mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 05:07:58 +00:00
Code Issues Releases Wiki Activity

postfix-2.11-20130324

Browse Source
This commit is contained in:
Wietse Venema 2013-03-24 00:00:00 -05:00 committed by Viktor Dukhovni
parent 08af253a2a
commit d6cbbf1d8b
42 changed files with 896 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
postfix/HISTORY
View File

@ -18291,10 +18291,58 @@ Apologies for any names omitted.
20130319
Postfix support for LMDB databases is withdrawn due to the
Postfix support for LMDB databases is suspended due to the
existence of a hard limit (an "out of storage" failure mode
that cannot be resolved by increasing the database size).
Postfix may support LMDB again when without exceptions all
"out of storage" failure modes are resolved by increasing
the database size.
Postfix may support LMDB again when it no longer limits the
size of Postfix transactions, whether the limit is built
into LMDB itself, or implicit by requiring an unbounded
amount of memory to handle a large transaction.
20130322
Documentation: smtp_skip_5xx_greeting wording updated to
reflect text in RFC 2821, which appears to say that a 554
greeting is not a hard delivery error (note that RFC 2821
was published later than smtp_skip_5xx_greeting). File:
proto/postconf.proto.
20130324
Workaround: MacOS 10.8 (Darwin 12) getrlimit(RLIMIT_NOFILE)
incorrectly reports that rlim_max, the hard limit on the
number of open files per process, is equal to RLIM_INFINITY
(i.e. no limit is enforced). In reality, setrlimit(RLIMIT_NOFILE)
rejects requests where rlim_cur, the current limit, contains
any value > kern.maxfilesperproc. Axel Luttgens. File:
util/open_limit.c.
Portability: MacOS 10.8 (Darwin 12) kqueue support works.
Axel Luttgens. Files: makedefs.
20130324
Support for anonymous certificates. Viktor Dukhovni. File:
tls/tls_verify.c.
Feature: support for DNSSEC-validated lookups and TLSA
RRsets. Viktor Dukhovni. Files: src/dns/Makefile.in,
src/dns/dns.h, src/dns/dns_lookup.c, src/dns/dns_rr.c,
src/dns/dns_strtype.c, src/dns/test_dns_lookup.c,
Cleanup: the personality switch between "smtp" and "lmtp".
This streamlies the swicth in the SMTP/LMTP protocol, DNS
MX lookups, and configuration parameter names in error
messages. Viktor Dukhovni. Files: src/smtp/smtp.c,
src/smtp/smtp.h, src/smtp/smtp_chat.c, src/smtp/smtp_connect.c,
src/smtp/smtp_proto.c, src/smtp/smtp_rcpt.c,
src/smtp/smtp_sasl_glue.c, src/smtp/smtp_sasl_proto.c,
src/smtp/smtp_session.c, src/smtp/smtp_state.c.
Feature: replace disable_dns_lookups with smtp_dns_support_level,
enable secure DNSSEC lookups in the Postfix SMTP client, and use
the DNSSEC-validated remote SMTP server name to select the SMTP
and TLS policies. Viktor Dukhovni. Files: src/dns/Makefile.in,
src/dns/dns.h, src/dns/dns_lookup.c, src/dns/dns_rr.c,
src/dns/dns_strtype.c, src/dns/test_dns_lookup.c.

11
postfix/README_FILES/LMDB_README
View File

@ -5,12 +5,13 @@ PPoossttffiixx OOppeennLLDDAAPP LLMMDDBB HHoowwttoo
IInnttrroodduuccttiioonn
Note:
Postfix support for LMDB databases is withdrawn due to the existence of a
Postfix support for LMDB databases is suspended due to the existence of a
hard limit (an "out of storage" failure mode that cannot be resolved by
increasing the database size).
Postfix may support LMDB again when without exception all "out of storage"
failure modes are resolved by increasing the database size.
Postfix may support LMDB again when it no longer limits the size of Postfix
transactions, whether the limit is built into LMDB itself, or implicit by
requiring an unbounded amount of memory to handle a large transaction.
Postfix uses databases of various kinds to store and look up information.
Postfix databases are specified as "type:name". OpenLDAP LMDB implements the
@ -26,9 +27,7 @@ This document describes:
3. Missing pthread library trouble.
Note:
The Postfix LMDB client implementation introduces unexpected failure modes
that don't exist with other Postfix databases. Don't just yet abandon CDB.
4. Unexpected failure modes that don't exist with other Postfix databases.
BBuuiillddiinngg PPoossttffiixx wwiitthh OOppeennLLDDAAPP LLMMDDBB ssuuppppoorrtt

8
postfix/RELEASE_NOTES
View File

@ -17,12 +17,14 @@ before proceeding.
Major changes with snapshot 20130319
====================================
Postfix support for LMDB databases is withdrawn due to the existence
Postfix support for LMDB databases is suspended due to the existence
of a hard limit (an "out of storage" failure mode that cannot be
resolved by increasing the database size).
Postfix may support LMDB again when without exception all "out of
storage" failure modes are resolved by increasing the database size.
Postfix may support LMDB again when it no longer limits the size
of Postfix transactions, whether the limit is built into LMDB itself,
or implicit by requiring an unbounded amount of memory to handle a
large transaction.
Major changes with snapshot 20130315
====================================

10
postfix/WISHLIST
View File

@ -8,6 +8,16 @@ Wish list:
Spellcheck and double-word check.
We have smtp_host_lookup, smtp_dns_resolver_options, and
now smtp_dns_support_level. Of these, smtp_dns_resolver_options
is orthogonal but the rest has overlap.
There needs to be support for automatic migration from the
deprecated disable_dns_lookups feature to the preferred
smtp_dns_support_level feature. This support needs to exist
for several releases before the deprecated feature can be
removed.
It would be nice if the result from one table lookup could
serve as input for another (e.g. virtual aliases before the
list of valid recipients). For this to work the magical

17
postfix/html/LMDB_README.html
View File

@ -20,11 +20,12 @@
<h2>Introduction</h2>
<dl> <dt> Note: </dt> <dd> <p> Postfix support for LMDB databases
is withdrawn due to the existence of a hard limit (an "out of
is suspended due to the existence of a hard limit (an "out of
storage" failure mode that cannot be resolved by increasing the
database size). </p> <p> Postfix may support LMDB again when without
exception all "out of storage" failure modes are resolved by
increasing the database size. </p> </dd> </dl>
database size). </p> <p> Postfix may support LMDB again when it no
longer limits the size of Postfix transactions, whether the limit
is built into LMDB itself, or implicit by requiring an unbounded
amount of memory to handle a large transaction. </p> </dd> </dl>
<p> Postfix uses databases of various kinds to store and look up
information. Postfix databases are specified as "type:name".
@ -44,12 +45,10 @@ LMDB support</a>. </p>
<li> <p> Missing <a href="#pthread">pthread</a> library trouble. </p>
</ol>
<li> <p> Unexpected <a href="#limitations">failure modes</a> that
don't exist with other Postfix databases. </p>
<dl> <dt> Note: </dt> <dd> <p> The Postfix LMDB client implementation
introduces <a href="#limitations">unexpected failure modes</a> that
don't exist with other Postfix databases. Don't just yet abandon
CDB. </p> </dd> </dl>
</ol>
<h2><a name="with_lmdb">Building Postfix with OpenLDAP LMDB support</a></h2>

7
postfix/html/lmtp.8.html
View File

@ -203,7 +203,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Skip remote SMTP servers that greet with a 5XX sta-
tus code (go away, do not try again later).
tus code.
<b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
Do not wait for the response to the SMTP QUIT com-
@ -311,6 +311,11 @@ SMTP(8) SMTP(8)
the MAIL FROM command in SASL-authenticated SMTP
sessions.
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> (empty)</b>
Level of DNS support in the Postfix SMTP client.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:

134
postfix/html/postconf.5.html
View File

@ -1739,7 +1739,7 @@ set up your XAUTHORITY environment variable before starting Postfix.
<p>
Note: the command is subject to $name expansion, before it is
passed to the default commmand interpreter. Specify "$$" to
passed to the default command interpreter. Specify "$$" to
produce a single "$" character.
</p>
@ -2617,7 +2617,9 @@ behavior was hard-coded to be "always on". </p>
<p>
Disable DNS lookups in the Postfix SMTP and LMTP clients. When
disabled, hosts are looked up with the getaddrinfo() system
library routine which normally also looks in /etc/hosts.
library routine which normally also looks in /etc/hosts. As of
Postfix 2.11, this parameter is deprecated; use <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
instead.
</p>
<p>
@ -4113,6 +4115,17 @@ configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="lmtp_dns_support_level">lmtp_dns_support_level</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a>
@ -9389,6 +9402,10 @@ false hostname information in DNS CNAME records, and makes SASL
password file lookups more predictable. This is the default setting
as of Postfix 2.3. </p>
<p> When DNS CNAME records are validated with secure DNS lookups
(<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> = dnssec), they are always allowed to
override the above servername (Postfix 2.11 and later). </p>
<p> This feature is available in Postfix 2.2.9 and later. </p>
@ -9724,6 +9741,95 @@ recommended. </dd>
<p> This feature is available in Postfix 2.8 and later. </p>
</DD>
<DT><b><a name="smtp_dns_support_level">smtp_dns_support_level</a>
(default: empty)</b></DT><DD>
<p> Level of DNS support in the Postfix SMTP client. With
"<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>" left at its empty default value, the legacy
"<a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a>" parameter controls whether DNS is enabled in
the Postfix SMTP client, otherwise the legacy parameter is ignored.
</p>
<p> Specify one of the following: </p>
<dl>
<dt><b>disabled</b></dt>
<dd>Disable DNS lookups. No MX lookups are performed and hostname
to address lookups are unconditionally "native". This setting is
not appropriate for hosts that deliver mail to the public Internet.
Some obsolete how-to documents recommend disabling DNS lookups in
some configurations with content_filters. This is no longer required
and strongly discouraged. </dd>
<dt><b>enabled</b></dt>
<dd>Enable DNS lookups. Nexthop destination domains not enclosed
in "[]" will be subject to MX lookups. If "dns" and "native" are
included in the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter value, DNS will be
queried first to resolve MX-host A records, followed by "native"
lookups if no answer is found in DNS. </dd>
<dt><b>dnssec</b></dt>
<dd>Enable <a href="https://tools.ietf.org/html/rfc4033">DNSSEC</a>
lookups. The "dnssec" setting differs from the "enabled" setting
above in the following ways: <ul> <li>Any MX lookups will set
RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated
responses. If the MX response is DNSSEC-validated the corresponding
hostnames are considered validated. <li> The address lookups of
validated hostnames are also validated, (provided of course
"<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" includes "dns", see below). <li>Temporary
failures in DNSSEC-enabled hostname-to-address resolution block any
"native" lookups. Additional "native" lookups only happen when
DNSSEC lookups hard-fail (NODATA or NXDOMAIN). </ul> </dd>
</dl>
<p> The Postfix SMTP client considers non-MX "[nexthop]" and
"[nexthop]:port" destinations equivalent to statically-validated
MX records of the form "nexthop. IN MX 0 nexthop." Therefore,
with "dnssec" support turned on, validated hostname-to-address
lookups apply to the nexthop domain of any "[nexthop]" or
"[nexthop]:port" destination. This is also true for LMTP "inet:host"
and "inet:host:port" destinations, as LMTP hostnames are never
subject to MX lookups. </p>
<p>The "dnssec" setting is recommended only if you plan to use the
"<a href="TLS_README.html#client_tls_dane">dane</a>" TLS security
level, otherwise enabling DNSSEC support in Postfix offers no
additional security. Postfix DNSSEC support relies on an up-stream
recursive nameserver that validates DNSSEC signatures. Such a DNS
server will always filter out forged DNS responses, even when Postfix
itself is not configured to use DNSSEC. </p>
<p> When using Postfix DANE support the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter
should include "dns", as <a
href="https://tools.ietf.org/html/rfc6698">DANE</a> is not applicable
to hosts resolved via "native" lookups. </p>
<p> As mentioned above, Postfix is not a validating <a
href="https://tools.ietf.org/html/rfc4035#section-4.9">stub
resolver</a>; it relies on the system's configured DNSSEC-validating
<a href="https://tools.ietf.org/html/rfc4035#section-3.2">recursive
nameserver</a> to perform all DNSSEC validation. Since this
nameserver's DNSSEC-validated responses will be fully trusted, it
is strongly recommended that the MTA host have a local DNSSEC-validating
recursive caching nameserver listening on a loopback address, and
be configured to use only this nameserver for all lookups. Otherwise,
Postfix may remain subject to man-in-the-middle attacks that forge
responses from the recursive nameserver</p>
<p>DNSSEC support requires a version of Postfix compiled against a
reasonably-modern DNS resolver(3) library that implements the
RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a>
@ -9868,9 +9974,10 @@ The default time unit is s (seconds).
(default: dns)</b></DT><DD>
<p>
What mechanisms the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled
(see: <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a>).
What mechanisms the Postfix SMTP client uses to look up a host's
IP address. This parameter is ignored when DNS lookups are disabled
(see: <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> and <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>). The "dns"
mechanism is always tried before "native" if both are listed.
</p>
<p>
@ -10597,15 +10704,13 @@ with a
(default: yes)</b></DT><DD>
<p>
Skip remote SMTP servers that greet with a 5XX status code (go away,
do
not try again later).
Skip remote SMTP servers that greet with a 5XX status code.
</p>
<p> By default, the Postfix SMTP client moves on the next mail
exchanger. Specify "<a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> = no" if Postfix should
bounce the mail immediately. The default setting is incorrect, but
it is what a lot of people expect to happen. </p>
bounce the mail immediately. Caution: the latter behavior appears
to contradict <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
</DD>
@ -11593,8 +11698,7 @@ but not any CAs it delegates to. </p>
(default: nexthop, dot-nexthop)</b></DT><DD>
<p> How the Postfix SMTP client verifies the server certificate
peername for the
"secure" TLS security level. In a "secure" TLS policy table
peername for the "secure" TLS security level. In a "secure" TLS policy table
($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute
overrides this <a href="postconf.5.html">main.cf</a> setting. </p>
@ -13152,7 +13256,7 @@ rejected requests (default: 504).</dd>
<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the HELO or EHLO hostname hostname is
<dd>Reject the request when the HELO or EHLO hostname is
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
(Postfix version 2.1 and later only). Each "<i>d</i>" is a number,
or a pattern inside "[]" that contains one or more ";"-separated
@ -13707,7 +13811,7 @@ change into 550 when you are confident that it is safe to do so).
numerical response code when an address probe failed due to a
temporary problem (default: 450). <br> The
<a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter specifies the action
after addres probe failure due to a temporary problem (default:
after address probe failure due to a temporary problem (default:
<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available in Postfix 2.1
and later. </dd>
@ -14418,7 +14522,7 @@ see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</
response code when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do so).
<br>The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> specifies the numerical response
code when an address address probe failed due to a temporary problem
code when an address probe failed due to a temporary problem
(default: 450). <br> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter
specifies the action after address probe failure due to a temporary
problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature is available

7
postfix/html/smtp.8.html
View File

@ -203,7 +203,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Skip remote SMTP servers that greet with a 5XX sta-
tus code (go away, do not try again later).
tus code.
<b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
Do not wait for the response to the SMTP QUIT com-
@ -311,6 +311,11 @@ SMTP(8) SMTP(8)
the MAIL FROM command in SASL-authenticated SMTP
sessions.
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> (empty)</b>
Level of DNS support in the Postfix SMTP client.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:

83
postfix/makedefs
View File

@ -315,12 +315,12 @@ case "$SYSTEM.$RELEASE" in
# Workaround for retarded libc
2.6.*)
if [ `expr "X$CCARGS" : "X.*-DNO_EPOLL"` -gt 0 ]
then
:
elif [ ! -e /usr/include/sys/epoll.h ]
then
echo CCARGS="$CCARGS -DNO_EPOLL"
else
then
:
elif [ ! -e /usr/include/sys/epoll.h ]
then
echo CCARGS="$CCARGS -DNO_EPOLL"
else
trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
cat >makedefs.test.c <<'EOF'
#include <sys/types.h>
@ -378,7 +378,7 @@ EOF
done
;;
GNU.0*|GNU/kFreeBSD.[567]*)
SYSTYPE=GNU0
SYSTYPE=GNU0
case "$CCARGS" in
*-DNO_DB*) ;;
*) if [ -f /usr/include/db.h ]
@ -475,64 +475,11 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
?.*) CCARGS="$CCARGS -DRESOLVE_H_NEEDS_NAMESER8_COMPAT_H";;
*) CCARGS="$CCARGS -DRESOLVE_H_NEEDS_ARPA_NAMESER_COMPAT_H";;
esac
# kqueue and/or poll are broken up to and including MacOS X 10.5
CCARGS="$CCARGS -DNO_KQUEUE"
# # Darwin 8.11.1 has kqueue support, but let's play safe
# case $RELEASE in
# [1-8].*) CCARGS="$CCARGS -DNO_KQUEUE";;
# *) trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
# cat >makedefs.test.c <<'EOF'
#/* Adapted from libevent. */
#
##include <sys/types.h>
##include <sys/event.h>
##include <sys/time.h>
##include <string.h>
##include <stdlib.h>
##include <stdio.h>
#
##ifndef EV_SET
##define EV_SET(kp, id, fi, fl, ffl, da, ud) do { \
# struct kevent *__kp = (kp); \
# __kp->ident = (id); \
# __kp->filter = (fi); \
# __kp->flags = (fl); \
# __kp->fflags = (ffl); \
# __kp->data = (da); \
# __kp->udata = (ud); \
# } while(0)
##endif
#
#int main(int argc, char **argv)
#{
# int kq;
# struct kevent test_change;
# struct kevent test_result;
#
# if ((kq = kqueue()) < 0) {
# perror("kqueue");
# exit(1);
# }
##define TEST_FD (-1)
#
# EV_SET(&test_change, TEST_FD, EVFILT_READ, EV_ADD, 0, 0, 0);
# if (kevent(kq,
# &test_change, sizeof(test_change) / sizeof(struct kevent),
# &test_result, sizeof(test_result) / sizeof(struct kevent),
# (struct timespec *) 0) != 1 ||
# test_result.ident != TEST_FD ||
# test_result.flags != EV_ERROR) {
# fprintf(stderr, "Error: kevent reports errors incorrectly\n");
# exit(1);
# }
# exit(0);
#}
#EOF
# $CC -o makedefs.test makedefs.test.c || exit 1
# ./makedefs.test 2>/dev/null ||
# CCARGS="$CCARGS -DNO_KQUEUE"
# rm -f makedefs.test makedefs.test.[co];;
# esac
# kqueue and/or poll are broken in MacOS X 10.5 (Darwin 9).
# kqueue and poll work in Mac OS X 10.8 (Darwin 12).
case $RELEASE in
?.*|1[0-1].*) CCARGS="$CCARGS -DNO_KQUEUE";;
esac
;;
dcosx.1*) SYSTYPE=DCOSX1
RANLIB=echo
@ -562,7 +509,7 @@ esac
#
case "$CCARGS" in
*-DNO_SIGSETJMP*) ;;
*) trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
*) trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
cat >makedefs.test.c <<'EOF'
#include <setjmp.h>
#include <stdlib.h>
@ -628,7 +575,7 @@ esac
case "$CCARGS" in
*-DHAS_PCRE*) ;;
*-DNO_PCRE*) ;;
*) pcre_cflags=`(pcre-config --cflags) 2>/dev/null` &&
*) pcre_cflags=`(pcre-config --cflags) 2>/dev/null` &&
pcre_libs=`(pcre-config --libs) 2>/dev/null` && {
CCARGS="$CCARGS -DHAS_PCRE $pcre_cflags"
AUXLIBS="$AUXLIBS $pcre_libs"
@ -647,7 +594,7 @@ case "$CC" in
"gcc version 2.8"*) : ${OPT=};;
esac;;
*CC) error "Don't use CC. That's the C++ compiler";;
*) : ${OPT='-O'};;
*) : ${OPT='-O'};;
esac
#
# "gcc -W" 3.4.2 no longer reports functions that fail to return a

120
postfix/man/man5/postconf.5
View File

@ -1005,7 +1005,7 @@ the process marches on. If you use an X-based debugger, be sure to
set up your XAUTHORITY environment variable before starting Postfix.
.PP
Note: the command is subject to $name expansion, before it is
passed to the default commmand interpreter. Specify "$$" to
passed to the default command interpreter. Specify "$$" to
produce a single "$" character.
.PP
Example:
@ -1561,7 +1561,9 @@ This feature is available in Postfix 2.5 and later.
.SH disable_dns_lookups (default: no)
Disable DNS lookups in the Postfix SMTP and LMTP clients. When
disabled, hosts are looked up with the getaddrinfo() system
library routine which normally also looks in /etc/hosts.
library routine which normally also looks in /etc/hosts. As of
Postfix 2.11, this parameter is deprecated; use smtp_dns_support_level
instead.
.PP
DNS lookups are enabled by default.
.SH disable_mime_input_processing (default: no)
@ -2417,6 +2419,11 @@ The LMTP-specific version of the smtp_dns_resolver_options
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.8 and later.
.SH lmtp_dns_support_level (default: empty)
The LMTP-specific version of the smtp_dns_support_level
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.11 and later.
.SH lmtp_enforce_tls (default: no)
The LMTP-specific version of the smtp_enforce_tls configuration
parameter. See there for details.
@ -5691,6 +5698,10 @@ false hostname information in DNS CNAME records, and makes SASL
password file lookups more predictable. This is the default setting
as of Postfix 2.3.
.PP
When DNS CNAME records are validated with secure DNS lookups
(smtp_dns_support_level = dnssec), they are always allowed to
override the above servername (Postfix 2.11 and later).
.PP
This feature is available in Postfix 2.2.9 and later.
.SH smtp_connect_timeout (default: 30s)
The Postfix SMTP client time limit for completing a TCP connection, or
@ -5892,6 +5903,87 @@ recommended.
.br
.PP
This feature is available in Postfix 2.8 and later.
.SH smtp_dns_support_level (default: empty)
Level of DNS support in the Postfix SMTP client. With
"smtp_dns_support_level" left at its empty default value, the legacy
"disable_dns_lookups" parameter controls whether DNS is enabled in
the Postfix SMTP client, otherwise the legacy parameter is ignored.
.PP
Specify one of the following:
.IP "\fBdisabled\fR"
Disable DNS lookups. No MX lookups are performed and hostname
to address lookups are unconditionally "native". This setting is
not appropriate for hosts that deliver mail to the public Internet.
Some obsolete how-to documents recommend disabling DNS lookups in
some configurations with content_filters. This is no longer required
and strongly discouraged.
.br
.IP "\fBenabled\fR"
Enable DNS lookups. Nexthop destination domains not enclosed
in "[]" will be subject to MX lookups. If "dns" and "native" are
included in the "smtp_host_lookup" parameter value, DNS will be
queried first to resolve MX-host A records, followed by "native"
lookups if no answer is found in DNS.
.br
.IP "\fBdnssec\fR"
Enable DNSSEC
lookups. The "dnssec" setting differs from the "enabled" setting
above in the following ways:
.IP \(bu
Any MX lookups will set
RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated
responses. If the MX response is DNSSEC-validated the corresponding
hostnames are considered validated.
.IP \(bu
The address lookups of
validated hostnames are also validated, (provided of course
"smtp_host_lookup" includes "dns", see below).
.IP \(bu
Temporary
failures in DNSSEC-enabled hostname-to-address resolution block any
"native" lookups. Additional "native" lookups only happen when
DNSSEC lookups hard-fail (NODATA or NXDOMAIN).
.br
.br
.br
.PP
The Postfix SMTP client considers non-MX "[nexthop]" and
"[nexthop]:port" destinations equivalent to statically-validated
MX records of the form "nexthop. IN MX 0 nexthop." Therefore,
with "dnssec" support turned on, validated hostname-to-address
lookups apply to the nexthop domain of any "[nexthop]" or
"[nexthop]:port" destination. This is also true for LMTP "inet:host"
and "inet:host:port" destinations, as LMTP hostnames are never
subject to MX lookups.
.PP
The "dnssec" setting is recommended only if you plan to use the
"dane" TLS security
level, otherwise enabling DNSSEC support in Postfix offers no
additional security. Postfix DNSSEC support relies on an up-stream
recursive nameserver that validates DNSSEC signatures. Such a DNS
server will always filter out forged DNS responses, even when Postfix
itself is not configured to use DNSSEC.
.PP
When using Postfix DANE support the "smtp_host_lookup" parameter
should include "dns", as DANE is not applicable
to hosts resolved via "native" lookups.
.PP
As mentioned above, Postfix is not a validating stub
resolver; it relies on the system's configured DNSSEC-validating
recursive
nameserver to perform all DNSSEC validation. Since this
nameserver's DNSSEC-validated responses will be fully trusted, it
is strongly recommended that the MTA host have a local DNSSEC-validating
recursive caching nameserver listening on a loopback address, and
be configured to use only this nameserver for all lookups. Otherwise,
Postfix may remain subject to man-in-the-middle attacks that forge
responses from the recursive nameserver
.PP
DNSSEC support requires a version of Postfix compiled against a
reasonably-modern DNS \fBresolver\fR(3) library that implements the
RES_USE_DNSSEC and RES_USE_EDNS0 resolver options.
.PP
This feature is available in Postfix 2.11 and later.
.SH smtp_enforce_tls (default: no)
Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear. This also requires
@ -5982,9 +6074,10 @@ and for receiving the initial remote SMTP server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
.SH smtp_host_lookup (default: dns)
What mechanisms the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled
(see: disable_dns_lookups).
What mechanisms the Postfix SMTP client uses to look up a host's
IP address. This parameter is ignored when DNS lookups are disabled
(see: disable_dns_lookups and smtp_dns_support_level). The "dns"
mechanism is always tried before "native" if both are listed.
.PP
Specify one of the following:
.IP "\fBdns\fR"
@ -6445,14 +6538,12 @@ Later Postfix versions always skip remote SMTP servers that greet
with a
4XX status code.
.SH smtp_skip_5xx_greeting (default: yes)
Skip remote SMTP servers that greet with a 5XX status code (go away,
do
not try again later).
Skip remote SMTP servers that greet with a 5XX status code.
.PP
By default, the Postfix SMTP client moves on the next mail
exchanger. Specify "smtp_skip_5xx_greeting = no" if Postfix should
bounce the mail immediately. The default setting is incorrect, but
it is what a lot of people expect to happen.
bounce the mail immediately. Caution: the latter behavior appears
to contradict RFC 2821.
.SH smtp_skip_quit_response (default: yes)
Do not wait for the response to the SMTP QUIT command.
.SH smtp_starttls_timeout (default: 300s)
@ -7351,8 +7442,7 @@ but not any CAs it delegates to.
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_secure_cert_match (default: nexthop, dot-nexthop)
How the Postfix SMTP client verifies the server certificate
peername for the
"secure" TLS security level. In a "secure" TLS policy table
peername for the "secure" TLS security level. In a "secure" TLS policy table
($smtp_tls_policy_maps) entry the optional "match" attribute
overrides this main.cf setting.
.PP
@ -8599,7 +8689,7 @@ The non_fqdn_reject_code parameter specifies the response code for
rejected requests (default: 504).
.br
.IP "\fBreject_rhsbl_helo \fIrbl_domain=d.d.d.d\fR\fR"
Reject the request when the HELO or EHLO hostname hostname is
Reject the request when the HELO or EHLO hostname is
listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR
(Postfix version 2.1 and later only). Each "\fId\fR" is a number,
or a pattern inside "[]" that contains one or more ";"-separated
@ -9005,7 +9095,7 @@ temporary problem (default: 450).
.br
The
unverified_recipient_tempfail_action parameter specifies the action
after addres probe failure due to a temporary problem (default:
after address probe failure due to a temporary problem (default:
defer_if_permit).
.br
This feature is available in Postfix 2.1
@ -9562,7 +9652,7 @@ response code when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do so).
.br
The unverified_sender_defer_code specifies the numerical response
code when an address address probe failed due to a temporary problem
code when an address probe failed due to a temporary problem
(default: 450).
.br
The unverified_sender_tempfail_action parameter

15
postfix/man/man8/smtp.8
View File

@ -191,9 +191,7 @@ by RFC 5321.
A mechanism to transform replies from remote SMTP servers one
line at a time.
.IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
Skip remote SMTP servers that greet with a 5XX status code (go away,
do
not try again later).
Skip remote SMTP servers that greet with a 5XX status code.
.IP "\fBsmtp_skip_quit_response (yes)\fR"
Do not wait for the response to the SMTP QUIT command.
.PP
@ -271,6 +269,10 @@ line, SMTP message content line, or TLS protocol message).
.IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
Whether or not to append the "AUTH=<>" option to the MAIL
FROM command in SASL-authenticated SMTP sessions.
.PP
Available in Postfix version 2.11 and later:
.IP "\fBsmtp_dns_support_level (empty)\fR"
Level of DNS support in the Postfix SMTP client.
.SH "MIME PROCESSING CONTROLS"
.na
.nf
@ -406,8 +408,7 @@ mandatory TLS encryption.
The verification depth for remote SMTP server certificates.
.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
How the Postfix SMTP client verifies the server certificate
peername for the
"secure" TLS security level.
peername for the "secure" TLS security level.
.IP "\fBsmtp_tls_session_cache_database (empty)\fR"
Name of the file containing the optional Postfix SMTP client
TLS session cache.
@ -664,8 +665,8 @@ The hostname to send in the SMTP EHLO or HELO command.
.IP "\fBlmtp_lhlo_name ($myhostname)\fR"
The hostname to send in the LMTP LHLO command.
.IP "\fBsmtp_host_lookup (dns)\fR"
What mechanisms the Postfix SMTP client uses to look up a host's IP
address.
What mechanisms the Postfix SMTP client uses to look up a host's
IP address.
.IP "\fBsmtp_randomize_addresses (yes)\fR"
Randomize the order of equal-preference MX host addresses.
.IP "\fBsyslog_facility (mail)\fR"

4
postfix/mantools/postconf2man
View File

@ -40,8 +40,8 @@ while(<>) {
$block =~ tr/a-z/A-Z/;
}
$block =~ s/<DT><b><a[^>]+>([^<]+)<\/a>\n(.*)<\/b><\/DT><DD>/\n.SH \1 \2\n/g;
$block =~ s/<[Aa] [Hh][Rr][Ee][Ff]="[^"]+">//g;
$block =~ s/<[Aa] [Nn][Aa][Mm][Ee]="[^"]+">//g;
$block =~ s/<[Aa][ \n]+[Hh][Rr][Ee][Ff]="[^"]+">//g;
$block =~ s/<[Aa][ \n]+[Nn][Aa][Mm][Ee]="[^"]+">//g;
$block =~ s/<\/[Aa]>//g;
$block =~ s/<\/DD>/\n/g;
$block =~ s/<DL>/\n/g;

14
postfix/mantools/postlink
View File

@ -209,6 +209,19 @@ while (<>) {
s;\bipc_ttl\b;<a href="postconf.5.html#ipc_ttl">$&</a>;g;
s;\bline_length_limit\b;<a href="postconf.5.html#line_length_limit">$&</a>;g;
s;\blmdb_map_size\b;<a href="postconf.5.html#lmdb_map_size">$&</a>;g;
s;\blmtp_address_preference\b;<a href="postconf.5.html#lmtp_address_preference">$&</a>;g;
s;\blmtp_body_checks\b;<a href="postconf.5.html#lmtp_body_checks">$&</a>;g;
s;\blmtp_cname_overrides_servername\b;<a href="postconf.5.html#lmtp_cname_overrides_servername">$&</a>;g;
s;\blmtp_dns_resolver_options\b;<a href="postconf.5.html#lmtp_dns_resolver_options">$&</a>;g;
s;\blmtp_dns_support_level\b;<a href="postconf.5.html#lmtp_dns_support_level">$&</a>;g;
s;\blmtp_header_checks\b;<a href="postconf.5.html#lmtp_header_checks">$&</a>;g;
s;\blmtp_mime_header_checks\b;<a href="postconf.5.html#lmtp_mime_header_checks">$&</a>;g;
s;\blmtp_nested_header_checks\b;<a href="postconf.5.html#lmtp_nested_header_checks">$&</a>;g;
s;\blmtp_per_record_deadline\b;<a href="postconf.5.html#lmtp_per_record_deadline">$&</a>;g;
s;\blmtp_reply_filter\b;<a href="postconf.5.html#lmtp_reply_filter">$&</a>;g;
s;\blmtp_sasl_password_maps\b;<a href="postconf.5.html#lmtp_sasl_password_maps">$&</a>;g;
s;\blmtp_send_dummy_mail_auth\b;<a href="postconf.5.html#lmtp_send_dummy_mail_auth">$&</a>;g;
s;\blmtp_sender_dependent_authentication\b;<a href="postconf.5.html#lmtp_sender_dependent_authentication">$&</a>;g;
s;\blmtp_bind_address\b;<a href="postconf.5.html#lmtp_bind_address">$&</a>;g;
s;\blmtp_bind_address6\b;<a href="postconf.5.html#lmtp_bind_address6">$&</a>;g;
s;\blmtp_assume_final\b;<a href="postconf.5.html#lmtp_assume_final">$&</a>;g;
@ -453,6 +466,7 @@ while (<>) {
s;\bsmtp_discard_ehlo_keyword_address_maps\b;<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">$&</a>;g;
s;\bsmtp_discard_ehlo_keywords\b;<a href="postconf.5.html#smtp_discard_ehlo_keywords">$&</a>;g;
s;\bsmtp_dns_resolver_options\b;<a href="postconf.5.html#smtp_dns_resolver_options">$&</a>;g;
s;\bsmtp_dns_support_level\b;<a href="postconf.5.html#smtp_dns_support_level">$&</a>;g;
s;\bsmtp_helo_name\b;<a href="postconf.5.html#smtp_helo_name">$&</a>;g;
s;\bsmtp_helo_timeout\b;<a href="postconf.5.html#smtp_helo_timeout">$&</a>;g;
s;\bsmtp_host_lookup\b;<a href="postconf.5.html#smtp_host_lookup">$&</a>;g;

17
postfix/proto/LMDB_README.html
View File

@ -20,11 +20,12 @@
<h2>Introduction</h2>
<dl> <dt> Note: </dt> <dd> <p> Postfix support for LMDB databases
is withdrawn due to the existence of a hard limit (an "out of
is suspended due to the existence of a hard limit (an "out of
storage" failure mode that cannot be resolved by increasing the
database size). </p> <p> Postfix may support LMDB again when without
exception all "out of storage" failure modes are resolved by
increasing the database size. </p> </dd> </dl>
database size). </p> <p> Postfix may support LMDB again when it no
longer limits the size of Postfix transactions, whether the limit
is built into LMDB itself, or implicit by requiring an unbounded
amount of memory to handle a large transaction. </p> </dd> </dl>
<p> Postfix uses databases of various kinds to store and look up
information. Postfix databases are specified as "type:name".
@ -44,12 +45,10 @@ LMDB support</a>. </p>
<li> <p> Missing <a href="#pthread">pthread</a> library trouble. </p>
</ol>
<li> <p> Unexpected <a href="#limitations">failure modes</a> that
don't exist with other Postfix databases. </p>
<dl> <dt> Note: </dt> <dd> <p> The Postfix LMDB client implementation
introduces <a href="#limitations">unexpected failure modes</a> that
don't exist with other Postfix databases. Don't just yet abandon
CDB. </p> </dd> </dl>
</ol>
<h2><a name="with_lmdb">Building Postfix with OpenLDAP LMDB support</a></h2>

126
postfix/proto/postconf.proto
View File

@ -4178,9 +4178,10 @@ The default time unit is s (seconds).
%PARAM smtp_host_lookup dns
<p>
What mechanisms the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled
(see: disable_dns_lookups).
What mechanisms the Postfix SMTP client uses to look up a host's
IP address. This parameter is ignored when DNS lookups are disabled
(see: disable_dns_lookups and smtp_dns_support_level). The "dns"
mechanism is always tried before "native" if both are listed.
</p>
<p>
@ -4488,15 +4489,13 @@ with a
%PARAM smtp_skip_5xx_greeting yes
<p>
Skip remote SMTP servers that greet with a 5XX status code (go away,
do
not try again later).
Skip remote SMTP servers that greet with a 5XX status code.
</p>
<p> By default, the Postfix SMTP client moves on the next mail
exchanger. Specify "smtp_skip_5xx_greeting = no" if Postfix should
bounce the mail immediately. The default setting is incorrect, but
it is what a lot of people expect to happen. </p>
bounce the mail immediately. Caution: the latter behavior appears
to contradict RFC 2821. </p>
%PARAM smtp_skip_quit_response yes
@ -5511,7 +5510,7 @@ rejected requests (default: 504).</dd>
<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the HELO or EHLO hostname hostname is
<dd>Reject the request when the HELO or EHLO hostname is
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
(Postfix version 2.1 and later only). Each "<i>d</i>" is a number,
or a pattern inside "[]" that contains one or more ";"-separated
@ -5881,7 +5880,7 @@ change into 550 when you are confident that it is safe to do so).
numerical response code when an address probe failed due to a
temporary problem (default: 450). <br> The
unverified_recipient_tempfail_action parameter specifies the action
after addres probe failure due to a temporary problem (default:
after address probe failure due to a temporary problem (default:
defer_if_permit). <br> This feature is available in Postfix 2.1
and later. </dd>
@ -6330,7 +6329,7 @@ unverified_sender_reject_code parameter specifies the numerical
response code when an address is known to bounce (default: 450,
change into 550 when you are confident that it is safe to do so).
<br>The unverified_sender_defer_code specifies the numerical response
code when an address address probe failed due to a temporary problem
code when an address probe failed due to a temporary problem
(default: 450). <br> The unverified_sender_tempfail_action parameter
specifies the action after address probe failure due to a temporary
problem (default: defer_if_permit). <br> This feature is available
@ -6823,7 +6822,7 @@ set up your XAUTHORITY environment variable before starting Postfix.
<p>
Note: the command is subject to $name expansion, before it is
passed to the default commmand interpreter. Specify "$$" to
passed to the default command interpreter. Specify "$$" to
produce a single "$" character.
</p>
@ -7314,7 +7313,9 @@ See also: delay_notice_recipient, notify_classes.
<p>
Disable DNS lookups in the Postfix SMTP and LMTP clients. When
disabled, hosts are looked up with the getaddrinfo() system
library routine which normally also looks in /etc/hosts.
library routine which normally also looks in /etc/hosts. As of
Postfix 2.11, this parameter is deprecated; use smtp_dns_support_level
instead.
</p>
<p>
@ -10411,6 +10412,10 @@ false hostname information in DNS CNAME records, and makes SASL
password file lookups more predictable. This is the default setting
as of Postfix 2.3. </p>
<p> When DNS CNAME records are validated with secure DNS lookups
(smtp_dns_support_level = dnssec), they are always allowed to
override the above servername (Postfix 2.11 and later). </p>
<p> This feature is available in Postfix 2.2.9 and later. </p>
%PARAM lmtp_cname_overrides_servername yes
@ -10794,8 +10799,7 @@ example.com verify match=hostname:nexthop
%PARAM smtp_tls_secure_cert_match nexthop, dot-nexthop
<p> How the Postfix SMTP client verifies the server certificate
peername for the
"secure" TLS security level. In a "secure" TLS policy table
peername for the "secure" TLS security level. In a "secure" TLS policy table
($smtp_tls_policy_maps) entry the optional "match" attribute
overrides this main.cf setting. </p>
@ -14946,3 +14950,95 @@ from the list. </p>
</pre>
<p> This feature is available in Postfix 2.10 and later. </p>
%PARAM smtp_dns_support_level
<p> Level of DNS support in the Postfix SMTP client. With
"smtp_dns_support_level" left at its empty default value, the legacy
"disable_dns_lookups" parameter controls whether DNS is enabled in
the Postfix SMTP client, otherwise the legacy parameter is ignored.
</p>
<p> Specify one of the following: </p>
<dl>
<dt><b>disabled</b></dt>
<dd>Disable DNS lookups. No MX lookups are performed and hostname
to address lookups are unconditionally "native". This setting is
not appropriate for hosts that deliver mail to the public Internet.
Some obsolete how-to documents recommend disabling DNS lookups in
some configurations with content_filters. This is no longer required
and strongly discouraged. </dd>
<dt><b>enabled</b></dt>
<dd>Enable DNS lookups. Nexthop destination domains not enclosed
in "[]" will be subject to MX lookups. If "dns" and "native" are
included in the "smtp_host_lookup" parameter value, DNS will be
queried first to resolve MX-host A records, followed by "native"
lookups if no answer is found in DNS. </dd>
<dt><b>dnssec</b></dt>
<dd>Enable <a href="https://tools.ietf.org/html/rfc4033">DNSSEC</a>
lookups. The "dnssec" setting differs from the "enabled" setting
above in the following ways: <ul> <li>Any MX lookups will set
RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated
responses. If the MX response is DNSSEC-validated the corresponding
hostnames are considered validated. <li> The address lookups of
validated hostnames are also validated, (provided of course
"smtp_host_lookup" includes "dns", see below). <li>Temporary
failures in DNSSEC-enabled hostname-to-address resolution block any
"native" lookups. Additional "native" lookups only happen when
DNSSEC lookups hard-fail (NODATA or NXDOMAIN). </ul> </dd>
</dl>
<p> The Postfix SMTP client considers non-MX "[nexthop]" and
"[nexthop]:port" destinations equivalent to statically-validated
MX records of the form "nexthop. IN MX 0 nexthop." Therefore,
with "dnssec" support turned on, validated hostname-to-address
lookups apply to the nexthop domain of any "[nexthop]" or
"[nexthop]:port" destination. This is also true for LMTP "inet:host"
and "inet:host:port" destinations, as LMTP hostnames are never
subject to MX lookups. </p>
<p>The "dnssec" setting is recommended only if you plan to use the
"<a href="TLS_README.html#client_tls_dane">dane</a>" TLS security
level, otherwise enabling DNSSEC support in Postfix offers no
additional security. Postfix DNSSEC support relies on an up-stream
recursive nameserver that validates DNSSEC signatures. Such a DNS
server will always filter out forged DNS responses, even when Postfix
itself is not configured to use DNSSEC. </p>
<p> When using Postfix DANE support the "smtp_host_lookup" parameter
should include "dns", as <a
href="https://tools.ietf.org/html/rfc6698">DANE</a> is not applicable
to hosts resolved via "native" lookups. </p>
<p> As mentioned above, Postfix is not a validating <a
href="https://tools.ietf.org/html/rfc4035#section-4.9">stub
resolver</a>; it relies on the system's configured DNSSEC-validating
<a href="https://tools.ietf.org/html/rfc4035#section-3.2">recursive
nameserver</a> to perform all DNSSEC validation. Since this
nameserver's DNSSEC-validated responses will be fully trusted, it
is strongly recommended that the MTA host have a local DNSSEC-validating
recursive caching nameserver listening on a loopback address, and
be configured to use only this nameserver for all lookups. Otherwise,
Postfix may remain subject to man-in-the-middle attacks that forge
responses from the recursive nameserver</p>
<p>DNSSEC support requires a version of Postfix compiled against a
reasonably-modern DNS resolver(3) library that implements the
RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p>
<p> This feature is available in Postfix 2.11 and later. </p>
%PARAM lmtp_dns_support_level
<p> The LMTP-specific version of the smtp_dns_support_level
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.11 and later. </p>

105
postfix/proto/stop
View File

@ -1144,7 +1144,6 @@ texthash
ul
whitelisted
whitelists
=== proto/POSTSCREEN_README.html ===
Amavisd
MUA
Mailserver
@ -1153,3 +1152,107 @@ barracudacentral
bl
spamcop
tlsproxy
AEIOUaeiou
AF
ASN
BB
CB
CBC
CRYPTOPRO
CTX
CVE
DER
DES
DNSSEC
Diffie
EC
ECDH
ECDSA
EDNS
EECDH
FB
GOST
Hellman
LMDB
MSIE
Mmm
NODATA
NXDOMAIN
Nexthop
OP
OTIFY
OpenSSL's
Postix
Pt
SECG
SSLEAY
SSLREF
SSLV
TLSEXT
VXxznjll
Whitelist
XYZ
YYYYMMDDHHMMSS
aRSA
authcid
authcid's
authentiCation
authoriZation
authzid
bc
blockquote
certfile
cfm
cipherlists
ciphertext
crypto
dane
defnames
dgst
dl
dnsrch
dnssec
dnswl
dotcrlf
dt
eNULL
eccert
ecdsa
eckey
ecparam
eecdh
fc
fixup
getaddrinfo
haproxy
headerbody
hh
hyperlinked
ia
kEDH
lmdb
localtime
mN
matchlists
md
mechs
memcache
mylmtp
nginx
noout
nsa
pkey
postlink
postmulti
proxywrite
pubin
pubkey
queueID
rsa
secp
stdin
tarpit
uncached
unzipping
windowsize
xpostconf

45
postfix/src/dns/dns.h
View File

@ -54,6 +54,50 @@
#endif
/*
* Compatibility with systems that lack RES_USE_DNSSEC and RES_USE_EDNS0
*/
#ifndef RES_USE_DNSSEC
#define RES_USE_DNSSEC 0
#endif
#ifndef RES_USE_EDNS0
#define RES_USE_EDNS0 0
#endif
/*
* TLSA: https://tools.ietf.org/html/rfc6698#section-7.1 RRSIG:
* http://tools.ietf.org/html/rfc4034#section-3
*
* We don't request RRSIG, but we get it "for free" when we send the DO-bit.
*/
#ifndef T_TLSA
#define T_TLSA 52
#endif
#ifndef T_RRSIG
#define T_RRSIG 46 /* Avoid unknown RR in logs */
#endif
/*
* https://tools.ietf.org/html/rfc6698#section-7.2
*/
#define DNS_TLSA_USAGE_CA_CONSTRAINT 0
#define DNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT 1
#define DNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION 2
#define DNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE 3
/*
* https://tools.ietf.org/html/rfc6698#section-7.3
*/
#define DNS_TLSA_SELECTOR_FULL_CERTIFICATE 0
#define DNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO 1
/*
* https://tools.ietf.org/html/rfc6698#section-7.4
*/
#define DNS_TLSA_MATCHING_TYPE_NO_HASH_USED 0
#define DNS_TLSA_MATCHING_TYPE_SHA256 1
#define DNS_TLSA_MATCHING_TYPE_SHA512 2
/*
* SunOS 4 needs this.
*/
@ -88,6 +132,7 @@ typedef struct DNS_RR {
unsigned short type; /* T_A, T_CNAME, etc. */
unsigned short class; /* C_IN, etc. */
unsigned int ttl; /* always */
unsigned int validated; /* DNSSEC */
unsigned short pref; /* T_MX only */
struct DNS_RR *next; /* linkage */
size_t data_len; /* actual data size */

64
postfix/src/dns/dns_lookup.c
View File

@ -60,6 +60,10 @@
/* Search local domain and parent domains.
/* .IP RES_DEFNAMES
/* Append local domain to unqualified names.
/* .IP RES_USE_DNSSEC
/* Request DNSSEC validation. This flag is silently ignored
/* when the system stub resolver API, resolver(3), does not
/* implement DNSSEC.
/* .RE
/* .IP lflags
/* Multi-type request control for dns_lookup_l() and dns_lookup_v().
@ -162,6 +166,7 @@
typedef struct DNS_REPLY {
unsigned char *buf; /* raw reply data */
size_t buf_len; /* reply buffer length */
int validated; /* DNSSEC AD bit */
int query_count; /* number of queries */
int answer_count; /* number of answers */
unsigned char *query_start; /* start of query data */
@ -202,11 +207,26 @@ static int dns_query(const char *name, int type, int flags,
* Set search options: debugging, parent domain search, append local
* domain. Do not allow the user to control other features.
*/
#define USER_FLAGS (RES_DEBUG | RES_DNSRCH | RES_DEFNAMES)
#define USER_FLAGS (RES_DEBUG | RES_DNSRCH | RES_DEFNAMES | RES_USE_DNSSEC)
if ((flags & USER_FLAGS) != flags)
msg_panic("dns_query: bad flags: %d", flags);
saved_options = (_res.options & USER_FLAGS);
/*
* Set extra options that aren't exposed to the application.
*/
#define XTRA_FLAGS (RES_USE_EDNS0)
if (flags & RES_USE_DNSSEC)
flags |= RES_USE_EDNS0;
/*
* Save and restore resolver options that we overwrite, to avoid
* surprising behavior in other code that also invokes the resolver.
*/
#define SAVE_FLAGS (USER_FLAGS | XTRA_FLAGS)
saved_options = (_res.options & SAVE_FLAGS);
/*
* Perform the lookup. Claim that the information cannot be found if and
@ -260,6 +280,11 @@ static int dns_query(const char *name, int type, int flags,
* Initialize the reply structure. Some structure members are filled on
* the fly while the reply is being parsed.
*/
#if RES_USE_DNSSEC != 0
reply->validated = (flags & RES_USE_DNSSEC) ? reply_header->ad : 0;
#else
reply->validated = 0;
#endif
reply->end = reply->buf + len;
reply->query_start = reply->buf + sizeof(HEADER);
reply->answer_start = 0;
@ -360,6 +385,7 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
DNS_FIXED *fixed)
{
char temp[DNS_NAME_LEN];
char *tempbuf = temp;
ssize_t data_len;
unsigned pref = 0;
unsigned char *src;
@ -418,6 +444,11 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
data_len = fixed->length;
break;
#endif
/*
* We impose the same length limit here as for DNS names. However,
* see T_TLSA discussion below.
*/
case T_TXT:
data_len = MIN2(pos[0] + 1, MIN2(fixed->length + 1, sizeof(temp)));
for (src = pos + 1, dst = (unsigned char *) (temp);
@ -427,9 +458,24 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
}
*dst = 0;
break;
/*
* For a full certificate, fixed->length may be longer than
* sizeof(tmpbuf) == DNS_NAME_LEN. Since we don't need a decode
* buffer, just copy the raw data into the rr.
*
* XXX Reject replies with bogus length < 3.
*
* XXX What about enforcing a sane upper bound? The RFC 1035 hard
* protocol limit is the RRDATA length limit of 65535.
*/
case T_TLSA:
data_len = fixed->length;
tempbuf = (char *) pos;
break;
}
*list = dns_rr_create(orig_name, rr_name, fixed->type, fixed->class,
fixed->ttl, pref, temp, data_len);
fixed->ttl, pref, tempbuf, data_len);
return (DNS_OK);
}
@ -450,7 +496,8 @@ static int dns_get_alias(DNS_REPLY *reply, unsigned char *pos,
/* dns_get_answer - extract answers from name server reply */
static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
DNS_RR **rrlist, VSTRING *fqdn, char *cname, int c_len)
DNS_RR **rrlist, VSTRING *fqdn, char *cname, int c_len,
int *validate_mask)
{
char rr_name[DNS_NAME_LEN];
unsigned char *pos;
@ -526,6 +573,7 @@ static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
if ((status = dns_get_rr(&rr, orig_name, reply, pos, rr_name,
&fixed)) == DNS_OK) {
resource_found++;
rr->validated = (reply->validated & *validate_mask);
*rrlist = dns_rr_append(*rrlist, rr);
} else if (not_found_status != DNS_RETRY)
not_found_status = status;
@ -536,6 +584,7 @@ static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
if (cname && c_len > 0)
if ((status = dns_get_alias(reply, pos, &fixed, cname, c_len)) != DNS_OK)
CORRUPT(status);
*validate_mask &= reply->validated;
}
pos += fixed.length;
}
@ -562,6 +611,7 @@ int dns_lookup(const char *name, unsigned type, unsigned flags,
static DNS_REPLY reply;
int count;
int status;
int validate_mask = 1; /* May reset to 0 via CNAME expansion */
const char *orig_name = name;
/*
@ -602,10 +652,12 @@ int dns_lookup(const char *name, unsigned type, unsigned flags,
/*
* Extract resource records of the requested type. Pick up CNAME
* information just in case the requested data is not found.
* information just in case the requested data is not found. If any
* CNAME result is not validated, all consequent RRs are deemed not
* validated (the validate_mask is set to 0).
*/
status = dns_get_answer(orig_name, &reply, type, rrlist, fqdn,
cname, c_len);
cname, c_len, &validate_mask);
switch (status) {
default:
if (why)

1
postfix/src/dns/dns_rr.c
View File

@ -123,6 +123,7 @@ DNS_RR *dns_rr_create(const char *qname, const char *rname,
rr->type = type;
rr->class = class;
rr->ttl = ttl;
rr->validated = 0;
rr->pref = pref;
if (data && data_len > 0)
memcpy(rr->data, data, data_len);

4
postfix/src/dns/dns_rr_eq_sa.in
View File

@ -1,4 +1,4 @@
spike.porcupine.org 168.100.189.2
spike.porcupine.org 168.100.189.3
spike.porcupine.org 2001:240:587:0:2d0:b7ff:fe88:2ca7
spike.porcupine.org 2001:240:587:0:2d0:b7ff:febe:ca9f
spike.porcupine.org 2604:8d00:189::2
spike.porcupine.org 2604:8d00:189::3

20
postfix/src/dns/dns_rr_eq_sa.ref
View File

@ -1,24 +1,24 @@
2604:8d00:189::2 =?= 168.100.189.2
tested by function: no
tested by macro: no
168.100.189.2 =?= 168.100.189.2
tested by function: yes
tested by macro: yes
2604:8d00:189::2 =?= 168.100.189.2
2604:8d00:189::2 =?= 168.100.189.3
tested by function: no
tested by macro: no
168.100.189.2 =?= 168.100.189.3
tested by function: no
tested by macro: no
2604:8d00:189::2 =?= 168.100.189.3
2604:8d00:189::2 =?= 2604:8d00:189::2
tested by function: yes
tested by macro: yes
168.100.189.2 =?= 2604:8d00:189::2
tested by function: no
tested by macro: no
168.100.189.2 =?= 2001:240:587:0:2d0:b7ff:fe88:2ca7
2604:8d00:189::2 =?= 2604:8d00:189::3
tested by function: no
tested by macro: no
2604:8d00:189::2 =?= 2001:240:587:0:2d0:b7ff:fe88:2ca7
tested by function: no
tested by macro: no
168.100.189.2 =?= 2001:240:587:0:2d0:b7ff:febe:ca9f
tested by function: no
tested by macro: no
2604:8d00:189::2 =?= 2001:240:587:0:2d0:b7ff:febe:ca9f
168.100.189.2 =?= 2604:8d00:189::3
tested by function: no
tested by macro: no

6
postfix/src/dns/dns_strtype.c
View File

@ -168,6 +168,12 @@ static struct dns_type_map dns_type_map[] = {
#ifdef T_MAILA
T_MAILA, "MAILA",
#endif
#ifdef T_TLSA
T_TLSA, "TLSA",
#endif
#ifdef T_RRSIG
T_RRSIG, "RRSIG",
#endif
#ifdef T_ANY
T_ANY, "ANY",
#endif

21
postfix/src/dns/test_dns_lookup.c
View File

@ -43,9 +43,10 @@
static void print_rr(DNS_RR *rr)
{
MAI_HOSTADDR_STR host;
size_t i;
while (rr) {
printf("%s: ttl: %9d ", rr->rname, rr->ttl);
printf("%s: ad: %d, ttl: %9d ", rr->rname, rr->validated, rr->ttl);
switch (rr->type) {
case T_A:
#ifdef T_AAAA
@ -69,6 +70,22 @@ static void print_rr(DNS_RR *rr)
printf("pref: %d %s: %s\n",
rr->pref, dns_strtype(rr->type), rr->data);
break;
case T_TLSA:
if (rr->data_len >= 3) {
uint8_t *ip = (uint8_t *) rr->data;
uint8_t usage = *ip++;
uint8_t selector = *ip++;
uint8_t mtype = *ip++;
printf("%s: %d %d %d ", dns_strtype(rr->type),
usage, selector, mtype);
for (i = 3; i < rr->data_len; ++i)
printf("%02x", *ip++);
putchar('\n');
} else {
printf("%s: truncated record\n", dns_strtype(rr->type));
}
break;
default:
msg_fatal("print_rr: don't know how to print type %s",
dns_strtype(rr->type));
@ -99,7 +116,7 @@ int main(int argc, char **argv)
argv_free(types_argv);
name = argv[2];
msg_verbose = 1;
switch (dns_lookup_v(name, RES_DEBUG, &rr, fqdn, why,
switch (dns_lookup_v(name, RES_DEBUG | RES_USE_DNSSEC, &rr, fqdn, why,
DNS_REQ_FLAG_NONE, types)) {
default:
msg_fatal("%s", vstring_str(why));

10
postfix/src/global/mail_params.h
View File

@ -206,6 +206,16 @@ extern char *var_fallback_relay;
#define DEF_DISABLE_DNS 0
extern bool var_disable_dns;
#define SMTP_DNS_SUPPORT_DISABLED "disabled"
#define SMTP_DNS_SUPPORT_ENABLED "enabled"
#define SMTP_DNS_SUPPORT_DNSSEC "dnssec"
#define VAR_SMTP_DNS_SUPPORT "smtp_dns_support_level"
#define DEF_SMTP_DNS_SUPPORT ""
#define VAR_LMTP_DNS_SUPPORT "lmtp_dns_support_level"
#define DEF_LMTP_DNS_SUPPORT ""
extern char *var_smtp_dns_support;
#define SMTP_HOST_LOOKUP_DNS "dns"
#define SMTP_HOST_LOOKUP_NATIVE "native"

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20130318"
#define MAIL_RELEASE_DATE "20130324"
#define MAIL_VERSION_NUMBER "2.11"
#ifdef SNAPSHOT

6
postfix/src/global/mbox_open.c
View File

@ -194,9 +194,9 @@ MBOX *mbox_open(const char *path, int flags, mode_t mode, struct stat * st,
/*
* Sanity check: reportedly, GNU POP3D creates a new mailbox file and
* deletes the old one. This does not play well with software that opens
* the mailbox first and then locks it, such as software that that uses
* FCNTL or FLOCK locks on open file descriptors (some UNIX systems don't
* use dotlock files).
* the mailbox first and then locks it, such as software that uses FCNTL
* or FLOCK locks on open file descriptors (some UNIX systems don't use
* dotlock files).
*
* To detect that GNU POP3D deletes the mailbox file we look at the target
* file hard-link count. Note that safe_open() guarantees a hard-link

1
postfix/src/smtp/lmtp_params.c
View File

@ -34,6 +34,7 @@
VAR_LMTP_BIND_ADDR6, DEF_LMTP_BIND_ADDR6, &var_smtp_bind_addr6, 0, 0,
VAR_LMTP_HELO_NAME, DEF_LMTP_HELO_NAME, &var_smtp_helo_name, 1, 0,
VAR_LMTP_HOST_LOOKUP, DEF_LMTP_HOST_LOOKUP, &var_smtp_host_lookup, 1, 0,
VAR_LMTP_DNS_SUPPORT, DEF_LMTP_DNS_SUPPORT, &var_smtp_dns_support, 0, 0,
VAR_LMTP_CACHE_DEST, DEF_LMTP_CACHE_DEST, &var_smtp_cache_dest, 0, 0,
VAR_SCACHE_SERVICE, DEF_SCACHE_SERVICE, &var_scache_service, 1, 0,
VAR_LMTP_EHLO_DIS_WORDS, DEF_LMTP_EHLO_DIS_WORDS, &var_smtp_ehlo_dis_words, 0, 0,

90
postfix/src/smtp/smtp.c
View File

@ -169,9 +169,7 @@
/* A mechanism to transform replies from remote SMTP servers one
/* line at a time.
/* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
/* Skip remote SMTP servers that greet with a 5XX status code (go away,
/* do
/* not try again later).
/* Skip remote SMTP servers that greet with a 5XX status code.
/* .IP "\fBsmtp_skip_quit_response (yes)\fR"
/* Do not wait for the response to the SMTP QUIT command.
/* .PP
@ -249,6 +247,10 @@
/* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
/* Whether or not to append the "AUTH=<>" option to the MAIL
/* FROM command in SASL-authenticated SMTP sessions.
/* .PP
/* Available in Postfix version 2.11 and later:
/* .IP "\fBsmtp_dns_support_level (empty)\fR"
/* Level of DNS support in the Postfix SMTP client.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
@ -376,8 +378,7 @@
/* The verification depth for remote SMTP server certificates.
/* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
/* How the Postfix SMTP client verifies the server certificate
/* peername for the
/* "secure" TLS security level.
/* peername for the "secure" TLS security level.
/* .IP "\fBsmtp_tls_session_cache_database (empty)\fR"
/* Name of the file containing the optional Postfix SMTP client
/* TLS session cache.
@ -626,8 +627,8 @@
/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
/* The hostname to send in the LMTP LHLO command.
/* .IP "\fBsmtp_host_lookup (dns)\fR"
/* What mechanisms the Postfix SMTP client uses to look up a host's IP
/* address.
/* What mechanisms the Postfix SMTP client uses to look up a host's
/* IP address.
/* .IP "\fBsmtp_randomize_addresses (yes)\fR"
/* Randomize the order of equal-preference MX host addresses.
/* .IP "\fBsyslog_facility (mail)\fR"
@ -848,6 +849,7 @@ char *var_smtp_body_chks;
char *var_smtp_resp_filter;
bool var_lmtp_assume_final;
char *var_smtp_dns_res_opt;
char *var_smtp_dns_support;
bool var_smtp_rec_deadline;
bool var_smtp_dummy_mail_auth;
@ -859,7 +861,9 @@ bool var_smtp_sasl_auth_soft_bounce;
/*
* Global variables.
*/
int smtp_mode;
int smtp_host_lookup_mask;
int smtp_dns_support;
STRING_LIST *smtp_cache_dest;
SCACHE *smtp_scache;
MAPS *smtp_ehlo_dis_maps;
@ -973,18 +977,39 @@ static void post_init(char *unused_name, char **unused_argv)
SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH,
0,
};
static const NAME_CODE dns_support[] = {
SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED,
SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED,
#if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0)
SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC,
#endif
0, SMTP_DNS_INVALID,
};
if (*var_smtp_dns_support == 0) {
/* Backwards compatible empty setting */
smtp_dns_support =
var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED;
} else {
smtp_dns_support =
name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support);
if (smtp_dns_support == SMTP_DNS_INVALID)
msg_fatal("invalid %s: \"%s\"", SMTP_X(DNS_SUPPORT),
var_smtp_dns_support);
var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED);
}
/*
* Select hostname lookup mechanisms.
*/
if (var_disable_dns)
if (smtp_dns_support == SMTP_DNS_DISABLED)
smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE;
else
smtp_host_lookup_mask = name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks,
var_smtp_host_lookup);
smtp_host_lookup_mask =
name_mask(SMTP_X(HOST_LOOKUP), lookup_masks, var_smtp_host_lookup);
if (msg_verbose)
msg_info("host name lookup methods: %s",
str_name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks,
str_name_mask(SMTP_X(HOST_LOOKUP), lookup_masks,
smtp_host_lookup_mask));
/*
@ -1003,7 +1028,7 @@ static void post_init(char *unused_name, char **unused_argv)
/*
* Select DNS query flags.
*/
smtp_dns_res_opt = name_mask(VAR_SMTP_DNS_RES_OPT, dns_res_opt_masks,
smtp_dns_res_opt = name_mask(SMTP_X(DNS_RES_OPT), dns_res_opt_masks,
var_smtp_dns_res_opt);
}
@ -1032,7 +1057,7 @@ static void pre_init(char *unused_name, char **unused_argv)
smtp_sasl_initialize();
#else
msg_warn("%s is true, but SASL support is not compiled in",
VAR_SMTP_SASL_ENABLE);
SMTP_X(SASL_ENABLE));
#endif
if (*var_smtp_tls_level != 0)
@ -1063,7 +1088,6 @@ static void pre_init(char *unused_name, char **unused_argv)
if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
#ifdef USE_TLS
TLS_CLIENT_INIT_PROPS props;
int using_smtp = (strcmp(var_procname, "smtp") == 0);
/*
* We get stronger type safety and a cleaner interface by combining
@ -1074,12 +1098,10 @@ static void pre_init(char *unused_name, char **unused_argv)
*/
smtp_tls_ctx =
TLS_CLIENT_INIT(&props,
log_param = using_smtp ?
VAR_SMTP_TLS_LOGLEVEL : VAR_LMTP_TLS_LOGLEVEL,
log_param = SMTP_X(TLS_LOGLEVEL),
log_level = var_smtp_tls_loglevel,
verifydepth = var_smtp_tls_scert_vd,
cache_type = using_smtp ?
TLS_MGR_SCACHE_SMTP : TLS_MGR_SCACHE_LMTP,
cache_type = X_SMTP(TLS_MGR_SCACHE),
cert_file = var_smtp_tls_cert_file,
key_file = var_smtp_tls_key_file,
dcert_file = var_smtp_tls_dcert_file,
@ -1110,7 +1132,7 @@ static void pre_init(char *unused_name, char **unused_argv)
* EHLO keyword filter.
*/
if (*var_smtp_ehlo_dis_maps)
smtp_ehlo_dis_maps = maps_create(VAR_SMTP_EHLO_DIS_MAPS,
smtp_ehlo_dis_maps = maps_create(SMTP_X(EHLO_DIS_MAPS),
var_smtp_ehlo_dis_maps,
DICT_FLAG_LOCK);
@ -1118,7 +1140,7 @@ static void pre_init(char *unused_name, char **unused_argv)
* PIX bug workarounds.
*/
if (*var_smtp_pix_bug_maps)
smtp_pix_bug_maps = maps_create(VAR_SMTP_PIX_BUG_MAPS,
smtp_pix_bug_maps = maps_create(SMTP_X(PIX_BUG_MAPS),
var_smtp_pix_bug_maps,
DICT_FLAG_LOCK);
@ -1130,19 +1152,19 @@ static void pre_init(char *unused_name, char **unused_argv)
ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
if (*var_smtp_generic_maps)
smtp_generic_maps =
maps_create(VAR_SMTP_GENERIC_MAPS, var_smtp_generic_maps,
maps_create(SMTP_X(GENERIC_MAPS), var_smtp_generic_maps,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
/*
* Header/body checks.
*/
smtp_header_checks = hbc_header_checks_create(
VAR_SMTP_HEAD_CHKS, var_smtp_head_chks,
VAR_SMTP_MIME_CHKS, var_smtp_mime_chks,
VAR_SMTP_NEST_CHKS, var_smtp_nest_chks,
SMTP_X(HEAD_CHKS), var_smtp_head_chks,
SMTP_X(MIME_CHKS), var_smtp_mime_chks,
SMTP_X(NEST_CHKS), var_smtp_nest_chks,
smtp_hbc_callbacks);
smtp_body_checks = hbc_body_checks_create(
VAR_SMTP_BODY_CHKS, var_smtp_body_chks,
SMTP_X(BODY_CHKS), var_smtp_body_chks,
smtp_hbc_callbacks);
/*
@ -1160,7 +1182,7 @@ static void pre_init(char *unused_name, char **unused_argv)
smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE,
var_smtp_addr_pref);
if (smtp_addr_pref < 0)
msg_fatal("bad %s value: %s", VAR_SMTP_ADDR_PREF, var_smtp_addr_pref);
msg_fatal("bad %s value: %s", SMTP_X(ADDR_PREF), var_smtp_addr_pref);
}
}
@ -1182,9 +1204,10 @@ MAIL_VERSION_STAMP_DECLARE;
int main(int argc, char **argv)
{
char *sane_procname;
#include "smtp_params.c"
#include "lmtp_params.c"
int smtp_mode;
/*
* Fingerprint executables and core dumps.
@ -1193,8 +1216,19 @@ int main(int argc, char **argv)
/*
* XXX At this point, var_procname etc. are not initialized.
*
* The process name, "smtp" or "lmtp", determines the protocol, the DSN
* server reply type, SASL service information lookup, and more. Prepare
* for the possibility there may be another personality.
*/
smtp_mode = (strcmp(sane_basename((VSTRING *) 0, argv[0]), "smtp") == 0);
sane_procname = sane_basename((VSTRING *) 0, argv[0]);
if (strcmp(sane_procname, "smtp") == 0)
smtp_mode = 1;
else if (strcmp(sane_procname, "lmtp") == 0)
smtp_mode = 0;
else
msg_fatal("unexpected process name \"%s\" - "
"specify \"smtp\" or \"lmtp\"", var_procname);
/*
* Initialize with the LMTP or SMTP parameter name space.

19
postfix/src/smtp/smtp.h
View File

@ -140,7 +140,7 @@ typedef struct SMTP_STATE {
*/
#define SMTP_MISC_FLAG_LOOP_DETECT (1<<0)
#define SMTP_MISC_FLAG_IN_STARTTLS (1<<1)
#define SMTP_MISC_FLAG_USE_LMTP (1<<2)
#define SMTP_MISC_FLAG_TLSA_HOST (1<<2)
#define SMTP_MISC_FLAG_FIRST_NEXTHOP (1<<3)
#define SMTP_MISC_FLAG_FINAL_NEXTHOP (1<<4)
#define SMTP_MISC_FLAG_FINAL_SERVER (1<<5)
@ -170,6 +170,13 @@ extern int smtp_host_lookup_mask; /* host lookup methods to use */
#define SMTP_HOST_FLAG_DNS (1<<0)
#define SMTP_HOST_FLAG_NATIVE (1<<1)
extern int smtp_dns_support; /* dns support level */
#define SMTP_DNS_INVALID (-1) /* smtp_dns_support_level = <bogus> */
#define SMTP_DNS_DISABLED 0 /* smtp_dns_support_level = disabled */
#define SMTP_DNS_ENABLED 1 /* smtp_dns_support_level = enabled */
#define SMTP_DNS_DNSSEC 2 /* smtp_dns_support_level = dnssec */
extern SCACHE *smtp_scache; /* connection cache instance */
extern STRING_LIST *smtp_cache_dest; /* cached destinations */
@ -257,9 +264,10 @@ extern void smtp_tls_list_init(void);
#endif
/*
* What's in a name?
* What's in a name? With DANE TLSA we need the rr->rname (if validated).
*/
#define SMTP_HNAME(rr) (var_smtp_cname_overr ? (rr)->rname : (rr)->qname)
#define SMTP_HNAME(rr) ( (var_smtp_cname_overr || rr->validated) ? \
(rr)->rname : (rr)->qname )
/*
* smtp_connect.c
@ -465,6 +473,11 @@ extern int smtp_map11_internal(VSTRING *, MAPS *, int);
#define STR(s) vstring_str(s)
#define LEN(s) VSTRING_LEN(s)
extern int smtp_mode;
#define SMTP_X(x) (smtp_mode ? VAR_SMTP_##x : VAR_LMTP_##x)
#define X_SMTP(x) (smtp_mode ? x##_SMTP : x##_LMTP)
/* LICENSE
/* .ad
/* .fi

22
postfix/src/smtp/smtp_addr.c
View File

@ -120,7 +120,7 @@ static void smtp_print_addr(const char *what, DNS_RR *addr_list)
/* smtp_addr_one - address lookup for one host name */
static DNS_RR *smtp_addr_one(DNS_RR *addr_list, const char *host,
static DNS_RR *smtp_addr_one(DNS_RR *addr_list, const char *host, int res_opt,
unsigned pref, DSN_BUF *why)
{
const char *myname = "smtp_addr_one";
@ -155,7 +155,8 @@ static DNS_RR *smtp_addr_one(DNS_RR *addr_list, const char *host,
* should not clobber a soft error text and status code.
*/
if (smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS) {
switch (dns_lookup_v(host, smtp_dns_res_opt, &addr, (VSTRING *) 0,
res_opt |= smtp_dns_res_opt;
switch (dns_lookup_v(host, res_opt, &addr, (VSTRING *) 0,
why->reason, DNS_REQ_FLAG_NONE,
proto_info->dns_atype_list)) {
case DNS_OK:
@ -236,6 +237,7 @@ static DNS_RR *smtp_addr_list(DNS_RR *mx_names, DSN_BUF *why)
{
DNS_RR *addr_list = 0;
DNS_RR *rr;
int res_opt = mx_names->validated ? RES_USE_DNSSEC : 0;
/*
* As long as we are able to look up any host address, we ignore problems
@ -261,7 +263,8 @@ static DNS_RR *smtp_addr_list(DNS_RR *mx_names, DSN_BUF *why)
for (rr = mx_names; rr; rr = rr->next) {
if (rr->type != T_MX)
msg_panic("smtp_addr_list: bad resource type: %d", rr->type);
addr_list = smtp_addr_one(addr_list, (char *) rr->data, rr->pref, why);
addr_list = smtp_addr_one(addr_list, (char *) rr->data, res_opt,
rr->pref, why);
}
return (addr_list);
}
@ -344,6 +347,7 @@ DNS_RR *smtp_domain_addr(char *name, int misc_flags, DSN_BUF *why,
DNS_RR *self = 0;
unsigned best_pref;
unsigned best_found;
int r = 0; /* Resolver flags */
dsb_reset(why); /* Paranoia */
@ -355,8 +359,10 @@ DNS_RR *smtp_domain_addr(char *name, int misc_flags, DSN_BUF *why,
/*
* Sanity check.
*/
if (var_disable_dns)
if (smtp_dns_support == SMTP_DNS_DISABLED)
msg_panic("smtp_domain_addr: DNS lookup is disabled");
if (smtp_dns_support == SMTP_DNS_DNSSEC)
r |= RES_USE_DNSSEC;
/*
* Look up the mail exchanger hosts listed for this name. Sort the
@ -400,7 +406,7 @@ DNS_RR *smtp_domain_addr(char *name, int misc_flags, DSN_BUF *why,
* at hostnames provides a partial solution for MX hosts behind a NAT
* gateway.
*/
switch (dns_lookup(name, T_MX, 0, &mx_names, (VSTRING *) 0, why->reason)) {
switch (dns_lookup(name, T_MX, r, &mx_names, (VSTRING *) 0, why->reason)) {
default:
dsb_status(why, "4.4.3");
if (var_ign_mx_lookup_err)
@ -477,15 +483,19 @@ DNS_RR *smtp_domain_addr(char *name, int misc_flags, DSN_BUF *why,
DNS_RR *smtp_host_addr(const char *host, int misc_flags, DSN_BUF *why)
{
DNS_RR *addr_list;
int res_opt = 0;
dsb_reset(why); /* Paranoia */
if (smtp_dns_support == SMTP_DNS_DNSSEC)
res_opt |= RES_USE_DNSSEC;
/*
* If the host is specified by numerical address, just convert the
* address to internal form. Otherwise, the host is specified by name.
*/
#define PREF0 0
addr_list = smtp_addr_one((DNS_RR *) 0, host, PREF0, why);
addr_list = smtp_addr_one((DNS_RR *) 0, host, res_opt, PREF0, why);
if (addr_list
&& (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT)
&& smtp_find_self(addr_list) != 0) {

12
postfix/src/smtp/smtp_chat.c
View File

@ -359,14 +359,12 @@ SMTP_RESP *smtp_chat_resp(SMTP_SESSION *session)
if (session->features & SMTP_FEATURE_PIPELINING) {
msg_warn("%s: non-%s response from %s: %.100s",
session->state->request->queue_id,
(session->state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) ?
"LMTP" : "ESMTP", session->namaddrport,
STR(session->buffer));
smtp_mode ? "ESMTP" : "LMTP",
session->namaddrport, STR(session->buffer));
if (var_helpful_warnings)
msg_warn("to prevent loss of mail, turn off command pipelining "
"for %s with the %s parameter", session->addr,
(session->state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) ?
VAR_LMTP_EHLO_DIS_MAPS : VAR_SMTP_EHLO_DIS_MAPS);
SMTP_X(EHLO_DIS_MAPS));
}
}
@ -469,9 +467,7 @@ void smtp_chat_notify(SMTP_SESSION *session)
mail_addr_mail_daemon());
post_mail_fprintf(notice, "To: %s (Postmaster)", var_error_rcpt);
post_mail_fprintf(notice, "Subject: %s %s client: errors from %s",
var_mail_name,
(session->state->misc_flags &
SMTP_MISC_FLAG_USE_LMTP) ? "LMTP" : "SMTP",
var_mail_name, smtp_mode ? "SMTP" : "LMTP",
session->namaddrport);
post_mail_fputs(notice, "");
post_mail_fprintf(notice, "Unexpected response from %s.",

19
postfix/src/smtp/smtp_connect.c
View File

@ -209,12 +209,12 @@ static SMTP_SESSION *smtp_connect_addr(const char *destination, DNS_RR *addr,
#ifdef HAS_IPV6
if (sa->sa_family == AF_INET6) {
bind_addr = var_smtp_bind_addr6;
bind_var = VAR_SMTP_BIND_ADDR6;
bind_var = SMTP_X(BIND_ADDR6);
} else
#endif
if (sa->sa_family == AF_INET) {
bind_addr = var_smtp_bind_addr;
bind_var = VAR_SMTP_BIND_ADDR;
bind_var = SMTP_X(BIND_ADDR);
} else
bind_var = bind_addr = "";
if (*bind_addr) {
@ -272,6 +272,9 @@ static SMTP_SESSION *smtp_connect_addr(const char *destination, DNS_RR *addr,
msg_info("%s: trying: %s[%s] port %d...",
myname, SMTP_HNAME(addr), hostaddr.buf, ntohs(port));
if (addr->validated)
sess_flags |= SMTP_MISC_FLAG_TLSA_HOST;
return (smtp_connect_sock(sock, sa, salen, SMTP_HNAME(addr), hostaddr.buf,
port, destination, why, sess_flags));
}
@ -718,7 +721,8 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
if (sites->argc == 0)
msg_panic("null destination: \"%s\"", nexthop);
non_fallback_sites = sites->argc;
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0)
/* When we are lmtp(8) var_fallback_relay is null */
if (smtp_mode)
argv_split_append(sites, var_fallback_relay, ", \t\r\n");
/*
@ -776,12 +780,12 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
*/
if (msg_verbose)
msg_info("connecting to %s port %d", domain, ntohs(port));
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
if (smtp_mode) {
if (ntohs(port) == IPPORT_SMTP)
state->misc_flags |= SMTP_MISC_FLAG_LOOP_DETECT;
else
state->misc_flags &= ~SMTP_MISC_FLAG_LOOP_DETECT;
lookup_mx = (var_disable_dns == 0 && *dest != '[');
lookup_mx = (smtp_dns_support != SMTP_DNS_DISABLED && *dest != '[');
} else
lookup_mx = 0;
if (!lookup_mx) {
@ -972,8 +976,7 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
* Pay attention to what could be configuration problems, and pretend
* that these are recoverable rather than bouncing the mail.
*/
else if (!SMTP_HAS_SOFT_DSN(why)
&& (state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
else if (!SMTP_HAS_SOFT_DSN(why) && smtp_mode) {
/*
* The fall-back destination did not resolve as expected, or it
@ -1041,7 +1044,7 @@ int smtp_connect(SMTP_STATE *state)
* With LMTP we have direct-to-host delivery only. The destination may
* have multiple IP addresses.
*/
if (state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) {
if (!smtp_mode) {
if (strncmp(destination, "unix:", 5) == 0) {
smtp_connect_local(state, destination + 5);
} else {

1
postfix/src/smtp/smtp_params.c
View File

@ -35,6 +35,7 @@
VAR_SMTP_BIND_ADDR6, DEF_SMTP_BIND_ADDR6, &var_smtp_bind_addr6, 0, 0,
VAR_SMTP_HELO_NAME, DEF_SMTP_HELO_NAME, &var_smtp_helo_name, 1, 0,
VAR_SMTP_HOST_LOOKUP, DEF_SMTP_HOST_LOOKUP, &var_smtp_host_lookup, 1, 0,
VAR_SMTP_DNS_SUPPORT, DEF_SMTP_DNS_SUPPORT, &var_smtp_dns_support, 0, 0,
VAR_SMTP_CACHE_DEST, DEF_SMTP_CACHE_DEST, &var_smtp_cache_dest, 0, 0,
VAR_SCACHE_SERVICE, DEF_SCACHE_SERVICE, &var_scache_service, 1, 0,
VAR_SMTP_EHLO_DIS_WORDS, DEF_SMTP_EHLO_DIS_WORDS, &var_smtp_ehlo_dis_words, 0, 0,

18
postfix/src/smtp/smtp_proto.c
View File

@ -347,10 +347,10 @@ int smtp_helo(SMTP_STATE *state)
&& (pix_bug_words =
maps_find(smtp_pix_bug_maps,
state->session->addr, 0)) != 0) {
pix_bug_source = VAR_SMTP_PIX_BUG_MAPS;
pix_bug_source = SMTP_X(PIX_BUG_MAPS);
} else {
pix_bug_words = var_smtp_pix_bug_words;
pix_bug_source = VAR_SMTP_PIX_BUG_WORDS;
pix_bug_source = SMTP_X(PIX_BUG_WORDS);
}
if (*pix_bug_words) {
pix_bug_mask = name_mask_opt(pix_bug_source, pix_bug_table,
@ -381,7 +381,7 @@ int smtp_helo(SMTP_STATE *state)
} else if (strcasecmp(word, "ESMTP") == 0)
session->features |= SMTP_FEATURE_ESMTP;
}
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
if (smtp_mode) {
if (var_smtp_always_ehlo
&& (session->features & SMTP_FEATURE_PIX_NO_ESMTP) == 0)
session->features |= SMTP_FEATURE_ESMTP;
@ -405,7 +405,7 @@ int smtp_helo(SMTP_STATE *state)
* Return the compliment. Fall back to SMTP if our ESMTP recognition
* heuristic failed.
*/
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
if (smtp_mode) {
where = "performing the EHLO handshake";
if (session->features & SMTP_FEATURE_ESMTP) {
smtp_chat_cmd(session, "EHLO %s", var_smtp_helo_name);
@ -622,8 +622,8 @@ int smtp_helo(SMTP_STATE *state)
}
if (msg_verbose)
msg_info("Using %s PIPELINING, TCP send buffer size is %d, "
"PIPELINING buffer size is %d", (state->misc_flags &
SMTP_MISC_FLAG_USE_LMTP) ? "LMTP" : "ESMTP",
"PIPELINING buffer size is %d",
smtp_mode ? "ESMTP" : "LMTP",
tcp_bufsize, PIPELINING_BUFSIZE);
}
#ifdef USE_TLS
@ -1662,7 +1662,7 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
"unexpected server message");
msg_warn("server %s violates %s policy",
session->namaddr,
VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY);
SMTP_X(TLS_BLK_EARLY_MAIL_REPLY));
mail_from_rejected = 1;
}
#endif
@ -1695,7 +1695,7 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
#endif
rcpt = request->rcpt_list.info + recv_rcpt;
if (resp->code / 100 == 2) {
if (state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) {
if (!smtp_mode) {
if (survivors == 0)
survivors = (int *)
mymalloc(request->rcpt_list.len
@ -1752,7 +1752,7 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
*/
case SMTP_STATE_DOT:
GETTIMEOFDAY(&request->msg_stats.deliver_done);
if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) {
if (smtp_mode) {
if (nrcpt > 0) {
if (resp->code / 100 != 2) {
smtp_mesg_fail(state, session->host, resp,

2
postfix/src/smtp/smtp_rcpt.c
View File

@ -152,7 +152,7 @@ void smtp_rcpt_done(SMTP_STATE *state, SMTP_RESP *resp, RECIPIENT *rcpt)
* the sake of "performance".
*/
if ((session->features & SMTP_FEATURE_DSN) == 0
&& (state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) != 0
&& !smtp_mode
&& var_lmtp_assume_final != 0)
dsn_action = "delivered";

8
postfix/src/smtp/smtp_sasl_glue.c
View File

@ -181,7 +181,7 @@ int smtp_sasl_passwd_lookup(SMTP_SESSION *session)
* the MX hostname.
*/
smtp_sasl_passwd_map->error = 0;
if (((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0
if ((smtp_mode
&& var_smtp_sender_auth && state->request->sender[0]
&& (value = mail_addr_find(smtp_sasl_passwd_map,
state->request->sender, (char **) 0)) != 0)
@ -205,7 +205,7 @@ int smtp_sasl_passwd_lookup(SMTP_SESSION *session)
return (1);
} else if (smtp_sasl_passwd_map->error) {
msg_warn("%s: %s lookup error",
state->request->queue_id, smtp_sasl_passwd_map->title);
state->request->queue_id, smtp_sasl_passwd_map->title);
vstream_longjmp(session->stream, SMTP_ERR_DATA);
} else {
if (msg_verbose)
@ -227,7 +227,7 @@ void smtp_sasl_initialize(void)
msg_panic("smtp_sasl_initialize: repeated call");
if (*var_smtp_sasl_passwd == 0)
msg_fatal("specify a password table via the `%s' configuration parameter",
VAR_SMTP_SASL_PASSWD);
SMTP_X(SASL_PASSWD));
/*
* Open the per-host password table and initialize the SASL library. Use
@ -257,7 +257,7 @@ void smtp_sasl_initialize(void)
var_smtp_sasl_auth_cache_time);
#else
msg_warn("not compiled with TLS support -- "
"ignoring the " VAR_SMTP_SASL_AUTH_CACHE_NAME " setting");
"ignoring the %s setting", SMTP_X(SASL_AUTH_CACHE_NAME));
#endif
}
}

10
postfix/src/smtp/smtp_sasl_proto.c
View File

@ -177,17 +177,15 @@ int smtp_sasl_helo_login(SMTP_STATE *state)
/* Session reuse is disabled. */
} else {
#ifndef USE_TLS
smtp_sasl_start(session, VAR_SMTP_SASL_OPTS,
var_smtp_sasl_opts);
smtp_sasl_start(session, SMTP_X(SASL_OPTS), var_smtp_sasl_opts);
#else
if (session->tls_context == 0)
smtp_sasl_start(session, VAR_SMTP_SASL_OPTS,
var_smtp_sasl_opts);
smtp_sasl_start(session, SMTP_X(SASL_OPTS), var_smtp_sasl_opts);
else if (TLS_CERT_IS_MATCHED(session->tls_context))
smtp_sasl_start(session, VAR_SMTP_SASL_TLSV_OPTS,
smtp_sasl_start(session, SMTP_X(SASL_TLSV_OPTS),
var_smtp_sasl_tlsv_opts);
else
smtp_sasl_start(session, VAR_SMTP_SASL_TLS_OPTS,
smtp_sasl_start(session, SMTP_X(SASL_TLS_OPTS),
var_smtp_sasl_tls_opts);
#endif
if (smtp_sasl_authenticate(session, why) <= 0) {

8
postfix/src/smtp/smtp_session.c
View File

@ -66,6 +66,8 @@
/* .IP flags
/* Zero or more of the following:
/* .RS
/* .IP SMTP_MISC_FLAG_TLSA_HOST
/* The hostname is DNSSEC-validated.
/* .IP SMTP_MISC_FLAG_CONN_LOAD
/* Enable re-use of cached SMTP or LMTP connections.
/* .IP SMTP_MISC_FLAG_CONN_STORE
@ -140,15 +142,15 @@ static MAPS *tls_per_site; /* lookup table(s) */
void smtp_tls_list_init(void)
{
if (*var_smtp_tls_policy) {
tls_policy = maps_create(VAR_SMTP_TLS_POLICY, var_smtp_tls_policy,
tls_policy = maps_create(SMTP_X(TLS_POLICY), var_smtp_tls_policy,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
if (*var_smtp_tls_per_site)
msg_warn("%s ignored when %s is not empty.",
VAR_SMTP_TLS_PER_SITE, VAR_SMTP_TLS_POLICY);
SMTP_X(TLS_PER_SITE), SMTP_X(TLS_POLICY));
return;
}
if (*var_smtp_tls_per_site) {
tls_per_site = maps_create(VAR_SMTP_TLS_PER_SITE, var_smtp_tls_per_site,
tls_per_site = maps_create(SMTP_X(TLS_PER_SITE), var_smtp_tls_per_site,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
}
}

18
postfix/src/smtp/smtp_state.c
View File

@ -77,24 +77,6 @@ SMTP_STATE *smtp_state_alloc(void)
state->cache_used = 0;
}
state->why = dsb_create();
/*
* The process name, "smtp" or "lmtp", is also used as the DSN server
* reply type and for SASL service information lookup. Since all three
* external representations are identical there is no reason to transform
* from some external form X to some Postfix-specific canonical internal
* form, and then to transform from the internal form to external forms Y
* and Z.
*/
if (strcmp(var_procname, "lmtp") == 0) {
state->misc_flags |= SMTP_MISC_FLAG_USE_LMTP;
} else if (strcmp(var_procname, "smtp") == 0) {
/* void */
} else {
msg_fatal("unexpected process name \"%s\" - "
"specify \"smtp\" or \"lmtp\"",
var_procname);
}
return (state);
}

2
postfix/src/tls/tls_client.c
View File

@ -994,7 +994,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
if (TLScontext->log_mask &
(TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT))
msg_info("%s: subject_CN=%s, issuer_CN=%s, "
"fingerprint %s, pkey_fingerprint=%s", props->namaddr,
"fingerprint=%s, pkey_fingerprint=%s", props->namaddr,
TLScontext->peer_CN, TLScontext->issuer_CN,
TLScontext->peer_fingerprint,
TLScontext->peer_pkey_fprint);

16
postfix/src/tls/tls_verify.c
View File

@ -58,7 +58,7 @@
/* other respects the function behaves as tls_fingerprint().
/* The var_tls_bc_pkey_fprint variable enables an incorrect
/* algorithm that was used in Postfix versions 2.9.[0-5].
/*
/*
/* tls_verify_callback() is called several times (directly or
/* indirectly) from crypto/x509/x509_vfy.c. It is called as
/* a final check, and if it returns "0", the handshake is
@ -479,7 +479,7 @@ char *tls_peer_CN(X509 *peercert, const TLS_SESS_STATE *TLScontext)
char *cn;
cn = tls_text_name(X509_get_subject_name(peercert), NID_commonName,
"subject CN", TLScontext, DO_GRIPE);
"subject CN", TLScontext, DONT_GRIPE);
return (cn ? cn : mystrdup(""));
}
@ -499,7 +499,7 @@ char *tls_issuer_CN(X509 *peer, const TLS_SESS_STATE *TLScontext)
if ((cn = tls_text_name(name, NID_commonName,
"issuer CN", TLScontext, DONT_GRIPE)) == 0)
cn = tls_text_name(name, NID_organizationName,
"issuer Organization", TLScontext, DO_GRIPE);
"issuer Organization", TLScontext, DONT_GRIPE);
return (cn ? cn : mystrdup(""));
}
@ -521,9 +521,9 @@ static char *tls_fprint(const char *buf, int len, const char *dgst)
mdctx = EVP_MD_CTX_create();
if (EVP_DigestInit_ex(mdctx, md_alg, NULL) == 0
|| EVP_DigestUpdate(mdctx, buf, len) == 0
|| EVP_DigestFinal_ex(mdctx, md_buf, &md_len) == 0)
msg_fatal("%s: error computing %s message digest", myname, dgst);
|| EVP_DigestUpdate(mdctx, buf, len) == 0
|| EVP_DigestFinal_ex(mdctx, md_buf, &md_len) == 0)
msg_fatal("%s: error computing %s message digest", myname, dgst);
EVP_MD_CTX_destroy(mdctx);
/* Check for OpenSSL contract violation */
@ -551,9 +551,9 @@ char *tls_fingerprint(X509 *peercert, const char *dgst)
len = i2d_X509(peercert, NULL);
buf2 = buf = mymalloc(len);
i2d_X509(peercert, (unsigned char **)&buf2);
i2d_X509(peercert, (unsigned char **) &buf2);
if (buf2 - buf != len)
msg_panic("i2d_X509 invalid result length");
msg_panic("i2d_X509 invalid result length");
result = tls_fprint(buf, len, dgst);
myfree(buf);

20
postfix/src/util/open_limit.c
View File

@ -34,6 +34,11 @@
#include <sys/resource.h>
#include <errno.h>
#ifdef MACOSX
#include <sys/sysctl.h>
#define MAX_FILES_PER_PROC "kern.maxfilesperproc"
#endif
/* Application-specific. */
#include "iostuff.h"
@ -63,6 +68,21 @@ int open_limit(int limit)
if (getrlimit(RLIMIT_NOFILE, &rl) < 0)
return (-1);
if (limit > 0) {
/*
* MacOSX incorrectly reports rlim_max as RLIM_INFINITY. The true
* hard limit is finite and equals the kern.maxfilesperproc value.
*/
#ifdef MACOSX
int max_files_per_proc;
size_t len = sizeof(max_files_per_proc);
if (sysctlbyname(MAX_FILES_PER_PROC, &max_files_per_proc, &len,
(void *) 0, (size_t) 0) < 0)
return (-1);
if (limit > max_files_per_proc)
limit = max_files_per_proc;
#endif
if (limit > rl.rlim_max)
rl.rlim_cur = rl.rlim_max;
else