ b/postfix/README_FILES/QSHAPE_README @@ -400,7 +400,7 @@ delivery attempts. slow unix - - n - 1 smtp -o fallback_relay=problem.example.com -o smtp_connect_timeout=1 - -o smtp_cache_connection=no + -o smtp_connection_cache_on_demand=no This solution forces the Postfix smtp(8) client to wait for $smtp_connect_timeout seconds between deliveries. The connection caching diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 0ec4c6604..b665952ff 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -32,7 +32,7 @@ trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap -proxywrite unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp diff --git a/postfix/conf/post-install b/postfix/conf/post-install index 245edfaef..010d18a69 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -141,6 +141,8 @@ # directory should be in the command search path of adminstrative users. # .IP queue_directory # The directory for Postfix queues. +# .IP data_directory +# The directory for Postfix writable data files (caches, etc.). # .IP sendmail_path # The full pathname for the Postfix sendmail command. # This is the Sendmail-compatible mail posting interface. @@ -164,6 +166,7 @@ # The directory for the Postfix on-line manual pages. # .IP sample_directory # The directory for the Postfix sample configuration files. +# This feature is obsolete as of Postfix 2.1. # .IP readme_directory # The directory for the Postfix README files. # SEE ALSO @@ -190,6 +193,10 @@ SHELL=/bin/sh IFS=" " BACKUP_IFS="$IFS" +MOST_PARAMETERS="command_directory daemon_directory data_directory + html_directory mail_owner mailq_path manpage_directory + newaliases_path queue_directory readme_directory sample_directory + sendmail_path setgid_group" USAGE="Usage: $0 [name=value] command create-missing Create missing queue directories. @@ -302,9 +309,7 @@ grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || { # Extract parameter settings from the installed main.cf file. test -f $config_directory/main.cf && { - for name in daemon_directory command_directory queue_directory mail_owner \ - setgid_group sendmail_path newaliases_path mailq_path \ - html_directory manpage_directory sample_directory readme_directory + for name in $MOST_PARAMETERS do eval junk=\$$name case "$junk" in @@ -348,9 +353,7 @@ done # via environment, or via installed configuration files. missing= -for name in daemon_directory command_directory queue_directory mail_owner \ - setgid_group sendmail_path newaliases_path mailq_path manpage_directory \ - readme_directory html_directory +for name in $MOST_PARAMETERS do eval test -n \"\$$name\" || missing="$missing $name" done @@ -383,9 +386,7 @@ POSTCONF="$command_directory/postconf" # Save settings, allowing command line/environment override. override= -for name in daemon_directory command_directory queue_directory mail_owner \ - setgid_group sendmail_path newaliases_path mailq_path manpage_directory \ - sample_directory readme_directory html_directory +for name in $MOST_PARAMETERS do eval test \"\$$name\" = \"`$POSTCONF -c $config_directory -h $name`\" || { override=1 @@ -398,6 +399,7 @@ test -n "$override" && { "daemon_directory = $daemon_directory" \ "command_directory = $command_directory" \ "queue_directory = $queue_directory" \ + "data_directory = $data_directory" \ "mail_owner = $mail_owner" \ "setgid_group = $setgid_group" \ "sendmail_path = $sendmail_path" \ @@ -668,6 +670,19 @@ proxywrite unix - - n - 1 proxymap EOF } + # Fix a typo in the default master.cf proxywrite entry. + + grep '^proxywrite.*-[ ]*proxymap' $config_directory/master.cf >/dev/null && { + echo Editing $config_directory/master.cf, setting proxywrite process limit to 1 + ed $config_directory/master.cf <fallback_rel slow unix - - n - 1 smtp -o fallback_relay=problem.example.com -o smtp_connect_timeout=1 - -o smtp_cache_connection=no + -o smtp_connection_cache_on_demand=no diff --git a/postfix/proto/QSHAPE_README.html b/postfix/proto/QSHAPE_README.html index 2c82b4f63..2ba89f91a 100644 --- a/postfix/proto/QSHAPE_README.html +++ b/postfix/proto/QSHAPE_README.html @@ -547,7 +547,7 @@ smtp_connect_timeout value.

slow unix - - n - 1 smtp -o fallback_relay=problem.example.com -o smtp_connect_timeout=1 - -o smtp_cache_connection=no + -o smtp_connection_cache_on_demand=no diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c index 8122a683a..4877e863d 100644 --- a/postfix/src/global/dict_ldap.c +++ b/postfix/src/global/dict_ldap.c @@ -488,58 +488,63 @@ static int dict_ldap_set_tls_options(DICT_LDAP *dict_ldap) if (dict_ldap->start_tls || dict_ldap->ldap_ssl) { if (*dict_ldap->tls_random_file) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_RANDOM_FILE, - dict_ldap->tls_random_file)) != LDAP_SUCCESS) + dict_ldap->tls_random_file)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_random_file to %s: %d: %s", myname, dict_ldap->tls_random_file, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_ca_cert_file) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, - dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS) + dict_ldap->tls_ca_cert_file)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_ca_cert_file to %s: %d: %s", myname, dict_ldap->tls_ca_cert_file, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_ca_cert_dir) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, - dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS) + dict_ldap->tls_ca_cert_dir)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_ca_cert_dir to %s: %d: %s", myname, dict_ldap->tls_ca_cert_dir, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_cert) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, - dict_ldap->tls_cert)) != LDAP_SUCCESS) + dict_ldap->tls_cert)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_cert to %s: %d: %s", myname, dict_ldap->tls_cert, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_key) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, - dict_ldap->tls_key)) != LDAP_SUCCESS) + dict_ldap->tls_key)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_key to %s: %d: %s", myname, dict_ldap->tls_key, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } if (*dict_ldap->tls_cipher_suite) { if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, - dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS) + dict_ldap->tls_cipher_suite)) != LDAP_SUCCESS) { msg_warn("%s: Unable to set tls_cipher_suite to %s: %d: %s", myname, dict_ldap->tls_cipher_suite, rc, ldap_err2string(rc)); - return (-1); + return (-1); + } } - if (dict_ldap->tls_require_cert) { - if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, - &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS) - msg_warn("%s: Unable to set tls_require_cert to %d: %d: %s", - myname, dict_ldap->tls_require_cert, - rc, ldap_err2string(rc)); + if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, + &(dict_ldap->tls_require_cert))) != LDAP_SUCCESS) { + msg_warn("%s: Unable to set tls_require_cert to %d: %d: %s", + myname, dict_ldap->tls_require_cert, + rc, ldap_err2string(rc)); return (-1); } } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index f729cfce2..93a5389f7 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -21,7 +21,7 @@ * patchlevel; they change the release date only. */ #define MAIL_RELEASE_DATE "20080123" -#define MAIL_VERSION_NUMBER "2.5.0" +#define MAIL_VERSION_NUMBER "2.5.1-RC1" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE